#ubuntu-server 2005-12-05
<spike> 'morning
#ubuntu-server 2005-12-06
* troy yawns
<sivang> morning
<spike> 'morning
#ubuntu-server 2005-12-07
<hunger> This 2.6.15 kernel is strange!
<hunger> Yesterday night the -6-686 did not boot before I went to bed. When I woke up today it did.
<hunger> The -6-686 works way better than the -5-686 though
<spike> 'morning
<fabbione> morning guys
* ..[topic/#ubuntu-server:fabbione] : ubuntu-server discussions and support | for general support see #ubuntu or https://wiki.ubuntu.com/InternetRelayChat for other channels | Download Ubuntu Server Edition at http://releases.ubuntu.com/ubuntu-server/5.10/ | Ubuntu Server dapper specs: https://launchpad.net/people/ubuntu-server/+specs | Ubuntu Server forums at http://ubuntuforums.org/forumdisplay.php?f=45
<fabbione> troy: please leave a pointer to the specs
<fabbione> given that's what we are going to play for dapper
* spike checks the specs
<spike> fabbione: is a ML available or it's still a work in progress?
<fabbione> spike: i did ask again yesterday to the admins
<fabbione> but other than that i have no news
<spike> fabbione: woooo, finally the MD5 checker, god bless you man :)
<fabbione> spike: i have the core already implemented
<fabbione> i hope to finish it sometimes next week
<spike> A dtrace port or use/investigate/integrate/package system tap (apparently a dtrace-alike for Linux) <------ that doesnt work afaik
<spike> systemtap I mean. it's under dev, but far from being enterprise ready
<spike> last time I checked at least, might check again, I was after it too
<spike> (playing with dtrace with solaris10/nexenta)
<fabbione> spike: take into account that some stuff there is really in "wishlist" state
<fabbione> not all the spec will and/or can be implemented for dapper
<fabbione> but since we had the ideas, we wrote all of them down
<fabbione> anyway... lunch :)
<fabbione> i am hungry
<spike> fabbione: about /etc under RCS... would you think that throwing in cfengine would be too much of a trouble?
<spike> ok, talk to u later
<sebest_> hello
<spike> hi there
<sebest_> to introduce myself, i'm one of the developpers of avahi, and i wrote the "corporate users" part of this page https://wiki.ubuntu.com/ZeroConfSpec/Misc
<sebest_> and i was interested in a ubuntu for server with the same spirit as its desktop counterpart
<spike> sebest_: cool, I was lookin at that few days ago, really nice stuff
<sebest_> spike, yes will make ubuntu even easier to use :)
<sebest_> if we can get a server that works nicely with the dekstop, it would be a really great thing for small business
<spike> sebest_: I agree. not my personal first interest, but indeed nice
<spike> 'lo Valandil
<sebest_> fabbione, the RCS idea for the servers is great, i thought about it previously using svn (but bzr is equivalent) but why does it need the crontab script?
<sebest_> with subversion you can have action on commit
<fabbione> sebest_: it's not a problem of action on commit
<sebest_> eg: call a script that check which file as been altered and restart the coressponding service
<fabbione> no no.. you are on the wrong track
<fabbione> the crontab is to make the commit transparent to the admin
<fabbione> let say you start editing files
<fabbione> and you forget to commit
<fabbione> the crontab will commit for you
<fabbione> with a timestamped commit
<fabbione> but no service restart
<fabbione> that's up to the admin
<fabbione> but the idea is good.. it could be a config option
* spike proposed a stronger solution cfengine like
<fabbione> even if the hook would be pretty complex
<spike> and that would help with stuff like https://wiki.ubuntu.com/NetworkWideUpdates
<sebest_> ah ok
<fabbione> spike: i don't know cfengine and how complex it is
<spike> so it would be, imho, a better approach for further development
<fabbione> spike: none of the admins did ever mention it
<fabbione> during the spec writing.. that's it
<spike> fabbione: I guess I can contribute on that..
<fabbione> spike: the specs are "closed" for dapper
<fabbione> you are welcome to add comments and ideas at the bottom of the wiki
<spike> fabbione: well, imho that's the standard for large network management, as accepted by usenix/sage
<sebest_> another nice thing with RCS, is versionning (rollback) and log message to explain the chaange
<fabbione> spike: please add it at the end
<fabbione> spike: so there is a record
<fabbione> and we will not forget
<spike> they've also got dpkg hoos, to install pkgs and such
<spike> hooks*
<spike> ok
<fabbione> sebest_: the idea behind RCS is exactly to give admins the possibility to rollback easily
<sebest_> each admin will have an etc in their home, so they can edit there local copy, right?
<sebest_> they don't need to sudo or su to edit config file?
<spike> fabbione: to this page? https://wiki.ubuntu.com/ServerCandy
<fabbione> in theory
<fabbione> you could also push changes between differnt machines
<fabbione> like you do a change on a machine
<fabbione> sshcluster to do a bzr cherrypick that changeset
<fabbione> spike: yes
<fabbione> so that for example your apache config is updated everywhere on the production servers from the staging/testing machine
<sebest_> would it be possible to give access to some part of /etc/ selectively
<sebest_> eg not allow someone to alter apache config, and another one postfix
<fabbione> sebest_: that's a bzr feature we are missing
<fabbione> nested trees...
<fabbione> basically bzr archives inside bzr archives
<fabbione> you achive that possibility once there are nested trees and you can block access via normal unix permissions
<sebest_> hum, is it a planned feature?
<fabbione> yes
<fabbione> but there is no ETA on it yet
<spike> mmmh, doesnt svn gives you ability to restrict access to subdir, does it? I seem to recall such thing
<fabbione> plus we need to consider that we need to use a stable version of bzr
* spike never used bzr
<fabbione> spike: not that i know of
<spike> fabbione: I'll check that out
<fabbione> and in any case svn has the problems that it requires a running server
<fabbione> bzr doesn't
<sebest_> a running server?
<fabbione> well you need to setup the server side of svn
<sebest_> you mean for remote access?
<fabbione> even the local db
<sebest_> no
<sebest_> svn admin create toto
<sebest_> svn co file://path/toto
<fabbione> sebest_: but than you lose other features
<sebest_> ah maybe, i don't know
<fabbione> like the possibility to cherry pick from server to another
<sebest_> i know that i use it without server
* spike avoid commenting 'till he learned more about bzr
<sebest_> i use it over ssh
<spike> cherry pick?
<fabbione> i admin that my svn experience is client side only
* spike uses svn server and likes it a lot
<fabbione> spike: yes.. never done cherry picking?
* sebest_ too
<spike> ssh has restrictions, principally no virtual users
<spike> fabbione: oh, ok, just googled the term. no, I havent, never had the need
<sebest_> i know that svn can have lock problem when using db format
<sebest_> it's better to use ffs
<fabbione> ok
<fabbione> but we are not going on svn.. i can tell you that from now
<sebest_> i know nearly nothing about bzr yet
<spike> sebest_: fsfs solves that
<spike> yep
<fabbione> plus you need to keep in mind one thing
<fabbione> this miniRCS thingy
<sebest_> but i'm ok with any RCS system as long as it fullfill our need :)
<fabbione> is meant to be used only for "recovery"
<fabbione> it's not something you are going to use regularly to do your development
<fabbione> think about it like a daily backup
<fabbione> except a bit more powerful :)
<sebest_> the advantages that i saw what the loggin stuff (each admin, can write a message about why he made a change)
<spike> well,once u've it up it should be up to u to use it whatever u want it for, no? I don't see why designing something like an RCS system restricted to "recover"
<sebest_> so it's easier to trace wrong change
<fabbione> sebest_: you don't lose that
<sebest_> and also easier to have many admins working on the same server
<fabbione> sebest_: the cron is there only if changes are done and you forget to commit
<fabbione> if there are no changes, there is no commit
<sebest_> fabbione, yes i got it :)
<spike> fabbione: btw, why bzr?
<fabbione> spike: it's distributed, doesn't require a central db/server and we support it directly :)
<spike> and, do you think the infrastructure will be modularized enough so one can replace bzr with something else?
<fabbione> possibly yes
<fabbione> i didn't get to write that code yet
<spike> because, now that u mentioned changes and multiple admin, I'm working on stuff to wrap things like that in a ticketing system, trac like, because that's what you relly want to large enterprise imho
<spike> and svn is nicely integrated with trac, so to me, bzr is a problem from that POV
<fabbione> spike: svn is not distributed and that gives me tons of other problems
<fabbione> spike: i can write it modular.. you can write the svn plugins
<fabbione> but i am not going to invest time on RCS != bzr
<spike> fabbione: whatever, guess the spec should just allow switching. I never had a prob with it, I guess because mine and yours requirements are different
<spike> fabbione: that's perfect for me, I'll invest time to support svn, I'd just like the specs to allow me to do so
<fabbione> spike: as it is they don't.. but that's a code design issue
<fabbione> spike: there is no need for the specs to be modified
<fabbione> i can just do that at code level
<fabbione> and allow a certain level of modularization
<spike> fabbione: ok, "specs" was just a name for it,whereever you wanna do it, I'm fine with it
<fabbione> spike: so am i :)
<spike> fabbione: do you mind an OT question? are you familiar with telecom interbusiness router issues when it comes to additional subnets?
<fabbione> spike: telecom italia?
<spike> imho they do something really nasty here, but they have exclusive access to the router, and I'm not sure how to convince them they have to reconfigure it
<spike> fabbione: yes
<fabbione> spike: no sorry
<fabbione> i don't live in italy
<fabbione> and i did stop working for seabone a loooooong time ago
<spike> good for you :), actually not either I will anymore in a month :D
<sebest_> fabbione, what kind of help do  you need for the server related stuff on ubuntu?
<sebest_> personnality i've interest in the SBS stuff
<sebest_> this may be a particular use case of the server project
<fabbione> sebest_: it depends what you can do
<sebest_> i go eating, we'll discuss this later
<fabbione> i might not be around later
<fabbione> but ok
<fabbione> enjoy your lunch
<sebest_> i can do a lot things ;) (skills in admin, packaging and programming C/php/python)
<spike> php isnt really programming :P
* spike <--- evil
<spike> :D
<sebest_> that's why i added pythoon ;)
<sebest_> brb
<Valandil> hi all :-)
<sebest_> re
<spike> re
#ubuntu-server 2005-12-08
<troy> night night
<Pygi> Hi Hi :)
<spike> hi there
<Pygi> hi spike
<troy> moin moin
<spike> 'lo troy
<Valandil> moinmoin :-))
<Valandil> ;-)
<spike> hey Valandil
<Valandil> hi spike :)
<Valandil> Do You know apache2?
<Valandil> this crappy little thing eats up 60 percent of cpu-power of a Athlon MP 2600+ Dual-CPU-Server!
<Valandil> and I don't know why!
<spike> Valandil: which one? ie, they got a few pkgs, preforked, perchild, threadpool, worker?
<Valandil> uh the one from the ubuntu-server
<Valandil> took the default config
<Valandil> I guess, it's got something to do with php and mysql... but I cannot trace it
<Valandil> but I guess, it takes too much cpu-power - or is that normal fpr apache2?
<Valandil> I used to use 1.3
<spike> Valandil: personally, I havent found a single person able to explain me why I should run v2
<spike> OTOH, I've read a few nice articles why devs would have big benefits from apache2.x, actually 2.2, which has been released a few days ago iirc
<spike> on the admin side, the only point to me is you need stuff that works with apache2 only, ie, mod_authz developed for svn web access
<Valandil> hmmm me, I don't need this stuff, but my boss says something of "we are modern, so don't use old, dusty software" :-(
* spike shrugs
<Valandil> But I try new version, perhaps I get it :)
<Valandil> *gg*
<Valandil> Oh, meal :-)) cu later ;)
<Valandil> and Thanks for the Ideas!
<spike> is there any reason why lvm is used instead of evms?
<cSt> Hi everyone.  I have an older laptop where the default ubuntu install didn't work (maybe my media), anyway I tried server and everything went fine.  Now I want to get gnome (or kde) installed, but I'm not familiar with apt, or the package names for getting gnome up and running.  Any help would be appreciated.
<neuralis> cSt: that's a question for #ubuntu, but you can get started with 'apt-get install ubuntu-desktop'.
<cSt> okay, thanks.  I think I have something going now.  I added the "universe" source in /etc/apt/sources.list and started apt-get install gnome, it's pulling stuff from the cd now.  I'll move over to the #ubuntu channel.
#ubuntu-server 2005-12-09
<sebest> hi all
<sebest> fabbione: hello
<Bakura> hi , newbie question but can i use grep or something similar to replace words via command line?
<blue-frog> what words in what file bakura?
<sebest> blue-frog, he is gone
<blue-frog> oh yes right :)
<Chrisx1> hey i installed server version of ubuntu and i cant connect to internet and is there meant to be a graphical interface on it?
<blue-frog> Chrisx1, yes. but before do u have an ethernet card?
<Chrisx1> yes
<Chrisx1> 2
<blue-frog> Chrisx1, u can set up your card the way u like in /etc/network/interfaces
<blue-frog> Chrisx1, /etc/resolv.conf to give a dns server
<blue-frog> Chrisx1, to install graphical  ubuntu-desktop
<Chrisx1> how can i edit them files tho?
<Chrisx1> + I have no access to the internet to download desktop
<blue-frog> Chrisx1, if you ask then u should install a graphical interface from the cd (assuming u have the normal ubuntu cd that u installed in server mode)
<blue-frog> to install    sudo apt-get install ubuntu-desktop
<User613> I cant get version 0.68 deleted from my hard drive. Can you help
<User613> I cant use it and it takes up alot of memory
#ubuntu-server 2005-12-10
<hunger> Keybuk: You noticed bluetooth breaking, too?
<spike> 'morning
<hunger> Keybuk: bluetooth module is there, so udev seems to do its magic, so this is probably nothing for you to worry about.
<fabbione> hunger: ECHAN?
<hunger> fabbione: Yes, sorry.
<hunger> Keybuk: bitchx is confusing to me without end... unfortunately it is the only way I have to chat at all.
<fabbione> again
<hunger> s/Keybuk/fabbione/
<fabbione> ehehe
<fabbione> it takes a bit to get used to it
<Xamusk> anyone here used ubuntu as an ltsp server/client?
<fabbione> Xamusk: you better are ogra/mdz on #ubuntu or #ubuntu-devel
<Xamusk> fabbione, ???
<fabbione> Xamusk anyone here used ubuntu as an ltsp server/client? <-
<fabbione> answering to your question
<Xamusk> fabbione, yeah, ogra just gave me a patch that may fix my problem in #edubuntu
<Chris_in_the_uk> hi, can someone help me set up screen - so i can ssh into my server then close the terminal and come back to it later?
#ubuntu-server 2005-12-11
<Chris_in_the_uk> hi, can someone help me set up screen - so i can ssh into my server then close the terminal and come back to it later?
<neuralis> Chris_in_the_uk: that's a question for #ubuntu, and there's nothing to setup past installing the 'screen' package.
<Chris_in_the_uk> neuralis: cheers
<[g2] > first off, congrats on the recent AMD64 Sever release
<[g2] > secondly, I'm thinking about a possible XScale server release
<stinkydave> has anyone had any luck getting asterisk 1.2 to run on ubuntu
<spike> 'morning
<fabbione> morning guys
* fabbione is setting up the mailing list
<spike> cool
<troy> moin
#ubuntu-server 2006-12-04
<kuzmaster> hey all!
<shwag> is there a security team for packages in universe ?
<shwag> trac 0.9.3 has XSS vulnerabilities in it. http://trac.edgewall.org/wiki/ChangeLog
<fabbione> sharms: #ubuntu-motu
<fabbione> universe is not supported
<shwag__> I thought I did the exact same thing to set each of these servers up, but somehow one ended up with apache2-mpm-prefork, and the other ended up with apache2-mpm-worker. Any ideas on how that could have happened?
<shwag__> Maybe apt-get install apache2  is able to tell which mpm module for apache2 is best based on the processor type ??
<thom> no
<thom> apache2 depends on worker | prefork  and with no other influence it'll install worker
<thom> so i guess you have something that depends explicitly on prefork, like php
#ubuntu-server 2006-12-05
<shwag> thom: that would make sense, must be php
<foo> hm./
<foo> avg-cpu:  %user   %nice %system %iowait  %steal   %idle 0.54    0.00    3.37   17.00    0.00   79.09
<foo> Could 17% iowait cause  16:01:41 up 21 days, 12:23,  3 users,  load average: 143.96, 142.58, 151.26 ?
<rambo3> php5-curl borken package , can anyone confirm this?
* Starting logfile irclogs/ubuntu-server.log
* Starting logfile irclogs/ubuntu-server.log
* Starting logfile irclogs/ubuntu-server.log
<foo> How many of you guys run a production ubuntu server?
<foo> I've been having issues lately and am starting to question it.
<thom> i have a few hundred
<spike> uhm, topic has been erased, nice, then I can pretend it's a support channel and ask my question :P
<spike> thom: does it happen you installed any of them with preseeding?
<thom> spike: as it happens i have just finished making the whole thing preseeded
<spike> I'm trying to work out what's going on with an HP server running a compaq smart array and preseeding
<spike> :D
<spike> brilliant
<spike> I've got this preseed setup that works perfectly with an entire cluster
<thom> none of them use ccis stuff though :-) but i'll try and help
<spike> then we got this bunch of HP boxes with that controller
<spike> and it installs fine in the end, but I have to press enter when it gets to the partman bit
<spike> I wa looking at /var/log/installer, and I can spot this on one fo the boxes that works fine with scsi disks
<spike> hw-detect: Detected udev support, installing udev.
<spike> udevd-event[16076] : create_node: symlink(../sda1, /dev/discs/disc0) failed: File exists
<spike> on the HP box I cant find any udevd line
<spike> indeed udev gets installed
<spike> the system itself install fines, I end up with my lvm partitions on various /dev/cciss/c0d0pX devices
<spike> so it's not like it doesnt work 'cause devices are missing or anything
<thom> meh, i've not seen that at all
<spike> it's simply the preseed file not liking d-i partman-auto/disk string /dev/discs/disc0/disc for the HP boxes
<spike> bah, anyway, fsck the HP boxes, it's pub time! \o/
<spike> thom: cheers for the help dude
<spike> later
<thom> sorry
<maswan> I have a few hundred too, we use FAI for the installation tough
<thom> maswan: dude! ltns :/
<\sh> maswan: fai 3.1 is running nicely on dapper lts ;)
<foo> thom: What is your argument for ubuntu versus CentOS?
<foo> I'm getting bashed by friend for using ubuntu.. and I don't have the right response
#ubuntu-server 2006-12-06
<maswan> thom: yup, aparently you caught me just before disappearing for the night too. :)
<kuzmaster> anyone? in this file http://paste.ubuntu-nl.org/35541/ , do i need the "server1.example.com" part, if im just using the server to host an intranet? 
<thom> foo__: i have no interest in distro wars. use whatever you feel comfortable with
<thom> maswan: guess so
* Starting logfile irclogs/ubuntu-server.log
<yqyq> hello
<yqyq> is there somebody?
#ubuntu-server 2006-12-07
<Catshrimp> As long as I specify other paritions such as /var /usr & /home, I shouldn't need to abide by the ubuntu policy of creating a 2GB / partition, should I?
<Catshrimp> I can't remember if I read something relating to ubuntu not installing correctly if it didn't have a 2GB / or not
<NineTeen67Comet> This the correct chennel to ask NFS related questions? I've got a 6.10 Server and a 6.10 Workstation .. Server has /etc/exports with /media/shared 192.168.0.3(sync,no_root_squash,rw) and the client (192.168.0.3) has /etc/fstab as 192.168.0.2:/media/shared /media/shared-server nfs defaults 0 0 .. I also tried users,rw,noatime in place of defaults . yet still I can not write to that NFS share .. ideas?
<eilker> i am gonna have  a dedicated server for my web sites, 
<eilker> thinking of installing ubuntu server
<eilker> but i dont know how to manage it, because there will be no gui, scare of it...
<eilker> anyone here :) ??
<shwag> Do I need to install a SMP kernel or something? Top is only showing use on one of my processors.
#ubuntu-server 2006-12-08
<shwag> so I installed a kernel image and now I regret it. How do I put grub back to the old kernel ?
<knix_> i am having php woes here, anyone help?
<knix_> i had a perfectly good lamp server running until about an hour ago.  Now php want to download the php file rather than displaying it.   I have tried everything to reinstalling php5, apache2, and libapache2-mod-php5.  Please guys, i am very desperate here
<dsdg> halo, i hope there are some gurus here,
<dsdg> im a gentoo guy, thats rebuilding my infrastructure on ubuntu, because bossman thinkst it's the shit, got the server up, impressed with the install btw, how do i add/remove services from automatic startup?
<foo> hmm
* foo tries to remember
<dsdg> you must be joking right?
<foo> Uh. no
<dsdg> in gentoo i do rc-update add service name runlevel
<dsdg> or rc-update del service name runlevel
<dsdg> how the crap can you run this on a server without getting frustrated?
<foo> Right, it's not hard. I just forgot the command.
<foo> dsdg: heh. Chill. You're frustrated because you don't know ;)
<dsdg> foo, :)
<dsdg> ok, i am chilled :) was just thinking out loud, sorry buddy dont mean to tense you up,
* foo drop kicks dsdg 
<dsdg> it's friday and im cool, just want to do stuff get this server up and ready so i can go home :)
<dsdg> but you can find out how to do that right?
<dsdg> ;)
<foo> Yeah, one minute
<dsdg> thank goodness :)
<foo> Aha!
<foo> http://ubuntuforums.org/showthread.php?t=89491
<foo> sysv-rc-conf
<foo> I knew it was sys something
<dsdg> thank you, busy reading it now,
<foo> ok
<dsdg> Package sysv-rc-conf is not available, but is referred to by another package.
<dsdg> This may mean that the package is missing, has been obsoleted, or
<dsdg> is only available from another source
<dsdg> E: Package sysv-rc-conf has no installation candidate
<foo> hmm
<dsdg> damn man, this cant be, 
<foo> hmm. 
<foo> apt-get update 
<foo> then try
<dsdg> i did,
<foo> hmm, ok
<dsdg> is there no way else?
<fabbione> man update-rc.d
<fabbione> don't use that crap
<fabbione> the sysv-rc-conf thingy i mean
<infinity> sysv-rc-conf is in universe.
<infinity> Though I don't recommend its use.
<fabbione> and i should be in bed.. too restless to lay more
<dsdg> no i will use update-rc.d
<dsdg> it's 10 am here in cape town south africa..
<dsdg> i am doing everything in console, so how can i search apt? like i want to install mc, and apache, but how do i tell apt apache1 or apache2? and to compile with mysql support?
<infinity> "compile with mysql support"?
<infinity> This isn't Gentoo.
<infinity> As for picking the right apache, read package descriptions? :)
<infinity> (apt-cache search apache, followed by, say, apt-cache show apache2-mpm-prefork, which is probably what you want, if you intend to use php...)
<infinity> If you wanted a typical LAMP setup, you might be looking for "apt-get install apache2-mpm-prefork apache2 libapache2-mod-php5 php5 php5-mysql mysql-server"
<dsdg> infinity, damn right this isnt gentoo ;) anycase, i got it, like the symlink to enable modules, quite cool,
<foo> Hm, I am looking at iostat and the disk is reading 13539 blocks a second and writing 39 blocks a second. Does this sound like a lot of disk usage? Device:            tps   Blk_read/s   Blk_wrtn/s   Blk_read   Blk_wrtn sda              59.40     12552.66        39.46  415818342    1307224
<eilker> !xen
<shwag> Where is the cronjob that launches the mysql debian-sys-maint job ?
#ubuntu-server 2006-12-09
<NineTeen67Comet> g'day all . does anyone have the default contents of /etc/apache2/sites-enable handy? I seemed to have tossed the one that I needed .. 000 something I think .. 
* NineTeen67Comet all my sites point to the first virtual host now .. 
<NineTeen67Comet> P.S. What is a suggested FTP server app to run to allow users to their www directories .. Normally from my experience it was very hard to give ftp users access to anyplace but their home directory OR their web directory .. (could the follow simlinks?) .. 
* NineTeen67Comet moved over to proftpd .. wu-ftp looks little messy ..
<storkme> how does one forcibly remove a package
<foo> apt-get remove <package> doesn't work?
<storkme> nevermind, got it
<storkme> had to remove the init script, reboot, purge, and reinstall
<storkme> g'nightr
<foo> ah
<dsdg> halo, anyone running apache2 in ubuntu dapper?
<dsdg> i have a problem where it's not including modules
<dsdg> eventhough they are in the mods-enabled directory (symlinked)
<dsdg> funny thing is mod include isnt in the modules list..
<dsdg> so how will that include statement in the apache.conf even work :(
<infinity2> dsdg: mod_include has nothing to do with includes in the conffile.
<infinity2> dsdg: It's for shtml includes.
<dsdg> hey infinity2 i see that mod_auth_mysql is wacked man! different config values...
<dsdg> i have added _ to some of the values and then it works...struggeling to find the correct values here
<dsdg> stooopid devs
<infinity> stooopid devs?
<infinity> Would it help you be a bit more polite if I pointed out how many times my name appears in the apache2 changelog?
<infinity> Though mod_auth_mysql is something I generally consider worthless.
<foo> dsdg: eh, I have to agree. Again, chill. Unless you have the time to contribute...
<foo> ah
<dsdg> my point is that standardization wont hurt, and again, how must i know to add _ between the values, now im stuck with this option, Auth_MySQL_UserTable - i see the web refers to this Auth_MySQL_Password_Table - but that wont work as well, so im stuck again...
<dsdg> change Auth_MySQL_Password_Table to Auth_MySQL_UserTable
<dsdg> Invalid command 'Auth_MySQL_UserTable', perhaps mis-spelled or defined by a module not included in the server configuration
<dsdg> must i now guess these values? 
<dsdg> and mod_auth_mysql is great, i am trying to use it with webdav...runnign a whole projects server of dav, and putting the auth in a db makes perfect sense, but try now to get it to work...good luck!
<infinity> I tend to use mod_auth_pam, then hand off authentication to PAM modules.
<infinity> (Where you could still use MySQL, if you wanted to, I suppose)
<dsdg> it's nice, cause i put my mail, ftp, apache all auth in mysql,
<dsdg> but damn man, i whish i could just do it, instead of having to search the net for values that suppose to be standard,
<dsdg> in gentoo those values dont even have _ in them,
<dsdg> and thats how it reflects on the sourceforge.net page,
<dsdg> anyways :) im just bitching becuase i can :)
<infinity> dsdg: Right, if you're authenticating multiple sources against MySQL like that, that's why it would make more sense to use PAM.
<infinity> dsdg: Cause they should all be able to use PAM auth, then you have a uniform backend.
<spike> infinity: excuse me, I dont really understand your last comment, would you mind argumenting? I fail to see how postfix, vsftpd, apache all using some mod_mysql and authing against it isnt a "uniform backend"
<spike> I can see how one could use pam for all those services, and if necessary, add libpam-mysql to the equation, but I fail to see how that would be better
<spike> in principles I can see the difference as in: services -> pam -> mysql Vs  some services -> pam -> xyz + other services -> mysql
<spike> but in practise judging latter inferior, uhm, not sure about that
<infinity> Different MySQL auth stuff can sometimes want different table layouts, etc.  Using PAM allows for uniformity.
* infinity shrugs.
<infinity> It's also just a bit more elegant, IMO.  And means that you don't need every service to have a MySQL plugin of some sort.
<spike> both good points, fair enough, no need to shrug really
<shawarma> Not really on-topic, but this is probably the place most likely to have someone who will answer positively: Does anyone happen to have either an ia64 or sparc ubuntu installation that a) they'd run a tiny experiment for me on or b) lend me access to for a little while?
<storkme> what's the best way to install LAMP on a working 6.06 ubuntu server installation ?
<fabbione> shawarma: i have both ia64 and sparc...
<fabbione> shawarma: send me a mail with details of what you need.. they are both headless machines.. so no X stuff...
<thom> storkmee: sudo tasksel and choose LAMP
<shawarma> fabbione: Rock'n'roll. Thanks!
<fabbione> shawarma: also.. i won't look at it today or tomorrow.. it's monday busines
<fabbione> +s
<fabbione> shawarma: and for access you need to ship at least another 5lt of beer :)
<fabbione> last time was good.. this time needs to be excellent ;)
<shawarma> Heh... If we manage to both go to a UDS at some point I'll be sure to pay my dues. :-)
<fabbione> shawarma: eheh ok
<fabbione> i am off...
* fabbione &
<storkmee> i have no tasksel command
<thom> sudo aptitude install "~tLAMP" would also work
<storkmee> i did it manually anyway :p
#ubuntu-server 2006-12-10
<levander> Well, I just got my network card driver compiled as a kernel module, and loaded it with modprobe.  Now, how do I actually access the network card?  "sudo ifup eth0" gives me some "No such device error"
<infinity> You have a network card that isn't supported by our kernels?
<shawarma> win 2
<shawarma> doh...
#ubuntu-server 2007-12-03
<kgoetz> hi all. how can i check if sasl is using the correct backend? postfix calls sasl, and sasl tries to look up its /etc/sasldb2 file. saslauthd is configured to connect to ldap, and isnt getting called at all by postfix :\
<kgoetz> the othe rthing is that the file does exist
<Zylstra555> About how many users can a server with a 366MMHz Processor and about 80MB free space handle? (Ubuntu server)
<Zylstra555> (doing your basic PHP forum and HTTP pages)
<macd> you can always use things like seige and php-benchmark to test that
<macd> also httperf, autobench are apache tools
<macd> so to test your php enabled pages/site just disable the login and let one of them test a page that uses php
<Zylstra555> Interesting
<kraut> moin
<XiXaQ> moin :)
<XiXaQ> I'm looking forward to trying JeOS.
<vetri> ntp server means ?
<vetri> how can i configure....
<vetri> what is the use of ntp server
<Kamping_Kaiser> its a time server
<Kamping_Kaiser> as per its package description
<sergevn> you can synchronise with an time server on the internet.
<sergevn> localmachine => time.microsoft.com for example
<sergevn> ;)
<PanzerMKZ_> oh shame on you
<PanzerMKZ_> atleast not post addy of m$ ntp server
<vetri> i installed ntp server
<vetri> how can check whether its working or not
<PanzerMKZ_> have you synced with a ntp server?
<Kamping_Kaiser> ntpq -p
<Kamping_Kaiser> or syslog
<sergevn> PanzerMKZ_: was a joke :)
<PanzerMKZ_> i know
<sergevn> vetri: is most of the cases your ISP has an ntpserver
<vetri> sergevn,thanks
<vetri> how can i check
<soren> ivoks: Hey.
<soren> ivoks: I've been thinking.. I don't see any harm in having dovecot always put its auth socket (by bind mounting) inside postfix' chroot.
<soren> ..so we "just" need postfix to use it if it's available.
<ivoks> what if someone has dovecot and exim?
<soren> The are a few paths to this.. a) Postfix gets installed, and dovecot is already installed => postfix should get configured to use dovecot for SASL auth.. b) dovecot gets installed while postfix is already installed => postfix should be configured to use dovecot for SASL auth.. c) as a result of either a) or b), postfix has been configured to use dovcecot for SASL auth, but the admin doesn't want that. He should have an option to stop postfix from 
<soren> ivoks: Screw them.
<soren> ivoks: :)
<ivoks> haha
<ivoks> i agree, but we do have exim in main
<ivoks> so, we support it
<soren> exim and postfix conflict.
<soren> ...so they won't be installed at the same time anyway.
<ivoks> that's not the problem
<ivoks> problem is that you have dovecot, which by defaults looks at /var/spool/postfix/
<soren> Er?
<soren> Why would dovecot look in postfix's spool?
<ivoks> for dovecot-postfix-sasl, you have to tell dovecot where to put it's auth socket
<soren> Oh, right.
<soren> Yes, that's why I want it to be bind mounted.
<ivoks> and, since postfix is chrooted, only solution is /var/spool/postifx
<ivoks> yes, binding is an option
<soren> ...so that its real socket stays in /var/run/dovecot, where it belongs.
<ivoks> atm, dovecot-auth can't listen on tcp port
<soren> There's a reason for that, I guess. There's no way to limit access to it that way.
<soren> Well... Yes, with iptables and such, but then it gets hairy.
<ivoks> i'm ok with binding during postfix start()
<ivoks> if [ -e /var/run/dovecot/auth-socket ]; mount bind; fi
<ivoks> + making sure dovecot start before postfix
<soren> Right.
<soren> ...and while its doing the bind mount, it can check if e.g. /etc/postfix/dovecot_sasl_configured.stamp exists, and if not, do the configuration and create that file. If the admin decides to revert that change, it won't get reinstated.
<soren> On upgrades, we can just touch that file so that we won't fudge existing configurations.
<soren> ...and put a note in the release notes that removing that file will set up this cool new configuration.
<ivoks> hm...?
<soren> It's quite common for us to provide fancy new features that don't get enabled on upgrades as there's often no proper, safe way to do so.
<soren> ..and by doing it this way, we don't need an extra package and we don't depend on stuff being installed in the right order.
<ivoks> well, postconf should be more than great:)
<ivoks> with postconf we can check existing configuration
<soren> True.
<ivoks> well... hmm....
<soren> it's just a fairily intrusive change on a running system.
<ivoks> it is
<ivoks> we can't tell with postconf :(
<soren> s/fairily/fairly/
<soren> Exactly.
<soren> The common way to do this is to add it to the release notes.
<soren> Let me rephrase: If we can get this to work on fresh installs (not just completely new ubuntu installs, but also just for people who haven't had these packages installed before), I'll be happy. If we can make it work on upgrades as well, that's even better, but not a requirement in any way, IMO.
<ivoks> we can do both
<ivoks> whit is what postconf returns on non-sasl-enabled systems:
<ivoks> smtp_sasl_auth_enable = no
<ivoks> so, if it's no, enable it and set if up; if yes, move along and don't touch anything
<soren> Maybe the admin doesn't want sasl?
<ivoks> true...
<ivoks> i can't think of one that don't want that... but ok :)
<soren> I can't think of anyone who'd like to use Windows, but nevertheless..
<ivoks> :)
<ivoks> so, you would like to disable it by default on new installs
<soren> No.
<soren> Not at all.
<ivoks> on upgrades then
<soren> Upgrades of postfix probably shouldn't enable this feature, right.
<soren> Talk to lamont about that bit, though.
<ivoks> does postinst knows the difference between install and upgrade?
<ivoks> right, as a motu, i should know that :D
<soren> Sure.
<soren> $1 = install, $2 = previous version
<ivoks> ok
<soren> [ -z "$2" ] || echo this is a new install
<ivoks> then i can do that
<ivoks> then postfix start() should check if dovecot is set as sasl engine
<ivoks> and do binding
<ivoks> but, people will hate us if we do that in start() and they change dovecot's config
<soren> ivoks: Why?
<soren> ivoks: What's the use case?
<ivoks> hunderds of howtos on dovecot+postfix sasl
<ivoks> they all say change dovecot's config
<ivoks> and postfix's
<soren> I refuse to keep from making things smarter because there are howto's somewhere on the internet that explain how to do things the hard way.
<ivoks> i know couple of admins that would break exsisting setup and then do it their way
<soren> That's fine.
<soren> ?
<ivoks> they would be surprised to find out that their socket isn't there, despite dovecot's config
<ivoks> ok.. i think i know how to do it
<ivoks> in dovecot, we leave path as /var/run/dovecot/sasl/auth
<ivoks> and then bind /var/run/dovecot/sasl as /var/spool/postfix/dovecot-sasl
<soren> Precisely.
<ivoks> this is self explanatory
<ivoks> and everybody would figure it out
<soren> It's dovecot's sasl socket. a) It's dovecot's socket. It belongs there. b) Other services might look there for it.
<ivoks> so, even if they change config of dovecot
<ivoks> there would still be /var/run/dovecot/sasl, and it could be mount-binded to postfix chroot dir
<soren> Um.. That looked wrong. You know what I meant. :)
<ivoks> yeah... ok, i think we have a solution :)
<soren> Hm... dovecot -p might be a better choice than checking for the socket.
<soren> Or using dovecot -p to find the right path.
<ivoks> i have to start vmware to figure out what dovecot -p does
<ivoks> :)
<ivoks> i don't have it on any of my gutsy machines
<soren> It corresponds to postconf (no options)
<soren> It dumps the config.
<soren> Er... dovecot -a
 * soren can't read.
<ivoks> uh...
<ivoks> hard to parse...
<soren> Yeah, a bit.
<soren> brb
<ivoks> i'm open for better than:
<ivoks> dovecot -a | grep -A9999 auth | grep -A9999 socket | grep path
<ivoks> :)
<ivoks> ok ^auth :)
<soren> sudo dovecot -a | sed -n -e '/^auth default/,/^[a-zA-Z0-9]/ p' | sed -n -e '/^  socket:/,/^  [a-zA-Z0-9]/ p' | sed -n -e '/^    client:/,/^    [a-zA-Z0-9]/ p' | grep path | cut -d: -f2 | cut -d\  -f2
<soren> Booyah!
<soren> It can sure do with a clean up, but it works.
<ivoks> heh, this returns nothing for me :)
<ivoks> error is ^client
<ivoks> should be client
<soren> It doesn't say ^client anywhere?
<ivoks> right, bad pasting
<soren> It says '/^    client/'
<ivoks> but we shouldn't count whitespaces
<soren> There. Done. I'll pastebin..
<soren> http://pastebin.ubuntu-nl.org/46677/
<ivoks> lol, nice
<ivoks> hm... anyone did installation of vmware-server in gutsy?
<soren> ivoks: I belive I did.
<soren> ivoks: why?
<ivoks> i just installed it and it reports that newer version is available
<ivoks> and when i upgrade, it installs the same version
<soren> Known issue.
<ivoks> and again reports that newer version is available :)
<soren> iz soyuz bug
<ivoks> oh... ok then
<ScottK> ivoks: You know that the openssl that vmware-server uses has an unpatched remote code execution exploit open against it, right?
<ivoks> ScottK: that vmware isn't available to the outside world
<ScottK> ivoks: OK.  Just making sure.  Canonical uploaded it to partners with that known vulnerability, so I thought I'd mention it.
 * ScottK is particularly burned because he expended a lot of effort to get openssl097 removed before the Gutsy release.
<ScottK> Very disappointing to see it reappear.
<ivoks> am i wrong, or this is canonical-only problem?
<ivoks> openssl0.9.7 is in partner, right?
<soren> Yes.
<ScottK> ivoks: Well if you look on the LP page for Ubuntu, it lists partner and partner is in Ubuntu's default sources.list, so while only Canonical can fix it, I think it is an Ubuntu problem.
<ScottK> If Canonical wants to distribute security deficient code, I really wish they would do so in a way that is clearly distinct from Ubuntu.  Partner is much less distinct than Commerical used to be.
<ivoks> ScottK: partner isn't enabled by default
<soren> Partner is enabled by default?
<ScottK> No, but it's listed.
<ivoks> mozilla plugins are in firefox bookmarks too, but you can't say that bug in plugin is a bug in ubuntu
<ScottK> ivoks: Mozilla plugins aren't listed on the main LP page for Ubuntu either.
<ScottK> ivoks: Look at https://launchpad.net/ubuntu and tell me partner doesn't look like part of Ubuntu?
<ivoks> it does, that's true
<ivoks> and should be changed
<ScottK> There's a bug against LP on that.
<ivoks> but that doesn't change the fact that there's no libssl0.9.7 in ubuntu
<ivoks> there's a bug in LP, yes
<ivoks> but not in ubuntu
<ScottK> Actually the bug in LP on openssl097 for Gutsy for this issue describes it as in Ubuntu.
<ScottK> We may feel it's separate, but it's really not managed that way.
<ivoks> take care, see you tomorrow
<soren> ivoks: Likewise!
 * ivoks hugs you like this http://image.dnevnik.hr/media/images///gallery/Dec2007//86528.jpg
 * soren chuckles
 * soren wonders which one he's supposed to be
<dendrobates> clifter1: welcome
<soren> clifter1: Jason?
<clifter1> dendrobates: Thanks!
<dendrobates> soren: yep.
<soren> clifter1: Ah, welcome!
<soren> Now, please fix all my bugs. kthxbye.
<clifter1> soren: Thank you!  is that the task for today ? ;)
<dendrobates> soren: could you go over setting up a development environment and basic packaging?
<dendrobates> soren: with jason.
<soren> Um..
 * soren ponders where to start
<soren> clifter1: You could start by registering your nick, so that we can /msg each other.
<soren> !register
<ubotu> By default, only registered users can send private messages - Information about  registering your Freenode nick can be found at http://freenode.net/faq.shtml#userregistration
<clifter1> soren: Thx.  Going through it now.
<ScottK> soren: If you're going to do a basic packaging overview, you might want to do it in #ubuntu-motu so that people who are learning there would benifit and the other MOTUs there could help out.
<soren> ScottK: That's the plan :)
<clifter1> register
<clifter1> register Glamdring5
<soren> Heh..
<soren> Better come up with a new password, and then: /msg nickserv register yournewpassword
<clifter1> hide email on
<clifter1> set email clifter1@yahoo.com
<soren> clifter1: You need to type "/msg nickserv" before the commands
<clifter1> soren: yea I got it and my email set.
<soren> You're not registered..
<soren> nealmcb: I just did a gutsy install (using the server iso) inside the hardy qemu and that worked like a charm.
<dosnubbie> Hey how would one install Ubuntu-Server onto a Gateway Server that doesn't like to boot of CD/DVD drives?
<lamont> what is it with people popping in, asking a question, and leaving 2 minutes later?
<sommer> lamont: I think it's a personal attack on my ability to answer questions... :-)
<lamont> heh.
<lamont> PXE is the answer, of course.
<lamont> now what was the question?
<sommer> heh... maybe he found the answer and was like "see you peeps... I'm out"
<lamont> maybe google helped him.  I hear it sometimes has answers.
<zul> lamont: maybe they had an epiphany
<MenZa> badum-chi
<kshah> I somehow locked myself out of ssh'ing into my server, I reconfigured sshd_config after noticing many login attempts from an unknown IP on port 22 I switched to another port and set up iptables, I reinited and everything was working fine, but somehow, somewhere I just lost the ability to log in remotely - I can enter my username and I never get prompted for a pass then my connection deads
<kshah> help?
<soren> kshah: Which client are you using?
<ScottK> I don't suppose you happen to have convenient physical access to the server?
<kshah> soren: putty
<soren> kshah: Thought so. Putty asks for your username before it attempts to connect.
<kshah> ScottK: i do, i'm sitting there right now, this actually happened a few days ago, but I want to make sure when I go back home I can use it
<soren> kshah: So it's not like ssh is half working or something. You're probably completely locked out.
<kshah> soren: oh.. wow, that was both good (cause i know the answer) and upsetting
<kshah> so switch client or...
<soren> Well, what's the iptables command you used?
<kshah> is it an actual problem
<soren> No, it's not the client that's at fault.
<kshah> oh
<kshah> i thought that was what you were implying
<kshah> for iptables I followed the HowTo Guide on help.ubuntu.com
<soren> Because putty acts the way it does (opening the window and asking for your username) it looks as though you're connected and then gets kicked off or something, but that's not the case at all.
<kshah> and I saved the rules, let me check to see if they stuck cause i just restarted
<kshah> oh i see
<soren> ..so it can sometimes fool you into thinkig that your ssh server is b0rken, while it's really the network that's acting funny.
<kshah> and iptables did not save, when I restarted and ran sudo iptables -L I'm back at sq. 1
<soren> kshah: No iptables rules? And you still can't connect?
<kshah> soren: yeah, still can't connect, i'm going to restore my original sshd_config settings and just change the port, reinit and see if it works
<soren> kshah: What did you change in sshd_config ?
<kshah> the options they suggested changing only, login time, AllowUsers, lLogLevel
<soren> They?
<kshah> sorry: https://help.ubuntu.com/community/IptablesHowTo
<soren> That doesn't even mention sshd_config?
<kshah> i'm an idiot, i linked the wrong one
<kshah> I meant https://help.ubuntu.com/community/AdvancedOpenSSH
<kshah> I have both open, my bad
<soren> Well, if you have no iptables rules in place, then you actually did botch your sshd_config.
<soren> :)
<soren> I don't know if you consider that a good thing, but there you go :)
<kshah> my iptables rules didn't save after I wrote them the other day
<kshah> I read that they go back to default unless you save them properly
<kshah> so I assume that is what happened
<kshah> and I still can't ssh in... which is very very strange
<kshah> I restored my original rules
<kshah> soren: i restored the default settings save the port and i'm accessing it locally 192.168.1.100:22 and now I can't even put in my username in putty
<kshah> i somehow made the situation worse by allegedly making it better
<soren> Ok, maybe putty has been changed since I used it last. That's good :)
 * soren needs to run
<kshah> k thx
<kshah> is there another client i should perhaps use?
<ScottK> kshah: On Windows you can instally cygwin and use ssh.
<kshah> doing that now :)
<kshah> my sshd problem is a whole nother mess now though
<kshah> yay works
<kshah> does iptables-save allow me to not have to edit etc/network/interfaces and place a pre-up and post-down iptables-restore directive? or is that still necessary?
<bieb> i will be putting my server up at the company I work for (ie. job.com) currently any of the windoze servers are named somename.job.com, where is that during the ubuntu setup? would I have to enter the whole string? bieb.job.com? or just name the server bieb?
<centaur5> bieb: That would be the host name field during the install.
<bieb> centaur5 just the name of the server (ie bieb) not bieb.job.com?
<centaur5> bieb: I just did the bieb part but I couldn't tell you if it would work either way.
<bieb> I see
<bieb> I am going to build a jabber server for internal use, anything else I should keep in mind?
<centaur5> bieb: Yeah, get a hammer or some migraine medicine.  I attempted that last week but didn't quite finish.
<bieb> ohhh?? that bad huh?
<centaur5> Well the howto I was following off the community doc site didn't go very far in depth so I searched around for other howtos and there just wasn't much information for when things didn't quite work like they should.
<bieb> which server you setting up?
<centaur5> I thought it was going to be a piece of cake.
<bieb> ejabberd? jabber? openfire?
<coNP[uni]> Can someone refer me to some documentation regarding how to set up PostgreSQL authentication in Apache2 (for Gutsy)?
<centaur5> just jabber from the package manager
<centaur5> I used this site: https://help.ubuntu.com/community/SettingUpJabberServer
<bieb> ejabberd is in the ubuntu package manager now
<bieb> I installed it from synaptic
<centaur5> Is ejabber supposed to be easier?  I guess that howto is probably kind of old.
<bieb> ejabberd has some other things I needed, like active directory authentication
<ScottK> kshah: I have a script that I use to set them up.  I just run that as one of my init scripts.
<bieb> what script ScottK?
<centaur5> bieb: Well good luck, I'm hoping to attack jabber again this weekend or next.
<bieb> I guess I will look for more docs
<bieb> the ##jabber channel is pretty quiet
<ScottK> bieb: One I wrote, but I think it's not relevant to your question.  I was answering a question that kshah asked before you joined.
<bieb> ohhh I see
<bieb> thanks
<kshah> ScottK: but I can achieve the same by editing /etc/network/interfaces, right?
<ScottK> kshah: I'm really not sure.  I just know how I do it.
<centaur5> bieb: ejabberd looks a little easier, perhaps I'll try that and remove my previous work.
<bieb> cool
<bieb> good luck
<bieb> I will be getting back at it soon too
<centaur5> same to you  :)
<bieb> thanks
<bieb> is it better to build the ubuntu server with the regular 7.10 disk? or one of the other 7.10 options?
<kshah> what are the major differences between 7.04 and 7.1 ?
<kshah> 7.10 rather
<centaur5> kshah: all the "implemented" plans were added to gutsy https://blueprints.launchpad.net/ubuntu/gutsy/
<kshah> checking it out
<bieb> centaur5  any thoughts on my question?
<centaur5> bieb: if you want a command line server use the alternate cd
<bieb> so other than X, they are the same install?
<centaur5> bieb: Well alternate actually has a "server" install option to where it does very basic packages whereas the live cd installs all the desktop apps.
<bieb> I see
<bieb> centaur5 what server items need to be running for jabber? just apache?
<centaur5> bieb: If you want lightweight gui use the Xubuntu cd
<bieb> are you using your jabber server for more than jabber?
<centaur5> bieb: Yes, I'm using it for lots of services and applications.
<bieb> I see
<bieb> if it is just a jabber server, I dont need php, mysql, or any of that do I?
<centaur5> bieb: I haven't checked the dependencies of ejabberd but you can look in the package manager.
<bieb> ok.. thanks centaur5
<centaur5> no prob
<centaur5> For JUST jabber, I would go command line...but that's me.
<centaur5> Does anybody know of a site that I can get some really good information on the best way to calculate the amount of inodes needed on a partition?
<ScottK> dendrobates, soren, others ... I was thinking it might be nice to also add http://www.catb.org/~esr/faqs/smart-questions.html to /topic.  Any thoughts?
<dendrobates> ScottK: It looks good to me, but the real bad offenders won't read it.
<ScottK> dendrobates: OTOH, if it gets even one person to stop and think ....
 * ScottK will add it.
* ScottK changed the topic of #ubuntu-server to: Ubuntu Server discussion and support || For general (not server specific) support visit #ubuntu || Seriously good guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html || Guide on asking questions that get answered: http://www.catb.org/~esr/faqs/smart-questions.html ||  Be patient.  It's best to just ask your specific question including relevant information || server guide: https://help.ubuntu.com/7.10/server/C/ || https
<Burgundavia> did everybody see that sun released the apoc stuff today?
<mralphabet> ScottK: the topic is so long it cuts off the url after https://help.ubuntu.com/7.10/server/C/
<ScottK> mralphabet: Thanks.  I'll shorten it.
* ScottK changed the topic of #ubuntu-server to: Ubuntu Server discussion and support || For general (not server specific) support visit #ubuntu || Seriously good guide to asking questions on IRC: http://www.sabi.co.uk/Notes/linuxHelpAsk.html || Guide on asking questions that get answered: http://www.catb.org/~esr/faqs/smart-questions.html ||  Be patient.  Don't ask to ask, just ask.  || server guide: https://help.ubuntu.com/7.10/server/C/ || https://wiki.ubuntu.com/ServerTeam
<ScottK> mralphabet: How's that?
<mralphabet> ScottK: much better
<proprietarysucks> anyone know the kickstart command to make ubuntu not ask to continue after being unable to reach security.ubuntu.com or to turn this check off?
<mralphabet> proprietarysucks: wasn't that asked and answered like a week ago?
<Gnomonic> I don't know if this is a Ubuntu Server question, but it is certainly not a Desktop question :). I have got a cheap VPS at vps4less.de. The problem is, that no locales are setup. How am I to do this excactly?
<Gnomonic> ( oh, and hello guys and gals, by the way :) )
<fujin_> *no* locales?
<Gnomonic> fujin_: Well, I suppose that 'POSIX' is there.
<fujin_> when you type `locale`
<Gnomonic> fujin_: it says POSIX all the way down.
<Gnomonic> The real problem is, that I had some help some while ago, and I managed to get da_DK.UTF-8 working.
<fujin_> and what does locale-gen say?
<Gnomonic> But it's very unstable. When I log in, it's standard POSIX. If I do export 'LANG=da_DK.UTF-8', locale returns the correct things. But if I log onto IRC irssi (which is the main use of the VPS), UTF doesn't seem to be active. But sometimes it works. It seems kinda voodoo-like.
<Gnomonic> I was just searching for the 'correct' way to set up locales.
<fujin_> yeah sorry I've never had to do it.
<Gnomonic> locale-gen says da_DK.UTF-8... up-to-date
<Gnomonic> fujin_: me neither :). It has seemed to be a part of a standard install since Redhat 4.
<Gnomonic> I don't even know if the system is Debian specific :(
<Gnomonic> The annoying thing is that the vps-hosts standard Debian image seems to work. But then I have to set up sudo and some other stuff manually, which I don't fancy either.
<kshah> hey, I want to redo parts of my RoR installation on 7.04 server, how can I get a list of currently installed packages by me?
<kgoetz> kshah: afaik you cant list only packages installed by you
<kshah> kgoetz: thats even better, is that dkpg command?
<kshah> or?
<kgoetz> kshah: `dpkg -l |less`
<kshah> thanks
<somerville32> All packages are installed by root
<kshah> i really just wanted to see why zlib isn't working for me
<kgoetz> whats zlib, and whats 'not working'?
<fujin_> dpkg --get-selections
<fujin_> will show all that is installed
<fujin_> kshah: that'd odd, what part of zlib isn't working?
<fujin_> kgoetz: zlib is open-source compression
<nealmcb> soren: ahh - interesting!  any idea what changed in qemu so that it works now?  did you try it with the gutsy qemu and see problems?
<soren> No, I didn't have a qemu system handy.
<soren> er...
<soren> bollocks
<soren> gutsy system.
<kshah> fujin: now I fixed that.. kinda, now I get gem_original_require
<kshah> : no such file to load -- zlib (LoadError)
<kshah> I perhaps should be asking this in the RoR channel
<kgoetz> anyone else running gutsy and updatedb not being run automatically?
<fujin_> I don't believe it ever is run automatically?
<fujin_> unless it's in /etc/cron.*
<kgoetz> i've never seen a debian box where its not updated before :\
<soren> nealmcb: I'll probably try again tomorrow.
<DrSmall> Hello
<DrSmall> If install a server, install X, and then pull the video card, will X still work and be able to launch apps over SSH ?
<kgoetz> you should only need x on the client, not server
<DrSmall> Oh, really ? I thought I would have needed it on the server too. This sounds good. Thanks :)
<proprietarysucks> does anyone know if there is a way, using a kickstart file, to tell ubuntu either: don't try to contact security.ubuntu.com or: don't ask to continue when it's not reached?
<keescook> proprietarysucks: don't know.  perhaps plunk a /etc/hosts file entry to redirect to a local apache server?
<proprietarysucks> very interesting
#ubuntu-server 2007-12-04
<kgoetz> proprietarysucks: i think you can, i dont know how. (havent dealt with those redhatty things before)
<pschulz01> Greetings all! I have an interesting server problem..
<pschulz01> We (work) are installing a new server and at the same time preparing some backup hardware should somethign go wrong..
<pschulz01> The plan is to do nightly backups to a disk, and then be able to swap in the new hardware with the new disk, if required, and take off from where the backup was done.
<pschulz01> There are issues with 'udev' wanting to keep network device names around (easy to fix) and an issue with sysklogd not starting up properly.
<pschulz01> Hm.. I'll send my question to the mailing list.
<Zylstra555> are there any free, safe, good external SMTP servers, if you dont want to create your own?
<sommer> Zylstra555: usually your ISP will allow you to use theirs.
<sommer> there may be limits though
<Zylstra555> sommer: Righto, I shall need to contact them
<sergevn> How are the experiences with JeOS here in the channel? :)
<kraut> moin
<soren> sergevn: What do you want to know?
<Burgundavia> soren: should I assign ebox bugs to you?
<soren> Burgundavia: Nah. I'll look at them, when I get to eBox on my list anyway.
<soren> Burgundavia: And if someone else feels like looking into it, they're more than welcome :)
<sergevn> soren: If someone has the "common" problems like with any new distro
<soren> sergevn: It's not exactly a new distro, but yes, I have to admit it has a few annoying quirks.
<tjaalton> whee, a newer nfs-utils from debian fixes nfs mounts.. I'll merge it now (mathiaz being absent)
<soren> tjaalton: Great, thanks.
<tjaalton> huh, there was a sync request too, but that's bogus
<tjaalton> I'll close that once done
<tjaalton> actually, it could be synced, since the only change is for initscripts Depends, which is now obsolete
<tjaalton> uh no
<tjaalton> not before sysvinit is merged :)
<soren> tjaalton: So what are you waiting for? :)
<tjaalton> soren: dput to finish :)
<soren> (You're not identified to nickserv, by the way)
<soren> tjaalton: Heh :)
<tjaalton> I'm not going to merge sysvinit if that's what you meant :)
<tjaalton> oh right, I changed my nick a couple of weeks ago..
<tjaalton> done
<tjaalton> I _think_ keybuk want's to deal with sysvinit himself ;)
<soren> tjaalton: That was indeed what I meant, yes :)
<mikone> hey, for some reason my gutsy machine (just did an upgrade from feisty) does not "recognize" the root user anymore. when booting it tells me "only root can do that" several times when its supposed to mount the drives.
<soren> All drives?
<Kamping_Kaiser> sounds like stuffs running as the wrong user, not lacking root
<mikone> yes.
<mikone> the boot process itself?
<Kamping_Kaiser> you using any fancy crypto stuff?
<soren> mikone: What is the precise output you get? Can you tell which commands it's trying to run?
<mikone> yes of course.. it will take a while because i cant access the computer remotely
<mikone> okay, first of all grub is loading the kernel image (starting up, loading... please wait), after that, kinit resolves the swap partitions name and searches for an image which it should resume from (none is found) and then it tells me that "No resume image (was found), doing normal boot" - the very next message already is "mount: only root can do that"
<mikone> so it probably tries to mount the partitions listed in fstab...
<soren> Ok, so you can't actually see the commands it's trying to run.
<soren> Can you boot it without "splash quiet" on the kernel command line?
<mikone> yes, i will change it
<mikone> the first mounting error appears immediately after executing /scripts/init-bottom but it does not tell me how the mount command does look like
<mikone> and i can't access any logs since it is not able to mount the partition which is bound to /var and the root partition itself is read only...
<soren> mikone: This sounds very odd indeed.
<soren> mikone: Is there anything interesting about your setup?
<soren> How is it different from a standard install?
<mikone> yes, i've been changing the pam.d and nsswitch settings but resetted the settings to default already
<soren> What were your changes to nsswitch?
<mikone> they've been working before - i have a ldap server handling some user accounts but root still is in passwd of course
<mikone> i added ldap as the third place to lookup
<mikone> after compat and files
<mikone> do you think its something about nsswitch?
<soren> Could be.
<soren> nsswitch defines how to resolve uid <-> usernames, for instance.
<soren> I *shouldn't* matter, of course, but it might have.
<mikone> yes, i think i understood it this far though i'm not sure how it could affect the boot process when only having a third place for resolving uids/names
<mikone> i will give it a try and post my results as soon as i'm done
<mikone> thanks for now :)
<soren> Well, fixing it now won't help much, I think.
<soren> ...although..
<soren> Well, it's hard to tell what the problem actually is, so it's hard to guess what would fix it. :)
<mikone> what do you mean by "fixing it now"? doesn't it make a difference when changing the nsswitch configuration from a live cd or stomething?
<mikone> yes, the most terrible thing is not having access to any log files :)
<soren> That could work.
<soren> Fix the nsswitch.conf and run update-initramfs -u from a chroot into the file system.
<mikone> that probably is what i was missing. update-initramfs forces it to change what?
<soren> It updates the initramfs :)
<soren> It's the early userspace stuff that loads the drivers needed to mount your root file system.
<soren> Again, it's hard to tell what the problem is, and doing this can't really make things worse :)
<mikone> well, changing nsswitch to look up groups/users in files only did not help. i will try to use compat and files only though i don't know what compat means :)
<mikone> this is what happens when you're doing things you don't know anything about.. i think that's the lesson for today.
<mikone> do you think "update-passwd" could help too or does this not affect the early userspace?
<soren> mikone: Doesn't matter.
<mikone> gladly i made a backup of the most important configurations prior to updating... i think i will reinstall the system now before wasting your and my time anymore. thank you very much for your help!!
<soren> It's not trouble. Really.
<soren> We might uncover an actual problem that needs to be fixed and even learn something in the process :)
<mikone> okay, that's true.. it would be great if it was possible to get some log files but i can't imagine how to do this when not having a root user at all :)
<mikone> just as a sidenote: when starting in recovery mode i end up having a terminal which predicts to be root@server. but as soon as running any commands requiring root permissions like mount it tells me "mount: only root can do this"
<soren> Do you have that prompt around still?
<mikone> i may boot in recovery mode again, that's not a problem
<soren> Cool.
<soren> Do that, please.
<mikone> of course :)
<soren> ...and say when it's ready.
<mikone> okay, that's funny. last time i've been running the knoppix live cd to perform the update-initramfs i also assigned a password to the root user. when starting in recovery mode now, it asks me for the root password (which it did not do formerly) and it really seem to check the password
<mikone> however, i'm ready :)
<soren> That's the way sulogin works.
<soren> If the root user has a disabled password, it just dumps you at a root prompt. If it's got an actual password it asks you for it.
<soren> Ok, what does id say?
<mikone> after asking for the password it tells me that "bash: groups command not found" and the same for dircolors
<mikone> but nothing else
<mikone> and as it did before there are a lot of error messages from commands involved by the boot process which require root credentials
<soren> Ok try "id -u" instead.
<soren> Oh..
<soren> Now I know what you mean.
<soren> Just type "id" and tell me about the output.
<soren> I didn't mean "it" :)
<mikone> it could not find the command
<soren> Ah.
<mikone> is it somewhere below /usr ?
<soren> Yes.
<mikone> :(
 * soren things
<mikone> i'm afraid this partition is not available
 * soren thinks
<mikone> though i could copy its contents with knoppix
<soren> That's ok. We'll figure it out.
<mikone> i mean the contents of var partition to root partition
<mikone> erm, usr
<soren> Ok, run "mount", locate your root partitino.
<soren> What's in the parentheses?
<mikone> rw,errors=remount-ro
<soren> Ok. What are the permissions on /bin/mount ?
<mikone> oh, i think i see the problem
<mikone> its uid 1501 which is the root user in the directory (ldap)
<mikone> i mean thats the owner
<mikone> though "world" and "group" are allowed to read and execute
 * soren is on the phone
<mikone> -rwxr-x-r-x
<mikone> it's not like i'm in a hurry... i already told my boss that i probably have to set it up again :>
<Kamping_Kaiser> theres always `grep `whoami /etc/group /etc/passwd`` if you need to work out who you are :)
<mikone> i'll give it a try
<soren> Kamping_Kaiser: No, that's not good enough.
<mikone> whounfortunately whoami is not available too
<Kamping_Kaiser> gah. whoami is under /usr/ *grin*
<Kamping_Kaiser> soren, i havent read the full scrollback... perhaps i should
<soren> Kamping_Kaiser: Even if it wasn't, that wouldn't be good enough.
 * Kamping_Kaiser forgot the channel was active :$
<mikone> :)
<Kamping_Kaiser> back in 5-10 min ;)
<Kamping_Kaiser> readin
<Kamping_Kaiser> g
<soren> mikone: So somehow someone managed to chown root:root /bin/mount  and change it to the ldap root user?
<mikone> shall i copy the contents of the partition mounted to /usr to the root partition now?
<soren> No, don't bother.
<mikone> yes.. it probably looked up the ldap root user before the actual root user
<soren> chown 0:0 /bin/mount ; chmod 4755 /bin/mount
<mikone> it could have happened while upgrading
<soren> mikone: ...that really shouldn't happen.
<soren> mikone: If you added ldap at the end.
<mikone> i did
<soren> mikone: And besides: Nothing should be ch{mod,own}ing /bin/mount
<soren> chown 0:0 /bin/mount ; chmod 4755 /bin/mount  <--- Those two commands are likely to fix everything.
<mikone> yarr, root is read only. i have to restart and boot from a recovery cd
<soren> No, it's not.
<soren> You said the parentheses said rw?
<mikone> maybe an error appeared and it was remounted
<soren> dmesg?
<soren> Oh, hang on.
<soren> cat /proc/mounts
<soren> instead of running "mount"
<soren> There might be several that looks like they're mounted on /. You need to find the one with the right block device at the start of the line.
<mikone> you're right, it's mounted as rw
<mikone> ah okay
<mikone> i'm not sure about the uuid but there is one partition mounted read only
<mikone> this probably is the root partition
<mikone> yes it is
<Kamping_Kaiser> bloody nss* stuff. caused me some issues on my server too.
<soren> mikone: Is /dev/shm mounted?
<mikone> nope
<soren> Crap.
<Kamping_Kaiser> chown 0:0?
<soren> read only filesystem.
<mikone> and yes Kamping_Kaiser, but one really should read some more documentations before playing around :>
<mikone> do you think starting the recovery cd could help?
<Kamping_Kaiser> mikone, hehe. lamont saved my but by telling me to use nscd, magically my libnss-ldap worked, pity it wont help you ;)
<soren> mikone: Sure, I just wanted to not have to do that. :)
<Kamping_Kaiser> theres a way to remind / rw isnt there ? sometyhing like `mount -o rw /dev/rootDeviceHere`?
<soren> Yes, but the problem is that mount is suid another user.
<mikone> :)
<mikone> i'm gonna reboot and put the proper access permissions on /bin/mount
<Kamping_Kaiser> ah... is it time to chroot this in a live cd and run chkrootkit yet? ;)
<soren> Kamping_Kaiser: And it's -o remount,rw
<soren> Hang on...
<mikone> sure :)
<soren> mikone: You say it's -rwxr-xr-x ? Not -rwsr-xr-x ?
<mikone> uhh, i THINK its -rwxr-xr-x but i just rebooted.. it will take a minute or so
<Kamping_Kaiser> i was supprisingly close. thanks for the correction though
<soren> Kamping_Kaiser: :) Without the remount option it'll just say "already mounted. Go away. kthxbye"
<Kamping_Kaiser> soren, fair enough :) at least its nice enough to tell you it wont, unix's arnt always that nice :)
<mikone> soren, it definitely is -rwxr-xr-x
<mikone> i changed to ownership now
<soren> mikone: In that case, mounting should have worked.
<soren> Meh. Try it anyway :)
<mikone> okay ;)
<mikone> running the chmod command is still required?
<mikone> and if so, for umount to? because this file seems to have the same problem...
<mikone> YOU SAVED MY DAY!
<mikone> i'm not going to spend hours on reinstalling the whole system
<mikone> you are GREAT!!
<MenZa> soren is, indeed, great.
 * MenZa worships soren.
<MenZa> soren, did you ever go through the ubunut-dk members' list?
 * soren laughs
<soren> MenZa: No, someone said he'd send out the minutes from the meeting. I figured I'd do it then.
<MenZa> oh wait.
<MenZa> #ubuntu-server, right. >_>
<MenZa> The.. minutes?
<soren> "referatet" :)
<MenZa> The summary ;)?
<MenZa> Hmm
<soren> It's called "minutes". Go figure.
<MenZa> Yeah, I haven't received that yet
<Kamping_Kaiser> *fanboys soren *
<mikone> i just noticed :)
<MenZa> Interesting, soren
<MenZa> I still have the logs, if you want the names now, or we could wait for sbc's referat.
<MenZa> ;P
<MenZa> oh wait
<soren> I've got plenty of logs :)
<MenZa> I don't have the logs; they're on my desktop computer.
<MenZa> Alright. :)
<soren> Bah, I'll do it now.
<MenZa> :D
 * soren goes to lunch
<attunix> I customized my Ubuntu Server distro installation to have a python script run on startup from /etc/rc.local . How do I make this installed distribution into a Live or Install CD?
<attunix> I customized my Ubuntu Server distro installation to have a python script run on startup from /etc/rc.local . How do I make this installed distribution into a Live or Install CD?
<attunix> woops sorry :P
<soren> Hi, ivoks.
<ivoks> hi
<_ruben> any thoughts on bug #141601 yet, i added some info (output of ps)
<ubotu> Launchpad bug 141601 in tasksel "tasksel packages stays at 100%" [Undecided,New] https://launchpad.net/bugs/141601
<soren> _ruben: Nope.
<_ruben> soren: just curious mostly, since tasksel isnt something you'd use daily .. but having a (little bit more) bug-free release would be nice ;-) .. any extra info i could gather to help this case?
<soren> _ruben: i've poked the apt dude. He might be able to work something out.
<_ruben> ah ok
<ivoks> i got bitten by that bug
<ivoks> i tought i fscked something with my patch, but looks like i'm not alone :D
<_ruben> heh
<soren> Hmm... I think it's a debconf issue, actually.
<Gargoyle> Can I use crossover cables with nic bonding in the modes for increased performance?
<_ruben> Gargoyle: in theory i'd say yes, but never tried in practice
<soren> _ruben: ... I think I've fixed it.
<soren> Gargoyle: "in the modes" ?
<Gargoyle> soren: Yeah, like mode 1 is just fail over, 1 nic does all the work till it fails then the other one takes over
<soren> Ah.
<soren> So the question is whether or not it works with crossover cables?
<_ruben> soren: nice .. if only i could get WoL to work on that box i could've tried a possible fix right away :/
<_ruben> the box is supposed to support WoL, just doesnt seem to work :/
<soren> _ruben: Etherwake works better for me.
<Gargoyle> soren: Yeah, but not mode 1, I was thinking of the link aggregation modes
<soren> _ruben: I have not hardware that supports WoL as implemented in the wakeonlan package.
<_ruben> soren: i've used the 'wol' command/package on openwrt and some windows tool as well
<soren> Gargoyle: I've not understood your question. If you're asking if bonding works with crossover cables, then the asnwer is yes.
<soren> Gargoyle: It's quite agnostic to that sort of hting.
<soren> And typing is hard.
<soren> _ruben: Ok. I think wol on openwrt does the same as etherwake.
<_ruben> soren: ah
<soren> _ruben: Which is good.. :)
<_ruben> soren: its a dell machine, have read mixed experiences with wol on the 'net and dells
<soren> Gargoyle: If you've got Linux on both ends, I don't even think they both have to be ethernet. They could be ppp+wifi+ethernet+atm+whatever.
<Gargoyle> ohhh
<frippz> I'm looking to upgrade the NIC in an Ubuntu-server to a gigabit variant. any recommendations?
<soren> frippz: Intel cards are usually a fairly good bet.
<_ruben> no probs with intel here either
<frippz> great, thanks guys. I suspected that Intel would be a good bet :)
<mruiz> Hi all. I'm using Ubuntu Dapper and I want to connect Active Directory with Squid through squid_ldap_auth. I tried to test the connection using /usr/lib/squid/ldap_auth but I can't obtain results... I used -d (debug) flag without output.
<_ruben> hmm ... how do i get my hands on "the apt from gutsy-proposed", as suggested in bug #141601
<ubotu> Launchpad bug 141601 in tasksel "tasksel packages stays at 100%" [Undecided,New] https://launchpad.net/bugs/141601
<nealmcb> soren - on saturday my hard drive got messed up, while I was nailing down some more info on my gutsy/qemu/jeos experiences.  But when I rebooted in recovery mode (and with no silly splash screen), I got this:  alert! /dev/disk/by-uuid-ad2c6.......2a3 does not exist, dropping to a shell.  I was uploading the qcow2 with some nice snapshots, but that didn't complete before my system went down....
<nealmcb> by the way, I had needed ata_piix.blacklist=yes on boot to do the cdrom install in the first place, but I didn't seem to need that when booting the installed disk.
<hoarycripple> hello
<somerville32> lo
<hoarycripple> on #ubuntu I was informed that ubuntu server contains a server specific kernel and no gui.  I'm assuming it is possible to install X, but what are the kernel differences?
<hoarycripple> is there somewhere I can read about the differences?
<nealmcb> http://www.enterprisenetworkingplanet.com/netos/article.php/3710641
<hoarycripple> thanks!
<nealmcb> :-)
<sommer> nealmcb: that link is everywhere... doh
<nealmcb> sommer: yeah - I'm looking forward to having that documented on our own pages ;-)
<sommer> nealmcb: I plan on asking a couple of quesitons concerning that in the meeting
<nijaba> sommer: please do :)
<hoarycripple> ok, so I looked at the diff.  looks like all the modules for sound etc are being built in both server and desktop kernels.
<nealmcb> hoarycripple: right - pretty minor differences
<nealmcb> ...in terms of functionality - mainly tuning
<hoarycripple> and are the package lists the same?  I don't see different repos for server edition.
<nealmcb> hoarycripple: same repos, different default packages.  and most of us don't recommend x11 on a server :-)
<hoarycripple> i'm actually planning on trying it on a desktop computer.  just interested to see if I'll notice any difference.  especially with the deadline scheduler and preemption turned off
<hoarycripple> i've got a quad xeon for the desktop which does mostly video editing with cinelerra and is also used as a digital audio workstation (ardour).
<hoarycripple> would you guys just recommend sticking to desktop kernel?
<nealmcb> I'm no expert but my guess would be that more frequent clock interrupts etc would make it more responsive for interactive editing with the desktop kernel
<hoarycripple> thanks for the info.  i'm now having second thoughts about server edition :)
<nealmcb> it's great for servers!
<nealmcb> you can switch the kernel later if you like, in either direction
<hoarycripple> ahh, so I can just apt-get the desktop kernel if necessary?
<nijaba> hoarycripple: exactly
<nijaba> but I would recommend the other way around to start with
<hoarycripple> ok, cool.  that decides it...going to give it a try.  thanks guys.
<hoarycripple> oh, just one more thing:
<_ruben> hmm .. the stuff that article mentions concerning sudo and all seems a bit flawed, no?
<hoarycripple> in desktop edition, no matter what I tried, normal users were still able to shutdown the computer. (followed many instructions from ubuntuforums and blogs etc...)  I'm guessing that normal users cannot shutdown/reboot server.  Is this correct?
<nijaba> Server meeting in 5m in #ubuntu-meeting
<nealmcb> _ruben: you mean the first part of that article?  yeah - I think the way sudo works in ubuntu is great, and she's just missing some techniques
<nealmcb> hopefully we can also get some progress on this: https://bugs.launchpad.net/ubuntu-doc/+bug/122297
<ubotu> Launchpad bug 122297 in ubuntu-doc "Server Guide draft has higher Google rank than released version" [Medium,Confirmed]
<danp> for a given release, does the release-updates collection include the release-security collection?
<kshah> when i first installed ubuntu-server I created my user and my pass which is the root pass, now I want to grant someone else root access, is placing them in sudoers enough? Or should I change the root pass (if so, how?) and make myself a new pass and place myself in sudoers?
<mralphabet> etc/sudoers I believe
<kshah> mralphabet: After install is my password and the root password the same? since I'm not in the sudoers file but I can run commands as sudo
<somerville32> kshah, no
<kshah> so if I want to grant someone else root access how should I do that?
<somerville32> kshah, You are in the sudoer file
<kshah> I am>?
<somerville32> kshah, admin (a group) is a member of sudoers
<kshah> oh
<mralphabet> sudo password != root password
<kshah> oh i see...
<kshah> i see
<somerville32> "sudo password" == your password
<kshah> so adding a user to sudoers via sudo visudo is ...
<mralphabet> dandy
<mralphabet> will solve most if not all of your questions
<kshah> so they can run commands as sudo with their own pass?
<kshah> all i have to do is adduser, and add that user to sudoers and they can do everyhing i can do?
<mralphabet> you should be fine
<kshah> great thx
<leonel> For an ubuntu cluster  for  math calculations is  redhat-cluster-suite   right for the task ?
<soren> leonel: Depends on your setup really. Do they use shared storage? How do the computing tasks get assigned to nodes?
<leonel> good question   I was asked  what was the  ubuntu cluster  way  to do it
<leonel> and found that package in main
<soren> redhat-cluser-suite is indeed the clustering software of choice in Ubuntu. However, depending on your setup, you might not need anything like that at all.
<leonel> soren: here arrived  kab  which asked me  that  ..
<leonel> kab:  can you explain your needs more  ?
<kab> hi soren
<soren> HEllo
<kab> ok, I was talking with leonel about a linux cluster with ubuntu
<kab> a PhD Chemical that need a Cluster ask me about that
<kab> I don't know nothing about Clusters
<kab> Mr Chemical said me that they want to run RedHat XYZ Version because it have a Cluster Solution
<kab> And I begin google for ubuntu solutions like redhat
<kab> Leonel said me that ubuntu has the same solution (redhat-cluster-suite)
<soren> That's right.
<kab> so, thats very nice to me
<soren> Well, if he actually knows what he's doing, and he knows that he needs rcs, Ubuntu will work just fine.
<kab> Mr Chemical is using a privative software called Gaussian
<kab> but he needs too, program in any language that can do paralels jobs
<kab> I suggested python
<kab> so the cluster is for do calculus (Mathematics)
<kab> the nodes are heterogenous
<kab> soren this is the software that mr Chemical wants to run http://www.gaussian.com/
<soren> kab: Well, the thing is that if they don't share any ressources, there's no point. I've seen clustering solutions where a job server just advertises jobs, and nodes pick them up and send the result back. If they don't respond within a reasonable timeframe, the job gets offered up for another node to work on.
<soren> In that case, there's no need at all for something like rcs.
<soren> ..because they don't share any ressources, so all you really need is a monitoring facility to discover dead nodes so that you can replace them.
<kab> soren ok
<soren> Without any details about what you actually need from the clustering solution, it's hard to advice you properly, I'm afraid.
<kab> soren let me study a little more, and I will ask you, sure if you want
<soren> kab: Well, if you feel you've got all the info you need from me, I'm fine. :)
<danp> is there any ubuntu-specific info for setting up RCS things in ubuntu?
<danp> i'm going to be testing clustered samba with it soon
<soren> danp: Not that I can think of, no.
<soren> danp: We follow upstream (RedHat) quite closely, so their docs should be fine.
<danp> cool
<nealmcb> soren: did you see my note a few hours ago here about qemu, jeos and /dev/disk/by-uuid-ad2c6.......2a3 does not exist, dropping to a shell
<soren> nealmcb: Yes. I'm still trying to wrap my head around the fact that it works with images created by the vm-builder and not if you install from a CD.
<nealmcb> boy that vm builder is good stuff :-)
<nealmcb> I'm just trying to get my laptop back in operation so I can play some more with it
<nealmcb> zul: have you tried the jeos iso with xen?
<zul> nealmcb: nope im still trying to port xen to 2.6.24
<proprietarysucks> since there is apparently no way to stop ubuntu from stopping an automatic kickstart-based installation to ask if it's ok to continue since it can't contact security.ubuntu.com, I mirrored the entire security.ubuntu.com website locally and now I'm having trouble getting the host file on the installer changed
<proprietarysucks> anyone have a working pre script on ubuntu or know how to edit the hosts file in some other way?
<mralphabet> proprietarysucks: can you echo x.x.x.x s.u.c >> /etc/hosts ?
<proprietarysucks> that's the first thing I tried
<proprietarysucks> I think I have finally found my answer however
<mralphabet> oh?
<proprietarysucks> for everyone in here's information I'll share =]
<proprietarysucks> kickstarts for ubuntu have the added command 'preseed'
<proprietarysucks> so in your normal, redhat-style kickstart for ubuntu you can simply add 'preseed apt-setup/security_host string' anywhere
<proprietarysucks> that will simply disable the security updates
<proprietarysucks> verifying right now
<jeward> How can I install the server kernel on gutsy so that I can use all 4G of RAM in my laptop?
<jeward> just install linux-server?
<leonel> linux-image-2.6.22-14-server
<leonel> my  generic  version :CONFIG_HIGHMEM4G=y
<leonel>    
<jcengineer> what happened to /etc/initab ?
<fujin_> anyone know where I might procure a 7.10 'driver cd'?
<ivoks> jcengineer: ubuntu doesn't use sysV
<jcengineer> how do i setup a console on a serial then /
<ivoks> jcengineer: check out /etc/event.d/
<jcengineer> hm tty1 is allready running ?
<jcengineer> it doesn't start at tty0?
<ivoks> you are asking for ttyS1, right?
<ivoks> or ttyS0
<ivoks> ttySX != ttyX
<jcengineer> yes sorry
<jcengineer> i dont see it there
<ivoks> create it
<ivoks> you can just copy tty1 to ttyS0
<ivoks> and edit it
<CharlieSu> Does anyone know how to take a SSL certificate that was generated for Apache and turn it into something that can be used by Tomcat?  I'm not proxying connection through Apache..
#ubuntu-server 2007-12-05
<eghjaytee> Hello, can anyone point me to any how tos for running GFS on 6.06?
<kgoetz> hi all, something to think about (while i wander off for an hour) - does the idea of shipping a standard vhost template with our apache appeal to anyone else? the one i've been refining over the last few weeks should be pretty good for easy understandability/usability/ (security?), and i know i'd prefer to have had a template in sites-available then hae to work it out somehow
<kgoetz> i'm thinking of fileing a wishlist for it to get included, but thought i'd ask here too
<kgoetz> http://k-k.homelinux.net:81/~kgoetz/apache2-vhost-template.txt is the link, the .txt is so lighhtttpd doesnnt try and server it as binary :\
<kshah> apt-get remove apache2   doesn't remove apache?
<kshah> file are still present
<kshah> apt-get remove ruby, everything kinda sorta not working...
<zul> apt-get --purge
<kshah> Okay
<CyberMad> i want to running ubuntu-server with ejabberd (intranet IM), fax server (hylafax), VMware-server with 1 XP Pro, Apache2 WebServer + MySQL Server.. there are 25 users, access that server not frequently
<CyberMad> what actually hardware specification i need?
<CyberMad> 1st.. from processor, which one should i choose: Intel or AMD ?
<Burgundavia> CyberMad: either, depends on the price point
<CyberMad> Burgundavia so, Intel or AMD is ok?
<CyberMad> does sempron LE-1100 1,9 GHz can make it?
<Burgundavia> CyberMad: why is the xp pro stuff on the same server as your jabber server
<Burgundavia> ?
<Burgundavia> I would split them out
<CyberMad> because i don't want spend money for more pc
<Burgundavia> the paranoid admin is me says windows  + server == bad
<ScottK> Burgundavia: Not paranoid.  Realistic.
<CyberMad> Burgundavia i use that VMWare (XP Virtual Machine), just for remote desktop
<CyberMad> so user can remote that PC for running windows application
<Burgundavia> CyberMad: that is crazy, tbh
<Burgundavia> keep your users away from your server
<CyberMad> Burgundavia what do you mean?
<CyberMad> Burgundavia that just virtual machine
<CyberMad> what they can do?
<Burgundavia> CyberMad: if a user has a login on a computer, they can compromise it
<Burgundavia> for that matter, Windows has known bugs
<Burgundavia> and if somebody can get root on one of your servers...
<tjaalton> hrm, are there any known issues running dapper on a HP DL380G5? It crashes here frequently
<tjaalton> call trace starts from bnx2_poll, which would suggest a bug in the broadcom driver
<doktoreas> hello everybody
<doktoreas> anyone is using JeOS? I am moved my first steps into virtualization
<doktoreas> basically jeOS is a sort of customized livecd?
<soren> No.
<soren> Customised install cd.
<clifter1> doktoreas:  It's literally as the name implies...   Just Enough OS
<doktoreas> but i can add all package i need and then zip it and send to people?
<doktoreas> to use with WMVare?
<soren> doktoreas: Sure.
<doktoreas> thx soren..
<doktoreas> i'll give it a try
<doktoreas> cause we need to set up a virtual machine every times..the idea is to built one with all package we need and then use that one
<jens> ubuntu server 6.06 will get 5 year's of security updates, right?
<jens> so, now, what happens if i install xubuntu-desktop on my server ?
<jens> will I get 5 year's of security updates ?
<jens> I guessed not; since xubuntu will only get 3years of updates?
<jens> and they use the same repositories
<nealmcb> jens: desktop packages won't get 5-years of support - I think it is stuff in the server seed
<nealmcb> ...that does
<jens> ok
<nealmcb> or something close to that
<jens> so, if you install something on your server that is in a *-desktop package you won't get security updates for it?
<nealmcb> right
<jens> for the last 2 years
<jens> that includes cupsys?
<nealmcb> at least not updates as guaranteed by canonical.  I assume that like with universe, community members will be able to put security updates out there for the last 2 years until the repository is put into archive mode
<nealmcb> I think cupsys is part of the server seed, just not the gui admin tools, but you'd need to check
<jens> ok, thank you verry much
<nealmcb> :-)
 * nealmcb is VERY GLAD to be back on his nice laptop with his files and apps working again.....
<rodneykk> where do i configure how many logs to keep through syslog in /var/log and how big the files should be before it starts a new one, and also how do i make it stop gzip'ing the rotated logs? is this all done through logrotate.d?
<mralphabet> the gzip part is all through logrotate
<mralphabet> the rest of it may be as well
<rodneykk> ok cool
<rodneykk> is there a way to log all syslog stuff in a mysql db?
<mralphabet> rodneykk: ask your question again, those two may know
<ks> strange... while installing jeos on vmware i specified disk as IDE, but installation wizard sees it as scsi
<ks> is this tutorial outdated ? https://help.ubuntu.com/community/JeOS
<ks> also I see busybox initially instead of ubuntu
<Goosemoose> hi guys
<Goosemoose> anyone using a network install and a preseed file with apt-cacher?.
<Goosemoose> i keep getting told the specified mirror is not available or does not have a valid release file on it
<soren> Does it?
<Goosemoose> i just installed it
<Goosemoose> i can browse to it via http://10.0.2.131:3142 and get an apt-cache screen
<soren> Installed what?
<soren> Oh.
<Goosemoose> apt-cache
<soren> And can you see a Release file somewhere?
<soren> http://10.0.2.131:3142/se.archive.ubuntu.com/ubuntu/dists/gutsy/Release (if memory serves)
<Goosemoose> not exactly sure where i should find it.
<Goosemoose> ok let me look
<Goosemoose> ok that listed tons of stuff
<Goosemoose> maybe my problem is that I set it to use fiesty in the preseed
<Goosemoose> what would the difference be? the ubuntu docs im following used fiesty
<soren> Should be the same (for your use)
<soren> What did you put in the preseed (w.r.t. the mirror to use)
<Goosemoose> d-i mirror/protocol string http
<Goosemoose> d-i mirror/http/hostname string 10.0.2.131:3142
<Goosemoose> d-i mirror/http/directory string /ubuntu
<Goosemoose> d-i mirror/suite string fiesty
<soren> d-i mirror/http/directory string /se.archive.ubuntu.com/ubuntu
<soren> Try that instead of what you had.
<Goosemoose> ok
<Goosemoose> change the fiesty line to gusty?
<soren> What do you want to install?
<Goosemoose> this is all my testing leading up to deploying edubuntu on tons of machines
<soren> gutsy or feisty?
<Goosemoose> not exactly sure. to be honest ive been a network admin for 10 years running tons of windows servers, and linux experience has all been with CentOS server, never linux clients
<Goosemoose> whats the diff?
<soren> gutsy is new. feisty is old.
<Goosemoose> gusty it is then
<soren> Then you should put that. :)
<Goosemoose> makes sense then since im following a doc made for ubuntu 6.1!
<soren> There's no such thing. There's 6.06 and 6.10.
<soren> Which were released in June 2006 and October 2006. See the pattern? :)
<Goosemoose> 6.10
<soren> I can't think of any of the basics that have changed in the preseed files.
<Goosemoose> ok
<Goosemoose> soren, looks like that was it thanks
<Goosemoose> so my next question then :)
<Goosemoose> I had setup a machine that authenticated all the users against my AD Domain
<Goosemoose> required changing quite a few files
<Goosemoose> i also install quite a few programs off the edubuntu cd 2
<Goosemoose> how do I work that into this auto install?
<Goosemoose> add lines to the end of the preseed file?
<soren> There's late-command, that might do what you want.
<soren> ...and there's a setting to add packages, too.
<Goosemoose> know where there's some more info on that
<Goosemoose> all i see is this in the example
<Goosemoose> #d-i pkgsel/include string openssh-server build-essential
<Goosemoose> oh , actually maybe its this:
<Goosemoose> #d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
<Goosemoose> so i just use apt-install for everything
<rodpod> to do the AD stuff apt-get install samba krb5 winbind
<Goosemoose> rodpod, i had to edit a lot of conf files though
<Goosemoose> ok, towards the end of the install i got Cannot Access Security Updates
<Goosemoose> The security updates on securityu.ubuntu.com couldn't be accessed so those update will not be made available
<Goosemoose> then it says it Commented out entries for security.ubuntu.com have been added to the /etc/apt/sources.list file
<Goosemoose> any ideas?
<mralphabet> Goosemoose: are you trying to do preseeds?
<Goosemoose> yes
<Goosemoose> already have it going through most of the install
<Goosemoose> but its stopped on the security updates
<mralphabet> I know the answer to that . . . I think
<mralphabet> sec
<Goosemoose> ok, thanks
<mralphabet> Goosemoose: from yesterday actually:
<mralphabet> #ubuntu-server_0712.log:12:13 < proprietarysucks> so in your normal, redhat-style kickstart for ubuntu you can simply add 'preseed apt-setup/security_host string' anywhere
<mralphabet> #ubuntu-server_0712.log:12:14 < proprietarysucks> that will simply disable the security updates
<Goosemoose> ok, but what if i dont want to disable them?
<mralphabet> that's just for the install, reenable them after
<Goosemoose> i just want them to install properly, not sure why it's saying it can't access them
<Goosemoose> oh
<Goosemoose> this is going out for 250 school computers
<Goosemoose> so i want as much automated as possible
<Goosemoose> that will at least get rid of that error screen
<Goosemoose> can i set security updates to install automatically later?
<mralphabet> what that guy did is mirror the entire security.ubuntu.com to something local . . . as that guy is the one working on something similar _right now_, I would suggest tracking him down
<mralphabet> I just remembered him talking about it, I am not familiar with it personally ;(
<Goosemoose> ok, no problem
<Goosemoose> that will at least get me past this for now, i appreciate it
<ivoks> you want to install the system without updating during install?
<Goosemoose> i want it to update during install
<Goosemoose> but im getting an error
<Goosemoose> The security updates on securityu.ubuntu.com couldn't be accessed so those update will not be made available
<Goosemoose> then it says it Commented out entries for security.ubuntu.com have been added to the /etc/apt/sources.list file
<Goosemoose> im wondering if maybe it's a proxy issue
<ivoks> well, if they are unavailable...?
<rodpod> does anyone know if i need to modprobe ip_gre if im going to be allowing vpn traffic through iptables, or will it automatically load
<Goosemoose> although the rest of the package installed
<Goosemoose> yes, but why are they unavailable
<ivoks> rodpod: you need to enable it
<ivoks> rodpod: just add to /etc/modules
<Goosemoose> any ideas ivoks?
<ivoks> could be proxy or something...
<Goosemoose> though the rest of the packages pulled fine
<ivoks> interesting...
<ivoks> maybe proxy filters urls with security in it :)
<ivoks> try security_host XX.archive.ubuntu.com
<ivoks> preseed apt-setup/security_host hr.archive.ubuntu.com
<ivoks> this should work
<Goosemoose> add it anywhere in the preseed file?
<Goosemoose> hr=croatia?
<ivoks> right, croatia
<Goosemoose> that where you are?
<ivoks> you can do it on the command line
<ivoks> yeah, i'm administrating that archive
<Goosemoose> cool, i have a home on hvar :)
<ivoks> nice
<Goosemoose> my family is all from there, im in the US
<Goosemoose> doesnt work on command line, doesn't know the preseed command
<Goosemoose> shouldn't I add it into my preseed file?
<ivoks> you can, of course
<ivoks> d-i apt-setup/security_host hr.archive.ubuntu.com
<Goosemoose> ok so 'd-i mirror/security_host hr.archive.ubuntu.com
<Goosemoose> like that?
<ivoks> yes
<ivoks> no
<Goosemoose> ok
<ivoks> d-i apt-setup/security_host hr.archive.ubuntu.com
<Goosemoose> d-i apt-setup/security_host string
<Goosemoose> yeah ok
<Goosemoose> is there a us.archive.ubuntu.com would prob be closer
<ivoks> there is
<ivoks> i'm sure they have security archive
<Goosemoose> ok ill rebot this and try it again
<Goosemoose> be back in a few, grabbing lunch. thanks for the assistance
<ivoks> np
<kraut> does ubuntu boot on via eden without any problems?
<Goosemoose> ok this is funny
<Goosemoose> where in hell did the computer i just installed over the network using a pressed file get it's computer name from?
<Goosemoose> it copied it from another computer on the domain!
<ivoks> from dns
<ivoks> eh dhcp :)
<Goosemoose> how can i control that?
<ivoks> preseed it
<Goosemoose> could i have it actually ask? not answer that question in the process?
<Goosemoose> just comment that out?
<sommer> I just name all my machines "ubuntu"... heh :)
<ivoks> right
<Goosemoose> sommer, haha
<Goosemoose> sommer, doesn't that cause a problem with dns?
<bettong> if it copied it from another computer, your dns/dhcp is wrong
<Goosemoose> it's a computer that doesn't exist anymore
<sommer> Goosemoose: I kid, I kid
<Goosemoose> but im sure the entry still hasn't timed out
<Goosemoose> sommer, ahh ok, phew
<Goosemoose> can i give it a new random name like Classroom-###
<ivoks> your dns has an entry for that ip
<Goosemoose> ivoks, im sure it does
<Goosemoose> wwouldn't clear itself for a few days
<Goosemoose> lease is set to a week
<Goosemoose> i also didn't get a gui
<Goosemoose> not sure where i screwed up there
<Goosemoose> must be with the default file
<ivoks> you didn't choose to install ubuntu-desktop by default?
<Goosemoose> looking up what i did now
<Goosemoose> tasksel tasksel/first multiselect standard, desktop
<Goosemoose> that's it right?
<ivoks> isn't it ubuntu-desktop?
<ivoks> and ubuntu-standard?
<Goosemoose> might be, like i said these docs are from 6.10
<Goosemoose> ok so i need ubunt-desktop then
<ivoks> tasksel --list-tasks
<Goosemoose> which deafaults to gnome ?
<ivoks> ubuntu-desktop
<ivoks> there's no task ubuntu-standard
<ivoks> those are packages
<Goosemoose> got it
<Goosemoose> i want edubuntu-desktop then
<Goosemoose> hmm, i see edubuntu-live there
<Goosemoose> that going to do something different?
<Goosemoose> ok made it tasksel tasksel/first multiselect edubuntu-desktop
<Goosemoose> or do i still need standard in there
<Goosemoose> ok made it tasksel tasksel/first multiselect standard,edubuntu-desktop
<ivoks> you don't read?
<Goosemoose> i do
<ivoks> tasksel --list-tasks
<Goosemoose> i've found one damn doc!
<Goosemoose> yeah im looking at that list
<Goosemoose> i just not sure what the syntax is in the tasksel tasksel/first multiselect edubuntu-desktop  command
<ivoks> there's no standard, right?
<Goosemoose> not in the list
<Goosemoose> thought it might be part of the command itself
<Goosemoose> like i dont know what tasksel/first means
<Goosemoose> im guess task selection which would assume more than one option
<Goosemoose> and sets the first to somethign
<ivoks> don't use tasksel
<Goosemoose> What should I use instead? I feel like such an idiot here, usually I can just look this stuff up!
<ivoks> preseed preseed/early_command apt-install ubuntu-desktop
<sommer> is hardy 8.03 or 8.04?
<ivoks> or even better
<Goosemoose> put that anywhere in the preseed file (not sure if order matters)?
<ivoks> preseed preseed/late_command apt-install ubuntu-desktop
<ivoks> preseed preseed/late_command string apt-install ubuntu-desktop
<ivoks> that last one is correct
<Goosemoose> lol
<Goosemoose> ok
<Goosemoose> got it
<ivoks> sommer: 4
<Goosemoose> ok, im commenting out the package selection line then
<sommer> thx ivoks
<ivoks> Goosemoose: with late_command you can setup custom /etc/apt/sources.list
<Goosemoose> i setup a atp-cache server on the tftp server
<Goosemoose> so it should be installing off of that
<Goosemoose> apt-cache
<ivoks> preseed preseed/late_command string apt-install ubuntu-desktop; echo "bla bla bla" > /target/etc/apt/sources.list ; echo "bla bla bla 2" >> /target/etc/apt/sources.list
<Goosemoose> i see
<Goosemoose> got it, it's the last line at the very end
<Goosemoose> one long command for all the extra stuff
<ivoks> i created iso with auto install
<Goosemoose> with all the packages in it already?
<ivoks> so, i could take a look tomorrow and let you know how i did it
<ivoks> yeah
<Goosemoose> i had setup a machine exactly how i wanted it and wanted to do that
<Goosemoose> as setting it up to authenticate against AD was a pain in the arse
<ivoks> that should be piece of cake in 8.04
<Goosemoose> but since there's 250 these need to install over network
<Goosemoose> yeah, not out yet though
<ivoks> well...
<ivoks> http://www.likewisesoftware.com/community/
<ivoks> this works even now :)
<ivoks> don't worry, this is new stuff, released yesterday, if i'm not mistaken...
<ivoks> i saw presentation at UDS - great stuff
<Goosemoose> was gonna say, i just spent a week trying it the 'old' way
<Goosemoose> can it authenticate logins as well?
<ivoks> everything
<Goosemoose> i had to setup a pam module to query AD for usernames and passwords
<Goosemoose> nice
<ivoks> it integrates in PAM, yes
<ivoks> so, whatever uses PAM, works
<Goosemoose> is that what's going into 8.04?
<ivoks> yes
<Goosemoose> ok once i get this preseeding to work ill check it out
<fujin_> o0
<fujin_> likewise looks nice
<fujin_> aptgettable?
<ivoks> fujin_: there is gutsy package on web
<fujin_> I hate pissing around with libnss-pam/libldap-pam etc
<fujin_> oic
<fujin_> cool.
<ivoks> it's not aptgetable, since it's 24h old :)
<fujin_> how stable?
<Goosemoose> http://www.likewisesoftware.com/bits/likewise-open_4.0.0-1likewise1_i386.deb
<Goosemoose> there's ubuntu version
<ivoks> what i've seen at UDS, works without problems
<ivoks> it has nice GUI
<ivoks> and also a CLI tool
<mralphabet> somebody (coffeedude?) is working on likewise to be integrated into hardy, wants it released in repos beginning of January
<ivoks> right
<ivoks> he did the presentation at UDS
<ivoks> coffeedude rulez :)
<ivoks> bye all
<sommer> later ivoks
<Goosemoose> hmm i ended up with a software selection prompt
<Goosemoose> missed that in the pressed file somehow
<Goosemoose> asking what type of desktop, etc
<Goosemoose> i dont think ivoks idea worked
<Goosemoose> ok, added the tasksel back, lets see if it works
#ubuntu-server 2007-12-06
<pteague> anybody know what the diff is between the APC UPS BR & XS models?
<fujin_> the total power capacity I believe
<fujin_> 16a vs 32a or something like that
<fujin_> don't recall
<pteague> http://microcenter.com/single_product_results.phtml?product_id=0248208 vs http://www.newegg.com/Product/Product.aspx?Item=N82E16842101066
<fujin_> Probably best to take a look at apc's website, not there :)
<pteague> true...
<pteague> apc isn't much help... they only list the RS (BR1300LCD)
<jeriko> 'lo
<fujin_> pteague: call a sales representative
<pteague> you want me to use that archaic thing?  i thought that went away with email & IMs ;o)
<Goosemoose> hi guys
<Goosemoose> im trying to preseed edubuntu so i added this line: tasksel tasksel/first multiselect standard,edubuntu-desktop but it doesn't seem to work, i dont get any gui
<Goosemoose> not sure why it wouldnt work
<Goosemoose> tried it without the standard too
<fujin_> https://help.ubuntu.com/community/InstallCDCustomization
<fujin_> https://help.ubuntu.com/6.10/ubuntu/installation-guide/i386/appendix-preseed.html
<Goosemoose> read over it many times
<Goosemoose> thanks though
<Goosemoose> have it printed in front of me too
<fujin_> read it again? :)
<Goosemoose> lol
<Goosemoose> only think i can think of is that edubuntu-desktop isn't valid but it shows on tasksel --list-tasks
<fujin_> have you tried preseeding tasksel/first multiselect standard,lamp-server
<fujin_> for example?
<fujin_> that'd quickly tell you
<Goosemoose> thats what the default was
<Goosemoose> i just changed it
<Goosemoose> i get an install just no gui
<fujin_> lamp-server was the default?
<Goosemoose> well, from the preseed file i downloaded to start with
<Goosemoose> the one that the 2nd link you posted links to
<Goosemoose> i started with that then modified it
<Goosemoose> interesting though when i type tasksel --list-tasks
<Goosemoose> i get
<Goosemoose> i edubuntu-desktop      Edubuntu desktop
<Goosemoose> all the other listings have a 'u' not an 'i'
<fujin_> that means it's installed :P
<Goosemoose> ahh ok
<Goosemoose> running that on the server, so that makes sense
<pschulz01> Greetings.. what do I need to install to be able to use regexp:/etc/postfix/<file> in my main.cf?
<pschulz01> I have the package postfix-pcre installed
<pschulz01> If I try.. "postmap regexp:/etc/postfix/virtual" I get the error.. postmap: fatal: dict_mkmap_func: unsupported dictionary type: regexp:  Is the postfix-regexp package installed?
<pschulz01> .. but the package 'postfix-regexp' doesn't exist.
<pteague> dang it... how do i enable my mdadm partition again in gutsy?
<pteague> yay for google... i hope i don't have to run this command every time i reboot to get it to create md0
<pteague> for some reason samba can't find my users even though i've deleted the users & re added them
<kraut> moin
<NineTeen67Comet> Hello all .. any suggestions where to start looking for problems with my Ubuntu Server box? Ram is good, hdd are all good, CPU/Mobo are good (far as I can tell) .. and there isn't dille'o for logs .. but it just quits randomly .. help?
<NineTeen67Comet> I've been running several terminals ssh'ed into my server .. one with tail -f -n 25 /var/log/messages and another with top and yet another with tail -f -n 25 /var/log/dmesg just to see if something happens just before it stops serving ..
<bettong> looked at syslog?
<NineTeen67Comet> bettong: yeah, but not today .. I'll include it when it comes back online .. I hate it when they act like this .. lol .. gimme an error so I can track it friggin' box! .. KICK .. box
<bettong> eheheh know what you mean
 * bettong is trying to make jira work. seriously. just avoid the *fking* thing :|
 * NineTeen67Comet heads over to google look up jira .. :)
<bettong> ah, proprietary java app
<NineTeen67Comet> bug tracker?
<bettong> used for "workflow" stuff
<bettong> yeah, among other things
<NineTeen67Comet> aha .. not that far into my stuff yet to need that kind o'thang
<bettong> its an all singing/all dancing issue/bugs/support request/etc tracking
 * bettong finds it fairly horrible
 * bettong finds trac quite nice looking, but not tried it properly yet
<bettong> i plan to play with track RSN :/
<NineTeen67Comet> well all, it is bed time here so hopefully my sites will stay up tonight and let the users finally start posting junk .. Might be a good excuse for new hardware .. heheheheh
<bettong> bed. now thats a plan
<bettong> night all!
<soren> lamont: Do you plan on doing the cyrus-sasl2 merge?
<lamont> hrmpf.  someone wanna file a bug about the postfix-regexp thing above, if it's really a bug?
 * lamont takes kids to school
<Solarion> is there a GUI for creating and managing software RAIDs on ubuntu-server?
<Goosemoose> hi guys
<Goosemoose> back to working on my preseed network install. i have everything install but i don't end up with gnome or any other gui. Can't figure out why.
<Goosemoose> Also, do I need to restart something after changing my preseed.cfg before another install starts?
<Goosemoose> wow it's quiet!
<Solarion> Goosemoose: tell me about it.  :(
<Goosemoose> lol
<ScottK> Solarion: Ubuntu-server has no GUI, so no.
<Solarion> ScottK: that sucks.  :(
<danp> heh
<ScottK> Solarion: Many of us consider that a feature.
<danp> a very important feature at that
<Solarion> ScottK: What do you define as "no GUI"
<ScottK> No X server.
<Solarion> ok
<Solarion> then claiming that "ubuntu-server has no gui, therefore there's no gui tool to do x" is absurd
<ScottK> I didn't say there was no GUI tool.  I said that ubuntu-server didn't have one.  Not the same thing at all.
<Solarion> Fine.  Within your terminology, then, is there a GUI tool to configure and maintain a RAID in Ubuntu?
<ScottK> Solarion: You're not going to like this answer either.  I don't know as I've never looked for one.  Ubuntu support (that isn't ubuntu-server specific) can be found in #ubuntu.
<Solarion> ok.
<ScottK> Someone else may chime in with an actual answer, but most of us here aren't very GUI focues.
<ScottK> focues/focused.
<soren> Goosemoose: I don't understand your question. Restart something after you've updated your preseed? Where is your preseed?
<Solarion> personally, I don't care, but my boss is a big Apple man.
<Solarion> hence, if there's a nice GUI to config/admin, Linux is much more likely to be used.
<Goosemoose> soren, the preseed is on the network
<Solarion> Fortunately, OSX doesn't seem to do software RAID5.
<soren> Goosemoose: http?
<ScottK> Solarion: soren has a plan to package ebox for Hardy.  I doubt it's tools support that level of work, but that's the "GUI" support idea.
<soren> Goosemoose: And what would you think should get restarted? I'm not sure I follow?
<Goosemoose> soren, yes
<Goosemoose> soren, not sure , it's just not following my changes. thought maybe the tftp server
<Solarion> ScottK: thanks for the pointer.
<soren> Goosemoose: You're starting new installs and your old preseed files are being used?
<Nafallo> ncurses is gui :-)
<ScottK> There is that.
<Solarion> looks like ebox is already in gutsy
<soren> Solarion: It's really not.
<Goosemoose> soren, i can't really tell if it's an old one of i'm just entering something wrong in the preseed file
<Goosemoose> the program is i end up with no gui
<Solarion> soren: oh?
<Goosemoose> tasksel tasksel/first multiselect edubuntu-desktop
<soren> Solarion: Only the very, very basic stuff is there. It's nowhere near a usable state.
<Solarion> soren: ah.  That would explain it.
<soren> Goosemoose: And you're surprised you get a desktop?
<Goosemoose> i dont!
<soren> Goosemoose: Ah.
<Goosemoose> no matter what i chnage I just get a non-gui login prompt
<soren> Goosemoose: You're installing over the network?
<Goosemoose> yes
<soren> Goosemoose: Oh, right, via apt-cacher? That was you?
<Goosemoose> have 250 computers to setup
<Goosemoose> yeah
<Goosemoose> that's me :)
<soren> Hang on
<Goosemoose> i got apt-cacher working ok it seems
<soren> Goosemoose: Everything else in your pressed is applied properly?
<Goosemoose> yes i think so
<Goosemoose> except for one thing
<Goosemoose> i commented out the host name
<Goosemoose> hoping that it would prompt me
<Goosemoose> but it just names is owner-pc
<Goosemoose> names 'it'
<mathiaz> Goosemoose: are you sure that you wanna install edubuntu-desktop ?
<Goosemoose> why not?
<Goosemoose> its for a high school
<Goosemoose> i could just stick normal ubuntu
<Goosemoose> then install the extra programs
<Goosemoose> this didn't get me a desktop either:
<Goosemoose> tasksel tasksel/first multiselect standard, kde-desktop
<Nafallo> kubuntu-desktop
<Nafallo> ubuntu-standard
<Goosemoose> i ran tasksel --list-tasks and it listed edubuntu-desktop as an option
<Goosemoose> im actually not running ltsp so maybe i don't need to install edubuntu
<Goosemoose> could just get ubuntu plus addons
<Goosemoose> so is it:
<Goosemoose> tasksel tasksel/first multiselect ubuntu-standard
<Goosemoose> or
<Goosemoose> tasksel tasksel/first multiselect standard,ubuntu-standard
<Nafallo> ubuntu-minimal, ubuntu-standard, ubuntu-desktop
<Goosemoose> ok so i want ubuntu-desktop
<Goosemoose> will try it now
<Goosemoose> tasksel tasksel/first multiselect ubuntu-desktop
<Nafallo> ubuntu-desktop doesn't depend ubuntu{minimal,standard}
<Nafallo> +-
<Goosemoose> what do you mean by that?
<Nafallo> that you probably want to select all of those three.
<Goosemoose> wouldn't it install all three at once though?
<Nafallo> why would it?
<Goosemoose> i thought the purpose of the preseed was to list the options that should be chosen
<Nafallo> and why shouldn't it?
<Nafallo> yes...
<Nafallo> that's my understanding as well
<Goosemoose> doesn't ubuntu-desktop include the other by default?
<Goosemoose> how can you have a desktop without the minimial
<Nafallo> no
<Goosemoose> hmm
<Goosemoose> so you're saying do
<Goosemoose> tasksel tasksel/first multiselect ubuntu-minimal,ubuntu-standard,ubuntu-desktop
<Nafallo> yes
<Goosemoose> ok ill try that now
<Goosemoose> one other question before i try
<Goosemoose> shouldn't #d-i netcfg/get_hostname string unassigned-hostname make it prompt me for a computer name?
<Goosemoose> it's auto assigning it
<Nafallo> no idea
<Goosemoose> partitioning takes way too long
<Goosemoose> is there a good reason to create separate /home /usr /var and /tmp partitions in a situation like this?
<Goosemoose> it just seems to take way too long to do without much benefit
<zul> Goosemoose: because if you just have / as a directory and it fills up then you are screwed
<Goosemoose> how would it fill up any differently? this is for a school, so all files will be stored on the network
<Goosemoose> will likely end up reimaging machines every 6 months anyways
<Goosemoose> I can't figure out why it won't ask me for the hostname!
<Goosemoose> it's grabbing names from dhcp
<mathiaz> Goosemoose: try to ask in #ubuntu-installer
<Goosemoose> ahh didn't know that existed
<Goosemoose> no responses in there
<Goosemoose> takes about 30 minutes to partition!
<Goosemoose> damnit, still no gui!
<Goosemoose> just got a login prompt
<Goosemoose> i dont get it!
<Nafallo> Goosemoose: ask #ubuntu. those people like GUIs. we don't.
<Goosemoose> lol
<Goosemoose> well got some help in the installer
<Goosemoose> still can't figure out why the clients don't install a gui from what the preseed tells it though
<Burgundavia> dendrobates: you around?
<dendrobates> Burgundavia: yep
<Burgundavia> dendrobates: have you seen this likewise stuff?
<Burgundavia> http://www.likewisesoftware.com/community/
<dendrobates> I have had it for a couple weeks.
<Burgundavia> figured
<fujin_> does it work?
<dendrobates> Burgundavia: I am packaging it for hardy today.
<dendrobates> yes it works.
<Burgundavia> is it samba based?
<fujin_> the live demos look very cool.
<fujin_> shame I'd never be able to convince my superiors to join a Linux server to a windaz AD
<Goosemoose> i was checking it out too, beats the last 2 weeks i spent getting everything to sync to AD
<Goosemoose> ARe they charging for it or not?
<Goosemoose> looks like a commercial product
<dendrobates> coffeedude: are you around to explain better?
<sommer> fyi http://www.linux-watch.com/news/NS2350659361.html
<dendrobates> it was demo'd at uds.
<Goosemoose> it has a form of group policies for linux?
<dendrobates> that is the commercial part.
<Goosemoose> ahh ok
<dendrobates> it lets you use GPO's to manage linux.
<Goosemoose> sweet, too bad that's not free!
<dendrobates> The open source part is the domain joining part.
<Burgundavia> there have been lots of people doing GPO stuff for Linux and nobody has open sourced any of it
<fujin_> so, the open source stuff
<Goosemoose> open source still includes the logins as well correcT?
<fujin_> you can join it to a domain, use usernames/passwords?
<fujin_> uid/gid mapping?
<fujin_> cached credentials?
<Goosemoose> looks like it
<dendrobates> yep
<Goosemoose> i was doing that with all the conf file before
<Goosemoose> takes forever
<fujin_> I'm interested, but not interested to un-roll all of my libnss-ldap/libpam-ldap/openldap stuff
<fujin_> how polished is it dendrobates? can you backport to feisty?
<dendrobates> I see it more for windows admins that want to try an Ubuntu server.
<Goosemoose> if i can get this damn preseed file to work i'd be in business :)
<fujin_> dendrobates: ah, so not a libnss-ldap/libpam-ldap replacement?
<dendrobates> fujin_: this actually joins your sytem to the domain.
<Goosemoose> it is a replacement
<fujin_> 'join to the domain' is pretty buzz-friendly
<fujin_> basically, what I want to know is:
<Burgundavia> where does it fit with the existing auth-client-config stuff in Feisty?
<Goosemoose> it also allows you to use your domain usernames
<dendrobates> it is a technical term.
<fujin_> hardly, it's a m$ term
<fujin_> 'join to the domain' = "use this ldap server"
<Burgundavia> it means more than just use the ldap server
<dendrobates> fujin_: you are incorrect.
<Burgundavia> it puts the computer into the tree
<Burgundavia> screws with dns stuff ont eh computer, etc.
<Burgundavia> it has been a long time since I have played with AD. I need to do that again
<dendrobates> Burgundavia: it does not yet fit into auth-client-config, but it could eventually.
<Burgundavia> right, and given it requires mono-winforms, does it provide its own GUI for joining?
<dendrobates> Burgundavia: yes
<fujin_> can you join from the CLI?
<fujin_> none of my servers will ever run X
<dendrobates> fujin_: yes.
<Burgundavia> dendrobates: are we planning to replace that with a generic "join to domain or auth against OpenLDAP server"?
<dendrobates> Burgundavia: the gui portion you mean?
<Burgundavia> yes
<Burgundavia> anyway, I have to run
<dendrobates> Burgundavia: I don't know, I kept mentioning it at UDS/Allhands, but the desktop guys did not seem too excited
<dendrobates> It is worth bringing up again.
<fujin_> you tell em
<Goosemoose> does hardy fix any preseed bugs?
<coffeedude> Goosemoose: Likewise Open is GPL v3.  Likewise Enterprise is Likewise Open + additional commercial pieces.
<Goosemoose> hey coffeedude
<Goosemoose> likewise open will support ad users as login names right?
<fujin_> yeah, in the format domain\username
<dendrobates> coffeedude: welcome.  I'm working on hardy packaging for likewise-open as we speak.
<fujin_> watch the videos Goosemoose :)
<Goosemoose> good, im ready to test it, i have to roll out 250 machines
<Goosemoose> if i can just fix this damn preseed file !
<coffeedude> dendrobates: btw...we're writing a GTK+ port of the GUI join tool that should be ready in a week I think.
<Goosemoose> i did get domain logins working by editing about 10 conf files and following the docs, but hadn't found an easy way to work that into my network install
<coffeedude> Goosemoose: yes.  Plus userPrincipalName logons and supports a nam mapping file.
<Goosemoose> cool
<coffeedude> Goosemoose: http://lists.likewisesoftware.com/pipermail/likewise-open-discuss/2007-December/000003.html
<dendrobates> coffeedude: is the weather in AL as nice as it is here?
<Goosemoose> coffeedude, cool. still looks like it might be a little late for me then as i have to get these up in the next week or two
<coffeedude> dendrobates: yeah.  Nice day.
<dendrobates> coffeedude: makes me wish I didn't just sit in my basement all day.
<coffeedude> Goosemoose: Your call.  I've got a lot of stuff on my whiteboard for likewise-open.
<coffeedude> dendrobates: got a window?
<dendrobates> coffeedude: not in this room
<coffeedude> dendrobates: ewwwwww.....
<dendrobates> coffeedude: if I lean really far I can see out a door.
<coffeedude> dendrobates: how about a lava lamp?
<dendrobates> coffeedude: nope,I have a sparc server howling at me like a jet engine though.
<Goosemoose> coffeedude, could it be used right now in 7.10?
<dendrobates> I seriously need a better work space.
<coffeedude> Goosemoose: Yup.  That's what I'm running on.
<coffeedude> I do have a few things to clean up for the next release.  But I eat my own dogfood daily on my laptop.
<coffeedude> Goosemoose: so I have confidence in it.
<dendrobates> coffeedude: does you testing framework depend on it it being installed in /opt?  I have had to move everything around.
<Goosemoose> coffeedude, are you connecting the computers via a script or the gui? i need to automate as much of this as possible
<coffeedude> dendrobates: Nope.  What ever you like.  /opt was the least controversial.
<coffeedude> Both.
<coffeedude> Goosemoose: both utilities have the same end result.
<coffeedude> Goosemoose: although I aplogize in advance for lack of man pages right now.
 * coffeedude starts on the gitweb  installation....
<Goosemoose> coffeedude, awesome. are you preseeding over a network by any chance? i need to find a better example as I'm not getting a gui
<Goosemoose> and I need to figure out how to get a prompt for the computer name still
<coffeedude> Goosemoose: SIGWIFE....hold on asec.
<Goosemoose> ok
<coffeedude> `domainjoin-cli setname foo && domainjoin-cli join domain.com Administrator`
<coffeedude> Goosemoose: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<Goosemoose> that's it?
<coffeedude> Yup.
<Goosemoose> wow
<coffeedude> will prompt you for the admin password to join the domain.
<Goosemoose> are you working this in automatically with an install?
<coffeedude> Goosemoose: you mean "apt-get install likewise-open"  or the Ubuntu installer?
<Goosemoose> yes
<Goosemoose> something i can add to a preseed install
<coffeedude> dendrobates: is leading the packaging decisions right now.
<coffeedude> I have to grab a run before it starts getting dark.  Back later.,
<dendrobates> the current plan is for this to be an option in the Hardy installer
<Goosemoose> so there is no apt-get currently, correct?
<dendrobates> nope.  I plan to upload it to Hardy soon.
<Goosemoose> ok, cool
<dendrobates> just working through some minor issues.
<Goosemoose> i'll get back to screwing around with my networking install first, ill need that working anyways
<Goosemoose> thanks for the hard work :)
<dendrobates> and the thing takes foreer to build in my vm.
<Goosemoose> will work great at our school
<Goosemoose> ahh yes
<Goosemoose> ive had to compile my java program in a vm
<Goosemoose> very slow
<Goosemoose> brb
<dendrobates> and debclean not actually clean it, it leaves mdb's and such. and debuild chokes on it.
<ajmitch> you're using the CLI debian policy?
<dendrobates> ajmitch: I am planning on splitting out the mono part, so I have not looked.  The package was not policy compliant in other ways though.
<dendrobates> ajmitch: would you like to help with that part?
<ajmitch> if you wish
<ajmitch> do you have this in a bzr branch or similar?
<dendrobates> not yet, I wil soon.
<ajmitch> ok
 * ajmitch hopes that a winforms-using app doesn't look horribly out of place
<dendrobates> ajmitch: It did a little during the UDS demo, so it is good to hear a gtk+ version is near.
<ajmitch> that's good, hopefully near enough for hardy?
<dendrobates> should be.
<sommer> isn't there a way to install one of the tasksel options after you've been through the installation process?
<sommer> ah sudo tasksel install task
<Goosemoose> hey sommer
<Goosemoose> anyone know why i'd end up with no gui after doing a preseed install
<Goosemoose> anyone see something wrong with this line: tasksel tasksel/first multiselect ubuntu-minimal,ubuntu-standard,ubuntu-desktop
#ubuntu-server 2007-12-07
<Burgundavia> dendro-away: there is a history of the desktop people not really caring about large deployments
<Burgundavia> dendro-away: basically, I think the server team will need to push this
<Innatech> I could use a little practical advice on satisfying a client requirement for a site with a handful of Ubuntu servers and routers. I'm going on vacation, and they would like some kind of procedure to, essentially, shut down and restart everything. I'm hesistant to give them a procedure to follow at the consoles or over SSH, even if it's just running a script. Is there a more elegant way?
<infinity> A more elegant way to type "reboot"?
<Innatech> I don't really want them to touch the consoles. I'd rather give them some application they can run from their desktop that will invoke an automatic shutdown script on each machine.
<Innatech> They are really not technical people.
<Innatech> Maybe even one of the open source monitoring/management packages with a Web interface?
<infinity> So, I guess you get to write a big GUI button that, on the backend, does an ssh trigger that... Reboots.
<Innatech> Yeah. I suppose that would be simple enough. OK.
<infinity> If you have VB or C#, should take about 3 minutes.
<infinity> 4, if you fuss over the size of the button.
<Innatech> I don't really code, but I'll see what I can scrape together. Heh.
<jetole> hey guys
<jetole> does anyone know of a way to measure network throughput at any given time?
<jetole> basically to measure how much data your computer is sending at any one point
<jetole> or recieving
<jetole> ??
<nealmcb> jetole: iptraf
<jetole> nealmcb: thanks
<nealmcb> also iftop, ntop, mrtg, cricket
<nealmcb> cacti...
<Innatech> iptstat
<jetole> well I will look at iftop and cricket but I want a way to poll it on the command line, something I can use to pipe into mysql
<nealmcb> ifconfig :-)
<nealmcb> or the ip command
<jetole> well I will look into ip but I didn't know I could get that from ifconfig
<Innatech> is there anything in /proc/net ?
 * jetole has some RTFM to do
<jetole> Innatech: I would imagine but I don't know where
<Innatech> cat /proc/net/dev
<Innatech> that looks promising
<Innatech> then feed it through awk when you decide what you want.
<jetole> /proc/net/dev looks like it tells me a total of data sent
<jetole> as opposed to how much data is travelling at the moment
<Innatech> hrrrm.
<Innatech> Well, watch it and do math.
 * nealmcb wonders if iptables can tell you
<Innatech> probably can.
<jetole> well I have asked in #iptables and they suggested bwmon which I havn't compiled yet
<jetole> they just mentioned that a few mins ago
 * jetole is still looking into this
<Innatech> I found a few perl scripts that just track /proc/dev/net and update an env variable with the throughput at a user defined interval
<Innatech> >shrug<
<jetole> hmmm
<jetole> maybe
<Innatech> err, /proc/net/dev that is.
<jetole> I would tend to think there is a more native way
<Innatech> jetole: how about ifstat
<Innatech> it watches /proc/net/dev like everything else, but it's cleaned up for you.
 * jetole looks
<Innatech> also bwm-ng
<Innatech> again, it just watches proc
<jetole> ifstat looks good so far
<Innatech> ethstats is another option
<Innatech> ;P
 * jetole will look at both those but ifstat seems good as well
<Innatech> jetole: there's something called ftm you can try if you prefer to use the netfilter packer counters. It might be cheaper than scraping ethstats.
<jetole> ethstats doesn't seem too interesting, from what I have seen it won't do a single dump...
<jetole> and I want to monitor only every 5 mins so a single command that can be cron tab'd will do
<jetole> ifstat seems to do that
<nealmcb> yeah - ifstat is very clean and reminds me of iostat
<nealmcb> jetole: thanks for both the question and followup :-)
<jetole> no prob, I really wanted to know
<jetole> ;)
<jetole> and I am still looking into it
<jetole> actually right now I am looking at writting a little c script that reads in and out on one interface and posts it to the mysql
<kraut> moin
<qiyong> is it safe for production server to upgrade from feisy to gusty?
<qiyong> generally
<Kamping_Kaiser> yes, if you take precautions
<qiyong> Kamping_Kaiser: the key softwares are postfix
<qiyong> Kamping_Kaiser: i guess everthing can go smoothly
<qiyong> Kamping_Kaiser: it is wise to catch up the latest release, right?
<Kamping_Kaiser> qiyong, if theres no backports, minimal universe and no external packages the upgrade should be fairly painless
<qiyong> even if it's a production server
<Kamping_Kaiser> qiyong, not necesarily. it works.
<Kamping_Kaiser> if you need a functionality from gutsy, upgrade. otherwise, stay where you are.
<qiyong> Kamping_Kaiser: 2.3 postfix doesn't work with milter, so i'd upgrade to 2.4 postfix with gusty
<qiyong> Kamping_Kaiser: if i stay with feisty, then years later
<qiyong> when feisty and feisty upgrade are no longer supported, problem comes then
<qiyong> Kamping_Kaiser: in terms of backports, there maybe some from ubuntu security repos
<Kamping_Kaiser> qiyong, when hardy comes out, you can upgrade to that via gutsy and its a supported update still
<qiyong> nothing else
<Kamping_Kaiser> -security is fine. the -backports repository is what i was thinking about
<ScottK> qiyong: Postfix 2.3 works with milters that do not modify the body of the message.
<qiyong> Kamping_Kaiser: still i have to jump to gusty in order to get on to hardy, even i don't actully use gusty
<Kamping_Kaiser> qiyong, sure.
<qiyong> ScottK: actually, it just simply doesn't work
<ScottK> qiyong: Maybe for your milter, but I used dkim-milter with it just fine.
<qiyong> ScottK: i tried the one for sendmail
<ScottK> qiyong: I've upgraded several servers from Feisty to Gutsy with no significant problem.
<qiyong> ScottK: that encourages me
<qiyong> so i'd upgrade in the weekend
<ScottK> qiyong: Do you use clamav?
<qiyong> if something broken, i have time to fix
<qiyong> ScottK: yes, i was trying to use clamav via milter
<ScottK> Ah.  That was actually a clamav-milter config issue, not a Postfix limitation.
<ScottK> It's (I think) fixed in Gutsy.
<ScottK> The one small caution I would give you (that's not in the release notes, read those) is Bug #172925
<ubotu> Launchpad bug 172925 in postfix "postfix upgrade does not add 'retry' service" [Medium,In progress] https://launchpad.net/bugs/172925
<qiyong> ScottK: clamav-milter was broken in feisty, right?
<ScottK> For using with Postfix.
<ScottK> I believe, but have not tested, it'd work just fine with Sendmail.
<qiyong> sure, it's designed for sendmail
<qiyong> the bug you show me means every postfix upgrade would be borken?
<qiyong> ScottK:
<qiyong> oh, a postfix reload is ok?
<qiyong> s/oh/or/
<ScottK> qiyong: Postfix works just fine, just doesn't have the new retry service.
<ScottK> That's why it wasn't noticed during development.
<ScottK> But you run the script mentioned in the but and all is well.
<qiyong> is the retry in some conf file, like master.cf?
<ScottK> Yes.
<ScottK> dendrobates and lamont`: We really ought to add Bug #172925 to the Gutsy release notes.
<ubotu> Launchpad bug 172925 in postfix "postfix upgrade does not add 'retry' service" [Medium,In progress] https://launchpad.net/bugs/172925
<qiyong> ScottK: it wouldn't hurt me, i never touch my master.cf
<ScottK> qiyong: No, it wouldn't hurt you.
<qiyong> :)
 * Nafallo is scared of sendmail
<ScottK> qiyong: Additionally, if you did run the upgreade script, it makes the master.cf change for you, so you still don't have to touch it manually.
 * Nafallo rather makes postfix deliver mails into a postgresql db ;-)
 * ScottK doesn't fear Sendmail, he just thinks his life is complicated enough already without it.
 * ScottK goes to the fridge for another cold, dead, wet fish.
<Nafallo> I had to deal with it in my last job :-P
<ScottK> postgresql or dead fish?
<Nafallo> sendmail
<Nafallo> and mysql
<ScottK> Ah.  Even scarier.
<Nafallo> I can't avoid mysql however much I try :-/
<Nafallo> at least my current work run exim.
<Nafallo> on centos...
<Nafallo> with cpanel :-P
<ScottK> That sounds, um, limiting.
<Nafallo> indeed.
<oly-> <-- wonders whats wrong with mysql ?
<Nafallo> oh well. gives me money to play with my own toys ;-)
<Nafallo> is not as fun and good as postgresql
<oly-> how so ?
<oly-> just curious, always used mysql just wonder if i should look into postgres
<Nafallo> personal preference more then anything.
<Nafallo> I used mysql, tried postgresql, and was blown away.
<Nafallo> it really fits me much better.
<oly-> aha, always liked mysql  cuz its very easy to setup and administer with the mysql-admin and mysql-query-browser
<Nafallo> postgresql vs mysql on google gives a pretty list ;-)
<oly-> does postgres do clustering and replication type features as well ?
<Nafallo> yes
<Nafallo> hmm
<Nafallo> anyone played with Cobalt RaQ 4 and Ubuntu yet? ;-)
<avatar_> Cobalt? is that hardware still around?
<Nafallo> yes :-)
<Nafallo> picked one up from work ;-)
<Nafallo> just need some replacement memory and fans now :-)
<Nafallo> and well, replace the OS ;-)
<avatar_> succes on that one!
<Nafallo> I thought about Strongbolt, but I think I rather run Ubuntu :-)
<rodpod> anyone ever had a problem with installing from cd-rom getting stuck, then to check the integrity to be ok, then it still hangs, ive swapped 3 different cd-roms and have tried 2 different disks
<sommer> does anyone have a recommendation on a dynamic dns service?
<Kamping_Kaiser> sommer, dyndns is fairly common. hasnt fsked up on me to badly yet
<sommer> Kamping_Kaiser: thx I was using them, but all of the sudden my account has been dropped
<Kamping_Kaiser> !tell rodpod about ask
<Kamping_Kaiser> sommer, probably 30 days without IP change
<sommer> Kamping_Kaiser: that's what I'm thinking, but I know I logged in the last time they sent the email
<sommer> must not have updated correctly... garrr
<Kamping_Kaiser> sommer, never dealt with the email - i usually have a blackout at least once every 30 days and get a new IP from that :\
<sommer> just wondering if anyone is using another service?
 * Kamping_Kaiser needs another UPS or two :(
<sommer> Kamping_Kaiser: ah... ya, all I really use is for is ssh access from work to home.
<Kamping_Kaiser> sommer, me to, with the occasional link to a file over http (like the idea i put in here a few days ago)
<sommer> Kamping_Kaiser: I'm not sure I caught that idea?
<Kamping_Kaiser> sommer, well, in short it was to provide a default template for using apache vhosts on ubuntu-server by shipping a /etc/apache2/sites-available/template (or similar). <kgoetz> http://k-k.homelinux.net:81/~kgoetz/apache2-vhost-template.txt is the link, the .txt is so lighhtttpd doesnnt try and server it as binary :\
<Kamping_Kaiser> i've been kicking it around in my mind from various angles for the last few days trying to work out how practical it is
<sommer> Kamping_Kaiser: ah... I think I remember now.  Doesn't the default config use a vhost?
<Kamping_Kaiser> two key issues i noticed were the amount of doco that could need changing, and the requirement to have a DNS server to use it
<Kamping_Kaiser> sommer, yes, but its not very easy to wokr out from there how to DIY vhosts
<ScottK> sommer: My usual answer is that if you think dydns will help you, you're probably trying to solve the wrong problem.
<mralphabet> sommer: there is a 'long term dns' option for dyndns
<sommer> ScottK: heh... seems simple enough
<mralphabet> sommer: so that it doesn't require being touched every 30 days
<sommer> mralphabet: ya... I just haven't ponied up the cash
<ScottK> sommer: If you actually need a static presence on the net, then it's virutally always better to open the wallet and get an actual static IP IMO.
<mralphabet> sommer: cash? o0 I've never yad to pay for mine
<mralphabet> s/yad/had
<sommer> mralphabet: really I thought you needed to pay for not having to update?
<sommer> ScottK: agreed, but so far my needs have been quite small
<mralphabet> sommer: I've never paid
<sommer> mralphabet: awesome I'll do more digging on thier siete
<sommer> site rather
<sommer> mralphabet: are you using a ddns update client?
<mralphabet> sommer: I'm looking too, I remember two different kinds of dyndns services, a short term and long term configuration. short term had to be  touched fairly often, long term just sat there
<mralphabet> sommer: I am now, a buffalo router using ddwrt, but I wasn't for . . .2 years? or so.  Still never had the issue
<sommer> mralphabet: ah... I think I tried configuring my wireless ap to do the update, but I don't think I ever got it working correctly
<mralphabet> sommer: this is from an email a few years ago, "This hostname deletion is due to an idle timeout on all Dynamic DNS
<mralphabet> hostnames; they are deleted after 35 days without updates.  We are sending
<mralphabet> you this notification to avoid confusion about the deletion of your host,
<mralphabet> and to let you re-create the host at your earliest convenience.  Hosts with
<mralphabet> static IP addresses should be in the Static DNS system, which does not have
<mralphabet> a 35 day timeout."
<mralphabet> at that point the "static dns system" was a selectable option
<sommer> mralphabet: ah... I'm with ya
<sommer> I'll probably just create another account
<mralphabet> sommer: and looking at the page, I go to Account > My Hosts > Hostname > and configure the name
<mralphabet> sommer: https://www.dyndns.com/support/kb/static_dns_end_of_life.html
<mralphabet> well, there's my answer
<mralphabet> my router apparently is keeping the updates going
<sommer> mralphabet: ah... thanks for the link.
<Kamping_Kaiser> wish i kept my IP for 30 days at a time :(
<sommer> I'll probably take a serious look at purchasing an account
<Kamping_Kaiser> i coudl point some/one of my domains home
 * mralphabet hasn't had an IP change in months
 * mralphabet should power cycle his modem more often
 * Kamping_Kaiser wonders why you would reboot a modem
<mneisen> Hi, I have trouble getting postfix/SMTP AUTH working wiht mysql. It seems that there is not even a connection attempt to the database. I have postfix/courier/saslauthd running on Ubuntu Gutsy. Anybody here who might want to help?! Thanks in advance!
<lamont`> mneisen: does it work if you tell postfix to not chroot the daemon?  (or if you link the socket into the same place under /var/spool/postfix?
<mneisen> lamont`: Let me try.
<mneisen> lamont`: how would i do that, btw?
<lamont`> there's a column in /etc/postfix/master.cf for 'chroot' or such.  save master.cf and change all those to the not-chroot value
 * lamont` doesn't remember which way the switch is
<lamont`> then restart postfix
<Kamping_Kaiser> its the middle column
<mneisen> well, thats the way i know how to do it.
<mneisen> trouble is: does "-" in a column mean yes or no?
<mneisen> since there is no single "y" in this column in my master.cd
<mneisen> master.cf
<lamont`> # service type  private unpriv  chroot  wakeup  maxproc command + args
<lamont`> #               (yes)   (yes)   (yes)   (never) (100)
<lamont`> that pair of lines is the meaning, and the default
<lamont`> - == yes for chroot
<lamont`> so make 'em all 'n' :0)
<mneisen> well, changed that to "n" for smtp and smtps - no luck.
<mneisen> lamont`: I just found, that a problem I thought was solved is still there:
<mneisen> warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: Permission denied
<mneisen> Can you give me a hint what is wrong?
<ScottK> mneisen: That's what you get if sasldb2 isn't in the chroot.
<ScottK> Did you restart or reload Postfix?
<mneisen> Yes, I did.
<mneisen> well, I did a restart.
<ScottK> Which?
<ScottK> OK
<mneisen> :-D
<mneisen> ScottK: But i do not want to use sasldb2
<mneisen> I have my user data in a mysql db.
<leonel> check your  file  /etc/postfix/sasl/smtp.conf
<ScottK> OK.  Well it's trying to use saslbd2.
<mneisen> or is it that the sasldb2 just have to be there.
<mneisen> ?
<ScottK> Dunno.  I actually use sasldb2, so I want it there.
<ScottK> Does /etc/sasldb2 actually exist on your system?
<mneisen> leonel: my smtpd.conf is here: http://paste.ubuntu-nl.org/47236/
<mneisen> ScottK: I have an sasldb2 in /etc.
<ScottK> mneisen: Then your postfix is almost certainly still looking in the chroot.
<mneisen> well, I edited the master.cf and put the "n" in the lines defining smtp and smtps.
<leonel> mneisen: remove  saslauthd  from  the pwcheck methos
<leonel> mneisen: remove  saslauthd  from  the pwcheck method
<mneisen> leonel: Thanks for the tip.
<leonel> because you are not using saslauthd  really
<mneisen> ok.
<mneisen> but still the same.
<leonel> restarted postfix ?
<mneisen> ScottK: Now i did /etc/init.d/postfix stop && /ect/init.d/postfix start - still the same.
<ScottK> OK.  That's odd then.
<mneisen> Just what I think ... :-D
<mneisen> ScottK: BTW, i have the sasldb2 in /var/spool/postfix/etc, so even *if* postfix were still running chrooted, it should find what it needs.
<leonel> sasldb2 is used  when you are not using   libsasl2-modules-sql
<ScottK> OK  Then it's another issue
<mneisen> ii  libsasl2-modules-sql                  2.1.22.dfsg1-9ubuntu2              Pluggab[...]
<mneisen> it is installed.
<mneisen> and in smtpd.conf (with auxprop and sql) it should select the right backend.
<mneisen> but it does not.
<mneisen> it is not even logging anything, afaics. Where should the whole thingy log into: mail.info?
<mneisen> well, its logging a bit, but i wanted something more.
<leonel> mail.log  and syslog
<mneisen> i just get: warning: SASL authentication problem: unable to open Berkeley db /etc/sasldb2: Permission denied
<mneisen> whoppsie, that could be it.
<mneisen> wrong perms?
<leonel> I don't have /etc/sasldb2  ..
<mneisen> well, I would rather not, either.
<mneisen> But i have to go by the errors i get, sadly. :-D
<mneisen> ok, now i have postfix configured to authenticate against /etc/sasldb2
<mneisen> great!
<mneisen> but not what i want.
<ScottK> It's a start
<ivoks> hi
<mneisen> ScottK: :-
<mneisen> :-D
<mneisen> well, how do i change the auth backend if not by /etc/postfix/sasl/smtpd.conf
<mneisen> ?
<leonel> there is where youcontrol that
<mneisen> so i thought.
<ivoks> with postconf :)
<mneisen> but it does not seem to work.
<mneisen> ivoks: :-D
<ivoks> *everythin* else is optional
<ivoks> postconf is the only tool
<ivoks> begining and the end of the whole mankind
<mneisen> ivoks: well, then shoot.
<ivoks> what?
<ScottK> mneisen: You might have a look at http://www.postfix-book.com/download/smtpauth_mysql_database.sql.gz
<mneisen> what is the right 'postconf -e' line to change SMTP AUTH backend to use mysql?
<mneisen> ScottK: thanks for the link.
<ivoks> mneisen: none
<ivoks> for AUTH you can use sasl or dovecot
<ivoks> and then sasl or dovecot uses mysql/ldap/whatever
<mneisen> yeah, right. But it does not in my case, unfortunately.
<mneisen> it uses sasl, all right.
<mneisen> but sadly with the BDB sasldb2 backend.
<ivoks> then set up sasl
<ivoks> dovecot does have an example in dovecot.conf for mysql auth
<mneisen> ivoks: that's what I try to do.
<mneisen> ivoks: thanks for the hint. do you have an URL?
<ivoks> you mean bank account number? :)
<ivoks> i don't have an url, there are examples in dovecot.conf, provided by dovecot-common package
<mneisen> ok.
<ivoks> bye
<lonecrow> heya.. having a noob issue.  I'm sure most of you have seen this before :)
<sommer> lonecrow: I've seen it.
<sommer> You're going to need a net some duct tape and a pound of chewing gum!
<sommer> just kidding...
<mralphabet> sommer == mcgyver?
<sommer> mralphabet: he's actually my uncle.  Uncle Mac I call him.
<mralphabet> . . .
<sommer> you're right that's not true, you caught me... heh
 * sommer wonders what lonecrow's question is
<mralphabet> heh
<lonecrow> sorry lol
<lonecrow> I had to go afk stopped what I was typing mid way
<lonecrow> I installed ubuntu with lamp and postresql..
<lonecrow> it boots up and gives me an error with apache2 saying I don't have a fqdn. I remember fixing this in the past by adding somerthing to /etc/hosts but I dont know what. Its just a pc wth dhcp turned on for right now
<lonecrow> my hosts has 127.0.0.1 localhost which is right but then 127.0.1.1 mycomputername
<lonecrow> in the apache2.conf I dont see anything that says "servername=" anywhere should I add it?
<lonecrow> please help.. shouldn't this type of thing work after the install?
<mralphabet> I don't have a servername directive in my conf and it works
<lonecrow> I've done this install like so many different ways.  I've installed bare bones and then apt-get install apache2 and it still gives same error.
<stickystyle> lonecrow: are you talking about the "Could not determine the server's fully qualified domain" message that you get where restarting/reloading apache2
<stickystyle> ?
<lonecrow> yes
<lonecrow> I've fixed this before in a the past I just forget where...
<lonecrow> I've looked it up and can't find any fix for it, nor does it say in the ubuntu website page for apache2
<stickystyle> its really not much of an error, just kind of a 'by the way'.  It's normally cleared up with ServerName in your apache2.conf file.  you may want to check the output of $hostname --fqdn
<stickystyle> ServerName www.example.com
<stickystyle> no '=' sign.
<stickystyle> I'm betting that hostnanme  --fqdn does not spit out a true fqdn.  since apache first looks for ServerName, then trys to determine the fqdn itself.
<stickystyle> and if it cannot it lets you know.
<stickystyle> http://httpd.apache.org/docs/2.0/mod/core.html#servername
<lonecrow> Oh no = sign ok thanks
<lonecrow> yeah there is no www  just the name of the computer for now
<lonecrow> ok that worked.. :)  thanks.. now I'm getting install:cannot change owner and or group of /var/lock/apache2
<lonecrow> then permission denied make_sock couldn't bind to 80 etc.. which is probbly due to the first error.
<lonecrow> this is a standard lamp install of gutsy .. wtf set the root username and password its all good..
<stickystyle> Did you try restarting it without using sudo?  e.g. $sudo /etc/init.d/apache2 start  that is the kind of error you get when you try to start/restart as a normal user.
<lonecrow> no I used sudo
<lonecrow> or not
<lonecrow> doh
<lonecrow> me so smart
<lonecrow> thanks guys :)
<stickystyle> :-D  It happens, don't worry.
<Goosemoose> coffeedude, you around?
<Gargoyle> Hello
<mralphabet> hello
#ubuntu-server 2007-12-08
<pschulz01> DarkMageZ: .. but don't let that distract you.
 * dantalizing is away: I'm busy
 * dantalizing is back (gone 00:04:12)
<Kamping_Kaiser> pschulz01, what sort of ram do the perf nodes/test boxes use - ddr or ddr2? i was looking at http://www.educypedia.be/computer/memorycomparison.htm and it made me wonder
<pschulz01> ddr2 (I think)
<Kamping_Kaiser> ok.
 * Kamping_Kaiser goes to ask kim stuff
<nathan> in order to install ubuntu via pxe booting, do I need to use the alternative disk?
<nathan> it's not working with ubuntu desktop iso
<nathan> and it does work with ubuntu server iso
<Kamping_Kaiser> i think you need to create a custom image
<Bawbatos> dumb question - how do i find out if hardware is supported in the 2.6 kernel. every i find is from 1999-2003 for this card
<oldmanstan> nathan: yeah, you can't use the live cd
<oldmanstan> they tell you that somewhere in the wiki iirc
<nealmcb> Bawbatos: what card are you talking about?  https://wiki.ubuntu.com/DebuggingHardwareDetection
<Bawbatos> that is the thing. it is token ring...
<Bawbatos> and i am trying to see where that is at. the linux tr project last update was in 2003
<Bawbatos> so 2.3 kernel
<Bawbatos> http://www.linuxtr.net/index.html
<NineTeen67Comet> Hi all .. I had a hard drive eat it, and eventually with the use of dd_rescue obtained a partial .img file from it .. My question is now .. Is there something out there that can crack open this unfinished .img file so I can get at least some of the stuff out of it? (I googled how to open an img file and it was just picture stuff).
<Bawbatos> i mean i still see freaking decnet modules there..
<nealmcb> Bawbatos: I see them talking about token ring last year, so no reason to suppose that they've removed support.... http://lwn.net/Articles/213657/
<nealmcb> linux supports more hardware "out-of-the-box" than ANY other OS....
<Bawbatos> that link does not say it has been removed
<nealmcb> NineTeen67Comet: I'd guess you'd want to make a copy and loop-mount it
<nealmcb> Bawbatos: right
<NineTeen67Comet> nealmcb: Is that like .. mount -o loop /directory/with/backup.img .. ?
<Bawbatos> okay. so i found a driver for it.
<Bawbatos>  /lib/modules/2.6.22-14-server/kernel/drivers/net/tokenring$
<Bawbatos> and modprobed it.
<Bawbatos> but do not see it coming up
<nealmcb> NineTeen67Comet: yeah - with a directory name at the end to mount on, and perhaps a -t option to specify the type
<NineTeen67Comet> nealmcb: Okay .. I'm in Google now to get the syntax right .. thanks for the direction hopefully it'll mount since it isn't a finished .img file.
<nealmcb> NineTeen67Comet: good luck - I know that can be a scary place :-O
<Bawbatos> what is the apt package for the kernel source?
<NineTeen67Comet> grin .. I'm more afraid of my wife if I can't recover some of the pictures .. hehehehe
<nealmcb> "linux-source" is for the latest
<nealmcb> or linux-source-2.6.22 for a particular one
<NineTeen67Comet> nealmcb: what -t would an .img file be? The hdd it was made from was xfs .. but I told it to get ALL of sdd .. not just sdd1 ..
<nealmcb> NineTeen67Comet: then you may need to specify the offset to the particular partition - since that is what you want to mount
<NineTeen67Comet> aha .. okay .. I'll peek around for that ..
<nealmcb> http://alien.slackbook.org/dokuwiki/doku.php?id=slackware:qemu#mounting_a_qemu_disk_image_on_the_host
<nealmcb> fdisk -l file.img should help - see that post for more
<Bawbatos> tr0       Link encap:16/4 Mbps Token Ring (New)  HWaddr 00:01:02:64:31:63
<Bawbatos> thanks!
<nealmcb> Bawbatos: cool
<nealmcb> so it even came up as an inteface :-)
<nealmcb> what module?
<Bawbatos> no, i had to do ifconfig tr0 up after the modprobe
<Bawbatos> 3c359
<Bawbatos> i am building a ccie lab and got a bunch of routers that have tr interfaces plus enet for cheap. using the tr with a tr switch as a backend.
<Bawbatos> but i needed a box to route to the network
<nealmcb> ccie?
<Bawbatos> a cisco cert
<nealmcb> nice
<Bawbatos> http://www.cisco.com/web/learning/le3/ccie/index.html
<Bawbatos> i was hoping to do it on my openbsd firewall but they pulled tr support in 4.2
<Bawbatos> hum, how do i start it on boot now....there is a file for modprobe on boot .... sorry new to ubuntu. nice clean server install tho. impressed
<nealmcb> /etc/network/interfaces
<NineTeen67Comet> grumble .. I'm looking for a really inexpensive mobo/cpu combo for my server (Currently a very tired P4 1.3ghz, 256mb ram, 2x320gig hd, 1x40gig hd headless box .. That is stalling about every 5 minutes, then crashes all together every 12-15 hours .. No syslog errors or nothing ..
<Babatos> what file do i edit for having a module load at startup that is not autoloading..
<Babatos> i have a nic that is not loading.
<Kamping_Kaiser> Babatos, /etc/modprobe* are the files
<Kamping_Kaiser> find the right one ;)
<Babatos> i saw that. however i did not see the right one.
<Kamping_Kaiser> Babatos, look at `man modprobe.conf`. not sure if it will help or not
<nealmcb> Babatos: /etc/modules
<Babatos> ah, cool. i was loking in /etc/modprobe.d
<Babatos> crtl-alt-backspace should kill gdm right
<lamont> Babatos: actually, it kills X, which is a parent of gdm, and therefore takes out gdm.
<Babatos> yah, thats what i mean. cept i have this issue. i killed it - and the screen still has the no signal on it.
<Babatos> boots till gdm starts then no pic.
<Babatos> ugh.
<Babatos> okay i have that fixed, and even have my token ring network up on ipv6
<Babatos> is there a good gui for setting up this server as a firewall. i hate iptables and want it to die but i am going to use this in place of my openbsd
 * Babatos crying
<ScottK> Babatos: If you want GUI help, see #ubuntu.
<Babatos> okay thanks.
<Babatos> i just cannot take iptable
<Kamping_Kaiser> iptables is hurt :(
<Kamping_Kaiser> *hugs iptables*
<Babatos> pf is just so much better
<Babatos> i have 3 freaking firewall certs from vendors and i cannot get my head around iptables
<ScottK> Babatos: That may be your problem.  I started with a known working iptables script and adjusted to my taste.  It didn't seem that hard.
<Babatos> no, it is way convoluted.
<Babatos> vs, pf, ipfw, ipf
<ScottK> OK.  It's all I've used.  It didn't seem that bad to me (with a base script to start with).
<Babatos> have you ever seen pf
<ScottK> Nope.
<ScottK> So I've got no basis for comparison.
<Babatos> ah, well - pass in inet proto icmp all icmp-type $icmp_types keep state
<Babatos> or block drop in quick on $ext_if from <ssh-bruteforce>
<Babatos> pass in on $ext_if proto tcp from any to ($ext_if) port ssh \
<Babatos>         flags S/SA keep state \
<Babatos>         (max-src-conn-rate 3/30, overload <ssh-bruteforce> flush global)
<Babatos> and that is the 2 most complex things you will see. and it makes sense out the gate
<Babatos> someone told me to look at firestarter so i will do that
<ScottK> I've heard good things about it, but never used it.
<Babatos> have a look at this - http://internetworkpro.org/pastebin/1470
<Babatos> and tell me you cannot figure it out in like 30 secs
<ScottK> Babatos: Not at 2AM I can't.  I can see it's generally readable.
<Babatos> haahah... okay
<Babatos> only 1047 here.
<perfector> whats wmvare??
<Kamping_Kaiser> vmware? or wmvare?
<Kamping_Kaiser> !vmware
<ubotu> VMWare Player is in Ubuntu's !Multiverse repository (package "vmware-player"), and http://www.easyvmx.com/easyvmx.shtml can create VMs for it. For VMWare Server, instructions can be found at https://help.ubuntu.com/community/VMware - See also !virtualizers
<perfector> ok so jeos is a basic distro that includes vmware player?
<Kamping_Kaiser> no, its to run inside vmware player
<Kamping_Kaiser> !jeos
<ubotu> Sorry, I don't know anything about jeos - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<perfector> aha... thanks.. whats the size of this distro?
<perfector> and what packages does it include?
<Kamping_Kaiser> ubotu, JEOS is the latest addition to the Ubuntu family. It is designed for running inside VMWare and other virtualisation tools like QEMU.
<Kamping_Kaiser> the iso ~150mb
<Kamping_Kaiser> and its a bare minimum packages (or should be, its getting thinner for the next release)
<perfector> so i guess there is no X..
<Kamping_Kaiser> correct
<perfector> thanks..
<Kamping_Kaiser> np
<Kamping_Kaiser> so near, yet so far. *grin*. someone from -ops contacted me, checked i was talking about ubuntu's jeos, then didnt set the bot entry :(
<Kamping_Kaiser> !jeos
<ubotu> Sorry, I don't know anything about jeos - try searching on http://ubotu.ubuntu-nl.org/factoids.cgi
<Kamping_Kaiser> :(
<Kamping_Kaiser> pity i dont go there anymore, i'd follow up *heh*
<BobSapp> would you guys say that a celeron 300 is underpowered to run a LAMP stack?
<BobSapp> right now mine is running one with 96mb ram, every time i make changes on wordpress i can smell a little blue smoke :)
<Hardin> BobSapp: Unless you've got a heavy load of visitors I'd say a 300mhz is plenty enough to run a LAMP on. Perhaps you might want to add som extra RAM thought.
<BobSapp> yeah it was thrashing on any page actionr
<Gargoyle> greetings
<BobSapp> hi
<disposable> (feisty server) i have two NICs and they keep swapping their ethX number after each reboot. how do i make the X static? i know i am supposed to use some z25 + udev config file, but my /dev/ directory doesn't have anything like that.
<disposable> sorry, found it. /etc/udev/rules
<fenggg> hi can anybody help me
<Luke> I'm getting these emails from cron every day. Can anyone help me pinpoint the problem?: http://pasteosaurus.com/44191
<Nafallo> Luke: /etc/cron.daily/find quits with error status 1 instead of 0
<Luke> yea but why?
<nealmcb> Luke: have you looked at /etc/cron.daily/find  ?  it appears that perhaps you don't have a userid "nobody" if yours is like mine
<Luke> nealmcb: i have that user
 * nealmcb wonders why that script is checking for nobody anyway....
<Luke> also if that was where the exit 1 was coming from, i'd assume it would put the output line in there as well right?
<nealmcb> Luke: hmm - can you try running the update command given there?
<nealmcb> updatedb*
<Luke> yea i'll try that
<Luke> how do I check the exit status from bash prompt?
<nealmcb> and I agree, it would probably output that error message  - but sometimes cron and stdout are strange
<nealmcb> echo $?
<nealmcb> that it the exit status from the previous command
<Luke> yea that db line is exiting w/ 1
<nealmcb> any output?  don't redirect it...
<soren> Luke: Did you change /etc/updatedb.conf at all?
<Luke> i'll cehck that
<Luke> soren: not that I know of
<Luke> no i haven't
<Luke> "ioprio_set: No such process
<Luke> "
<Luke> that's the error
<nealmcb> maybe from ionice?
<Luke> piping the errors to dev null seems like a bad idea =)
<Luke> nealmcb: yea totally
<Luke> what is that tho?
<nealmcb> try leaving just the "ionice -c ${IONICE_CLASS:-2} -p ${IONICE_PRIORITY:-7} " part out and run again
<nealmcb> i.e. run updatedb via nice
<Luke> permission denied bu tit runs
<nealmcb> https://bugs.edge.launchpad.net/ubuntu/+source/findutils/+bug/152692
<ubotu> Launchpad bug 152692 in findutils "updatedb cron job fails" [Low,Triaged]
<Luke> hmm
<Luke> thanks
<soren> Is this on gutsy?
<Luke> yea
<nealmcb> ohh - ugly - why is it "low" priority?
<Luke> prob in case the server is doing anything else
<Luke> ooh you mean the bug
<Luke> haha
<nealmcb> no - the bug is "low"
<nealmcb> yup - I've got a process number 7 also....
<Luke> runs fine w/ the given patch
<Luke> looks like they just fudged the flags
<nealmcb> you changed your cron script?  good
<Luke> yea
<soren> I'll fix it in hardy.
<nealmcb> if 30% of machines out there aren't getting updated slocate stuff, that seems like a problem
<nealmcb> soren: :-)
<Luke> ha totally
<Luke> thanks for helping me find this guys
<nealmcb> Luke: thanks for pointing it out - I've just been lucky
<Luke> I was assuming I changed a config somehwere and didn't know it
<Luke> that's why I didn't look for bugs
<Luke> reports*
<nealmcb> 7: ksoftirqd/1
<nealmcb> but I guess if it was more common, there would be more activity and dups... at least it sends mail.  though many people don't check their local root mail....
<Luke> yea my root mail gets delivered to my user for some reason
<Luke> that's weird actually... is that supposed to happen?
<soren> Oh, I think it might already be fixed in hardy.
<Luke> well I've got too many channels open so I'm gunna close this. Thanks again for your help guys
<soren> Yes, definitely already fixed in hardy.
<Burgundavia> hey soren
<soren> Hey, Corey.
<nealmcb> howdy, Burgundavia
 * soren is knackered
<soren> I'll call it a night.
<soren> See you, guys!
 * nealmcb remembers that Corey is the first uds-boston person he met - on the subway going there :-)
<Burgundavia> nealmcb: was boston your first summit?
<nealmcb> yeah
<nealmcb> though I called in to mountview and seville
<Burgundavia> wow
<nealmcb> (a bit)
#ubuntu-server 2007-12-09
<kazra> Hi all. Just wanted to confirm whether it is possible to create a gateway server with only 1 NIC (I don't think it is, but would like to check)
<ScottK> I'm pretty sure you can by binding both the internal and external networks to the NIC.
<ScottK> It's better and easier to use two NICs, however.
<zul> definently easier to do with 2 nics besides nics are dirt cheap
<kazra> Yeah, I'm short on NICs at the moment. :-P When you say bind both internal and external...how would I go about that?
<Nafallo> just get a managed switch and use vlans :-)
<kazra> Actually since I'm doing this on a VM I just realized I can add another network adaptor. *Slaps head*. Thanks guys.
<Nafallo> lol
<antdedyet> Hrmmph... kvm reboots my machine when I run an image.
 * antdedyet heads off to ubuntuforums.org
<J-_> How hard is it to configure a relay smtp mail server?
 * TwigEther waves
<TwigEther> I'm having a bit of trouble with my ubuntu server install, specifically with mdadm. Every time I reboot, if I want to use mdadm I have to "dpkg-reconfigure" it to get device nodes created and for mdadm --monitor to start running. Anyone else had similar problems? :o
<Gargoyle> hello
#ubuntu-server 2008-12-01
<uvirtbot> New bug: #303835 in openssh (main) "Typo in ssh_config man page" [Undecided,New] https://launchpad.net/bugs/303835
<vertx> Hi, I have this ubuntu server which still does not route packets across its 2 NICs, eventhough I have enabled net.ipv4.ip_forward=1 in /etc/sysctl.conf. Routing on both gateway and clients are as shown at http://paste.ubuntu.com/78524/ . Can anyone help? Thanks.
<jmarsden> vertx: Did you sudo sysctl -p  after editing sysctl.conf?
<vertx> Hi, I have this ubuntu server which still does not route packets across its 2 NICs, eventhough I have enabled net.ipv4.ip_forward=1 in /etc/sysctl.conf. Routing on both gateway and clients are as shown at http://paste.ubuntu.com/78524/ . Can anyone help? Thanks.
<hads> 15:02:36 < jmarsden> vertx: Did you sudo sysctl -p  after editing sysctl.conf?
<jmarsden> vertx: If you ask questions, it is recommended practice to then listen for answers :)
<vertx> jmarsden: Sorry for the late reply. I had left my computer for a moment, then the network just went bust on me :(
<vertx> hads: I had restarted the server and done what you recommended beforehand. This is the output http://paste.ubuntu.com/78535/
<vertx> hads: As you can see, both subnets are private. Should I do a masquerade through iptables?
<jmarsden> vertx: Routing doesn't care about private or not IPs, it routes the way you tell it to...
<vertx> So, did I do anything wrong with the routing? the subnets are 192.168.0.0/24 and 192.168.1.0/24. What do you suggest I do, for client and server?
<jmarsden> The server has eth0 as 192.168.0.1 and eth1 as 192.168.1.1, right?
<ball> on two separate ethernets?
<jmarsden> vertx: No firewalls of any kind active?  ufw disabled?  No rules visible in sudo /sbin/iptables -L output?
<vertx> jmarsden: The server has 192.168.0.2 on eth0 and 192.168.1.1 on eth1. They are physically separate NICs. No iptables rules currently applied
<jmarsden> Sure looks like it should be routing packets between those NICs to me.  So at present a client on the 192.168.0.0/24 can ping 182.168.0.2 but not 192.168.1.1 or anything else on that 192.168.1.0/24 subnet?
<ball> Do you want it be routing frames between the networks?
<ball> (or datagrams?)
<jmarsden> ball: I'd say yes... the original q was: "I have this ubuntu server which still does not route packets across its 2 NICs, eventhough I have enabled net.ipv4.ip_forward=1 ..."
<vertx> jmarsden: at the moment the client (192.168.1.243) can ping 192.168.1.1 and 192.168.0.2, but cannot ping 192.168.0.3 and others :(
<ball> Ah okay.  I missed that.
<ball> I need to add a NIC or two to this server, but I don't want routing or bridging.
<jmarsden> vertx: This is odd.  Anything being logged in /var/log/messages that could be relevant?
<L1NUX_1NS1DE> hello
<vertx> jmarsden: let me check ...
<L1NUX_1NS1DE> does anyone know how to access a hostname that is on a dhcp network
<ball> yes
<ball> sort of.
<ball> L1NUX_1NS1DE: from outside, or from the LAN?
<L1NUX_1NS1DE> from a lan
<L1NUX_1NS1DE> I setup a computer that I want to access
<L1NUX_1NS1DE> I setup eth0 connection to get a dhcp address
<ball> L1NUX_1NS1DE: Easiest way may be to tell your DHCP server to give that machine the same IP address every time.  That's what I do.
<L1NUX_1NS1DE> hmm.
<L1NUX_1NS1DE> oko
<L1NUX_1NS1DE> cul
<L1NUX_1NS1DE> I'll try it
<ball> good luck
<L1NUX_1NS1DE> danke
<L1NUX_1NS1DE> thanks for the the help
<L1NUX_1NS1DE> ;)
<ball> bitte.
<vertx> jmarsden: there is only some dhcp related messages that i can see :(
<jmarsden> It sounds like the kernel really is not forwarding your packets.
<ball> I think you should hit it with a hammer
<vertx> jmarsden: yes that seems to be the problem. weird huh?
<ball> Does Ubuntu Server come with any power management functionality?
<vertx> ball: that would be a great idea :)
<vertx> Sorry, got to go for a moment. BRB
<jmarsden> OK... when you get back try   cat /proc/sys/net/ipv4/ip_forward   and tell us what it says
<jmarsden> ball: I'm sure it does... sudo apt-get install powertop is one way to find out how your system is doing in that regard
<ball> Thanks
<jmarsden> I've not tried that on a Ubuntu Server, only desktop -- but I can't imagine they would have removed all the power mgmt from server kernels...
<ball> I'm tinkering and I wanted to take measurements with a Wattmeter in "suspend" and "hibernate"
<ball> jmarsden: I can see why they might, but if it's there I don't know how to access it.
<nemoego> I'm not sure if this is a client or server problem, but I am trying to run a PXE client with an NFS root and I can get to a login prompt but when I try to login i get the error "nfs: server [ip] not responding, still trying"
<jmarsden> nemoego: Can you mount that NFS share from another (non PXE) client machine OK?
<nemoego> jmarsden: yeah, and watching syslog, i can see the client mount the share during the init process, but I'm not sure that it's getting mounted properly as / later..
<ball> Is there a command-line way to invoke suspend or hibernate?
<jmarsden> http://ubuntuforums.org/showthread.php?t=329902
<jmarsden> nemoego: Hmm.  I'm not a PXE/thin client kind of person... sounds like you need one...
<nemoego> jmarsden: lol, yeah been working on this all day, suprised my FF hasn't crashed with the number of tabs i have open..
<jmarsden> nemoego: OK... NFS I'm fairly comfortable with, but not the whole thin client thing.  Not needed it (yet)...
<ball> I seem to lack /etc/acpi
<jmarsden> ball: Maybe the machine concerned doesn't support ACPI?
<ball> jmarsden: that's possible
<jmarsden> CAn you play with apmd and maybe find out??  APM is older, ACPI is newer, I think...
<hads> sudo aptitude install acpid
<ball> Ah, dmesg tells me that ACPI interpreter was disabled due to an error of some sort.
<jmarsden> vertx: Are you back here yet?
<nomingzi> how can I download all the Ubuntu Server Guide files from (https://help.ubuntu.com/8.10/serverguide/C/index.html) for OFFLINE Viewing ?
<ball> Bah, can't ACPI and can't apm.
<ball> I'll have to go back to this project on a desktop machine
<jmarsden> nomingzi: I think there is a package ubuntu-serverguide ?
<nemoego> nomingzi: failing that, you can always use wget
<jmarsden> So you can install that: sudo apt-get install ubuntu-serverguide
<nomingzi> jmarsden: many thanks, I am newbie
<jmarsden> nomingzi: No problem.  After installing that package the files are all under /usr/share/ubuntu-serverguide/
<nomingzi> jmarsden: can u assist me how do I share this folder so that I can view it from other Ubuntu-Desktop ?
<jmarsden> nomingzi: That's more work... easy way is to just install it on each desktop machine?  Is that workable for you, or are we talking abut hundreds of desktops?
<ScottK> If you have openssh-server set up on the machine already and you are accessing it from a user that has shell access to the server, just use sftp.  No more setup needed.
<ScottK> At least in Dolphin (the KDE file manager) you can make a persistent link to it so you don't have to remember it.
<nomingzi> jmarsden: I m just trying to learn Ubuntu-Server
<ScottK> Dunno about Gnome, but I assume you can do something similar.
<jmarsden> nomingzi: OK, then go through the guide about networking, and then learn about Samba or NFS for file sharing.
<ball> I have to go anyway.
<nomingzi> I am newbie, and expecting more CLI (after I switch from Ubuntu-Desktop), may b you can provide me a better start/guide to learn Ubuntu-Server :P thanks
<nemoego> jmarsden: do you know the proper fstab entry for a NFS root? I have "/dev/nfs   /  nfs  1  1 " per https://help.ubuntu.com/community/DisklessUbuntuHowto#Creating%20your%20NFS%20installation
<jmarsden> nemoego: Looks reasonably sane to me.  But I'm more commonly using NFS for /home or other (non-root) partitions.
<jmarsden> nemoego: You left out a column?  /dev/nfs       /               nfs    defaults          1       1
<nemoego> ah, forgot to type, it's there
<jmarsden> OK.
<nemoego> jmarsden: is there a way i can get more verbose log output from nfs-kernel-server ? maybe filenames as they are accessed?
<jmarsden> Yow!  Probably... might be as easy to run wireshark and look at the network traffic though?
<nemoego> jmarsden: good point.  Just commented out NFS root fstab line, no change.  Either it never mounted or fstab has nothing to do with it...
<jmarsden> If you want to try it your way, I think rpcdebug may turn on some extra debugging output from the kernel for you.  But... I've never used it.
<jmarsden> nomingzi: For basic command line stuff, try http://tldp.org/LDP/intro-linux/html/intro-linux.html
<nemoego> jmarsden: that helped a lot "sudo rpcdebug -m nfsd -s fileop" logs all acessed files to syslog, client seems to have nfs access when i try to log in (access to shadow) but after i type the password there is access to faillog and then nothing. I checked faillog but it is empty. any ideas?
<jmarsden> Sounds like an authentication issue... the login is failing?
<nemoego> in that case I should get kicked back to a login prompt, yes?
<nemoego> i mean, would a bad login attempt break the connection to the NFS server?
<jmarsden> Not sure... as root, if there are existing NFS shares mounted as root?  Maybe.  man 5 faillog and mail 8 faillog really suggest the login is failing to me.
<nemoego> created new user, same error.  I think I'll try again later using a full install as a base for my nfs root instead of using debootstrap...
<nemoego> thanks for the help tho
<jmarsden> OK... at least you made some progress...
<nemoego> yeah, gotta appriciate what you got
<ball> aside from dmesg, is there an easy way to tell whether an Ubuntu server has sound hardware?
<jmarsden> ball: Try aplay -l ?
<hads> lspci
<nomingzi> I am newbie, I use OpenSSH & remote logon to ubuntu-server. HOW DO i use wget to download a folder into my PC ?
<Jeeves_> You would need a web/ftp-server to do so
<Jeeves_> Then: wget (http|ftp)://URL/FOLDER
<nomingzi> Jeeves_: should i install web/ftp service into my remote ubuntu-server ?
<hads> Or just use scp
<philsf> better to use rsync
<hads> Or scp
<Jeeves_> nomingzi: scp or rsync will work as well
<nomingzi> many thanks Jeeves_ philsf hads
<kraut> moin
<vertx> jmarsden: Whew, didn't realize that the meeting took hours. Sorry. ï»¿FYI, cat /proc/sys/net/ipv4/ip_forward yields a 1.
<_ruben> hmm .. apt-listchanges can hook into apt at install time, tho i'd rather generate a changelog-overview for packages that would be install by apt-get (dist-)upgrade, any hints on performing such a task?
<_ruben> using the --download-only option to apt-get might do the trick
<_ruben> shame, it doenst
<ivoks> zul: ping
 * \sh needs some advise...php + upload file size + post_max_size == works with sizes <= 2G...everything above the magic 2GB frontier doesn't work (hardy/intrepid + amd64 server)
<ivoks> what client are you using?
<ivoks> for example, at some point in history, wget couldn't download files bigger than 2GB
<\sh> ivoks: it's not a download thing...it's that firefox, ie, safari and opera are uploading the whole 3.5GB file without any problems...but php dies :)
<\sh> ivoks: well, not exactly dieing...it just throws the upload away
<\sh> ivoks: simple <input type="file"...> form in a html gives you that :)
<ivoks> on which filesystem?
<\sh> ivoks: choose one...I use ext3 and xfs here :)
<\sh> ivoks: and tmp location for tmp upload crap..is big enough...I think 1TB is enough :)
<maswan> filesystems on linux haven't been an issue for quite some time. is it apache 2.2?
<\sh> maswan: more php itself...really...
<\sh> maswan: and yes..apache2.2 + php5
<maswan> \sh: Ok. Well, php is crap, don't use it? ;)
<\sh> maswan: grmpf..can't development needs it :)
<maswan> \sh: Well, you better get started at fixing php then. :)
<\sh> maswan: looks like :)
<\sh> maswan: btw..what about your visit to Karlsruhe? any news? :)
 * \sh needs to plan his birthday party ,)
<maswan> Oh, right. Let me see when that ended up.
<maswan> January 14/15 2009
<\sh> maswan: that's wed + thu after the 11th ... are you in .de before that? :) well, actually those days are also quite ok...for having a beer or two in the evening :)
<lukehasnoname> PHP isn't THAT bad, is it? I have some qualms with it, but meh... I guess Python is the hot new web scripting platform
<zul> yarp yarp
<\sh> maswan / ivoks: http://bugs.php.net/bug.php?id=44522 <- there it is :) yay
<\sh> and reading the php source, both variables who could be the cause are already "long" ... which means the bug is somewhere else
<stefg> Hi, i'm trying to get the ebox platform running on top of a Jeos 8.04.1 install in virtualbox in oder to set up a virtual fileserver. Unfortunately the ebox network module doesn't seem to like jeos , the network module won't run. google doesn't turn up anything useful, can anyone point me to some specialized support forum or irc channel?
<ivoks> \sh: oh, nice :D
<\sh> ivoks: looks like I found the real bugger in rfc1867.c
<\sh> I'll try to proof my guess and rebuild with a patch which should fix it...and then...let's see :)
<zul> \sh: er...what?
<\sh> zul: http://bugs.php.net/bug.php?id=44522
<zul> ah ok
<\sh> zul: if you set post_max_size and max_upload_filesize to >2GB it doesn't work in php5 ... but sourcewise: post_max_size and max_upload_filesize are already defined as long...but not max_file_size in rfc1867.c which helds later on the max_upload_filesize ;-)
<zul> sounds like fun
<\sh> zul: but to be sure, I'm rebuilding hardy php5 with a "guessed" fix and test it if I'm right
<zul> k
<\sh> zul: if I'm right, I'll file a bug on LP...with debdiffs and fixes...for hardy, intrepid and jaunty...hopefully someone can sponsor at least for jaunty...and for {hardy,intrepid}-proposed
<zul> \sh: yep no problem just remember to add the test case for the SRU
<\sh> zul: hmm...can I upload >2GB files to LP? ,-)
<zul> well no just how to reproduce it :)
<ivoks> \sh: so, find a big p0rn movie for test case :)
<jevangelo> hi, how would i be able to get a date that is exactly 6 weeks in the past, using the date command
<zul> check google
<jevangelo> oh, i just got it
<jevangelo> date -d "6 weeks ago"
<Koon> zul: the fix for bug 286828 is marked "Fix committed", but i couldn't find it in the Changelog... do you know in which update we can expect to find it ?
<uvirtbot> Launchpad bug 286828 in linux "Access to samba 3.0.24-3.0.25 shares using CIFS is broken on 8.10" [High,Fix committed] https://launchpad.net/bugs/286828
<zul> Koon: thats the kernel bug isnt it?
<zul> the nodfs one
<Koon> zul: yes, should i ping rtg about it ?
<zul> gimme a sec..
<zul> yeah
<zul> bug him
<nijaba> bug who?
<nijaba> poor rtg, he's too nice
<zul> Koon: its sitting in the git tree though maybe there is an update coming soonish
<Koon> zul: yeah, I'm just trying to calm down the "where is the fix that is due to us" lousy MAS owners.
<Koon> NAS
<ivoks> take care guys
<zul> yeah I saw
<Koon> Steve's reposnse was obviously a little too complicated for them.
<zul> meh..
<Koon> I simplified it: "your stuff is broken, but since we are extremely nice, we'll help you"
<Koon> now I'm trying to counter the "when?" answer
<ivoks> what's the problem?
<Koon> ivoks: the fix is marked 'Fix committed' and a few impatient guys are apt-get-updating every minute to see if there is a new kernel coming up with the fix.
<ivoks> :)
<ivoks> someone should tell then that it's easy to git clone kernel tree and build kernel
<zul> Koon: ping where you doing any merges today so we dont duplicate the work?
<Koon> zul: nope
<Koon> I just pushed a sync this morning (syslog-ng)
<zul> Koon: cool beans Im just doing the samba merge now
<mathiaz> soren: did you get a chance to review the open-iscsi package?
<L1NUX_1NS1DE> hello
<L1NUX_1NS1DE> Does anyone know how to setup ssh between a server and client computer
<ScottK> L1NUX_1NS1DE: Lots of us do.  Please ask your specific question.
<ScottK> L1NUX_1NS1DE: It'd also be nice if you could manage a nick that wasn't all caps.
<jmedina> and less l33t :D
<Ahmuck> *shurgs* ... i always see nicks as personal names.  do you really want to change your personal name for someone else's perference?
<jmedina> L1NUX_1NS1DE: install and run openssh
<L1NUX_1NS1DE> I'll do some googling on the matter
<L1NUX_1NS1DE> if I run into some trouble I'll know who to ask
<L1NUX_1NS1DE> I'l just idle
<jmedina> L1NUX_1NS1DE: why not read the officlal ubuntu documentation about the topic?
<L1NUX_1NS1DE> I'm reading a tutorial on setting up shared keys
<L1NUX_1NS1DE> but I'll try that to
<L1NUX_1NS1DE> thanks
<jmedina> L1NUX_1NS1DE: that is another topic than your first question
<L1NUX_1NS1DE> hmmm....
<jmedina> you never ask about setting up key autentication beween client and server
<jmedina> by default you atenticate againts the ssh server using a user and password
<L1NUX_1NS1DE> yes
<L1NUX_1NS1DE> well I was able to ssh to  the server
<L1NUX_1NS1DE> but I did not have the correct password
<L1NUX_1NS1DE> I'm reading this:
<L1NUX_1NS1DE> http://inside.mines.edu/~gmurray/HowTo/sshNotes.html
<jmedina> https://help.ubuntu.com/community/SSHHowto
<L1NUX_1NS1DE> haha!
<L1NUX_1NS1DE> it works!
<L1NUX_1NS1DE> I setup a paired key ssh login
<cumulus007> does te host file support ports?
<cumulus007> like localhost:1234
<L1NUX_1NS1DE> ports
<L1NUX_1NS1DE> I'm not sure
<L1NUX_1NS1DE> I just used the default user@servername.org
<cumulus007> that's a very useful answer
<L1NUX_1NS1DE> well I'm sort of a noob with servers
<jmedina> cumulus007: which host file?
<cumulus007> jmedina: /etc/hosts
<L1NUX_1NS1DE> I don't know...
<jmedina> cumulus007: that is, that file it is useful to resolve host names not ports
<jmedina> cumulus007: why you want to do that?
<L1NUX_1NS1DE> thanks jmedina
<cumulus007> jmedina: I want to configure my PC so: when I go to localhost:portnumber, a web page on a server opens
<L1NUX_1NS1DE> oh
<L1NUX_1NS1DE> I think you'll have to configure the web server
<jmedina> you mean with a browser?
<L1NUX_1NS1DE> no the webserver
<L1NUX_1NS1DE> you'll have to configure the port that apache listens to
<L1NUX_1NS1DE> I think the default is 8080
<cumulus007> jmedina: yes
<cumulus007> never mind, I have already ficed it.
<L1NUX_1NS1DE> what is a good ftp server to use
<L1NUX_1NS1DE> ?
<jmedina> I like pure-ftpd
<L1NUX_1NS1DE> pure-ftpd
<L1NUX_1NS1DE> hmm..
<L1NUX_1NS1DE> right now I'm using vsftd
<ScottK> mathiaz: Are we having a server team meeting tomorrow?
<mathiaz> ScottK: AFICT yes
<ScottK> mathiaz: OK.  I'll upate the agenda then (just added an item).
<katakaio> Hey everyone, I just joined the team and I'm still finding my way around
<katakaio> Could you tell me where the agenda is located? Is it on the team wiki?
<katakaio> Nevermind - I got it on a lucky guess
<uvirtbot> New bug: #304047 in samba (main) "package samba 2:3.2.3-1ubuntu3.3 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/304047
<kizer> hello again
<kizer> I was wondering what actions I should take to secure a server
<kizer> What port I should turn of
<kizer> or change
<kizer> which firewall to use
<kizer> etc..
<ScottK> kizer: What Ubuntu version are you running?
<kizer> I guess it's not the smartest thing to do but I'm running 810
<kizer> why
<kizer> just how hacked can a linux server get?
<kizer> and could it compromise an entire network
<kizer> ?>
<kizer> currently I'm running web, torrentflux and pure-ftp (with username/password login) on my server
<kizer> *webmin
<Faust-C> kizer, heh 'hacked'
<ScottK> Well 8.10 is fine to be running.  Webmin, not so much.
<Faust-C> a system is only as secure as the person who administers it
<ScottK> kizer: 8.10 comes with ufw (stands for uncomplicated firewall) installed already, you just need to configure it.
<ScottK> Ubuntu Server by default does not have any ports open, so nothing to close.  Additional stuff you've added will change that, of course.
<Faust-C> kizer, and linux has only one fw that i know of
<kizer> ok
<kizer> that's a relief
<ScottK> kizer: I have no idea what webmin opened up though.  You've installed that from a 3rd party repository, so we know nothing about what that package does.
<kizer> so would it be good practice to change password ever month or so
<kizer> with webmin I changed to default port
<ScottK> Faust-C: That's true, but for someone just starting, writing iptables rules themselves by hand is probably not the best idea.
<Faust-C> ScottK, i was gonna refer to ufw which is just a frontend to iptabes
<Faust-C> from what i read ufw's syntax is similar to pf
<kizer> webmin comes with a webgui interface for changing ip rule conveniently enough
<Faust-C> i like that
<ScottK> Faust-C: yes, I already mentioned ufw to him.
<Faust-C> kizer, imo i wouldnt get to comfy w/ webmin
<kizer> well it's certainly a handy way of admin'ing a server
<kizer> well I'll see what I could do with ufw
<kizer> oh
<kizer> what are some useful commands for seeing open ports on and proccesses that or running on certain ip's or ports?
<ScottK> kizer: see man ufw.
<erik78se> kizer: netstat -pant
<kizer> thanks
<erik78se> kizer: Shows you open TCP sockets, ans their application names. Use "sudo" with that as the -p switch is restricted.... "sudo netstat -pant"
<kizer> yeah that command is really helpfull
<kizer> it shows that I'm connected via ssh to the server
<kizer> but, there's another port that's open
<erik78se> you can also do "sudo netstat -panu" (shows UDP ports)
<kizer> I don't know what service is running from there
<kizer> thanks
<erik78se> Whats the port ?
<kizer> for tcp it's 139
<erik78se> Open services are usually in the "LISTEN" state, and the address will give you a hint of what interface is allocated to it. 0.0.0.0 means "all" interfaces.
<Deeps> grep 139/tcp /etc/services?
<kizer> ohh....
<Deeps> probably linked to samba
<kizer> hmm...
<kizer> there are at least ten ports that are listening
<erik78se> In some cases you can use "telnet <address> <port>" to investigate the nature of the service running on a certain port. try it with some web-server and you'll see.... just type "GET" once connected to a port 80...
<Deeps> s/telnet/nc/
<kizer> k
 * jmedina also likes to use lsof to check for open ports
<jmedina> lsof -i
<kizer> oh
<kizer> ok all these port make sense
<erik78se> Simply using "netstat" wont show you firewalls, since the firewall is "above" the OS service layer. That means that even if you can see the open ports in a LISTEN state - the firewall might block those ports. Test that by trying to connect to the ports with - for example - telnet.
<kizer> I recognize the port afiliated with there services
<ball> nmap?
<kizer> I should change ssh from it's default port
<kizer> rich?
<kizer> right?
<erik78se> No need.
<kizer> it's ok the way it is
<kizer> ?
<erik78se> Yes.
<uvirtbot> New bug: #303458 in samba (main) "segfault in pam_smbpass.so" [Undecided,New] https://launchpad.net/bugs/303458
<kizer> thanks ball nmap is the right tool for the job
<ball> I use it every day.  It's a handy thing.
<erik78se> kizer: By changing ports for the ssh-service, you will not achieve much security wise. A determined hacker will be able to detect a running ssh-service regarless of port-mapping.
<kizer> right...
<kizer> ok
<erik78se> ... however, ssh is rather secure if you keep it at a good patch-level.
<kizer> noted!
 * ball tends to describe ssh as "less insecure than Telnet" ;-)
<kizer> well I think I'm just about ready to deploy my server for ready use
<ball> kizer: what are you using it for?
<kizer> ftp server and remote torrent box
<erik78se> If you are really anal about networking security, you could change it to a really high port, lets say, 63040. I don't know why you would do that tho and how much it would add to security.
<kizer> hmmm...
<Deeps> would protect you against generic scans
<Deeps> casual hackers looking for easily exploitable machines
<Nafallo> port knocking? ;-)
<ball> rtorrent?
<erik78se> Deeps: yes. but the scan itself is nothing to worry about.
<kizer> well unless my server burst into flames I guess I'll be ok with the security for now
<Deeps> disabling root logins also helps (stupid that it's enabled by default)
<ScottK> kizer: If you care about security, pick something other than ftp.
<kizer> nafallo: torrentflux!
<Nafallo> what about it?
<ball> sftp
<kizer> torrent flux has a webgui
<Nafallo> been there, contributed code, gone back
<ball> I would like some alternative to nfs that was less insecure.
<kizer> and it's quit usable
<Deeps> ball: nfs over vpn? ;)
<erik78se> kizer: disable root-login, keep a good patchlevel, use passwords that has no real words in it and use a rudimentary firewall and your server will be mega-hard to "hack/break".
<Deeps> ..via ssh
<kizer> sweet
<erik78se> ... via a network.
<kizer> thanks for all you help guys!
<ball> Deeps: Yeah, I suppose that could work at a push.
<Deeps> if you're running any other internet visible services that aren't firewalled off, they're also exploitable
<Nafallo> kizer: it's not as usable as the fork, tf-b4rt.
<Nafallo> kizer: also, I don't think tflux ever committed my patches for IPv6 support.
<kizer> k
<jmedina> ball: nfs is insecure, do you want something really secure, you can use AFS :D
 * ball suspects jmedina is joking
<erik78se> Deeps: yeah, however a simple DROP default rule in the firewall will provide all the security needed.
<kizer> so I should just set firewall rules to restict access to those services to a select pool of Ip's
<kizer> with the ftp
<jmedina> http://www.openafs.org/
<kizer> I have user name and pasword login enabled
<jmedina> ball: http://www.openafs.org/
<erik78se> kizer: you configure your firewall with ALLOW for only those services you want to expose. Lets say SSH. ALL other protocols are DROP.
<kizer> ok
<Deeps> erik78se: i know that, and you know that, not everyone in here may know that though ;)
<erik78se> Deeps: cheers =)
<kizer> but I could still access the services via the local network?
<kizer> just not through the internet gateway?
<erik78se> kizer: Thats in total 2 rules.  <1> from * allow SSH <2> from * deny *
<ball> back shortly
<ball> I saw afs and thought it was part of AppleTalk btw.
<kizer> ok
<erik78se> Then you can refine those rules...
<kizer> so I won't be able to access the ssh?
<erik78se> <1> from internal_network allow SSH <2> from * deny *
<kizer> I'm a bit confused
<kizer> where would I edit this setting
<Deeps> !ufw | kizer
<kizer> through ufw
<ubottu> Sorry, I don't know anything about ufw
<Deeps> ubottu: fail
<ubottu> Sorry, I don't know anything about fail
<kizer> k
<Deeps> lies
<erik78se> kizer: Yes. The first rule tells you "who" can access ssh. The second rule say "nobody can access anything". The rules are allied from top to bottom....
<kizer> thanks erik
<kizer> oh ohh oh
<kizer> sorry you had to explain that
<kizer> I understand now
<erik78se> kizer: good, happy to help.
<erik78se> iptables is really easy to configure, once you understand that the rules are "applied" from top to bottom and that in the bottom you should ALWAYS have "from * drop *" (the syntax is different ofc). From there, you can create super-safe firewalls.
<erik78se> You can "practice" iptables by trying out "fwbuilder" and try create a simple firewall.
<erik78se> Start by doing that "from * drop *". That will effectively shut out everything. Then add one rule at the time until your firewall works as you intend.
<erik78se> Helpful to debug is to do : "from * drop * log" .... that will show you what is acctually dropped by the firewall.
<kizer> I changed to default app policy to "DENY"
<kizer> hello again
<kizer> has anyone had any experience with setting up wakeup-on-lan
<kizer> I reading some documentation on it but it seems abit complicated
<ball> yes
<ball> it works for me
<ball> (at least, to an extent)
<ball> kizer: what are you trying to do?
<kizer> I'm trying to setup server to wakeup on LAN
<kizer> So I could turn the computer on from anywhere
<ball> kizer: I was going to try that, but couldn't get my Ubuntu Server box to suspend or hibernate.
<ball> Realistically servers are usually on 24/7 anyway, but I have to test these things.
<kizer> yeah but I'm sorta on a budget as far as power consumption and wouldn't mind shutting do the system when I know it's not going to be used
<ball> kizer: that's fair enough.
<kizer> yup green is good
<ball> make sure you wake it up in time to do its cron jobs though
<kizer> I'm reading a tutorial on how to set it up
<ball> (backup etc.)
<kizer> here
<kizer> http://ubuntuforums.org/showthread.php?t=234588
<kizer> cron can also wake up the machine?
<ball> That said, my current Ubuntu Server box is burning 33W.
<kizer> that's pretty decent
<ball> kizer: cron on another machine might be able to wake your server.  I've never tried the rtc alarm clock thing, but that might be another option.
<kizer> right
<kizer> but I would just want to have the server to be able to wakeup on LAN regardless of the computer that's waking it up
<kizer> All I have to do is know the mac address of the NIC
<ball> Usually I have the server up 24/7 and the users switch off their workstations when they're done.
<ball> I can turn those on from the server
<ball> (via ssh)
<kizer> nice...
<ball> ...do some remote admin, then turn them back off
<ball> That works if they Hibernate too, but not if they "suspend".
<kizer> but if a how can you turn them on... remotely
<ball> I suspect shoddy firmware.
<kizer> oh oh
<ball> kizer: I run "wakeup" on the server.
<kizer> ok
<tadeu_> guys, how can i edit the boot runlevel ?
<kizer> while there in suspend mode
<kizer> ?
<ball> kizer: while they're switched off, or in hibernate.
<ball> If it's just suspended, I can't revive it.
<ball> (pet peeve)
<tadeu_> it isn't a easy thing in ubuntu...
<kizer> oh
<ball> Hmm... I need to fix my Ubuntu Server box.  Perhaps its CMOS setting for WoL is wrong.
<kizer> so is there an alternate way of setting up a server to boot remotely even if it's turned off
<kizer> besided WOL
<kizer> or is WOL the only way to go
<ball> short of a hardware solution, WoL seems the most likely candidate.
<kizer> ok then WOL it is
<ball> of course, then you need some way to connect to a workstation or VPN in.
<kizer> could you explain how WOL could be setup
<kizer> I've been reading some things on the net
<ball> kizer: on the machine to be woken, I go in and make sure the CMOS setup program ("BIOS") is configured to allow WoL.
<kizer> yes, I believe I did that
<ball> ...then on the machine that's doing the waking, I make sure I have the wakeup program.
<kizer> I'll check to repos
<kizer> ok
<ball> In practice I have a shell script on the server
<ball> I just type "wake"
<ball> ...and the workstations all wake up
<kizer> nice, nice
<kizer> I have to make a script eventually as well
<ball> my script is incredibly simple
<kizer> yeah I  made a script to easy the long command I use for logging into the server via ssh
<kizer> ok
<ball> each machine has two lines: the first is just a comment with the machine's name, the second is "wakeup {macaddr}"
<kizer> ok
<ball> e.g. "wakeup 00:02:a5:97:88:b2"
<ball> (without the quotes ;-)
<kizer> and you just input that to the prog to wake up the remote system
<kizer> ok
<kizer> I think I understand the setup now
<kizer> I'll get started on it
<ball> kizer: well, just having that line in the shellscript calls wakeup (which is the WoL program) and provides it with a MAC address to wake up.
<kizer> thanks for your help
<ball> No problem.  I hope it works for you.  I see too many offices filled with machines left on all night.
<ball> With screensavers that don't.
<kizer> yeah let's save some coal
<ball> ...and the monitors left switched on and DPMS turned off.
<ball> :-(
<ball> Wish I could fix that Suspend issue though
<ball> Standby, whatever
<kizer> what program did you use to execute remote wakeup
<kizer> I found this program called etherwake
<ball> kizer: it may be the same program, let me check
<kizer> most likely...
<ball> kizer: all it does is generate the "magic packet" anyway.
<kizer> ball: did you have to install anything on the remote machines you wanted woken up or just set the BIOS to have WOL enabled
<ball> just set the BIOS
<ball> (and perhaps the O.S. ...depends what you're running)
<kizer> the OS?
 * ball nods
<kizer> how so?
<kizer> what needs to be set for the OS
<kizer> FYI I'm running ubuntu
<ball> Ah okay.  I imagine that will "just work" then.
<kizer> sweet
<ball> I know last time I tried it I got similar results: Off and Hibernate will WoL.  Suspend won't.
<ball> I suspect the firmware is at fault.
<kizer> hmm... can help you there
<kizer> have to tried google your issue
<yann2> hello folks... I want to enable root account on my servers... but to allow people to connect from ttys *only* - ie no su - root from ssh
<yann2> I tried many many things... got nothing to work.. any suggestion?
<yann2> I tried /etc/security/access.conf... /etc/securetty... /etc/login.defs... enabling it in pam... it seems to be possible to restrict this in 10 different ways but none works :(
<stefg> I've spend the day trying to get ebox working inside a virtualbox virtual machine (hardy host & guest). Neither a jeos install nor a virtual install of the ebox-installer iso gave me a working result. i'm using ubuntu hardy as host and guest. I'm able to login to the virtual ebox-machine but if i try to access the network configuration or the system module all i get is "Page not found" or...
<stefg> ..."Really nasty bug..." Is ebox currently broken?
<LoveGuru> stefg: hay may i know "ebox" what for? what is the purpose to using ebox/
<ScottK> !ebox | LoveGuru
<ubottu> LoveGuru: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<LoveGuru> ScottK: thx.
<zoopster> stefg:  ebox works fine on hardy...have not run it in a vm. Do you receive anything in syslog or messages?
<LoveGuru> ahh "warning" for 8.10
<zoopster> stefg: other than your 404 error
<stefg> zoopster, LoveGuru : nothing particular. I started doing a jeos install, then adding the ppa-repo for the latest stabel ebox packages and installed ebox-samba ... didn't work, could not enable the firewall & network module, thus NO SAMBA
<stefg> tehn i thought: ok, jeos might be a bit too stripped down and tried the ebox installer (hardy-server with post installation script)... same result. At the moment i'm not even sure wether i'm looking at an ebox- or a virtualbox problem
<kizer> wow that was automagical!
<kizer> I used etherboot and the server started up!Q
<kizer> awsome
<stefg> there is a (debian-based) live CD which i could run in virtualbox... that one worked, so i guess is an ebox problem and some package might be missing
<kizer> it's just wonderful when something just works
<stefg> kizer: in turn it's just frustrating if something does not, and you don't get a clue why
 * ball returns, avec hot chocolate.
<zoopster> stefg: assume you have ebox-firewall and ebox-network installed, correct?
<zoopster> seeing as samba requires them..you must have
<stefg> zoopster: right... plain server/jeos install and a simple apt-get install ebox-samba (trusting that the dependencies will pull in everything that's needed)
<stefg> so this is actually a straight forward thing... and i have ebox running on real hardware, so i know it works there. But inside a VM i can't get it to work
<stefg> i tried ther -server and -virtual kernel, tried the stock hardy version of ebox (0.11.something) and the ppa-repo version (0.12.3) ... doesn't make any difference
<stefg> ATM i'm not even considering a bug report, because that 'doesn't work' type of reposrts don't help anybody
<stefg> so let me ask the other way 'round: did anyone in here succed in getting ubuntu-server with ebox on top to run inside a virtualbox vm?
<LoveGuru> stefg: i never tried "ebox" well will try it. inside the VMware
<stefg> LoveGuru: would be nice... i suspect that the virtual network adapters in vm's confuse the ebox network conf module. If vmware works, but virtualbox doesn't  we found something out ...
<didrocks> jdstrand: I thing this merge is still pending for ufw: https://code.edge.launchpad.net/~didrocks/ufw/case-insensitive-app/+merges :)
<jdstrand> didrocks: yes it still is :(
<jdstrand> didrocks: however, I have not broken my promise to you-- it will be the first thing I do when I get back to ufw
<jdstrand> didrocks: I hope to get back to it soonish
<didrocks> jdstrand: no problem. It was just a reminder to not break the merge ;)
<didrocks> jdstrand: take your time. You have an UDS to prepare :D
<jdstrand> :)
<\sh> opennms + ejabberd + mail + opennms dashboard on ubuntu ==> rock hard management compatible tool
<\sh> especially when the dashboard is displayed on a very big, very full hd flat screen
<AlexC_> morning all
<AlexC_> I'm getting some weird entries in my /var/log/mail.log regarding Dovecot: Dec  1 19:00:11 foobar dovecot: pop3-login: Disconnected: user=<shop>, method=PLAIN, rip=200.219.227.216, lip=72.14.177.56
<\sh> hmm...what is the best way to see the filecache memory on the CLI?
<AlexC_> I have at least 100 of those entries, all with different usernames. Is this someone just trying to connect - or have they actually connected, and disconnected (it's the wording' disconnected' that is worrying me!)
<jmarsden|work> AlexC_: Sounds like someone is trying a small scale dictionary attack.  if you see entries with "dovecot: pop3-login: Login: user=<someuser>" from that same remote IP, then you should be worried -- it means they guessed a password correctly.
<jmarsden|work> If you see all the "unwanted" login attempts are from the same IP or same subnet, you can block them with an iptables rule or similar filtering.
<AlexC_> jmarsden|work, awesome, at least they are not successful logins then
<jmarsden|work> Correct.
<jmarsden|work> You can verify you manually connecting (telnet servername 110) and doing user foo and then pass bar and then quit... and look at your resulting log entries.
<AlexC_> thanks =)
<AlexC_> jmarsden|work, ah, good idea
<Deeps> s/telnet/nc/ !
<Deeps> netcat, not telnet!
<jmarsden|work> Deeps: Both work equally well :)
<Deeps> untrue, telnet process can block and not allow you to ^C exit in some cases
<jmarsden|work> Deeps: Give me a way to duplicate that.  when connecting to a POP3 server...
<jmarsden|work> BTW you would usually ctrl-] close in telnet, not ctrl-c...
<Deeps> non-standard approach, most programs will respond to ctrl+c, like netcat ;)
 * jmarsden|work has been telnetting to POP3 and SMTP servers for testing since at least 1994.  Read the telnet man page.
<Deeps> telnet pop3.telefonica.net 110
<Deeps> +OK POP3 PROXY server ready (7.2.078)
<Deeps> at which point ctrl+c fails, ctrl+] works fine mind
<jmarsden|work> why would you ctrl-c at that point, you can type quit ... you just need to know the POP3 commands...
<Deeps> well you're specifying to pop3 servers now, i was generalising when i recommended nc over telnet
<jmarsden|work> No.you were responding to a specific suggestion to telnet to a POP3 server.
<jmarsden|work> Oh well.
<Deeps> although if there are 2 solutions to a problem, one uses a more commonly used approach, the other uses a special syntax and requires knowledge of the protocol + man page reading to get right, which would be the preferred approach for newbies? ;)
<AlexC_> jmarsden|work, tailing the logs, and doing what you said - I see no such message when an auth fails
<AlexC_> I get '-ERR Authentication failed.' within telnet, though nothing in the logs
<jmarsden|work> AlexC_: Hmm, and when you then quit the telnet session... still no disconnect??
<AlexC_> jmarsden|work, ah, when quiting I get: pop3-login: Aborted login (1 authentication attempts): user=<lolcake>, method=PLAIN,
<jmarsden|work> AlexC_: Well, that's close... I suspect you didn't exit the session cleanly or something, to get that.
<AlexC_> jmarsden|work, I typed 'quit'
<AlexC_> is there another way of closing it?
<jmarsden|work> AlexC_: OK, go it... it is the other way around...  telnet servername 110 then user foo pass bar, then ctrl- and then ctrl-c and you'll get the "disconnected" message.
<jmarsden|work> So whoever is trying passwords is not typing the quit command, apparently.
<AlexC_> ctrl- ? Missing a letter out there?
<jmarsden|work> * should have been "then ctrl-] and then ctrl-c ..." above
<AlexC_> jmarsden|work, ahh I see. Awesome, also just closing the terminal gets the same
<jmarsden|work> OK.  Anyway, that confirms the diagnosis.
<AlexC_> Is there anyway I can up the log even, so it actually says failed attempt (so I can get Fail2Ban picking it up and blocking them)
<jmarsden|work> I don't know.  I have a daily script that greps through my maillogs and uses sort and uniq to show me any probably offenders doing this, then I block them by hand... there's probably a way to automate that further.
<AlexC_> ok, well I'll look into it later on - at least I know what these messages are now =) Thanks for all the help, put my mind at rest!
<jmarsden|work> No problem.
<dana_good> i'm trying to set up ndoutils-nagios2-mysql, but it keeps on getting stalled saying "dbconfig-common: flushing administrative password"
<axisys> i have a sun x4100 which supports 64 bit
<axisys> should I install 64-bit ubuntu server 8.10 ?
<axisys> if there are lots of issue with pkgs I rather not
<dana_good> axisys: what application are you running?
<axisys> dana_good: it will be mainly lamp
<dana_good> should work fine 64bit
<axisys> also I have two disks in this x4100 amd opteron server.. how do I install in using mirror raid ?
<yann2> soft or hard? which version of ubuntu?
<axisys> yann2: soft
<axisys> yann2: intrepid
<yann2> you can get hard raid with x4100 , why use a soft raid?
<axisys> yann2: ofcourse still deciding if I sh'd go with 64 bit or 32 bit and alternate or regular server iso
<yann2> why not use 64bits? its a 64bits server :)
<axisys> yann2: so get the 64bit alternate iso ?
<dana_good> axisys: if you're using SAS drives do HW raid
<yann2> yeah
<yann2> how many disks do you have?
<yann2> dana_good > I had a bug using soft + hard raid on a x4100 not longer than a week ago, very annoying
<axisys> ok how do I do it w/ hard raid? i have two SAS disks
<dana_good> yann2: i have very little experience with those sort of issues. 99% of my linux boxes are vms.
<yann2> how many disks do you have?
<axisys> yann2: 2
<yann2> it was quite specific to my install.. maybe you won't run into it
<yann2> right so you won't :) my bug was with 4 disks, 2 raid 1, grub was installing on the wrong virtual disk
<axisys> do I get the alternate iso or regular server iso?
<yann2> i didnt know there was a server alternate :)
<yann2> but go for hardware raid
<yann2> where did you get that x4100? :P
<axisys> yann2: ok how do I do the hardware raid ?
<axisys> yann2: work
<yann2> during the boot, it will tell you "to configure blah press ctrl+key"
<yann2> ctrl-a or ctrl-q
<yann2> not sure
<yann2> boot it it tells you at some point :)
<axisys> yann2: tnx
<axisys> yann2: i am solaris guy.. thsi will be my first ubuntu 64bit server
<yann2> good luck... I had a hard time getting my hands on solaris 10 on my t1000 :)
<axisys> i have been using ubuntu since 5.04
<axisys> yann2: solaris is joke for me
<axisys> yann2: but hopefully this will be fun too
<axisys> in my laptop i am using ubuntu
<yann2> you can't run vms on x4100 you know that :)
<axisys> yann2: not planning to
<axisys> yann2: should I be able to install it from console?
<axisys> yann2: i dont have any gui
<axisys> yann2: connected to it thru SP
<yann2> yes
<yann2> normal debian-installer
<yann2> SP should be fine
<yann2> but there is a VGA port :)
<axisys> yann2: i know.. but i am doing the installtion remotely
<uvirtbot> New bug: #304194 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: el subproceso post-installation script devolvi? el c?digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/304194
#ubuntu-server 2008-12-02
<yann2> http://beranger.org/index.php?page=diary&2008/11/28/20/34/04-ubuntu-developers-discovered-exa  oups
<yann2> right I'm 4 days late :)
<axisys> i am having hell of a time installing ubuntu server on x4100 thru SP
<axisys> i only can ssh to net mgmt port.. so I never see the installation to start .. it sees the CD.. but it is forcing a gui which I cannot have
<ball> What's an SP?
<axisys> cuz I am trying to install remotely
<ball> axisys: try the alternate CD?
<axisys> ball: it is service processor
<ball> axisys LOM?
<axisys> ball: yes
<axisys> no i burned a cd and left it inside the server which is regular server edition and not alternate cd
<ball> Who makes this x4100 thing?
<axisys> now I am away from the box
<axisys> SUN
<ball> axisys: I hate it when that happens.
<axisys> http://www.ubuntu.com/partners/sun looks like my server is certified .. so there is no hardware issue.. just the gui needs to be changed to text
<axisys> i guess i have to hit esc at some point to escape the splash.. not sure exactly when
<ball> stupid graphical splashscreens
<ball> You know what though, I have an Ubuntu Server box here I could try for you.  Hang on...
<ball> It seems to have a text console (as God intended).
<ball> Let me reboot though and check for splashes.
<ball> No splash screen.  It boots straight into text mode.
<axisys> u mght have changed it in grub after the initial install ?
<ball> No, this is stock.
<axisys> alternate iso ?
<ball> No, ordinary Ubuntu Server
<[Solars]> try the alternate iso
<ball> [Solars] He can't reach the CD-ROM drive
<[Solars]> iirc, the normal cd is gui'ed only
<ball> [Solars] Ah, come to think of it, I remember seeing the GUI during the install
<ball> ...but once installed it doesn't seem to need one.
<[Solars]> right
<ball> axisys: are you installing?
 * ball staggers around a bit
 * ball sighs
<ball> I have to go
<axisys> i will wait till tomorrow
<axisys> thnx ball, [Solars]
<axisys> i need to find a way to kickstart the server from an image .. net install ..
<jmarsden> https://help.ubuntu.com/community/PXEInstallServer may help?
<axisys> jmarsden: thanx.. let me check it out
<alex_21> Hi, I have a problem, I can't resolve addresses when using host or wget from my server
<genii> alex_21: You have manually configured interfaces?
<alex_21> Yes, but it worked back when I had eth1 up, and now I commented it out since I am using eth0
<genii> alex_21: Does ifconfig show eth1 still up?
<alex_21> No, it says eth1 is not configured
<genii> alex_21: Did you manully swap out cards in it? udev will not re-use eth0 for instance but go to eth1 for a new adapter because that designation is stored by mac address in the udev system
<genii> eg: if you had tw0 nic and yanked one out, put a new one. Then eth2 would be the new one and not eth0 again
<alex_21> No, the cards are the same
<genii> alex_21: Does /etc/resolv.conf   have anything in it?
<alex_21> Eth0 used to be my spare, and now it isn't anymore, it is my main and eth0 is a spare
<alex_21> eth1 is now my spare, sorry
<genii> alex_21: How is it getting it's address? dhcp? semi-staically assigned from a router based on it's mac address? defined in /etc/network/interfaces ?
<alex_21> Hi,
<alex_21> Here is my /etc/resolv.conf file http://paste.ubuntu.com/79120/
<alex_21> And the address is static
<genii> alex_21: what is result of: route
<alex_21> http://paste.ubuntu.com/79122/
<alex_21> There is the output or route
<genii> alex_21: And 192.168.0.101 is the router address or so?
<alex_21> Yes, it is my gateway/router
<genii> alex_21: Add into /etc/resolv.conf for the moment:    nameserver 208.67.222.222              (this is an OpenDNS dns server ip)   then see if you can ping some name
<alex_21> I did, now what
<alex_21> It works now
<genii> alex_21: eg: try to ping by name some site
<alex_21> It works now with the server you gave me
<genii> alex_21: OK, so you know you have to give the box some valid dns ip then. Normally your router/gateway should be doing this but it looks like not in this case
<alex_21> It does for all my other machines though
<alex_21> But all the other machines use dhcp
<genii> alex_21: Did you restart networking or so since you switched the adapters around?
<alex_21> Yes, a few times
<genii> alex_21: If you have the adapter manually configured for instance in /etc/network/interfaces  then make sure you put in whatever your valid dns ip are into the /etc/resolv.conf
<genii> alex_21: Alternately set the interface to auto/dhcp and if it needs always same IP then tell the router to assign always the same one by it's mac address
<genii> alex_21: Then it will get whatever info the other ones get re: dns
<mysticalone> I'm having a related issue with my box
<mysticalone> I can't seem to make the ubuntu gateway point to the Windows gateway
<mysticalone> err, Windows IP
<mysticalone> I have connection sharing enabled on Windows
<axisys> ok I were able to get the pxe boot going.. but when it is ready to display the grub.. i dont see it.. cuz the gui i think
<axisys> i need to find a way to send the grub menu in non gui format
<genii> axisys: You are using the method which loopmounts the install iso?
<axisys> this is what I followed https://help.ubuntu.com/8.10/installation-guide/amd64/install-tftp.html
<axisys> genii: i am trying to install using PXE
<axisys> genii: i did not follow this https://help.ubuntu.com/community/PXEInstallServer
<genii> axisys: Yes. And then when it boots to the image you have on the server, how was the image produced?
<axisys> genii: mounted the CD and copied the netboot dir content
<axisys> and extracted the netboot.tar.gz in tftp boot dir as well
<axisys> so hardest part is done.. the network part.. now I need to fix it to display the grub..
<genii> axisys: Using the alternate CD or the regular livecd?
<axisys> genii: alternate cd
<axisys> genii: wait!
<axisys> genii: it was waiting for a enter.. since the screen was blank, i could not tell
<axisys> but when i hit enter i see this now
<genii> Ah, good
<axisys> Loading ubuntu-installer/amd64/initrd.gz........................................
<axisys> ................................................................................
<genii> Well, thats not grub, but doesn't matter
<axisys> genii: that is lilo ?
<axisys> genii: i was just following this https://help.ubuntu.com/8.10/installation-guide/amd64/install-tftp.html btw
<genii> mysticalone: When ICS is enabled on a windows box, it usually dhcp assigns to the other box connected to it
<genii> axisys: It's a ramdisk based bootloader so not really has a counterpart like lilo or grub or so
<axisys> i am still on the same screen.. should it take that long.. wish i could see some log
<axisys> i should have started tftp in debug mode may be ?!
<axisys> i have 2G memory on that sun x4100 amd opteron
<genii> axisys: Let it time out or so, it should give some message at that point
<genii> mysticalone: If your adapter is eth0 try:    sudo dhclient -r eth0 && sudo dhclient eth0
<axisys> genii: :-)
<mysticalone> genii: i'll try it
<genii> mysticalone: This will release/renew dhcp on it, hopefully windows ICS will give it the info it requires
<genii> axisys: I usually use https://wiki.koeln.ccc.de/index.php/Ubuntu_PXE_Install as reference for netboot setups
<mysticalone> genii: well my Ubuntu box is connected to a router, but my internet goes thru Windows
<axisys> genii: yep I have that open too :-)
<axisys> i can i could modify the default like that
<genii> mysticalone: So the problem there will be the router wants to give some IP which will likely override the ICS
<genii> mysticalone: Does the windows box have more than one ethernet adapter?
<axisys> genii: however he said no need to do that anymore
<mysticalone> genii: Yes, the other one would be the wireless card
<genii> axisys: It begins to boot. So the thing is likely somewhere in the tftpboot, like pxelinux.cfg or so
<mysticalone> genii: I tried disabling dhcp on the router, waiting on the box to grab dhcp from Windows
<genii> mysticalone: That might work as a fast way
<mysticalone> and now I can't ssh to it
<genii> mysticalone: Probably since it's default route is/was the router
<axisys> genii: hmm
<genii> axisys: OK. I'd say put back the router. Then just make for the time being a static entry for your eth0 or so.  The defaultrouter will be the Windows IP
<axisys> mysticalone: that was actually for you
<genii> axisys: Yes, apologies
<axisys> genii: np
<genii> mysticalone: I'll pastebin an example one for you
<genii> mysticalone: http://paste.ubuntu.com/79134/              If your network is different range adjust accordingly. Then after do: sudo /etc/init.d/networking restart
<genii> mysticalone: In the example 192.168.0.101 would be the IP of the Windows box
<alex_21> Hey, I still don't receive mail on my server. I thought just dns was the problem, but I guess not
<alex_21> I am using Postfix
<alex_21> And all ports that are needed are open
<genii> alex_21: Does it have a different IP now?
<alex_21> Then when?
<alex_21> Because all my mx records were adjusted accordingly
<alex_21> But yes, a new IP
<genii> alex_21: So you need to change the .cf file and rebuild
<genii> main.cf
<alex_21> And also, I can't figure out what is wrong. Peple on the networking channel were able to connect to it yesterday so it looked like it was only dns
<alex_21> What do you mean rebuild
<genii> alex_21: You should just be able to:    sudo /etc/init.d/postfix reload             after
<alex_21> After what?
<genii> alex_21: After modifying your postif main.cf file to reflect your current box's actual IP or so
<genii> *postfix
<alex_21> Oh, ok
<alex_21> I can't find it. I suppose since this is Postfix inside Zimbra it is a little different
<genii> Hmm. Unfortunaltely I know nothing about Zimbra
<alex_21> Oh, lovely. So here is a Blind techie on a Monday night, needing ot get a mail server up and running with an administrator interfacce that is unaccessible
<alex_21> Lol, I just don't know what to do
<alex_21> Grrrrrrrrrr
<genii> alex_21: According to http://www.zimbra.com/forums/installation/10559-modifying-zimbra-postfix-configuration.html you may want to look at zmmta.cf wherever that is
<alex_21> Ok, thanks
<alex_21> I'll have a listen to that, smiley, I'll see
<alex_21> I got the mail. I found it. It was in the deffered mail queue
<alex_21> Sorry
<kraut> moin
<uvirtbot> New bug: #304388 in samba (main) "Gratuitous file /etc/samba/gdbcommands" [Undecided,New] https://launchpad.net/bugs/304388
<FebruariusX> helo everyone
<snek> hello
<FebruariusX> i have question
<ropetin> FebruariusX: ask away
<FebruariusX> it was all about haproxy? it could replicate anydata comes to pc1 onto pc2
<alex_21> Hey, I can't use a gui front end to manage themes, but can someone walk me through installing a theme that looks like the Mac login - password box n a Mac via the cli
<snek> servers don't run a gui normally, go back to the normal ubuntu channel :P
<alex_21> I did but no one knows the cli for it
<lukehasnoname> How do I install drivers for new hardware?
<lukehasnoname> Specifically, a second network card
<lukehasnoname> PCI
<snek> it's not auto detected?
<hads> You shouldn't need to, drivers are kernel modules.
<snek> do an "sudo lspci" and see if it gets listed
<hads> sudo not needed
<snek> it is on mine
<hads> Why?
<snek> dunno, it just gives a command not found without it ;)
<hads> That doesn't make sense.
<snek> but i must confess that's on my intrepid desktop.. on my hosted server it seems to work without
<snek> that's a hardy vps
<hads> Well that's not normal. sudo keeps your environment by default.
<snek> by golly you are right.. lol
<snek> damn, if only i knew that earlier hahaha
<ScottK-palm> Mathiaz: Are you running the meeting today?
<ScottK-palm> Mathiaz (or whoever will run the meeting): I'd appreciate it if my agenda item could go first.
<yann2> meeting is at 9pm isnt it?
<yann2> or is that a serverteam meeting? :)
 * ScottK-palm is on the road.  I think I can squeeze in the first fifteen minutes or so of the meeting.
<ScottK-palm> Server Team @ 1600 UTC
 * ScottK-palm drives like the wind to get to the known free wifi spot by meeting time.
<nick|here> how can i enable monitor turn off when i close lid
<Jeeves_> nick|here: That seems to be broken in intrepid
<nick|here> Jeeves_, what a unlucky man i am :(
<Jeeves_> nick|here: Me too.,
<Jeeves_> It doesn't work for me either
<nick|here> Jeeves_,  i have a macbook pro that has a broken lcd, i managed to install ubuntu server without the monitor (!) then installed openssh server and using it from ssh. but even if it doesn't shows any output from monitor it turns on the light and it makes it hot
<Jeeves_> nick|here: Ah
<_ruben> break the light as well ;)
<Jeeves_> :)
<Jeeves_> Ah well, it's an apple
<Jeeves_> throw it out of the window!
<henkjan> ah, reminds me of https://lists.ubuntu.com/archives/ubuntu-server/2008-November/002442.html :)
<henkjan> jeeves realy doesnt like apples :)
<erimar77> i'm working on a daily/weekly task list.. what are some things other server admins do besides watch ganglia and read slashdot and reddit
<Jeeves_> erimar77: IRC
<Jeeves_> Webwereld.nl
<_ruben> 24/7
<Jeeves_> nu.nl
<erimar77> but of course
<Jeeves_> erimar77: Read company mailinglist
<henkjan> reading bofh stories
<Jeeves_> bother my collegeas
<erimar77> can't read dutch :(
<henkjan> playing pinball
<erimar77> real pinball, or iphone type pinball
<henkjan> real pinball
<henkjan> at my former employer
<erimar77> hehe, "former"
<_ruben> our pinball machine broke .. so now its just table soccer .. not sure what happened to the darts board
<henkjan> Jeeves_: you are still playing pinball?
<uvirtbot> New bug: #304437 in openldap2.3 (main) "null_callback: error code 0x12" [Undecided,New] https://launchpad.net/bugs/304437
<Jeeves_> henkjan: Not much
<Jeeves_> henkjan: That's because you left us
<Jeeves_> now I've got work to do
<_ruben> hehe
<akincer> Trying to use ssh-copy-id on server 8.04 gives /usr/bin/ssh-copy-id: ERROR: No identities found
<akincer> Google shows signs this is a bug from 2003
<akincer> WTF?
<akincer> anybody got an idea?
<Scix> After installing tftp-hpa in ubuntu 8.10, where can i find the config file? In 8.07 I could fint it in /etc/default/tftp-hpa
<mysticalone> I need help setting up VNC/Remote Desktop on my box. All my attempts to enable Remote Desktop don't allow me to connect.
<ball> mysticalone: does it work after you've logged in at the console?
<akincer> mysticalone: What version of Ubuntu?
<ball> (I'm guessing you want to connect to the same desktop you see on the built-in console)
<mysticalone> 8.10
<mysticalone> I just went over to the box and desktop isn't properly working
<akincer> I'm not sure I follow, but did you enable remote desktop access AND uncheck the "ask for confirmation" box on the remote machine?
<mysticalone> Yes, I did
<mysticalone> I can connect fine thru ssh, but I like using the GUI
<Scix> After installing tftp-hpa in ubuntu 8.10, where can i find the config file? In 8.07 I could fint it in /etc/default/tftp-hpa *sorry dump*
<ball> Last time I tried connecting to :0, I couldn't unless the console was logged in.
<ball> I count that as a bug.
<ball> I can launch a separate vncserver though after logging in via vnc
<ball> (I do that with Ubuntu-server)
<mysticalone> I'm logged in physically at the box and thru SSH but I can't connect by VNC
<mysticalone> unless the firewall is blocking it
<ball> mysticalone: what OS is on the box you're trying to connect to?
<mysticalone> Ubuntu
<mysticalone> 8.10
<ball> Server or Desktop?
<mysticalone> server
<ball> Well then it may be that you don't have a :0 to connect to
<ball> I log in via ssh, start a VNC server instance ("vncserver -geometry 800x600 -depth 24") and then connect to that
<ball> ...usually it's :1
<ball> (in my case)
<ball> You'll want to install a window manager or desktop though
<ball> I'm using Xfce this month
<ball> (described at http://potchery.blogspot.com/
<ball> )
<mysticalone> I installed gnome
<mysticalone> thru ubuntu-desktop
<ball> Oh, I don't know how that works then.
<ball> I'm guessing there's an executable that could launch Gnome on your second display (the VNC server)
<ball> brbr
<akincer> you installed desktop on a server?
<akincer> why?
<ball> akincer: I do because I anticipate hanging VNC terminals off the server
<ball> ...so the desktop will run on the server, but appear on the terminal
<mysticalone> i guess theres no reason to vnc to the box
<akincer> Under the hood, the differences between server and desktop are pretty minimal AFAIK. Attaching the desktop packages to the server for production purposes removes the longer packages advantage and you might as well run the desktop version
<akincer> in other words, adding desktop packages provides no functional advantage that I know of versus running desktop
<mysticalone> it's just quicker for me to pull up windows
<akincer> Then run the desktop version and install whatever server packages you need
<mysticalone> like the gui for the firewall would be quicker for me than messing with iptables
<akincer> I'm pretty sure there are remote GUI options
<mysticalone> there are
<mysticalone> i'm currently using ssh -x
<mysticalone> it works as long as I know the applet names
<mysticalone> like synaptic
<akincer> If you need the warm blanket of a GUI, run desktop and install whatever server packages you need
<mysticalone> or vino-preferences
<akincer> that's infinitely easier than trying to turn server into a desktop IMHO
 * ball uses ssh -XCl ball servername
 * ball is turning server into several desktops at once :-)
<akincer> are you suggestion you can't do that on desktop?
<akincer> suggesting
<ball> akincer: I'm sure you could, but then I'd have to try to duplicate the desktop config for the local console.
<akincer> Plus, I'm pretty sure there are distros out there made to do just that. Perhaps that would solve your problem without trying to reinvent the wheel
<mysticalone> but whats the fun in that
<ball> akincer: Edubuntu with LTSP is one option I'm considering
<mysticalone> god i don't feel like downloading another image
<akincer> if learning is what you're after, go for it
<mysticalone> i know it only takes about 5 minutes but
<mysticalone> i'd have to erase my cd-rw
<mysticalone> oh well
<ball> akincer: mostly it comes down to VNC Vs. X11 as the graphical terminal protocol
<ball> Each has its own pros and cons.
<ball> I should probably set up a second LAN and test LTSP there
<akincer> Find which fits your situation best and go with it
<mysticalone> So I'm turning my box into a web server, I want multiple users, where do I start, webmin?
<ball> akincer: I should look in the garage for a PCI NIC.
<ball> ...and some cat5e cables
<ivoks> mysticalone: what are multiple users on webserver?
<mysticalone> like
<ball> Why do you want multiple users on a web server?
<mysticalone> like a reseller
<mysticalone> type of thing
<ivoks> try with ispconfig
<ball> selling web space you mean?
<mysticalone> ya
<akincer> listen to ivoks
<ivoks> ispconfig will take care of dns, ftp, mail, web
<ivoks> and it will still alove you manual edits of configuration files
<Faust-C> hmm i want to use dovecot in a MS environment but idk how i would ....
<ivoks> that's why i just love that software
<ball> Faust-C: what's dovecot?
<ivoks> Faust-C: what's wrong with dovecot in ms env?
<mysticalone> oo thats nice, webmin is so ugly
<ivoks> ball: imap/pop provider
<mysticalone> but isp is pretty
<ivoks> mysticalone: webmin is also not a tool for that kind of problem
<ball> Ah.
<Faust-C> ivoks, i mean as far as simple administering it
<akincer> webmin + Ubuntu = headaches last time I checked. That may be fixed now
<Faust-C> we need to keep emails, and we have a high turnover rate
<ball> Aside from Microsoft not being ideal for server operating systems.
<Faust-C> so we constantly have to have access to emails from past employees and keep backups
<ivoks> Faust-C: do you also plan smtp?
<Faust-C> atm we have a huge PST file w/ ALL emails
<Faust-C> ivoks, of course, postfix
<ivoks> :)
<akincer> Faust-C: Not sure if you have checked into the paid Zimbra version, but it will allow you to fork all emails
<ivoks> Faust-C: there's a postifx web interface
<akincer> if you buy that feature, that is
<ivoks> postfixadmin iirc
<Faust-C> akincer, heh yeah ...
<ivoks> i wouldn't advice zimbra, but...
<Faust-C> ivoks, i mean say we get 3 new users
<akincer> What's so bad with Zimbra?
<Faust-C> how simple would it be to manage accounts is what im wondering
<ivoks> akincer: slugish
<ivoks> Faust-C: postfixadmin is a web interface
<ivoks> Faust-C: you can add account, set up an alias and/or forward
<akincer> ivoks: Perhaps your setup wasn't adequate?
<Faust-C> ivoks, yeah im looking at the page
<ivoks> Faust-C: it even has built-in 'send to all'
<Faust-C> ivoks, but how would you manage the dovecot part?
<ivoks> akincer: that's also possible, i still use it on one location
<ivoks> Faust-C: there's nothing to manage in dovecot
 * Faust-C gets a lil confused w/ email
<Faust-C> oic
<Faust-C> i didnt realize that
<ivoks> Faust-C: dovecot just reads users from database
<Faust-C> ah i was reading that
<akincer> Any sufficiently complex mail system is pretty resource hungry. The smart run it on RAID 10 or one heck of a stacked RAID 5 to spread the load
<intorio> I just updated a workstation and ldap authentication just stopped working, server is unchanged, config files are all the same, other un-updated workstations work fine. the auth log complains about not being able to connect to the server, but ldapsearch works fine, any ideas?
<mysticalone> ivoks: is ISPConfig 3 buggy?
<Faust-C> i plan on running this in ESX
<Faust-C> well brb lunch time
<ivoks> Faust-C: mysticalone didn't use it yet
<ball> Is RAID 10 a mirrored stripe?
<akincer> yes
<ball> Nice: fast /and/ redundant
<ivoks> and expensive :)
<akincer> yes and yes
<drdebian> and not growable
<ball> drdebian: dump to tape, resize, restore ;-)
<ivoks> ball: sometimes, that's not an option
<akincer> If you build it right the first time, you don't need to grow it or when it is time to grow, it is time to upgrade the server . . .
<ball> ivoks: that's true.
<ivoks> in two days i'll be growing one raid5 from 3TB to 6TB
<ivoks> dumping that to tape... err... it would took ages :)
<ball> I have a stripe across two 4 Gbyte USB flash sticks :-)
<ivoks> at least 3-4 days
<ball> Yeah, once you get up into terabyte data sets, it's time to wheel out the big guns.
<ivoks> TB is a joke today
<ivoks> there are TB disks now :D
<ball> ivoks: s/terabyte/multiterabyte/
<drdebian> while from the speed perspective, raid10 does have its merits, raid6 is the practical choice if upgradability is of any importance
<ball> RAID level 6 I haven't seen a lot.
<ball> I see lots of RAID 1 and RAID 5
<ivoks> i plan migrating one my raid5 to raid6
<ivoks> raid5 is risky when you have more than 6 disks
<drdebian> true, but in the TB region raid5 won't be enough to survive a rebuild without having another disk fail, statistically speaking...
<akincer> except that it is slower on writes
<drdebian> raid5 is already risky when you have more than 3 disks. ;)
<ivoks> drdebian: well, i didn't have two disks failure on raid5 yet
<ivoks> and two disks failure could bring raid10 down, too
<akincer> if speed is your primary concern that trumps all else, RAID 10 is what you use. If you choose RAID 6, speed wasn't your primary concern to begin with
<drdebian> depends on which 2 disks fail... AFAIK the kernel implementation with the far2 strategy should survive any 50% of the disks failing...
<akincer> of course, with RAID 10, you can have literally half your drives fail and still be functional
<akincer> provided it is all in the same stripe set
<ball> akincer: I need to get myself more disk drives
<a_c_m1> i have a crazy problem, thats cost me 2 days dev so far
<akincer> Now is probably a good time. I would be willing to bet prices are down
<akincer> lunch time
<drdebian> the cool thing about the kernel's raid10 is that you can even have an uneven number of disks...
<a_c_m1> does ubuntu's php/apache2 have any strange config stuff stopping the www-data user from writing to files outside of the docroot or /tmp - as that seems to be whats happening
<ball> chroot?
<ivoks> a_c_m1: learn unix permissions
<ball> chmod 777 * ;-)
<a_c_m1> ivoks: handy tip ivoks... thanks, but we've tried chmod 777
<ivoks> a_c_m1: and check /etc/apparmor.d
<a_c_m1> chown www-data etc...
<ball> I was joking btw.  chmod 777 is rarely sane
<a_c_m1> ball, we've probably lost $1000 so far on this little bug and 2 days on a very tight release schedule, were getting past sane ;)
<ivoks> a_c_m1: maybe you have enforced apache's apparmor
<ivoks> profile
<ball> a_c_ml: I hate when that happens
<ivoks> a_c_m1: have you checked the logs?
<a_c_m1> ivoks: i'm googling app armor now, but if you have a link that will let me understand whats going on a bit better it would be great :)
<a_c_m1> ivoks: which logs
<ivoks> a_c_m1: apparmor enables you to define where should some processes have acces (rwx)
<ivoks> a_c_m1: if it is enforced, then it will force the rules; if it's in complaine mode, it will just complain
<a_c_m1> ivoks: right, there is only a profile (file) for usr.sbin.mysqld, nothing else in ther
<ivoks> a_c_m1: enter /etc/apparmor.d/ and check if there's a file usr.sbin.apache2
<nijaba>  ac
<nijaba> a_c_m1: https://help.ubuntu.com/community/AppArmor
<ogra>  dc
<ogra> :)
<nijaba> ogra: :D
<ivoks> anyway, it's not apparmor
<a_c_m1> nijaba: cheers
<ivoks> a_c_m1: check /var/log/apache2/error.log when write fails
<ogra> the logs shoud something in any case
<ogra> *sould have
<mysticalone> ivoks: does ISPConfig use the latest php and mysql builds?
<ivoks> mysticalone: it uses whatever distribution provides
<nijaba> ogra: sould?  as in James Brownd?
<ogra> lol
<ivoks> mysticalone: it has PHP (and apache) only for it self
<ivoks> mysticalone: so, ispconfig compiles apache and php for the ispconfig it self, your clients will have ubuntu's apache and php
<a_c_m1> ivoks: the message in the log files makes even less sense
<ivoks> paste it
<ivoks> i'm sure we figure out something from it
<a_c_m1> bin?
<ivoks> paste.ubuntu.com
<a_c_m1> http://paste.ubuntu.com/79408/
<a_c_m1> but at no point does the system try to write to /var/www/demo ?!?
<a_c_m1> im running this on my local host atm (also an ubuntu install)
<ball> Does Ubuntu run apache in a chroot dungeon?
<ivoks> no
<ivoks> a_c_m1: hm... did you try creating /var/www/demo?
<a_c_m1> and the REALLY strange thing, is if we change the target dir (which is owned by www-data etc atm, so thats not the issue), to /tmp it works fine
<a_c_m1> ivoks: trying that now
<a_c_m1> its now looking for /var/www/demo/modules ?!?!
<ivoks> looks like a bug in code, if you ask me...
<ivoks> application code
<a_c_m1> ivoks: i normally would agree. except for, that when the target folder is changed to /tmp/ it works
<a_c_m1> ?
<ivoks> a_c_m1: and the target folder now is...?
<a_c_m1> ivoks: /secure
<ivoks> a_c_m1: try /var/tmp
<a_c_m1> k
<a_c_m1> nope
<a_c_m1> same problem
<ivoks> doesn't work?
<ivoks> now try /var/tmp/
<ivoks> note the last /
<a_c_m1> yeah, nope, same problem
<ivoks> hm
<ivoks> have you tried with simple stuff?
<ivoks> like php script that writes in /secure
<ivoks> outside of your application
<a_c_m1> trying that now
<[Solars]> ivoks is it possible to reinstall server without removing or deleting a specific diretory?
<ivoks> ?
<[Solars]> i have a very large directry that would take 10-15 DVDs to backup
<[Solars]> and i want to revert back to 32-bit apps with a 64-bit keneral
<greenfly> [Solars]: only if it's on a different partition
<greenfly> otherwise the installer is going to want to format the partition or at least write over it
<ivoks> it doesn't have to be on different partition
<greenfly> I suppose you might be able to tell the installer to not format
<greenfly> and hope it doesn't clobber the directory
<ivoks> you can tell it not to format partition
<ivoks> and rename the directory to /My_cool_backup
<greenfly> but if it's the / partition there would potentially be a lot of residual files from the old install not wanted
<greenfly> yeah you could definitely do something like that
<shoot^> hey guys, i'm having big issues. My server just randomly crashes after a couple of hours: no errors in /var/log/messages, /var/log/syslog or /var/log/kern.log. It occured on Hardy, and now on an upgrade of Intrepid (which I did to try and fix the problem). Its an old box, with little RAM, but I wouldn't expect that to cause it to become unresponsive when doing very little ...any ideas?
<Faust-C> shoot^, sounds like hardware
<nat2610_> I'm curious about ubuntu-server ... in terms of update / upgrade for the kernel, does it work like ubuntu desktop version ? you get a new kernel through apt, it changes grub and then at the next reboot, you boot on the new revision of the kernel ?
<shoot^> Faust-C, indeed: but I had exactly the same hardware running Slackware with no problems for many years...
<mysticalone> If I have no intentions of have remote connections to MySQL and intend for all scripts to connect locally to MySQL should I leave the bind 127.0.0.1 alone?
<shoot^> Faust-C, any other logs I could check?
<ivoks> shoot^: run memtest
<ivoks> check your memory
<Faust-C> shoot^, what ivoks said
<nat2610_> shoot^, the RAM or the Hard Drive ... you might want to run a smart tools checking
<nat2610_> it can be the hardrive that stop spining ...
<Faust-C> also if its a older system it could be PSU and something else
<shoot^> ivoks, Faust-C nat2610_ ...OK, I shall run memtest... leave it running for a few hours...
<Faust-C> memtest doesnt take that long
<nat2610_> shoot^, smartcl would be a faster way to start
<Faust-C> but i sincerly think its power
<Faust-C> we have that happen on users systems all the time
<nat2610_> does it power off ?
<shoot^> nat2610_, when it crashes? No... no screen output at all when it happens (monitor attached for testing)
<shoot^> have to hold the power in for 10 secs
<nat2610_> it's not the hard drive ...
<nat2610_> that would put some IO error
<Faust-C> hmm not PSU then
<ivoks> cpu?
<nat2610_> ivoks, possible ! if it's very hold ...
<shoot^> ivoks, it *could* be, but it does boot and run for a while
<nat2610_> how about overheating issue ?
<shoot^> nat2610_, could be... but the box stays powered up
<shoot^> again, its not doing anything intensive at the time
<ivoks> shoot^: on older comps, bios didn't kill the power
<ivoks> shoot^: is it amd?
<shoot^> intel pentium, i believe...
<ivoks> shoot^: like... pentium 1? :D
<shoot^> in honesty, i cant remember... how embarassing! I bought if from a local school at the end of their upgrade cycle a few years ago
<shoot^> probs pentium III
<nat2610_> shoot^, maybe the bios don't handle the ACPI
<ivoks> shoot^: cat /proc/cpuinfo will tell you all you need to know :)
<shoot^> nat2610_, i'll open it up, check the system fan (sounds like its on, noisy bugger)
<shoot^> and check the RAM
<shoot^> i should have some spare floating around somewhere
<nat2610_> P3 are known to heat a lot ! check that the fans are clean, not making a weried noise ...
<nat2610_> I would thing if it was the RAM you would have some kernel panic ... IO error ... but not a black screen
<shoot^> the lack of errors makes me think it could be a hardware fault, but the fact it ran on slackware fine right up until the upgrade makes me wonder otherwise. Its got a wireless card in there too, running ndiswapper drivers. Blacklisted B43/B43Legacy/B44/SSB
<shoot^> could that be a problem?
<nat2610_> shoot^, to test that you would have to unload the module and left the box work for a couple of day  ...
<nat2610_> btw ... anybody for my question ? Let me repost that ...
<nat2610_> I'm curious about ubuntu-server ... in terms of update / upgrade for the kernel, does it work like ubuntu desktop version ? you get a new kernel through apt, it changes grub and then at the next reboot, you boot on the new revision of the kernel ?
<genii> nat2610_: Yes, same process
<shoot^> nat2610_, let me reboot my box and i'll look for ya
<shoot^> or, genii will just answer first ;-)
<shoot^> brb
<shoot``> back :)
<zul> ivoks: bacula builds ok and runs ok on jaunty?
<ivoks> zul: builds on jaunty; i installed it only on intrepid
<Scix> How can i add a LTSP server as an option in a PXELinux boot file
<a_c_m1> thanks for your help ivoks - still not sure WHY it was failing, but i managed to isolate WHAT was failing and cut it out
<ivoks> zul: will test it on jaunty too; why? problems?
<ivoks> a_c_m1: so, application bug?
<zul> ivoks: nope just asking
<ivoks> a_c_m1: if you feel strongly that it's a bug in apache, report it
<ivoks> zul: will test it
<a_c_m1> ivoks: i'm still not sure whos fault the bug is, it was due to trying to move a file... rename worked fine, but Drupals http://api.drupal.org/api/function/file_copy/6 function didnt seem to be able to
<a_c_m1> really really strange
<ivoks> i'm not a web dev, so i hate php
<ivoks> :D
<shoot``> ivoks, 1ghz Celeron
<shoot``> ivoks, ftw :D
<ivoks> :)
<shoot^> nat2610_, "SMART overall-health self-assessment test result: PASSED"
<nat2610_> shoot^, did you run the long check too ?
<nat2610_> you can check the /dev/ too
<nat2610_> like the hard drives
<shoot^> nat2610_, just the quick one...
<shoot^> oki
<[Solars]> ivoks what i was thinking of doing... move all the files /mykewlbackup, boot up with a cd, mount / and rm -rf everything but /mykewlbackup ... thens tart the install
<nat2610_> but I don't think that's the HD ... as I said, that would popup some error and not crash everything
<ivoks> [Solars]: and then choose not to format; right, that's ok
<[Solars]> thanks Ivok, I'll get the new disk image and try that out
<uvirtbot> New bug: #301794 in samba (main) "Ubuntu 8.1 cannot connect windows share" [Undecided,New] https://launchpad.net/bugs/301794
<leonel> ScottK: http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=%2Ftrunk%2Flibclamav%2Fvba_extract.c&rev=4311&sc=0    <--for the  current  clamav cve
<shoot^> nat2610_, i'm just running ms
<shoot^> ^mtest
<uvirtbot> shoot^: Error: "mtest" is not a valid command.
<shoot^> nat2610_, how long do
<shoot^> you think would be sufficient?
<nat2610_> 5-10 times the time it usually takes to die
<Scix> How can i configure syslinux to boot sendt a client to a LTSP server?
<shoot^> nat2610_, ah... at times it lasts 4 hours, at times it lasts 2 days...
<nat2610_> so a week maybe ...
<ivoks> there are also phoronix tests
<ivoks> you could stress test your hardware with it
<ivoks> and those are great tests, if i may add
<shoot^> nat2610_, : ah :-( ...its my development box. a week out would probably mean i should buy a new one, rather than lose productivity
<shoot^> ivoks, would that speed the process a little?
<nat2610_> it's hard to tell like that ... but at this point concidering the time you're going to invest to ...
<nat2610_> exactly what I was going to write
<nat2610_> I would retire it ...
<ivoks> shoot^: i guess
<shoot^> nat2610_, aye. I've been a hobbiest web developer for a long time, so the el cheapo solution was perfect... but now I'm trying to get a business on the go part-time...
<ivoks> shoot^: it has memory tests which are faster than memtest, but probably not so detailed
<shoot^> ivoks, ok.
<shoot^> ivoks, i will leave mtest running when i go out this eve, maybe over night
<shoot^> if it makes it to the morning without a crash, i think i will assume it is the ubuntu install. Maybe I'll try a completely clean install, maybe I'll go back to slackware...
<shoot^> if that fails, new box time
<shoot^> very little capital to invest in new kit at the moment... the new laptop is about all i could afford :)
<ivoks> and never forget....
<ivoks> 'it's never Ubuntu's fault' :)
<shoot^> lol, sometimes it just is... my old lappy ran Gusty just fine, but as soon as I upgraded to Hardy... no more laptop
<ScottK> leonel: I think that's the one that's already fixed.  This latest one is in clamav-0.94\libclamav\special.c
<shoot^> had to revert back to Gutsy after trying to get the graphics to play nicely for about a week
<ScottK> leonel: If you look in the svn, it's the last code commit before the 0.94.2 release.
<ScottK> (skipping all the release specific stuff, of course).
<leonel> ScottK: no cve for  special.c  yet  as I see
<ScottK> leonel: I think there is no CVE for this security issue.
<ivoks> zul: yep, it works :)
<ivoks> zul: wow, i did a really good job :D
<zul> ivoks: cool yes you did, ill upload it as it is now and then we can fix it up a bit more later
<ivoks> zul: for next revision, we should look at how we can handle upgrade from intrepid
<zul> ivoks: yes we should
<leonel> ScottK:   found it  :  http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=%2Ftrunk%2Flibclamav%2Fspecial.c&rev=4483&sc=0
<ivoks> take care guys
<ScottK> leonel: That looks like it.
<leonel> ScottK:  for intrepid  too ?? or it will get  0.94.2 ?
<ScottK> leonel: Intrepid will get 0.94.2.
<leonel> ok so only for  hardy gutsy dapper ..
<ScottK> Yes.
<Scix> How can i configure syslinux to sendt a client to a LTSP server and boot?
<mysticalone> I have ISPConfig installed, I don't have any users or whatever on it. BUT when I point my browser to the server, not ISPConfig, I get the Apache "It works!" text. So I tried accessing it by FTP but can't
<mysticalone> do I set the box on fire and run?
<axisys> how do I check the hardware raid stat ?
<genii> Scix: You mean you want to boot a floppy with syslinux, then have it PXE bootstrap itself off some thin server?
<genii> Bah
<The-Kernel1> that sounds totally awesome!
<genii> The-Kernel1: Well, some old bios don't allow for PXE boot, but you can make a floppy which does this
<The-Kernel1> what abotu a USB drive?
<The-Kernel1> floppy is unrealistic these days
<genii> Well, I imagine you could use any medium. However, the method to make the pxe-boot floppy usually involves getting a 1.44 image from boot-o-matic or so
<genii> rom-o-matic, rather
<linuxnewbe> Hi .. I've a little site and I want to put it online on a ubuntu server
<linuxnewbe> there is any security issue?
<linuxnewbe> someone can tell me how to understand it there could ba any problem?
<linuxnewbe> It will be a LAMJ system
<linuxnewbe> no answer...
<linuxnewbe> where can I have information?
<antdedyet> linuxnewbe: why do you think there would be a problem?
<antdedyet> linuxnewbe: you might want to check the ubuntu server guid for setup advice
<antdedyet> s/guid/guide
<antdedyet> linuxnewbe: http://doc.ubuntu.com/ubuntu/serverguide/C/
<Ahmuck> i noticed in manual partitioning one could set up "user quota" type of partitions.  is it to late to do so after partitioning has been done?
<antdedyet> Ahmuck: with ext2 you could add quota afterwords... however I haven't tested it in years.
<renton_> hello do you know a ready-to-uso IP blacklist to block all junk stuff like facebook, msn messenger and so on from office? thanks
<genii> renton: Much of that has not much to do with IP but protocols
<genii> bah
<frojnd> Hello there
<frojnd> I have a little problem sending mail with php function mail()
<frojnd> The guys at php told me that this has to do with MTA - mail transfer agent
<frojnd> so where can I configure MTA so mail function will be active :) and mail will be send to a certain location ?
<frojnd> Waky waky :D
<Ahmuck> i'm on ext3
<ScottK> frojnd: There are quite a number of MTAs in Ubuntu.  Which are you using?
<kees> mathiaz: if you can create a small reproducer for the mysql math problem, I'd bet doko would be very interested
<mathiaz> kees: right - that's what I was thinking about
<mathiaz> kees: I guess it should be a C program
 * kees nods
<uvirtbot> New bug: #304574 in nagios2 (universe) "package nagios2-common 2.11-1ubuntu1.3 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/304574
<TheBeast> I just installed mysql-server-5.0 and I'd like to have remote access to the database
<TheBeast> unfortunately I get an error message saying that I'm not allowed to connect
<domas> TheBeast: go to #mysql and type 'external' ;-)
<TheBeast> ah
<domas> (I hope I was seen as helpful ;-)
<Eeyore-Jr> i've asked this here before, but would like a yes/no answer.  is there a way to enable disk quota's for the /home directory without going through setup again and manually enabling that partition as "quota"
<genii> Eeyore-Jr: man edquota
<genii> Eeyore-Jr: Also quotaon
<Eeyore-Jr> k, thx
<jmedina> Eeyore-Jr: not if /home is under the / partition
<Eeyore-Jr> it's not.  it's seperate
<Eeyore-Jr> i'd like to limit each user to 8 gb
<jmedina> good
<jmedina> then mount your /home partition with user quotas
<Eeyore-Jr> i noticed when i was partitioning that there was an option to create "quota accounting" on the partition rather than ext3
<Eeyore-Jr> unfortunately, i enabled ext3, as i was in a hurry
<Eeyore-Jr> i assume it doesn't matter
<Eeyore-Jr> as the format.  so i'm hoping that genii suggestion will "convert it"
<jmedina> Eeyore-Jr: have you read the quota howto?
<jmedina> I have a recipe but is in spanish
<Eeyore-Jr> no.  i'll look for it
<Eeyore-Jr> i need to create a recepie?
<domas> hehe
<domas> you can even mount with -o remount
<domas> so you won't have to unmount
<domas> damn, I didn't use quotas for 10 years :)
#ubuntu-server 2008-12-03
<RomanaMentalis> is DD the best way to backup an image of a live server?
<jmedina> RomanaMentalis: not, it isnt
<jmedina> dd will copy used and unused data blocks, so if you have a 100GB partition with only 10G usage, you willl backup the whole 100G, even when the remaining 90G are empy
<jmedina> and I dont recommend to backup a partition on a live server, you can get inconsistent data
 * jmedina loves LVM snapshots
<RomanaMentalis> jmedina - let's say I have to backup a live server (because I need backups in case it goes down) what is the best thing to do?
<jmedina> RomanaMentalis: I would open a mainteinance window, shutdown the server and then make the images
<jmedina> I like clonezilla to do it
<leonel> ScottK:  http://paste.ubuntu.com/79576/
<uvirtbot> New bug: #304623 in openssh (main) "ssh client disconnected after successful login" [Undecided,New] https://launchpad.net/bugs/304623
<arrrghhh> anyone know how to compile rtorrent & xml-rpc-c?  i'm trying to use the advanced branch so the xml-rpc calls are proper (ie for torrents larger than 4gb.)
<ScottK> leonel: Looking
<ScottK> leonel: I know virtually nothing about C, so I'm not the right guy to ask.  I'd suggest use the Debian version and mention it in the bug when you upload the debdiff.  If the security team wants to adjust it, they can.
<leonel> this is because  if   you not  use   {   }   only  the next   statement  is executed  so
<leonel> if we go with debian  only the close(s)  will be executed if   the if  is  true
<ScottK> leonel: OK.  Then I'd say do it right.
<ScottK> Leonel, we should discuss it with Debian too.
<leonel> ScottK: what channel ?
<ScottK> leonel: OFTC #debian-clamav
<leonel> moving
<kees> leonel: yeah, that original patch isn't right -- it needs the {}s if the indenting is to be believed.  :)
<axisys> how do turn on journaled quota ?
<leonel> ScottK:  kees  looking at the trunk  code for clamav    http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2Flibclamav%2Fothers.c&rev=0&sc=0
<leonel> has  the  {}
<ScottK> Then go with it.
<ScottK> leonel: I'd paste that on #debian-clamav too.
<leonel> ok
<leonel> patching ..
<kees> kirkland: I can't run bogosec on a dsc file?
<kirkland> kees: you should be able to ... i tested that ...
<kirkland> kees: do you have dpkg-source ?
<kees> bogosec /var/cache/debmirror/pool/universe/c/ciso/ciso_1.0.0-0ubuntu1.dsc
<kees> Error: unable to extract /var/cache/debmirror/pool/universe/c/ciso/ciso_1.0.0-0ubuntu1.dsc
<kirkland> kees: oh, i think it needs the rest of the source stuff too
<kirkland> kees: the orig tarball and such
<kees> hrm, no, it need write access to the current directory?
<kees> cd /
<kees> *fails*
<x86> hmm, I installed linux-source-2.6.27, but it's nowhere close to the source of the binary kernel that I'm running
<x86> I'm using 8.10 intrepid ibex server edition, and I need the exact source of the running kernel for some telephony drivers to compile and insert into the running kernel correctly
<kirkland> kees: ah, sure enough
<kirkland> kees: okay, i can fix that
<x86> 2.6.27-9 is the binary kernel i'm running, but the source from apt-get is 2.6.27.2
<x86> any ideas?
<kees> x86: you want just "linux"
<kees> (for the source)
<kees> for headers, just install linux-headers
<kees> kirkland: what do you suggest for doing bogosec data storage and graphing?
<ScottK> x86: Do you have deb-src lines for intrepid-security and intrepid-updates in /etc/apt/sources.list?
<kirkland> kees: the graphs i generated http://www-128.ibm.com/developerworks/linux/library/l-bogosec.html?ca=dgr-lnxw02BogoSec were from OpenOffice Calc
<kirkland> kees: i wrote various wrapper scripts to write out space-delimitted output files
<kirkland> kees: and then just imported those into OO.o
<kees> kirkland: okay, so you parsed the bogosec output?
<kirkland> kees: see if /usr/bin/bogosec_wrapper gets you closer to what you want
<x86> ScottK: yes
<kirkland> kees: cat the file
<arrrghhh> anyone know how to compile xml-rpc-c advanced into rtorrent?  i'm getting an error when compiling rtorrent.
<ScottK> x86: No idea then.
<kirkland> kees: i haven't run that wrapper in *ages*
<x86> kees: "linux" looks like all kinds of images (binary)
<kirkland> kees: but that's more or less what we used to run on RedHat/SUSE iso's
<kirkland> kees: patches welcome ;-)
<x86> kees: http://pastebin.ca/1274501
<x86> ScottK: hmm
<x86> ScottK: what's the apt-get package name?
<x86> ScottK: linux-source right?
<ScottK> I think so.
<x86> ScottK: do you have a .deb I could grab of it?
<ScottK> I thought you wanted the source?
<kees> x86: if you want the source, use  "apt-get source linux"
<kees> x86: if you want headers so you can compile out-of-tree stuff, use "apt-get install linux-headers"
<x86> apt-get source eh? cool
<kees> x86: you may want to spend some time here, too: https://wiki.ubuntu.com/KernelTeam/KnowledgeBase
<kirkland> kees: does that help at all?
<kees> kirkland: yawp, I'm going to run to get some runs running tonight.  :)
<kirkland> kees: nice, i've been meaning to do that myself, but haven't had any time :-/
<x86> kees: that's linux-meta?
<x86> kees: it doesn't add a source tree in /usr/src for sure...
<x86> (it's only a few KB, not the ~20-30MB of a kernel source tree either)
<ScottK> x86: Apt-get source downloads to your current dir.
<x86> ah!
<x86> wait
<x86> i was in /usr/src when I ran it
<ScottK> Did the user you ran it as have write permission there?
<x86> there is a /usr/src/linux-meta-2.6.7.9.13 (which I think is the correct version of my kernel)
<x86> ScottK: root :)
<ScottK> OK.  Just checking.
<x86> and no source in the linux-meta directory
<x86> kees: any other ideas?
<x86> aha!
<x86>  apt-get source linux-image-2.6.27-9-server
<x86> w00t :)
<x86> thanks guys
<x86> ok, that installed version 2.6.27.2 somehow
<x86> NOT 2.6.27-9... WTF
<x86> man this sucks :(
<x86> almost tempted to go back to gentoo :(
<ScottK> leonel: Did you determine if 0.92.1 is vulnerable to the jpeg recursion issue fixed in 0.94.2?
<ScottK> x86: I believe I have seen (but don't recall exactly where) a good page on rolling your own kernel on wiki.ubuntu.com.
<x86> i don't want to roll my own
<x86> I just need the damn source tree for the stock kernel i'm running!
<leonel> ScottK: I can try an exploit   but  I guess it is since the changes from trunk  to 0.92.1 applies fine
<ScottK> x86: Right, but then aren't you going to compile it?
<ScottK> IIRC it talks about getting the right source.
<ScottK> leonel: OK.  It's probably there then.
<jmedina> apt-get install linux-source
<x86> jmedina: good one...
<x86> jmedina: if that worked I would have never come here in the first place ;)
<jmedina> :D
<jmedina> which kernel?
<x86> jmedina: I'm running 2.6.27-9-server, and apt-get install linux-source keeps grabbing 2.6.27.2
<x86> ScottK: no, not going to compile it
<x86> ScottK: i'm going to compile modules for it
<ScottK> I see.
<x86> ScottK: which require you compile against the same kernel source tree as the kernel you're running
<ScottK> Right.
<jmedina> afaik you only need kernel-headers to compile modules not the whole source
<jmedina> x86: http://packages.ubuntu.com/intrepid/linux-image-2.6.27-9-server
<jmedina> there is a link to the source package
<jmedina> I hink -9-server is the ubuntu EXTRAVERSION
<jmedina> it is the release part, or the ninth comile for 2.6.27.2
<x86> jmedina: problem is that it doesn't specify that in the config file
<jmedina> http://packages.ubuntu.com/intrepid/all/linux-source-2.6.27/download
<jmedina> the package is
<jmedina> http://security.ubuntu.com/ubuntu/pool/main/l/linux/linux-source-2.6.27_2.6.27-9.19_all.deb
<x86> i.e. make menuconfig says "2.6.27.2" at the top, not "2.6.27-9-server" like uname -r says
<x86> and when i try to compile my modules against it, it says "invalid module format"
<jmedina> x86: is that .deb the same you downloaded from apt?
<x86> don't think so, checking it out now
<x86> not sure what the .19 is all about...
<jmedina> the debian release
<x86> no, this .deb is 10MB smaller than the one apt-get got
<x86> looks promising... still downloading though
<jmedina> it is not the a vanilla kernel, probably with some debian patches
<x86> ...
<x86> is it the stock intrepid ibex source tree?
<jmedina> not sure, never used intrepid :D
<jmedina> but the package page http://packages.ubuntu.com/intrepid/linux-image-2.6.27-9-server says the source package is: the las link I sent you
<ScottK> Actually our kernel packages are unrelated to Debian's.
<ScottK> x86: You may have more luck in #ubuntu-kernel.
<jmedina> ScottK: maybe I misunderstood this message
<jmedina> Original Maintainer (usually from Debian):
<ScottK> I'm not sure what it is for kernel packages.  I know we do our own separate from Debian.
<x86> jmedina: seems that .deb file only contained the vanilla .tar.bz2 tarball of 2.6.27
 * x86 shakes fist
<jmedina> x86: yes but also de diffs
<jmedina> the difss :D
<x86> inside the tarball?
<jmedina> nop
<x86> then no, does not include diffs
<x86> yeah what you just gave me is again 2.6.27.2
<x86> this is beyond nuts... I'm going to install gentoo again methinks
<ScottK> x86: Kernel packages are different.  Which is why none of us really can help you.
<ScottK> x86: I'd suggest try #ubuntu-kernel during the US/European work day.
<x86> i'm asking in #ubuntu-kernel, and no answers yet
<x86> that's not possible for me
<ScottK> It tends to be pretty dead this time of day.
<x86> i work during the day, with no IRC access
<ScottK> That spread covers about 16 hours.
<x86> unfortunately none of that is now ;)
<ScottK> Yes.  Maybe you'll get lucky.
<kees> x86: https://wiki.ubuntu.com/KernelTeam/KnowledgeBase  under "User info" is how to build custom kernels, etc.
<jmedina> x86, have you tried the freenode java webchat?
<kees> x86: what are you trying to get?
<jmedina> there is a lot of web interfaces for freenode :D, for those who are restricted
<kees> x86: you want to compile modules against the _headers_ package, not the full source.
<kees> apt-get install linux-headers-server
<jmedina> x86: have you tried http://java.freenode.net/
<kees> (but as mentioned earlier, #ubuntu-kernel is the best place for this)
<jmedina> a ssh tunnel to your home :D
<nxvl> x86: what is your timezone?
<nxvl> i use to use CGI::IRC
<nxvl> there is always one open
<nilson> Hi there. Anyone awake who might be able to help me with a (hopefully simple) MySQL problem?
<nilson> It quit working out of the blue (not sure what happened) but its throwing me this error and won't start the daemon:
<nilson> Dec  2 22:15:30 eliza mysqld[20924]: 081202 22:15:30 [ERROR] Fatal error: Can't open and lock privilege tables: Table 'mysql.host' doesn't exist
<nilson> I just want to get it running so I can back up a certain database then Im going to reinstall the OS. It's an ancient install.
<ropetin> nilson: the data you want to back up is on this server or you want to use this server to back up to?
<nilson> ropetin, well the data wasnt that important... I went ahead and wiped the server already
<ropetin>  7
<kees> kirkland: $ /home/kees/bin/bogosec-run intrepid/main
 * kees rubs his hands together
<kirkland> kees: :-)
<kirkland> kees: your own cooked wrapper?
<kees> kirkland: http://pastebin.osuosl.org/22745
<kirkland> kees: neat
<kees> and this is bogosec-single: http://pastebin.osuosl.org/22746
<kirkland> kees: ah, cool
<kees> it's not really accurate since a correct source check would see the patched source, but then lintian won't scan it right any more.
<kirkland> kees: i'll fix the "cd /tmp" problem :-/  sorry about that
 * kirkland blows the dust off of bogosec
<kees> kirkland: no problemo :)
<kirkland> kees: very true to your last point
<kees> I'm enjoying the xargs -P4 part.  ;)
<kirkland> :-)
<kirkland> kees: is there a regular method i could use to apply all patches?
<kirkland> kees: by running ./debian/rules $FOO ?
<kees> once this runs, I'll try with just lintian on the dsc, and then do a manual unpack+"u-patch" and run the other plugins on the unpacked&patched tree
<kees> kirkland: there is no "regular" way, but I wrote a script that tries its best: http://pastebin.osuosl.org/22747
<kirkland> kees: :-)  that's fuzzy
<kees> deeeeply
<kees> works nearly all the time, though.
<kirkland> kees: wow
<kees> as no surprise, OO.o doesn't.
<kirkland> :-)
<kirkland> so i'm trying to recover from a *very* boneheaded mistake i made earlier tonight ....
<kees> uh-oh...
<kirkland> i was trying to backup my /etc dir off of my main home server
<kirkland> and i screwed up the rsync
 * kees starts to cringe
<kirkland> and sync'd another machine's /etc to my /etc
<kees> owwww
<hads> D'oh
<kirkland> yeeeeaaaaahhhh
<hads> Restore from backup? :)
<kirkland> it's too late tonight to solve this, i think
<kees> yay Debian system-id-#s-are-based-on-installation-order
<kirkland> hads: right, that's what i would normally do
<kirkland> hads: unfortuanately, i backed up that b0rken /etc to my backup server, before i noticed :-o
<kirkland> so, i'm going to take advantage of this "opportunity"
<kees> kirkland: while this doesn't save you at all in this situation, I use "dirvish" to maintain a week's worth of backups without using extra disk space (hardlink trees)
<kirkland> kees: nice... i think i'm going to try etckeeper
<hads> I use rdiff-backup for something similar.
<kees> that helps too
<kirkland> i'm also going to try and eat some dogfood
<kees> hads: yeah, I've wanted to try rdiff-backup to be able to compare it to dirvish (I've only ever used dirvish)
<kirkland> i'm moving all of my services to a couple of VM's
<kirkland> but that requires bridged networking, which I'm presently strugginling with
<kirkland> anyway, those are problems to be solved on the morrow
<hads> The only thing I'd like rdiff-backup to do is delete specific revisions, I believe you can only delete before a certain point.
<kees> kirkland: well... here's seeing if I can fill 9G of drive space with bogosec logs from intrepid/main... /me goes to sleep
<ball> hello mdz
<mdz> hi
<kraut> moin
<ccesario> hello.....
<ccesario> somebody already has this problem ???? http://pastebin.com/m94dc023
<Kamping_Kaiser> what problem?
<ccesario> Kamping_Kaiser, I change the arp address to host
<ccesario> and I would "dont ping it".... right ?
<Kamping_Kaiser> i dont see why. espeically if its the same host.
<ccesario> arp -s 192.168.1.186 0
<ccesario> this would block the host....
<ccesario> I'm in my gateway ..... (192.168.1.1) and I execute arp -s 192.168.1.186 0  .....
<ccesario> I would like know why this isn't working to me :/
<Kamping_Kaiser>       For  the  Ethernet  class, this is 6 bytes in hexadecimal, separated by
<Kamping_Kaiser>        colons.
<Kamping_Kaiser>        This is not good practice, but is supported by older kernels because it
<Kamping_Kaiser>        can  be useful.
<Kamping_Kaiser> sounds like its A. wrong format, and B, not supported now.
<ccesario> Kamping_Kaiser, ok ok.... I already make this.....
<ccesario> arp -s 192.168.1.186 00:00:00:00:00:00
<ccesario> both commands set the arp entry
<ccesario> Kamping_Kaiser, see http://pastebin.com/m39dbaa3e
<gammy> I wonder - where can I find info on how to change the default umasks for logs created by sysklogd? Please inform me if this is off-topic.
<ccesario> Kamping_Kaiser, idea ?
<Kamping_Kaiser> ccesario, i suspect its no longer suppoted, but i dont know
<ccesario> Kamping_Kaiser, what isnt supported ? the MAC control ? or arp command ?
<Kamping_Kaiser> ccesario, -s
<ccesario>  arp -s address hw_addr is used to set up a new table entry. .........
<marc-andre> hiho
<marc-andre> i'm searching now since a while, i'm looking for the include path declaration for PHP5, but in the php.ini the include_path is commented, so it must be somewhere else, but where?
<Kamping_Kaiser> does phpinfo() tell you?
<marc-andre> phpinfo tells me only the include_path itself, but not where it is declared
<Kamping_Kaiser> i'm guessing its compiled
<marc-andre> well, then i'll change it in the php.ini...
<SpunkMeYeR> hi all
<SpunkMeYeR> is there any easy way to install nagios3 in my ubuntu server
<SpunkMeYeR> i'm using ubuntu server 8.04
<SpunkMeYeR> i already try using sudo apt-get install nagios3, but not working at all..
<SpunkMeYeR> cannot find any package
<SpunkMeYeR> any suggestion??
<yann2> use nagios2? :)
<SpunkMeYeR> why??? i like to try the new one
<yann2> because only nagios2 is packaged for hardy ;)
<yann2> and sticking to packages is usually wise :)
<henkjan> SpunkMeYeR: upgrade your server to 8.10
<ScottK> One can have stable and tested.  One can have the latest and greatest.  Wanting both is common.  Getting it is very rare.
<SpunkMeYeR> ok <henkjan>
<SpunkMeYeR> how do i check my ubuntu server version ??
<Deeps> lsb_release -a
<domas> SpunkMeYeR: you can always backport
<SpunkMeYeR> i'm trying to upgrade my ubuntu server from 8.04 to 8.10
<SpunkMeYeR> i'm using this command : sudo do-release-upgrade
<SpunkMeYeR> but it cannot find new release
<SpunkMeYeR> any other option how to upgrade?
<Deeps> read the instructions on the website, you need to modify the cfg to allow upgrades to non-LTS releases
<SpunkMeYeR> thanks Deeps
<milestone> hi all
<milestone>  i have a problem with !one! slave zone. Inside my daemon.log bind tells me: dumping master file: slave/tmp-lOJ5h86YdJ: open: file not found
<marc-andre> milestone: do you have in your zones folder for this particular zone a .jnl (or similar) file?
<merula> I'm having an issue getting SugarCRM to communicate with my MySQL database -- says that either the username/pass are wrong or that it cannot connect to the server.  Does anyone have an idea what to do?
<merula> Oh, and I'm running server 8.10 (i386) with kernel 2.6.26-7-server SMP.
<kmarc_> Hi! could anybody get ldap authentication work in server 8.10?
<zoopster1> merula: I would first look in the logs for any detail.
<kmarc_> I get stucked here: auth-client-config -a -p lac_ldap
<merula> kmarc_: ldap authentication in what environment? I've got my server running in active directory.
<merula> zoopster1: alright -- the logs should be under /var, right?
<kmarc_> merula: ok, I have got a hypervisor minimal system, set up openldap, and inside this system I have my other server, which users I would like to get authenticated from the hypervisors ldap server
<kmarc_> both os's are ubuntu 8.10
<merula> kmarc_: hmm. I am out of my depth on that.  Anybody else have an idea?
<zoopster1> merula: /var/log
<merula> zoopster1: just found it. ^_^ Thanks.
<yann2> it seems that modssl is buggy in hardy... damn that's bad :'(
<merula> zoopster1: I have nothing in the mysql.log
<kmarc_> OK, now if I try auth-client-config -a -p ldap_example, it seems to work
<kmarc_> is his the proper way?
<merula> kmarc_: I honestly don't know -- I haven't bothered configuring LDAP - I just used the automatic AD client (likewise-open-gui)
<kmarc_> merula: nevermind, thanks for answering
<merula> kmarc_: not a problem.
<merula> hah. I fixedi t.
<merula> fixed it* -- I just changed the hostname to 127.0.0.1 and it processed.
<zoopster1> merula: yes...if both are on the same box...use localhost
<merula> zoopster: yeah, it worked fine
<zoopster> merula: cool.
<zoopster> kmarc_: intrepid or hardy?
<kmarc_> 8.10, it;s intrepid
<zoopster> kmarc_: yes...look here - https://launchpad.net/auth-client-config
<kmarc_> hmm... this web page either doesn't contain the word 'ldap'
<kmarc_> OK, now it seems working, I'am a bit confused about that ldap_example vs. lac_ldap problem
<kmarc_> does anybody know what they mean?
<shoot^> Hey guys. I was having issues with my server yesterday - it was becoming unresponsive for no reason, with no output to screen etc. I tried a fresh install last night, and it worked for quite a while, but then failed again, this time with errors on screen: "xxxxxxx end_request: I/O error, dev sda, sector xxxxxxx", with x being numerical
<gammy> shoot^: It's -very- likely that's a drive fault.
<shoot^> gammy, ah. When I ran smartctl no issues showed up... but I shall try that again
<gammy> shoot^: it could also be a controller or wiring problem
<shoot^> gammy, Google turns up a load of info on 'irqpoll' fixes... would you know anything about that?
<gammy> shoot^: if I were you I'd remove the drive and perform more tests.
<shoot^> gammy, more tests on a different box?
<gammy> shoot^: your error message is very very commonly a real fault resulting in data loss
<gammy> shoot^: well, I'd take that drive out of production use and replace it with a new one
<shoot^> gammy, aye... sounds like the most simple fix
<shoot^> gammy, I'll have to wait until payday for that though :-/
<gammy> shoot^: I am assuming that loss of data is the most important thing here.
<shoot^> gammy, in the short term, i'll do a backup
<shoot^> and try the irqpoll fix?
<gammy> I don't see how this is related to irqpoll
<genii> Since no-one in #apache seems to know: Any way to direct Listen eth0:*:80  in /etc/apache2/ports.conf or similar?  I'd like apache2 to listen on multiple IP not on same ranges which are attached to aliases of an adapter.
<yann2> can't you put several listen genii ?
<yann2> I have Listen 80 and Listen 443 :)
<shoot^> gammy, http://backports.ubuntuforums.com/showthread.php?p=6015745
<gammy> shoot^: do you get this DID_BAD_TARGET crap?
<gammy> shoot^: or do you only see the message you posted here?
<jmarsden|work> genii: I think the default is "Listen 80" in /etc/apache2/ports.conf and that should listen on *all* IPs on port 80... I don't know of a way to restrict by interface name.
<shoot^> gammy, only the error i mentioned above. I haven't posted in that thread...
<gammy> shoot^: Mm. I don't think it's related.
<gammy> shoot^: that message you get is almost always bad news.
<genii> jmarsden: Since you can also do like:  Listen 10.0.0.10:80  syntax, figured there might be some way
<gammy> shoot^: And it's extremely indicative of drive failure.
<genii> jmarsden|work: ^
<shoot^> gammy, ok... poo :-(
<gammy> shoot^: it *can* be other things, but that message is pretty clear though :).
<badboys> hello all
<badboys> Can you help me plz : I have config my server with ip fxe. But when i have ping other computer ==> Destination host unreachable
<leonel> ScottK:  Al last we got pbuilder finished those bugss ..
<leonel> ScottK: testing
<jmedina> badboys: what you mean with "ip fxe"?
<badboys> ip static excuse me :D
<mcas> badboys: is there any new message in "dmesg"?
<jmedina> is this another machine in the same LAN/segment?
<mcas> can you ping your own ip?
<ScottK> leonel: Did you see the discussion on pkg-clamav ml about CVE-2008-1389.  Was that one we covered?
<uvirtbot> ScottK: libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389)
<jmedina> do you already have link? try ethtool eth0 and look at the last line
<leonel> ScottK:  bug #271546
<ScottK> leonel: sgran confirmed you were right about the {}, btw.  Good catch.
<badboys> I Can't ping other computer
<uvirtbot> Launchpad bug 271546 in clamav "[hardy] Multiple unfixed CVEs" [Undecided,New] https://launchpad.net/bugs/271546
 * ScottK looks
<badboys> <mcas>It's msg who i have hen i want ping other computer
<ScottK> leonel: Debian is going to include the patch in their next update for Etch.  I think we ought to include it too.
<leonel> ScottK: ok when will it be ??  I have ready the patch for those cves  and the new   recursion bug
<ScottK> leonel: They are discussing it last night and today on pkg-clamav ML.  That's all I really know.
<leonel> ok
<ScottK> leonel: Please give me a debdiff or a link to a .dsc for Hardy and I'll test.
<leonel> so do you recommend to wait  or roll the patches I have
<leonel> ok
<ScottK> Do you have CVE-2008-1389
<uvirtbot> ScottK: libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389)
<ScottK> leonel: If you don't, clamav svn commit 3749 has the patch.
<leonel> I don't make that patch because I've tested one file for the test case and the ubuntu version we have didn't crash
<leonel> ScottK: let me take a look and include
<ScottK> leonel: Thanks.  I really appreciate all the hard work you're putting in on this.
<leonel> ScottK: sorry for the delay  suddenly and gracefull I got a bunch of new work that's why I took this time  to fix this ..
<leonel> now let's back on track
<leonel> ScottK:   for clamav but  1089   I've found this :   http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=%2Ftrunk%2Flibclamav%2Fchmunpack.c&rev=4157&sc=1
<leonel> ScottK: wich is  CVE-2008-1389
<uvirtbot> leonel: libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389)
 * ScottK looks
<leonel> http://int21.de/cve/CVE-2008-1389-clamav-chd.html   <-- there are the samples I've tested  and  Just did it again  and no error shown
<uvirtbot> leonel: libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389)
<ScottK> leonel: That should be it.  It corresponds to clamav bug 1089 in the svn log.
<uvirtbot> Launchpad bug 1089 in turck-mmcache "Doesn't install apache2/php config" [Medium,Fix released] https://launchpad.net/bugs/1089
<ScottK> soren: Could you teach uvirtbot about the clamav bugzilla?
<leonel> ScottK: even if we are not affected do you think the patch must be done ??
<ScottK> leonel: I think yes.  I think it's low/no risk and so maybe that particular PoC exploit didn't trigger it, but why leave the hole open for maybe a slightly different one.
<leonel> ok
<ScottK> leonel: Also it's easier to sell "yes, it's fixed" than "we didn't need to fix it because it's not a problem" when people ask.
<leonel> working on it
<leonel> good point
<leonel> ScottK:  we got cve assigned CVE-2008-5314
<ScottK> For which?
<leonel> the jpeg recursion
<ScottK> Ah.
<leonel> ScottK:  for chmunpack.c  only found the 1st  change  the second  I can't find where to  edit
<leonel> ScottK: I'll check with debian what they did
<|turuburu|> v
<milestone> marc-andre i am going to double check that
<axisys> how do I force a user to create a new password at login? in solaris it is passwd -f username does that..
<ScottK> axisys: See -e in man passwd.
<ScottK> I think that's what you want.
<axisys> ScottK: thnx
<jmedina> or you can use the chage command
<jmedina> mm not
<uvirtbot> New bug: #304922 in likewise-open (main) "likewise-open doesn't undo changes upon aptitude remove" [Undecided,New] https://launchpad.net/bugs/304922
<LoveGuru> Is there any VMware in Ubuntu-Server?
<jmedina> afaik, yes, but not in the default repositories
<jmedina> LoveGuru: have you tried virtualbox?
<LoveGuru> jmedina: so i have to enable any repo?
<jmedina> I prefer virtualbox that that closed source emulation software (vmware )
<jmedina> than*
<LoveGuru> jmedina: is Virtualbox comes in ubuntu repo?
<jmedina> LoveGuru: yeap
<jmedina> LoveGuru: when you want to look for a package use aptitude search package
<jmedina> for example, aptitude search virtualbox
<LoveGuru> ahh i m trying with apt-cache
<jmedina> or the classic: apt-cache search virtualbox
<LoveGuru> thats what im trying to run
<jmedina> aptitude tells you wheter or not is installed
<LoveGuru> so the aptitude is advance method?
<jmedina> im not sure how advanced is, but im sure it does better things that plain apt-
<LoveGuru> ya i agree.
<LoveGuru> aptitude shows that whether package is installed or not.
<LoveGuru> jmedina: well thanks for info.
<jmedina> LoveGuru: you are welcome, I hopes that helpd you
<LoveGuru> yep it is.
<jmedina> LoveGuru: if you are running with a server without graphics, you can manager your virtual manchienes from the command line
<jmedina> there is a lot of howtos on the net about that
<LoveGuru> i do have VMware workstation for for windows.
<LoveGuru> ya i do have server without gui
<jmedina> yeap, but vmware is not free, and why use it when there is a open alternative
<LoveGuru> hows the Virtual box?
<LoveGuru> is easy to configure?
<jmedina> the same than vmware
<LoveGuru> alright
<jmedina> you can create virtual machines from the command line
<jmedina> no need to the gui wizards
<LoveGuru> ok thankyou
<jmedina> and it has suppor for remote desktop :D
<jmedina> kind of RDP
<LoveGuru> alright
<LoveGuru> okie i m gonna take a look about Virtualbox
<mathiaz> jdstrand: I've added a point of the help landing page for the server guide to https://wiki.ubuntu.com/JauntyServerGuide
<mathiaz> sommer: ^^
<sommer> mathiaz: I like it
<sommer> it did get kind of buried with the updated scheme
<sommer> mathiaz: do you mean help.ubuntu.com?
<sommer> mathiaz: or yelp
<jmedina> sommer: is this chapter "Detail storing Kerberos principals in LDAP. " finished?
<jmedina> or is in the TODO?
<jmedina> im interested
<jdstrand> sommer: I brought it up with mathiaz that help.ubuntu.com needs to setup differently
<jdstrand> sommer: eg:
<jdstrand> Desktop
<jdstrand> Server
<jdstrand> Other
<sommer> jdstrand: kerberos+ldap is todo
<jdstrand> sommer: and Server perhaps has the main points of the server guide hyperlinked into it, kinda like the desktop section
<sommer> jdstrand: ah, makes sense
<jdstrand> sommer: I think you meant jmedina :)
<sommer> woops ya
<jdstrand> sommer: maybe it has the top 8-10 points with everything else under an 'Advanced Topics/Miscellaneous' section
<sommer> jmedina: it's todo
<jmedina> sommer: are you working on it?, probably I can help, I have exprerience with ldap setups, and starting with kerberos
<jdstrand> sommer: but really, just put the server documentation on par with desktop
<sommer> jdstrand: gotcha, I'll see about getting that committed... since it means fiddling with the main page, probobably want to run the changes by the rest of the doc team
<jdstrand> sommer: but it's awfully buried in yelp too. May not be as much of an issue since yelp is more used with desktops-- but maybe have a point under Topics would be nice...
<mathiaz> EtienneG: what's the process to enable iscsi support in the installer?
<jdstrand> sommer: thanks! :)
<mathiaz> EtienneG: ie how do you boot from the iso so that you're prompted for iscsi options
<EtienneG> mathiaz, pass iscsi=true as kernel parameter
<sommer> jmedina: that'd be great here's a link that has some info on contributing to the serverguide: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase#Documentor%20resources
<jdstrand> sommer: speaking of documentation and since I have your ear-- do we have anything on redhat cluster?
<EtienneG> mathiaz, IIRC, you can add parameter in ISOLinux by pressing F4
<EtienneG> mathiaz, btw, iscsi support in the installer is broken :(
<jmedina> sommer: thanks
<jdstrand> sommer: having a hard time finding it...
<sommer> jdstrand: not at the moment, but I seem to remember ivoks mentioning something about adding an section on it
<mathiaz> EtienneG: yeah - we know.
<mathiaz> EtienneG: we're looking into that for jaunty
<jdstrand> sommer: thanks (I thought I heard rumblings about it...)
<EtienneG> mathiaz, ho $deity thanks, it is mightily embarassing since it was preimmentely featured in hardy Release Note
<sommer> jdstrand: I'm also starting to look at setting up an HA cluster at the day job, so it may get some lovin
<EtienneG> mathiaz, while there, could you make sure it is fixed in the installer of 8.04.2 ?
<EtienneG> pretty please?  I will do a funny dance at the UDS if you do
<EtienneG> (no, I wont, but I would be really grateful nonetheless)
<mathiaz> EtienneG: yeah - once we fix it in jaunty we'll backport in hardy
<EtienneG> thanks then
<mathiaz> EtienneG: but that depends on the quality of your dance at UDS next week :D
<EtienneG> pw0ned!
<jmedina> sorry, but what is UDS?
<mathiaz> jdstrand: Ubuntu Developer Summit
<zoopster> jmedina: that was meant for you
<jmedina> :O
<jmedina> mathiaz: thanks
<mathiaz> kirkland`: https://bugs.launchpad.net/ubuntu/+source/open-iscsi/+bug/236640
<uvirtbot> Launchpad bug 236640 in open-iscsi "iSCSI install fails under hardy" [Undecided,New]
<LoveGuru> I m using Ubuntu-Server. is there any software which one i can make iso?
<Deeps> mkisofs
<mathiaz> kirkland`: http://cdimage.ubuntu.com/releases/jaunty/alpha-1/
<LoveGuru> Deeps: thankyou so much
<Shapeshifter> I've got this LSI 150-4 raid controller with 3 drives attached (2x raid1, 1x hotspare) and I can't get any readings from inside ubuntu. That controller really is a royal pita as there seem to be no working tools beyond kernel 2.4. Does anyone have any clues on how to get readings of hard drive failure or warnings if a drive is degraded?
<Shapeshifter> There are tools supposed to work (MegaCtrl and MegaServ) but those are the worst I've ever seen and they're not working. Guess it's because they're not made to work with linux 2.6. Got ubuntu-server lts 8.04 64bit btw.
#ubuntu-server 2008-12-04
<jmedina> Shapeshifter: just use as a controller without raid, and manage the raid with mdadm :D
<Shapeshifter> jmedina: what do you mean "a controller without raid"? The main reason why I use a raid controller is having a hotspare and redundancy for the drives.
<Deeps> Shapeshifter: he uses software at the OS level to build and manage the raid arrays, instead of the controller's onboard software
<jmedina> Shapeshifter: you can use your card as a disc controller, and then manage you raid with software tools like 'mdadm', mm but Im not sure if you can use it as hotswap drives
<Shapeshifter> Deeps: will the OS level software be able to report degraded drives? Because I'm unable not to use the raid controller. I could of course just define them as 3 seperate arrays and let the OS level software do the rest. is that possible?
<Shapeshifter> mhh
<jmedina> if you can then you can also do hotspare with mdadm
<jmedina> Shapeshifter:  yes the mdadm daemon can send you a email when detects a degraded raid, and if you have a spare drive it can automatically add to the raid and it rebuild automagically
<Shapeshifter> jmedina: good to know. thanks, I'll look into it when I'm back at work
<byte_slave> hi everyone!
<byte_slave> how can i just upgrade a specific package? i mean i tried to upgrade clamav like this "sudo apt-get upgrade clamav" and lots of other programs are automatically upgraded
<byte_slave> but i just want upgrade one specific package
<byte_slave> can anyone help plz
<byte_slave> hummmm....should i just run "sudo apt-get install clamav" instead?
<jmarsden|work> byte_slave: I believe that if the stuff being pulled in/upgraded are happening because of Recommends:, you can do   sudo apt-get --no-install-recommends install clamav
<byte_slave> irc://freenode/jmarsden%7cwork
<byte_slave> sorry-Â¨.....copy paste problem here :)
<byte_slave> jmarsden|work, thanks
<jmarsden|work> No problem.
<byte_slave> is that i was looking for
<jmarsden|work> You can use tab completion rather than cut and paste for nicks, incidentally, in many IRC clients... type jmar and hit TAB...
<byte_slave> always learning.... thanks
<slestak> im trying to setup a quick test server for a dev environment and need to send mail to local users.  i thought i would use sth simple like SendEmail, to send emails to steve@localhost.  SendEmail appears to be doing its part, but get the following message: Dec 03 19:11:49 e1505 sendEmail[11036]: ERROR => Connection attempt to localhost:25 failed: IO::Socket::INET: connect: Connection refused
<slestak> im trying to avoind installing postfix or exim for just local mail needs
<slestak> would ssmpt be a better choice for a dev env that will likely be wiped out in a few hours?
<hads> Postfix should pretty much work out of the box without much config
<slestak> ok.  i was just trying to go smaller
<slestak> looks like postfix it is, thx
<byte_slave> does anyone here can help me plz about clamav version upgrade?
<cfedde> How can I teach ubuntu-server to automount SD and usb drives when they are attached?
<byte_slave> anyone can tell me what repository should i use?
<havsalt> i want to make a shell server, anyone with experience here?
<zoopster> havsalt: I would imagine that a lot have that experience. What's the question?
<havsalt> i need a howto or something
<zoopster> byte_slave: not sure what you mean? To keep clamav up to date just use freshclam
<havsalt> zoopster: how to secure, install scripts
<byte_slave> nope, i mean the program upgrade
<havsalt> it's just for private use you can say, but i want it to be bulletproof
<byte_slave> just the databases it does ok
<zoopster> byte_slave: the latest would be in backports for your version, but it's not tested well - I would stick with what is in main, personally
<zoopster> havsalt: ah...so lockdown is what you are after
<zoopster> havsalt: depending on what you want to offer a minimal install will provide the basics
<havsalt> hm
<havsalt> i want to use webservices, dns (for domains and ipv6 stuff) and the ability to give out shellaccounts
<havsalt> no lockdown....
<havsalt> :)
<byte_slave> zoopster: i'll follow your suggestion....i'll keep it from now
<zoopster> havsalt: a basic install will probably provide what you need - you need to determine how tight you want to make it. Keep the apps installed to necessary one's only and limit access
<zoopster> byte_slave: unless you have a specific problem what is provided in intrepid follows the latest stable release
<zoopster> byte_slave: as of code freeze anyway - early oct 08
<zoopster> havsalt: you may want to look at apparmor or selinux to keep the users from getting in trouble
<uvirtbot> New bug: #305002 in net-snmp (main) "SNMP Upgrade ... Possible Bug? [USN-685-1]" [Undecided,New] https://launchpad.net/bugs/305002
<jmedina> havsalt: run ssh chrooted
<jmedina> with ulimits for you users
<havsalt> jmedina: didn't understand that one
<jmedina> if you want to put your users in a jail, so they can go out of their home, you need you chroot ssh, of course if you are going to provide remote shell
<havsalt> jmedina: yeah
<havsalt> chroot ssh as root?
<zoopster> havsalt: maybe this will help - http://olivier.sessink.nl/jailkit/
<genii> zoopster: Nice link, incidentally
<zoopster> genii: a bit dated, but it may help havsalt
<genii> There exists #apache but no equivelent of #apache-devel or such on freenode. I want to make a feature request of sorts, any ideas how to go about this?
<alex_21> How do you install lamp on a Hardy sever?
<alex_21> Server
<sirb> can someone give me some advice?  I'm running the 8.04 LTS installer and it's missing a required package
<sirb> The package is nic-restricted-firmware-2.6.24-19-generic-di_2.6.24.13-19.44_i386.udeb
<alex_21> How do you install lamp on a Hardy server?
<havsalt> what is lamp?
<sirb> alex: https://help.ubuntu.com/community/ApacheMySQLPHP
<alex_21> It hangs at zero percent
<alex_21> Never Mind
<alex_21> Good night. Bani Bash
<genii> Impatient fellow
 * IL12 is now away - Reason : Auto-Away after 30 minutes
<IL12> Is there a guide to the 8.10 Server CLI?
<IL12> a more.. 'official' guide, for lack of a better word?
<IL12> and, is there a way to work with 8.10 Server from a GUI rather than a CLI? or work with the Server through a Terminal in the GUI?
<genii> IL12: That is sort of a trick question. Since it's the shell (bash sh or so on) you are meaning.
<genii> IL12: There are some web based admin apps.
<IL12> Well considering it took me forever to figure out I was logging in incorrectly (put caps in my login UN), I'm not sure how else to ask it at the moment.
<genii> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<genii> IL12: You may also want to look into things like phpmyadmin
<IL12> I will definitely do that, tyvm.
<genii> IL12: You're welcome
<genii> alex_21: To answer your earlier question. If you installed ubuntu-server then you already have a LAMP install (linux, apache, mysql and php)
<alex_21> Hi, I had lamp installed. I went back to the machine, and no apache. So I am trying to reinstall lamp, and I just told taskcell to install, without removing anything, and voala, nothing is happening. What can I do. the installer is at 0%
<sirb> apache might not be running, but are you sure it's not installed?
<genii> Also are you looking for apache when perhaps you want to look for apache2
<alex_21> No, I know. There was no response from Apache when using the web to retreive a url and none of my files exist anymore in /var/www/
<genii> alex_21: Is /var mounted?
<alex_21> And I still have the problem of the installer frozen at 0%
<alex_21> I cd into /var/www/ and only find the default stuff
<alex_21> Index.html etc
<genii> That doesn't answer the question of : is /var mounted
<alex_21> I am already frustrated that my wiki disappeared, and now the installer hangs
<alex_21> I don't know about mounting. I just started the machine as usual
<alex_21> I am a Perl programmer, not a web server techie
<genii> alex_21: Hit ctrl-c to halt inactive tasksel
<genii> alex_21: report if: apt-cache policy apache2   reports some line with *** next to it
<alex_21> That doesn't work
<genii> alex_21: You are ssh'd into the box or at console?
<alex_21> SSH
<alex_21> The server is headless
<genii> alex_21: OK, fine. another ssh session then. And then kill the previous one from there forcefully
<alex_21> How
<genii> alex_21: eg: ps aux | grep yourusername           then note first number of lowest pts number. In my case the ps reports: Mike     19339  0.0  0.2   7520  1536 ?        S    00:26   0:00 sshd: Mike@pts/2
<genii> alex_21: So I'd want to: sudo kill -9 19339
<genii> alex_21: You will see one with pts/1 and one with pts/2    kill the one with pts/1
<genii> Or whatever the lowest pts # is
<alex_21> Ok
<alex_21> I hit reboot
 * genii head-desks
<genii> alex_21: Your impromptu improvisations make it difficult to continue trying to assist you
<IL12> oh, btw genii: the page https://help.ubuntu.com/community/eBox states that its broken for 8.10 Ibex.
<IL12> and since i usually learn better by immersing myeslf into something, I will probably refrain from using a GUI unless I absolutely have to. then I could just isntall the desktop edition and LAMP.
<genii> IL12: Apologies, I do not use intermediate releases for production boxes and so did not know
<IL12> No worries. I was just alerting you since I saw it on the page.
<IL12> :)
<alex_21> I can't help it. My screen reader is killing me here, instead of reading it so I can kill the session
<alex_21> Sorry
<alex_21> I had to reboot
<alex_21> I had no choice, please understand
<genii> alex_21: Very well. Are you now ssh into it, or at console, etc?
<alex_21> SSH
<genii> alex_21: Does:  ps ax|grep apache2                  report a bunch of lines like:19395 ?        Ss     0:00 /usr/sbin/apache2 -k start -DSSL               or just back to prompt?
 * genii makes more coffee 
<alex_21> I'll see. It looks like the ssh attempt was unsuccessful
<genii> alex_21: Networking may not have been fully up yet before you tried. Wait a minute. Also if you rebooted the server, it may need to do a filesystem integrity check first which could be a while
<alex_21> It looks like the serve is reporting that is is down
<genii> alex_21: See my above remark regarding filesystem check
 * genii obtains more aspirin 
<genii> alex_21: Does it respond to ping?
<alex_21> No
<alex_21> I'm really sorry about all of this, it is my screen reader. It doesn't like Terminal too much
<genii> alex_21: Perhaps another time you can change the terminal font to one which the reader will more readily understand
<alex_21> It understands it, it just locks up
<alex_21> When reading up through Terminal lines
<alex_21> Down is no problem. The worst is in VI/VIM when It actually crashes Terminal while scrowling up
<alex_21> I'm going to have to go to bed here. I can't think clearly right now. I'm over tired from sleepless nights getting the main server back up and running
<genii> alex_21: OK. PErhaps another time then
<alex_21> Good night. Bani Bash
<uvirtbot> New bug: #305014 in openldap (main) "Authentication fails in cups web admin module" [Undecided,Incomplete] https://launchpad.net/bugs/305014
<soren> ScottK: uvirtbot will announce bugs on any package for which the server team is a bug contact.
<nme> soren: hi, do you use virt-manager?
<kraut> moin
<soren> nme: Yes.
<nme> soren: do You have a clue how to remove host connection entry?
<soren> Use gconf-editor.
<soren> I don't know any other way.
<nme> thats the solution :) ty
<ScottK> soren: Right.  I'm not talking about the announcement function, but it's pulling up additional information on a bug that's mentioned in the channel.
<ScottK> The specific thing that would be nice is for clamav bug 1089 to get the info from the clamav bugzilla.
<uvirtbot> Launchpad bug 1089 in turck-mmcache "Doesn't install apache2/php config" [Medium,Fix released] https://launchpad.net/bugs/1089
<Faust-C> i am so happy
<Faust-C> finally got att wifi card to work
<vertx> Hi, I have set up a dhcp server to serve 50+ clients. Some of the clients should be able to connect to the internet, while others should not. I have a list of their current static ip addresses and their macs. How should I go about it? Use groups or pools?
<Faust-C> vertx, i would do it at the firewall lvl imo
<vertx> Faust-C: what do you use? firestarter?
<vertx> Faust-C: I am using shorewall as my firewall configurator.
<Faust-C> vertx, pf but you can do the same in iptables/ufw
<vertx> Faust-C:  pf? let me check ...
<vertx> Faust-C: are you on openbsd?
<Faust-C> vertx, no
<Faust-C> vertx, look into pfsense
<vertx> Faust-C: I'll look into it right now ...
<Faust-C> vertx, its simpler to use firewall cause you can do more advanced stuff if needed
<vertx> Faust-C: It seems that pfsense is a <quote>"customized distribution of FreeBSD tailored for use as a firewall"</quote>. Is it like as easy to install?
<Faust-C> anyone have recomendations on if i should use 64bit or 32bit in my ESX setup
<Faust-C> vertx, very easy
<Faust-C> vertx, you look @ screenshots
<vertx> Faust-C: Sadly my boss wants to use ubuntu exclusively :( But, I'll check it out anyway. Thanks
<Faust-C> vertx, just explain to him its easier to use for a firewall than ubuntu tbh
<yann2> why the ":(" ubuntu isn't bad ;)
<Faust-C> yann2, i likes ubuntu but i believe in using the right tool for the right job
<yann2> right, never used ubuntu as a firewall so far :)
<Faust-C> heh
<Faust-C> well i wish i had more time cause i would like to create a webui for ubuntu
<Faust-C> cause ubuntu is very flexable
<Deeps> Faust-C: contribute towards ebox?
<Faust-C> Deeps, ebox is ubuntu's project ?
 * Faust-C relooks at ebox
<vertx> yann2: Ubuntu-Server 8.04 is good, I have a decent iptables based firewall running on top of it
<Deeps> Faust-C: indeed
<Deeps> !ebox | Faust-C
<ubottu> Faust-C: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<yann2> 8.04 much better than 6.06 :)
<Faust-C> ah sweet deal
<Faust-C> funny how i used to hate ubuntu
<Faust-C> but now am pushing it into production on my ESX servers
 * yann2 running KVM on hardy...
<Deeps> why did you 'hate' ubuntu?
<Deeps> and what changed your mind?
<Faust-C> yann2, yeah but i still have some windows hosts
<Jeeves_> esx, bah
<yann2> so do I :P
<Faust-C> Deeps, well i first tried ubuntu around 5.something
<Deeps> Faust-C: server or desktop?
<Faust-C> desktop
<yann2> win2k server works pretty well with KVM, even got driver for paravirtualized networking
<yann2> but well you probably have way more features with esx
<Faust-C> i wasnt very patient, i became uber nerdy and started using 'hard' distros like arch and gentoo
<Deeps> i'm glad i dont work with you lol
<Faust-C> yann2, HA mainly
<Faust-C> Deeps, oh not those in production
<yann2> Faust-C > i heard its coming :)
<yann2> using a SAN?
<Faust-C> but i started to get tired of all the manual crap
<Faust-C> yann2, IBM DS3300
<yann2> hehe be patient :)
<Faust-C> and ubuntu just works and is WELL supported
<Faust-C> and now w/ likewise i can use it seamlessly in AD
 * yann2 using likewise as well
<Faust-C> yann2, i plan on buying the enterprise version
<yann2> its alright isnt it? but quite a lot error messages in my syslog
<Faust-C> trying to move desktops away from MS
<yann2> same here :)
<Faust-C> yann2, yeah
<yann2> where are you working?
<Faust-C> my laptop runs it atm
<Faust-C> yann2, a small company that does big business, middle man for insurance angencies and states
<yann2> ok
<yann2> stay around, I'm interested in feedback on likewise
<yann2> you didnt do the move to ldap yet?
<Faust-C> yann2, will do
<Faust-C> yann2, im rebuilding network, we're on a workgroup
<yann2> ldap+samba as a domain controller for windows? :)
<Faust-C> oh hells no
<yann2> why not?
<Faust-C> thats too much to manage, and certain apps here wont play nice
<Faust-C> like MS SQL
<yann2> hehehe
<Faust-C> and its not very functional in MS env
<yann2> I scrapped it already
<Faust-C> whoo i bet you did lol
<yann2> actually we didnt intall ESX because of that requirement...
<Faust-C> yeah i do hate the limited support for linux tools when esx IS linux
<yann2> :)
<yann2> any other reason not to recommend ldap+samba?
<Faust-C> no real benifit
<Faust-C> benefit*
<Faust-C> it makes it very difficult to move to AD or eDir from what ive read
<Faust-C> wish i could use edir
<yann2> ldap cheaper, better integration with linux :)
<yann2> but interesting point of view
<ivoks> ldap+samba doesn't compare to AD at all
 * Kamping_Kaiser blink
<Kamping_Kaiser> move *to* AD?
<ivoks> those are different products
<ivoks> ldap+samba would be something like NT4 style DC
<ivoks> not an AD
<ivoks> if you want AD, use AD
<yann2> ivoks > what is there in AD that is not in ldap? i just need authentication
<ivoks> most of the times you just think you want AD
<yann2> probably using 1/3 of AD features
<yann2> i just want authentication and groups :)
<Faust-C> ivoks, when youre in a MS env AD is best for user systems management
<Faust-C> yann2, then i would use eDir
<yann2> and some additional infos  like emails, name etc
<vertx> doesn't anyone use radius anymore?
<yann2> url?
<Faust-C> but AD has a lot of functionality when it comes to managing users desktops
<ivoks> Faust-C: i would argue that most of the AD admins don't know real AD advantage over NT4 style directory
<Faust-C> yann2, heh novell eDirectory
<ivoks> they are just brainwashed
<Faust-C> ivoks, idk about NT4, i just want simpler user management
<yann2> what does it have more than just LDAP?
<Faust-C> cant lock down a desktop w/ ldap+samba
<yann2> "lock down"?
<ivoks> Faust-C: if you don't know how, that doesn't mean it can't be done :)
<Faust-C> yann2, keep users from installing software, default groups and permissions, etcetc
<Faust-C> ivoks, ive heard ppl say that before yet i havent seen anyone present docs on doing so
<ivoks> Faust-C: AD doesn't do anything
<Faust-C> futhermore its too tedious trying to plug a star into a circle
<ivoks> Faust-C: AD is set of lots of services and you can't compare ldap+samba with it
<Deeps> you could probably do a facelift with a plastic knife too
<ivoks> Faust-C: there's also kerberos and stuff
<Faust-C> Deeps, exactly
<ivoks> Faust-C: client reads profiles from central server and there are many ways to serve profiles to the client
<yann2> so what would you recommend to provide authentication to users, in a windows environment, that is linux based?
<ivoks> Faust-C: small part of AD just serves couple of file, client machines (windows) does all the locking
<yann2> and if possible not even more proprietary and locked down that AD is? :)
<Faust-C> ivoks, but i have yet to see a alternative to windows desktop administration
<ivoks> Faust-C: so, you can serve profiles over thelegraph with morse code, if you have enough time :)
<Faust-C> ivoks, i have to focus on functionality and simplicity
<Kamping_Kaiser> ivoks, morse is quite an efficent way of communicating
<Faust-C> ldap+samba != simple or functional in MS env
<ivoks> Faust-C: let me repeat, ldap and samba aren't enough
<Faust-C> ivoks, thats what im saying
<Faust-C> and patching together a bunch of stuff to get it to work isnt the answer
<ivoks> Faust-C: that's like saying mercedes isn't as good as bmw, just cause you don't know how to shift gears :)
<Faust-C> no thats not
<ivoks> Faust-C: trust me, AD are lots of patched things
<ivoks> Faust-C: it just has nice marketing :)
<Faust-C> ivoks, its not marketing....
<Faust-C> youre talking to someone that attempted to move to a samba setup
<Faust-C> i dont use MS personally, all my personal systems and future work systems use linux
<Faust-C> or fbsd
<ivoks> and you are talking with someone who has more than 100 samba installations in production :D
<Faust-C> ivoks, and how many users do you manage that are on XP
<ivoks> most of them are on XP, others are on Mac
<Faust-C> how many
<ivoks> thousands
<Faust-C> youre the first to have that setup
<ivoks> no, i'm not
<Faust-C> every samba book i have read suggests not to use samba as a 'DC' for MS
<ivoks> 'not as a AD DC for MS'
<ivoks> but 'better than NT4 style DC'
<Faust-C> and you havent explained desktop managing features
<ivoks> i told you, you just have to serve profiles
<ivoks> samba does support profiles
<Faust-C> sounds like too much manual configuration
<ivoks> well, there are only two of us in company, so, go figure :D
<Faust-C> thats what i thought
<Faust-C> you dont manage thousands of MS users w/ samba
<ivoks> i give up :)
<ivoks> you won, samba sucks
<Faust-C> i never said samba sucks
<Faust-C> futhermore you argued that you manage MS users w/ samba+ldap when you dont .....
<vertx> Faust-C:  what kind of desktop management are you referring to? I like to learn
<Faust-C> vertx, as in locking down the desktop, intergration with services such as SQL and email
<ivoks> Faust-C: again, i manage windows users in samba; i don't manage users as people
<ivoks> Faust-C: i even sync users between two companies
<Faust-C> so basicly you just wanted to prove a point that doesnt even refer to my issue
<Hawkey> hi
<Faust-C> i have several friends that are linux consultants
<Faust-C> and not one has done what you do, but i do greatly commend you
<Faust-C> you have far more exp than i do, and i really wish i had the know how
<ivoks> there was samba 3 howto collection
<Faust-C> ivoks, youre a lucky man/woman to have accomplished that
<ivoks> it was a great read couple of years ago, i would suggest to start with that
<ivoks> i think it has couple of examples how to server profiles to windows machines
<Faust-C> already read it all
<Faust-C> we have too high of a turnover rate
<ivoks> true, you'll have to write your own profile, but some people consider vi as the best tool for everything
<Faust-C> i loves my vim
<Faust-C> ivoks, thats the issue
<Faust-C> its more than me i have to worry about '
<Faust-C> my jr admins dont have the exp and arent familiar w/ *nix
<Faust-C> so i have to try to make things as simple as possible, so when if i get hit by a bus they will be ok
<Faust-C> brb
<uvirtbot> New bug: #305107 in mysql-dfsg-5.0 (main) "mysql refuses to start after security update" [Undecided,Incomplete] https://launchpad.net/bugs/305107
<yann2> oups :|
<Hawkey|theOne> hi i may i have question?
<_ruben> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<Hawkey> is there any list of available packages for latest version?
<_ruben> http://packages.ubuntu.com
<Hawkey> thx
<uvirtbot> New bug: #305185 in apache2 (main) "Apache2 user/group not correct in configuration" [Undecided,Incomplete] https://launchpad.net/bugs/305185
<DogWater> Anyone know if it is possible to deploy ubuntu using a server but then have it use internet mirrors for install/updates after installation?
<DogWater> for some reason if you put url in the kickstart file it uses that URL for everything after the install is done
<yann2> 'course, just edit /etc/apt/sources.list
<DogWater> Oh, it would need to be automatic
<yann2> run a script to deploy the sources.list :)
<jmarsden> DogWater: script the edit of /etc/apt/sources ...
<DogWater> so I could just do a default install of ubuntu and copy its sources file and then just have it wget that one after the install is done in %post?
<DogWater> is there a way to have it use a random mirror instead of specifying one in sources.list?
<yann2> script it ;
<yann2> ;)
<DogWater> so there is no URL that will just pick a random mirror, though? is what i'm trying to say, like there is with CentOS, Rhel, etc?
<yann2> ie, without customisation, no, not afaik
<yann2> pick the one closest to you :)
<DogWater> Yeah, we've hardcoded ones in the past and they tend to have issues and we run into big problems. thats why we moved the install files to our local HTTP server but then we ran into the problem where it was trying to use our local server for updates, etc
<yann2> i use a local repo mirror for main/multiverse/restricted, and fetch universe from gb.archive.ubuntu.com
<Deeps> DogWater: i think you can specify multiple mirrors in the sources file
<DogWater> well, I suppose if I had a script that can detect the IP address of the host which is doing the install it could set the appropriate url -- line in the kickstart and that would solve most of my problems. I'm not so keen with bash though.
<DogWater> and i believe bash is the only language that works in kickstart
<DogWater> The issue is that while we're deploying the machines locally they communicate with the server with 1 IP, but once they're deployed they use a different IP.
<yann2> you could have a look at puppet ;)
 * Faust-C wonders how to get postfixadmin into repos
<DogWater> Does anyone here use the kickstart installs?
<uvirtbot> New bug: #304598 in openssh (main) "OpenSSH does not log failed authentication attempts when PublicKey method is used" [Undecided,New] https://launchpad.net/bugs/304598
<uvirtbot> New bug: #302252 in openssh (main) "openssh sshd authorized_keys wrong command= (statefull value?)" [Undecided,New] https://launchpad.net/bugs/302252
<kirkland> mathiaz: http://people.ubuntu.com/~kirkland/ecryptfs-utils/
<soren> ScottK: I see. Where's clamav's bugtracker?
<ScottK> soren: https://wwws.clamav.net/bugzilla/
<soren> ScottK: Let's try..
<soren> uvirtbot: bugtracker add clamav bugzilla https://wwws.clamav.net/bugzilla/ ClamAV
<uvirtbot> soren: The operation succeeded.
<soren> clamav 345
<uvirtbot> ClamAV bug 345 in libclamav "Consider adding nibble wildcards." [Enhancement,Resolved: fixed] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=345
<soren> \o/
<soren> ScottK: ^^
<ScottK> clamav bug 1089
<uvirtbot> ClamAV bug 1089 in clamscan "clamav chm handler: crasher bugs" [Security,Resolved: fixed] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089
<ScottK> soren: Perfect.  Thanks.
<soren> ScottK: You're welcome.
<Faust-C> hmm having issues w/ ubuntu8.10 server getting inet on ESX
<galaga> i have internet access with static ip, which i have setup in /etc/network/interfaces. When the nic comes up, ubuntu adds some routes i have to delete in order to get the routing right. what is the recommended way to make the changes permanent? couple of lines in rc.local?
<_ruben> Faust-C: working flawless here .. with esxi 3.5u2
<Faust-C> _ruben, nvm DHCP doesnt work which i dont want anyways
<_ruben> Faust-C: heh
<Faust-C> im excited
<_ruben> galaga: what kind of routes?
<Faust-C> _ruben, btw you have any docs for ESX?
<Faust-C> i have a few books but i need a lil more
<_ruben> Faust-C: tons of docs on vmware.com :)
<galaga> two: one for the subnet of my isp and another (unrelated) default route for localnet on the other nic
<Faust-C> _ruben, ic
<_ruben> Faust-C: and i bought uhm .. whats it called again .. its at work and im at home :p
<galaga> i need only the defaultroute for my isp gw
<Faust-C> _ruben, lol yeha i gots all the docs
<Faust-C> just some are too tedious
<_ruben> galaga: 2 default routes? thats a config error i'd say
<_ruben> Faust-C: www.vi3book.com .. thats the one i got, but havent really read it yet (lack of time)
<Faust-C> i havent either
<Faust-C> rebuilding entire network
<Faust-C> w/ only one person
<galaga> _ruben: i don't think it is an error, config is very simple, only two nics (maybe it's that both have a GATEWAY line)
<galaga> after i remove the useless routes i have internet and local network
<_ruben> galaga: then remove the faulty gateway line to start with
<_ruben> you only need one, not one per interface
<galaga> ok lemme see..
<galaga> that was it!! thankyou a lot
<uvirtbot> New bug: #305199 in openvpn (universe) "OpenVPN on Ubuntu Intrepid (dup-of: 260291)" [Undecided,New] https://launchpad.net/bugs/305199
<uvirtbot> New bug: #305254 in php5 (main) "PHP Warning:  Module 'mcrypt' already loaded in Unknown on line 0" [Undecided,New] https://launchpad.net/bugs/305254
<uvirtbot> New bug: #305265 in likewise-open (main) "Can't login with any domain account to AD systems with Hardy or Dell Mini 9 UNR build" [Undecided,New] https://launchpad.net/bugs/305265
<soren> Have any of you guys used iscsitarget succesfully?
<guille_> hi
<Faust-C> howdy
<Faust-C> soren, not on ubuntu but ive used it before
<soren> Faust-C: Ok. I meant on Ubuntu, so.. :)
<soren> Besides, it seems it might be open-iscs htat doesn't like me.
<Faust-C> should work but it is a pita to mess w/
<Faust-C> thats why i used openfiler w/ it
<yann2> there is a bug on openiscsi that say you cant initiate two connections at the same time, but you're probably aware of it?
<yann2> Faust-C > can you tell me more about openfiler? I dont understand, is it opensource?
<emretemp> ust be a real domain adress? for example i use "debianDesktop" as my hostname, nothing bad ever happened. but im just curious. thx in adv
<Faust-C> yann2, yeah openfiler is a SAN/NAS linux distro
<yann2> is it good?
<Faust-C> emretemp, if your not on a domain it doesnt matter
<Faust-C> yann2, yeah for most needs
<Faust-C> can auth to AD a lil simpler
<yann2> I guess I'll give it a  try
<yann2> what is it based on? does it do snapshots?
<Faust-C> yann2, based on, i forgot the name
<Faust-C> but yes it has snapshots if you use LVM
<Faust-C> rpath
<Faust-C> its based on rpath
<yann2> https://project.openfiler.com/tracker/ticket/835 uhuh
<yann2> I'll give it a try :)
<yann2> too bad they dont provide qemu images
<Faust-C> yann2, btw that bug is old, look in forum for the howto
<yann2> i read about another one like this can't remember the name
<yann2> gave up in the end as the / couldnt be on the same physical disk as the data
<Faust-C> you dont want to do that anyways
<Faust-C> i have 5 hdd's
<Faust-C> one install, then 2 raid1 w/ LVM totalling 2TB
<yann2> why dont you want to do that? :)
<Faust-C> if install hdd goes down you want to have data secure at least (or vice versa)
<yann2> anyway we'll see... we may buy a big server with plenty of disks next year, this could be a solution
<Faust-C> yep
<yann2> well idea is there is raid so it doesnt go down so easily :P
<Faust-C> yeah but dont mix data w/ install
<Faust-C> data gets more I/O usually
<yann2> so install shouldnt hurt ^^
<Faust-C> heh youre missing the point
<Faust-C> anyways laters folks
<yann2> bye, thx for the link :)
<Albertein> hi guys, could you provide a guide to configure a ubuntu installation to relay mail messages? i've already have a exchange server but i want to do email filtering trought spamassassin, so i wanted to install postfix to relay all mail to my existent maiil server except the ones detected as spam by spamassassin
<Albertein> i tried just a simple proxy (spampd) before trying postfix but i want to reject spam messages and store them in a file or in a mailbox and it seems to not support it, that's why i tought of postfix
<AlbertEin> hi guys, could you provide a guide to configure a ubuntu installation to relay mail messages? i've already have a exchange server but i want to do email filtering trought spamassassin, so i wanted to install postfix to relay all mail to my existent maiil server except the ones detected as spam by spamassassin
<AlbertEin> i tried just a simple proxy (spampd) before trying postfix but i want to reject spam messages and store them in a file or in a mailbox and it seems to not support it, that's why i tought of postfix
<LoveGuru> Hi, is there any gud guide to install/configure proftpd server in ubuntu 8.10. Thankx.
<AlbertEin> hi guys, could you provide a guide to configure a ubuntu installation to relay mail messages? i've already have a exchange server but i want to do email filtering trought spamassassin, so i wanted to install postfix to relay all mail to my existent maiil server except the ones detected as spam by spamassassin
<AlbertEin> i tried just a simple proxy (spampd) before trying postfix but i want to reject spam messages and store them in a file or in a mailbox and it seems to not support it, that's why i tought of postfix
<AlbertEin> sorry if that weas duplicated, i was having problems with nickserv and i didn't knew if the message was sent
<LoveGuru> AlbertEin: keep patience, if someone around here definitly they will help ya.
<AlbertEin> sorry LoveGuru i tought the message hadn't arrived because i was not identified with nickserv
<LoveGuru> AlbertEin: thats fine.. if u are not identify with nickserv just make sure channel modes are not +RM
<LoveGuru> then u can talk if ur not identifiy.
<LoveGuru> *y
<Deeps> AlbertEin: not a fan of running mailservers myself, but off the top of my head, i suspect it's not as easy as you're hoping
<Deeps> you may need to go as far as altering your public MX records so that the primary mailserver is your postfix box, which is configured with spamassassin
<AlbertEin> Deeps: there's no problem with the dns, i only have a single public ip, so everything it's done with nat on my gateway
<Deeps> and then also have that postfix server not believing it is the primary MX server, so that once it's done, it relays it onto the exchange server
<Deeps> how you'd actually go about doing any of that i dunno, but thats how it would seem to make sense in my head
<AlbertEin> Deeps: yup, it's the second step which i don't know where to start
<Deeps> google 'ubuntu postfix spamassassin' for that step
<Deeps> and 'ubuntu postfix secondary/slave/something-relevant-here' for the next step
<Deeps> and muddle your way through
<Deeps> LoveGuru: apt-get install proftpd, and it'll be setup so that system users can connect and login using their normal user/pass and have full perms on their homedirs (and cant see outside of that iirc)
<Deeps> LoveGuru: anything more advanced, google 'ubuntu proftpd <keyword>', replacing keyword with whatever fancy feature you're wanting
<LoveGuru> Deeps: well im trying by that way.. as u said.. after setup my system users can access in my system but somehow it won't... " http://pastebin.com/d7c145e43 " im trying to test my ftp server by Gene6 FTP server.
<LoveGuru> its " PASV " ports problem?
<LoveGuru> i didn't open or add that ports yet in my conf.
<Deeps> doesn't look like it's getting even that far
<Deeps> looks like your client is sending custom commands to the server that it doesn't understand
<Deeps> s/custom/non-standard/
<Deeps> or rather, the website's ftptest is testing for a g6 ftp server, which it's not finding
<LoveGuru> i think ur right. becoz when i m trying to access from windows DOS prompt it works fine.
<ScottK> AlbertEin: What you want is postfix, amavisd-new, and spamassassin.
<AlbertEin> ScottK: actually i could live
<AlbertEin> ScottK: thanks, i', going to check it out, but what i'm conserning now is to make postfix to relay all mail
<ScottK> AlbertEin: Working as an anti-spam gateway in front of Exchange is a pretty standard task for Postfix.
<AlbertEin> ScottK: unfourtanly i can't seem to find documentation to make postfix work =p
<Deeps> http://www.howtoforge.com/the-perfect-spamsnake-ubuntu-8.04
<Deeps> looks relevant
<ScottK> Deeps: Yes, but I'd start with the official documentation.
<AlbertEin> thank you, i'll read it, seems like man transport 5 could help
<ScottK> https://help.ubuntu.com/8.10/serverguide/C/postfix.html and https://help.ubuntu.com/8.10/serverguide/C/mail-filtering.html
<ScottK> AlbertEin: ^^
 * ScottK needs to run off for a while.
<Deeps> my bad, i (shoudn't have) assumed he'd looke through that already
<AlbertEin> actually i glanced that, but it seems to make postfix the main smtp server instead of a relay gateway
<ScottK> The relay part is easy if you get the rest
<AlbertEin> well, if you say so i'm going to configure it as a main server first
<AlbertEin> and work on that
#ubuntu-server 2008-12-05
<ScottK> AlbertEin: The relay part is described here: http://www.postfix.org/postconf.5.html#relay_transport
<AlbertEin> thank you very much, i already got the relay part, i needed a /etc/postfix/transport and /etc/postfix/transport.db file, i only need to see if the amavisd can scan the message first
<AlbertEin> gotta go, thank you four your hemplo!
<AlbertEin> help *
<LoveGuru> Hello, somehow i can't ssh to my server.  im using VMware and Ubuntu as Guest OS, I just Reset my Router and after that eth0 just disappeard and eth1 appear there, i can't figure out what i did wrong :< before everything works fine. but now nothing works. Please can Someone Point me to the Correct direction im using NAT. and I checked my port forwarinding and its look fine.. but when i try to ssh to my server it gave me error refused :<
<LoveGuru> Hello, somehow i can't ssh to my server.  im using VMware and Ubuntu as Guest OS, I just Reset my Router and after that eth0 just disappeard and eth1 appear there, i can't figure out what i did wrong :< before everything works fine. but now nothing works. Please can Someone Point me to the Correct direction im using NAT. and I checked my port forwarinding and its look fine.. but when i try to ssh to my server it gave me error refused :<
<ball> LoveGuru: is eth1 configured?
<LoveGuru> ball yea
<LoveGuru> i checked ifconfig eth1 and it shows there.
<LoveGuru> ball: i m trying to figure out since 4 hours .. where is the problem but still hard luck :<
<ball> Does it have an IP address?
<LoveGuru> eth1?
<LoveGuru> yes eth1 have inet addr:172.16.148.128
<LoveGuru> i can ping my guest from host.
<ball> but not the other way around?
<LoveGuru> ball: sorry i won't understand what u saying.
<ball> LoveGuru: you can ping it but you can't ssh to it?
<LoveGuru> ball: ya..
<ball> Have you tried rebooting the virtual machine?
<LoveGuru> ball: yea several times i reboot the machine .. restart the networking devices..
<LoveGuru> ball: u know what.. everything works fine before i cann ssh/ftp/php/whatever everything were gud. but i just restart my router and its gonna be messy :<
<cfedde> I had a similar odd problem of that nature when upgrading from ESX 2.5 to 3.0 some of the ubuntu guests lost their eth0.  I think I worked aorund it using eth1 when I could not find a simple solution in a couple hours.
<`6og> cfedde: if the mac addresses changed, that would explain that
<LoveGuru> cfedde: i m trying everywhere since 4 hours :< still no luck
<`6og> i missed the description of the problem - whats going on?
<ball> LoveGuru: I'm not familiar with virtual machines on PCs.  Is the router a physical thing, or virtual?
<cfedde> `6og: that might be it. Now that I think of it the guest moved from one vmware host to another.  How interesting.
<LoveGuru> `6og: somehow i can't ssh to my server.  im using VMware and Ubuntu as Guest OS, I just Reset my Router and after that eth0 just disappeard and eth1 appear there, i can't figure out what i did wrong :< before everything works fine. but now nothing works. Please can Someone Point me to the Correct direction im using NAT. and I checked my port forwarinding and its look fine.. but when i try to ssh to my server it gave me error refused :< tha
<`6og> LoveGuru: whats the host OS for the vmware?
<`6og> cfedde: that might do it (i dont know how vmware works past 'it puts stuff in files and virtualises them)
<LoveGuru> `6og: host is Windows 2000 Server And Guest is Ubuntu Server
<`6og> LoveGuru: the bit that makes me wonder if we are missing info is "reset router" and "eth0 disapeared and eth1 appeared". did you make any changes to the client? is the router hardware or software?
<`6og> afk a few min
<LoveGuru> `6og: thats the problem i didn't set/edit anything. i Just unplugged my Router Cable and put it back again. just reset the router .. after that my local IP also change, before my local IP was 192.168.0.100, now my ip is 192.168.0.101 but before i had eth0 but now i do have eth1 there with same eth0 conf. with same IP.
<ball> LoveGuru: On IBM midrange boxes, there's a virtual LAN for the virtual machines to communicate.  Could eth1 be virtual?
<LoveGuru> ball: its Dell
<LoveGuru> ball: well i dont know about IBM
<LoveGuru> ball: u know what when i try to ssh with VMware Guest IP i can access to that system, but why i can't ssh with my dynamic host shellhell.dyndns.org
<ball> Right, it's completely different software, but perhaps the same principle applies
<ball> Ah, dyndns is a different animal
<ball> I don't think you mentioned that before
<LoveGuru> No sorry .. i didn't mention it.
<LoveGuru> but. before i can access with my dyndns host.
<LoveGuru> but now i can't/
<ball> Is your router forwarding a port to the virtual server?
<LoveGuru> ball ya
<ball> LoveGuru: do you run a DHCP server on the router?
<`6og> LoveGuru: do you have multiple thernet devices? did you plug into the correct one?
<ball> I'm wondering if your virtual machine was handed a different IP address and your router's forwarding to nowhere
<ball> (when your virtual machine's network interface changed)
<LoveGuru> ball: sorry i just lost my connection i didn't see ur msgs
<LoveGuru> <ball> Is your router forwarding a port to the virtual server?
<LoveGuru> <LoveGuru> ball ya
<LoveGuru> * Disconnected
<LoveGuru> thats the last msg.
<`6og> (14:48:28) ball: Is your router forwarding a port to the virtual server?
<`6og> (14:48:39) LoveGuru: ball ya
<`6og> (14:49:05) ball: LoveGuru: do you run a DHCP server on the router?
<`6og> (14:49:14) `6og: LoveGuru: do you have multiple thernet devices? did you plug into the correct one?
<ball> hello rideh
<LoveGuru> no im not running DHCP server. on the Router.
<LoveGuru> `6og: no i do have just wilress
<LoveGuru> *wireless
<ball> LoveGuru: so you manually assign an IP address to each machine?
<LoveGuru> ball: no i don't assign any IP manually
<LoveGuru> thats the router assign itself
<ball> LoveGuru: then you're running DHCP
<`6og> i think hes trying to say his router handles it, he doesnt run a dhcpd
<LoveGuru> ya i m not running dhcp my self.
<ball> LoveGuru: my guess is that your virtual machine's fake NIC changed, perhaps including its MAC address, or even its DHCP lease just expired.  Your VM asks for a new IP address, gets it, but your router is still forwarding the port to the old IP address... so you can't connect.
<LoveGuru> my router handle it.
<ball> You're running DHCP *on* your router
<LoveGuru> i dont think so.
 * ball sighs
<ball> I think so.
<LoveGuru> when i did /dns shellhell.dyndns.org it show me my external ip.
<ball> right.  Exactly.
<LoveGuru> i can ssh to my server through local ip. not this host
<ball> now, ask your router where that's forwarded to.
<ball> LoveGuru: you said you couldn't ssh to it as shellhell.dyndns.org
<LoveGuru> ya not from this host.
<ball> What kind of router is it btw?
<LoveGuru> but with my local ip i can.
<ball> LoveGuru: well there you go then, just fix your router config
<LoveGuru> its Dlink
<LoveGuru> damn.. wth.. now i can't access to my router :S http://192.168.0.1 :/
<ball> Okay, I have a DLink router too.  I run a DHCP server on it and have told it to consistently issue the server with the same IP address (based on its MAC address).
<LoveGuru> ball i got something when i did " ipconfig/all"
<ball> If I were you, I would double check my router configuration
<LoveGuru> let me paste it on pastbin
<ball> That isn't going to help
<LoveGuru> ball: but i can't login in my router configuration
<LoveGuru> http://pastebin.com/dbb4f416
<LoveGuru> Please Check that link if u can
<LoveGuru> the bottom 2 lines
<ball> LoveGuru: what IP address are you forwarding ssh to?
 * `6og wants a better understanding of this network before taking more guesses (or some action on his existing suggestions)
<LoveGuru> .. hold on
<LoveGuru> let me restart the router again. because i can't access it in
 * ball sighs
<`6og> would have been good to know ipv6 was involved too
<LoveGuru> okie now i m in my router configuration
<ball> It's official: I'm cold
<`6og> ball: here, hold your hands by this IRC flamewar
<ball> heh
<ball> I'm thinking of putting my fleece back on
<ball> ...or setting fire to the Christmas tree
<`6og> :o
 * ball puts an Intel D945GCLF on his Christmas list
<ball> hello mdeslaur
<mdeslaur> hello
<alex_21> Hey, yeterday when I'd scene the serer I was connecting to and had no LAMP on it, I realized it was not a server but a laptop I was connecting to. How could I be so blind, well, easy, I just be myself, but seriously, I was too tired to properly notice the proper hostname was wrong
<marshall> i set up an ubuntu lamp server a while ago, ive been able to ssh in an get root privillages the whole time, but now when I try to sudo anything on my server, it says im not listed in sudoers. Ive tried using su and logging in as root on the physical box and neither method has worked. there doesnt seem to be any way to get root privillages right now for some reason. any suggestions?
<alex_21> No idea, try "su -"
<ball> marshall: perhaps you've been rooted.
<alex_21> If you are not the only administrator account, get the other person to remake your account or change the privilages on it anyways
<marshall> ball, ?
<marshall> i have the only admin account
<ball> brb, taping my fingers up
<alex_21> I don't know
<alex_21> Could you reinstall. I mean, do you have a backup that you can restore from?
<ball> Good opportunity to upgrade: install a new disk (or seven) install the new OS, mount your old disk and copy your data files across.
<ball> (works for me)
<nilson> Hi. I just installed ubuntu-server and I watn ot set up mysql. I can not log into the SQL server as root. SQL docs tell me that the default root user has no password
<nilson> however, when it do `mysql -u root`, I get access denied.
<alex_21> But don't upgrade from Hardy if you don't have too. Hardy is five year lts, so that is pretty good
<nilson> Whats going on?
<ball> Canada's going to the dogs
<ball> (at least temporarily)
<nilson> ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
<alex_21> Hey, there is a Canadian her, you know
<alex_21> Here
<nilson> but mysql docs says there is no root password by default...
<alex_21> Sorry
<alex_21> And for the guy asking about MYSQL, you have to set up a root password first. You should have done this durring setup and configuration of the LAmP server or MySQL server anyways
<nilson> maybe its my system root password?
<nilson> ergh.. .I dont have on
<alex_21> No, it isn't the root password
<nilson> There was no place to set a mysql root password during the install. And I did select the LAmP option
<nilson> I dont remember that
<nilson> I just installed last night
<alex_21> Uninstall mysql and reinstall it. Yu will see what I mean about the root password. I sure didn't see it though, smiley, probably because I am blind
<nilson> With apt-get?
<alex_21> Yes
<alex_21> Lol
<nilson> Well nevermind.. Apparently I did set the password (to what I normally use).
<nilson> I am just forgetful
<nilson> thank you for helping
<alex_21> No problem, at least you know for the future. Yesterday i mis ssh'd a server and ended up in a laptop instead and wondered where all my files went
<hads> Good memory you have there :)
<nilson> its been so long since I set up a web server, it's learning all over again. I have had a LAMP server running for three years, but I hadn't really had to mess with anything on it
<nilson> regerding to sql anyway
<nilson> regarding
<alex_21> Don't worry, we are here to help and assist
<nilson> just trying to set up a personal image gallery and some cool stuff for my personal site. previous install of ubuntu-server got b0rked somehow; apt sources were all 404s
<nilson> so I just wiped it
<alex_21> Cool lok at http://www.javascriptkit.org/
<alex_21> Or maybe .com/. I don't remember
<alex_21> It has a lot of things for image galeries
<alex_21> Galleries
<alex_21> Sorry
<alex_21> I HAVE A UBBUNTU BASED DISTRO I AM DEVELOPING, BUT I WANT TO GET IT IN AS A RECOGNIZED RELEASE, THOUGH it is developed by my small web organization
<boshhead> why are you shouting
<alex_21> I didn't realize capslock was held down, sorry
<nilson> alex_21, I am using zenphoto
<nilson> its pretty nice
<nilson> see http://alvania.net/gallery/
<alex_21> Zenphoto, is that a service, or a script
<nilson> its just a php script
<nilson> from zenphoto.org
<alex_21> Cool, I'll check it out. I don't know how accessible it will be
<nilson> I like it better than Gallery / Gallery 2
<nilson> its very simplistic and "clean"
<maswan> I have so far not seen a photo gallery thingie I've been happy about.. :/
<nilson> this one I really like
<nilson> I take tons of pictures when Im out dirtbike riding and such
<nilson> so I like to have a place to show them.
<nilson> besides some crap like photobucket.. yuck
<alex_21> Well, I'll deffinetely look at it for accessibility. It looks good at first glance. I may just meet my requirements
<alex_21> I HAVE A UBBUNTU BASED DISTRO I AM DEVELOPING, BUT I WANT TO GET IT IN AS A RECOGNIZED RELEASE, THOUGH it is developed by my small web organization
<alex_21> What can I do?
<alex_21> Sorry, middes that, I go disconnected
<maswan> nilson: I'll take a good look at it, I've been looking for something nicer than the old perl hack from the late 90ies that I currently use for my photo stash
<_ruben> alex_21: start with not shouting .. and i think there's some info on that subject on ubuntu.com .. i doubt this is the proper place to ask .. there's mostly likely some mailinglist thats more suited (there's a ton of lists)
<nilson> Im trying to get a job in the IT department at my university, so I decided to redo my personal site to help flesh out my resume a little
<nilson> so Im doing a lot of dynamic content and want to make it pretty
<nilson> hmm
<alex_21> Nelson, careful. You can loose accessibility, and no IT person will get a job like that. If you have accessibility in mind, you will more likely get the job based on that. I worked for a university
<nilson> I just mean a student job
<nilson> workstudy
<nilson> nothing like professional IT
<alex_21> Well, you may still get the job. You would be surprised at how may people in IT don't care about accessibility, but hving it really helps, in education
<nilson> I would imagie so
<nilson> my personal site is really just intended for people I either know or chat with online, though
<alex_21> So, even as a student job, I really recomend that.
<nilson> so its not a big concern for me in this context
<alex_21> A few pinters. No flash, for not only access users, but others, or else have a text based copy as well. Also, avoid refreshing the page every five seconds or so. That drives screen readers nuts.
<alex_21> And don't use AJAX unless you know what you are doing in regards to accessibility
<nilson> Well they hire inexperienced people generally. The simple fact that I know what CSS and HTML stand for and can author them by hand will put me ahead of a lot of others
<nilson> let alone experience with unix server admin, etc etc
<nilson> and object oriented programming in C++ helps
<alex_21> Good on you, that is a plus. I know html too. I don't bother with prittiness, so I don't usecss, but plain straight html is the best
<alex_21> Best for Screen readers
 * nilson shrugs... here's the resume: http://alvania.net/portfolio/Resume.pdf
<alex_21> And applying CSS correctly is very powerful for accessibility
<alex_21> Oh, and provide html copies of PDFs. Another thing that drives me up the wall with screen readers
<nilson> Do you use a screen reader?
<nilson> Oh - I see - you are blind.
<nilson> Well that certainly would hinder a lot of stuff on the computer
<nilson> I understand your affinity for accessibility now
<alex_21> How do you know I am blind?
<nilson> You said so earlier
<nilson> when I Was talking about mysql install
<alex_21> Oh, yeah, I did, didn't I?
<alex_21> Lol
<nilson> I just didnt catch it at first
<nilson> too bad you cant see my pictures. Really pretty stuff you can find out in the wilderness.
<nilson> totally blind, or just very bad sight?
<alex_21> Yes, I am accessibility consultant for IT at theuniversity I worked at for a while, and I have aggreed to stay on as accessiblity consultant off site
<nilson> whats the university
<alex_21> SFU
<hads> Quite off topic guys
<nilson> South Florida?
<alex_21> And I have Very, Very bad sight
<alex_21> Lol, not completely blind
<alex_21> But just about
<nilson> there is no one else talking in here, hads, so I dont think they'll mind this little bit of chatter
<alex_21> I also know the joys of nature, the feel of the rocks, the sounds of the rushing stream. I remembber clearly the trip I recently took up a local mountain with my class
<hads> Being quiet doens't make it more on topic.
<nilson> I go to the university of alabama.. but anyway.
<alex_21> Well, you can PM me if you like
<cfedde> chatter in channel is fine imo.
<cfedde> till it gets in the way of the support stuff.
<nilson> yeah thats what I mean - if there were people in here for support, I wouldnt be offtopic.
<nilson> Now this is where having a 400MHz server hurs
<nilson> hurts
<nilson> generating thumbnails for lots of images
<alex_21> Well, I can't find my server on the network
<alex_21> Why could this be?
<selinuxium> hi all. I have got a Ubuntu Jeos VM running on a Ubuntu host. How do I reconfigure the keyboard mapping and stuff. for some reason vmware2 would not allow me to use my keyboard properly during the install and timezones and keymaps are not what I desire...
<Jeeves_> Does someone know Matthias Klose around here and if he's available on IRC?
<henkjan> Jeeves_: nothing on launchpad?
<Jeeves_> henkjan: Nope, no nickname
<henkjan> doko is who you are looking for
<Jeeves_> henkjan: Yeah, i know
<Jeeves_> however, there's no irc nickname known
<henkjan> /whois doko
<henkjan> ircname  : Matthias Klose
<Jeeves_> henkjan: Ah, ok :)
<_ruben> lazy dutchies ;)
<soren> Jeeves_: He's "doko" on IRC.
<soren> Oh, I'm slow.
<_ruben> hehe
<selinuxium> morning _ruben....
<selinuxium> :)
<incidence> Does warnquota need any special configuring? It doesn't seem to send the quota warnings
<selinuxium> How do I recongure the keyboard map in JeOS?  :)
<_ruben> never had any keyboard map troubles in VMs
<soren> selinuxium: selinuxium Just like you would on a regular system?
<soren> sudo dpkg-reconfigure console-setup.
<selinuxium> soren: Cheers
<selinuxium> I am having problems with JeOS on VMware... Tabbing does not auto complete... and I cannot cd /var/lib/vmware... i get cd: 1: can't cd to /var/lib/vmware but it will allow me to cd to it one level at a time... :( Is this JeOS or have I mangled the image somehow?
<selinuxium> soren: ^^^ Any ideas?  :)
<soren> slicslak: I'm guessing the latter. :)
<uvirtbot> New bug: #305393 in php5 (main) "Please upgrade php5 to new upstream version 5.2.7" [Wishlist,Triaged] https://launchpad.net/bugs/305393
<domas> arghhhh, ubuntu server doesn't boot without PAE
<domas> ghr...
<_ruben> selinuxium: jeos' tabcomplete is limited compared to server .. i just install server with a -virtual kernel instead
<selinuxium> _ruben: Do you install server then install the -virtual kernel, or is there another process?
<_ruben> selinuxium: more or less .. i use preseeding to do the install, and one of the preseeding steps is installing the -virtual kernel
<selinuxium> _ruben: Preseeding? Can you give me a good link?
<_ruben> as of 8.10 this isnt even needed any more .. -server kernel and -virtual kernel are same kernel with different set of modules (-virtual being a subset of -server)
<_ruben> selinuxium: the install guide is a good start
<uvirtbot> New bug: #305454 in samba (main) "'mount error 13 = Permission denied' when user mounts cifs (sudo works!)" [Undecided,New] https://launchpad.net/bugs/305454
<_ruben> tho just installing ubuntu server and then install linux-virtual might be easier
<selinuxium> _ruben:  Thank for all your help. :)
<domas> mmmm, anyone using any apparmor gui on ubuntu?
<ScottK-laptop> domas: None should be required.
<domas> ScottK-laptop: thats arguable, but I see your point. I want to have lots of custom profiles :)
<domas> ScottK-laptop: aa-logprof would be way better if done in visual way :)
<ScottK-laptop> OK.  I'm not aware of such a thing.
<domas> ScottK-laptop: thats tool that reads audit logs and suggests/does changes for profiles
<domas> anyway, this is niche enough to be done manually
<domas> at the moment I'm in "love apparmor" state :)
<ScottK-laptop> No, I mean I'm not aware of a GUI for it.
<domas> ScottK-laptop: YaST has gui for that
<domas> well, thats where apparmor came from :)
<ScottK-laptop> OK, so now I'm aware of one.
<domas> ;-) congratulations! every day - something new!
<arnaldocapo> hi there
<arnaldocapo> some1 here uses vsftpd?
<domas> woooof, apache2 profile grew to 80 lines :)
<arnaldocapo> some1 answered
<arnaldocapo> some1 here?
<domas> someone might use it
<domas> or might have used it in the past
<domas> <3 vsftpd
<Faust-C> man WWAN card totally locks up system
<Faust-C> if i use echo ppp packets
<arvind_khadri> hi, how do i create AD in ubuntu?
<arvind_khadri> hi, how do i create AD in ubuntu?
<Koon> arvind_khadri: you can't "create AD"
<Koon> if by that you mean create an Active Directory server
<arvind_khadri> Koon: ya i mean that..
<arvind_khadri> Koon: likewise-open is used for what?
<Koon> to integrate into an existing AD.
<Koon> to authenticate against AD users
<arvind_khadri> Koon: ok so in Ubuntu AD cant be created at all??
<Koon> arvind_khadri: Simulate an AD server is a Samba 4 feature
<Koon> (not available yet)
<Koon> You can create a NT4 PDC
<arvind_khadri> Koon: how do i so? simulation
<arvind_khadri> Koon: is the simulation thing possible?
<Koon> arvind_khadri: you mean how can I test likewise-open ?
<Koon> arvind_khadri: install Microsoft Windows Server, deploy AD
<arvind_khadri> Koon: no i mean whether Samba 4 simulation can be done or not?
<Koon> arvind_khadri: it's probably possible to run something from Samba4 alpha code
<arvind_khadri> Koon: oh ok...so when samba4 is finally released we can have a AD in Ubuntu too ?
<Koon> arvind_khadri: yes.
<Koon> (when samba 4 will be packaged into Ubuntu)
<Koon> it's generally wise to let some time pass before integrating a completely-new Samba release
<maswan> AIUI, there are also ways of installing an AD which in turn gets its data from a real kerberos or ldap thingie, but I'm not sure on how.
<maswan> we'll see, some of my collegues is probably going to install something like that in the coming months.
<Koon> maswan: keep us posted :)
<maswan> I'm luckily not involved in that project at all. :)
<Koon> arvind_khadri: drop-in AD Domain Controller replacement is "the next big thing"
<arvind_khadri> Koon: :)
<Koon> (then microsoft will change its directory system again to make sure we can't follow them)
<Koon> s/change/break/
<zoopster> koon: but the samba team licensed the AD docs...
<killsalad> hi all - i've got a question - how can i reduce virt memory usage - generally i compiled lighttpd and RSS in proc status tells me that lighttpd is using 1.5 MB, but free -m shows that after lighttpd have started  it comsumed 40 MB ?
<Koon> zoopster: well, we'll be able to follow them, it will just take 3 years to catch up :)
<zoopster> koon: 8-)
<AlbertEin> hi!, i installed postfix with amavisd with spamassassin acording this guide: https://help.ubuntu.com/8.10/serverguide/C/mail-filtering.html , everything works except that amavisd is not checking for spam, or at least it doesn't add the X-Span headers, any guide to troubleshoot this?
<Hawkey> hi i have just some questions.. i need older package of libtool (version 1.5.26 needed), some tips where i can get it? it looks like that this old is not in package library :/
<Hawkey> new version of ubuntu contains version 2.2.4 .. is there any chance to get that old version?
<Hawkey> or older then 2.2.4 ... maybe this could be enough
<Deeps> you can try compiling from source youreslf
<uvirtbot> New bug: #300660 in nagios3 (main) ""nagios3-common" package should not have configuration files named as "*-nagios2.cfg"" [Wishlist,Confirmed] https://launchpad.net/bugs/300660
<lamont> Dec  5 09:29:05 rover3 ntpd_initres[18395]: ntpd returns a permission denied error!
<lamont> wtf?
<Kapli> hey im running an ubuntu server and its been working awesome recently the power went out in the house so yeah the server got shutdown but when i turned it on i couldnt connect to it and the case fan made loooud noises, the fan calmed down after 10mins but i still cant get internet on it if i try to use ping google.com it says cant find host and in ifconfig no packets are sent or recieved n...
<Kapli> ...stuff any ideas?
<xenoterracide_> asside from downloading from apache.org are there any packages for tomcat 6.0 for 8.04
<darkvertex> xenoterracide_: try sudo apt-cache search tomcat on a terminal
<xenoterracide_> darkvertex: latest seen is 5.5
<darkvertex> then I guess you should compile your own. Better yet, you could create a deb package for others :)
<jmarsden|work> xenoterracide_: There are tomcat6 packages in Intrepid 8.10.  But not in Hardy 8.04 as faras I know.
<xenoterracide_> I can just unpack from apache's tarball no big deal
<jmarsden|work> rmadison tomcat6 shows:      tomcat6 | 6.0.18-0ubuntu3 |      intrepid | source, all
<Kapli> is there any way to check if my network interface card is working?
<zul> yes ping it
<darkvertex> Kapli: sudo ifconfig?
<Kapli> yes, and it shows no packages are being sent or recievd
<Kapli> what does that mean
<xenoterracide_> ip addr
<xenoterracide_> does ip neigh show anything?
<Kapli> it says
<Kapli> 192.168.10.1 dev eth0 FAILED
<Kapli> thats bad isnt it
<xenoterracide_> yeah that means that the arp faild
<Kapli> which means? sorry you'll have to forgive my newbieness :P
<xenoterracide_> because you're neighbors are listed by what could be reached via arp. arp is below tcp/ip
<xenoterracide_> it can't be routed
<xenoterracide_> so basically you don't have network
<Kapli> so what could couse this and how can i fix it?
<Kapli> yeah i figured as much that im not getting internet but i cant figure out why, it was working until power went out and when i turned it back on it didnt get internet anymore
<xenoterracide_> Kapli: did you check your cables?
<Kapli> yeah
<xenoterracide_> power went out?
<Kapli> yep
<Kapli> or well the server was at least shut off
<Faust-C> this is retarted, i cant install cause it cant find cdrom but its running from cdrom
<xenoterracide_> Faust-C: lol
<xenoterracide_> Kapli: hmm... router? modem?
<Faust-C> xenoterracide_, i feel like wtf
<Kapli> rest of the house is getting inet by wireless so i cant figure it out
<Kapli> cable is in
<xenoterracide_> does the light on your nick and on the router blink?
<Kapli> tho i do have 2 places to put it in the server, i have a network card and the intergrated one
<Kapli> im not exactly sure which one i used and worked
<Kapli> if i put it in the network card the network card shows a green light
<Kapli> but the intergrated one doesnt
<Kapli> hm yes i believe it used to light orange
<Kapli> when i had it in the intergrated one, but theres no light now
<xenoterracide_> but it doesn't blink...
<Kapli> no theres no blinking
<Kapli> the other network card blinks green if i put the cable there
<xenoterracide_> ubuntu detects cable plugins and tries to get an IP right normally right? (I'm not normally a ubuntu user)
<xenoterracide_> so your integrated doesn't blink but the nic does
<xenoterracide_> well I'd use the nic
<Kapli> but if i put the cable there
<xenoterracide_> also check the router to see if that router port blinks
<Kapli> i still dont get inet so what do i do to like change it
<xenoterracide_> dhcp?
<xenoterracide_> basically blinking lights on both ends means they are attempting to talk
<Kapli> wait brb ill check if the router blinks
<xenoterracide_> you're looking for rapidly blinking ones
<Kapli> ah i have some modem thing like for phone tv and inet so theres no light for the inet on this modem thing
<Kapli> anyway im pretty sure it doesnt have anything to do with the router
<xenoterracide_> no light? or it doesn't light up
<Kapli> theres no like light thingie for the pc
<Kapli> theres only like power, link and 2 phone lights
<xenoterracide_> odd
<Kapli> ye i know, well ye if i put the cable in the nic
<Kapli> how do i configure it so it uses it as default
<xenoterracide_> uses what?
<Kapli> and so it works
<Kapli> i dont know i mean if i put the cable in the nic now and type ifconfig
<xenoterracide_> well I'm kinda at a loss for configuring this on ubuntu, I thought it was just supposed to work ;P
<xenoterracide_> but maybe it doesn't on server
<Kapli> isnt it like
<Kapli> eht0 is the intergrated one
<xenoterracide_> probably /etc/init.d/networking restart
<xenoterracide_> or something
<Kapli> btw now if i type ip neigh it says eht0 incomplete so that must be bcuz the cable isnt in
<xenoterracide_> oh and that has to be run asroot
<xenoterracide_> Kapli: could be, I'm not an expert on the 'ip' command
<xenoterracide_> all I know is it makes ifconfig and the like look like toys
<Kapli> hm ok so i plugged the cable and typed ifconfig but only eth0 shows up
<Deeps> you have 2 nics?
<Kapli> isnt the nic supposed to be eth1
<Kapli> i have 1 nic and the intergrated one
<Kapli> so thats 2 i guess
<Deeps> sudo nano /etc/network/interfaces
<Kapli> ah ye that file i have changed
<Kapli> to set a static ip for eth0
<Deeps> you need to define the configuration for an interface
<Deeps> if you want aa static ip, dhcp ip, whatever, you need to configure it in there
<Kapli> ah, cuz theres no stuff there for eth1
<Kapli> but yeah eht0 must be the intergrated one and eth1 is the nic so if i copy the stuff about eth0 and just paste and change to eth1 instead it should work right?
<Kapli> and set auto eth1 isntead of auto eth0
<Kapli> ill try that
<Deeps> if thats what you want to do, yep
<Deeps> if you want eth1 to be configured in the same way eth0 was
<Kapli> i guess i can just change the eth0 to eth1 as i wont be using eth0 then anymore
<ScottK-laptop> snasni
<Kapli> hm, well i did that and saved the file, then rebooted the server and checked ifconfig at least it shows packages are being sent n stuff
<Kapli> yes, pinging works :D
<Kapli> now to see if i can connect to it from the outside
<Kapli> sucess on the local network :D can anyone check http://last-wish.org and see if anything turns up?
<xenoterracide_> it works
<Kapli> woohoo :D
<Kapli> great, so i guess i can conclude that the intergrated one is broken but the other one works? :D
<Kapli> btw theres nothing else i have to configure like change from eth0 to eth1 right
<darkvertex> Kapli: you could disable the integrated one through BIOS setup and put a sticky tape over the port to prevent future confusions. just my 2 cents ...
<Kapli> ye ill do that
<Kapli> its probably broken
<Kapli> and when intergrated stuff starts getting broken i guess it wont be long until it goes to sleep, its like 8 years old lol
<Kapli> anyway thanks so much for help i g2g now laters :)
<Faust-C> does anyone know if you use likewise-open if it will work w/ services like samba
<Faust-C> cause im forced to create a new file server and dont want to add users manually (70+ users)
<blueyed> Has it been always the case that you need to run update-grub after a kernel update? it isn't the case on the desktop for me..
<blueyed> can you check your "uname -a", if you have 2.6.24-22-*, in case you have rebooted after the latest hardy update?
<Hawkey> hi.. some tip for similar program like this http://www.isotton.com/software/unix/cbm/ for x64 server?
<Hawkey> usp sorry i found it ;)
#ubuntu-server 2008-12-06
<LoveGuru> Is there anyone familiar with IPV6? when i try to start my service /etc/init.d/aiccu start it gave me error "fai;
<ScottK-laptop> kees: The bug sgran filed with clamav to separate security patch level from functionality level is targetted for 0.95 (their next release).
<kees> ScottK-laptop: okay, cool
<ScottK-laptop> They also have a major API change planned for that release too, so it's gonna be painful.
 * IL12 is now away - Reason : Auto-Away after 30 minutes
<IL12> I'm lookign to install proftpd and gproftpd and it says it cannot find proftpd in the repositories.
 * IL12 is no longer away : Gone for 40 minutes 22 seconds
<LoveGuru> IL12: it is in Repo.
<LoveGuru> sudo aptitude search proftpd
<IL12> alright then perhaps I'ev done something wrong.
<IL12> I used aptitude and told it to update the list of packages available and after trying apt-get install proftpd gproftpd it gave me this HUGE list of what it was going to do, which I know is normal, but I'm afraid I've not enough knowledge to interpret it well enough to just 'do it'.
<IL12> nor do I know the command to have it only display one 'page' of information at one time.
<IL12> but that has found it. I'm nto sure why it won't take sudo apt-get proftpd
<NotADJ> How do I get a desktop to use a username and password from a kerberos server...
<LoveGuru> just do "sudo aptitude install proftpd gproftpd"
<NotADJ> Or do I need LDAP
<IL12> Got it. getting proftpd-doc as well since it suggested it.
<LoveGuru> yep
<LoveGuru> dependent
<IL12> And can anyone recommend a good remote-management client for 8.10?
<IL12> I've heard webmin for one.
<IL12> and possibly a good GUI that I won't have to use all the time--just when I'm having issues working with the CLI?
<NotADJ> CLI <3
<LoveGuru> IL12: well im new.. dont have much info all thingys ;)
<IL12> I've heard gnome-base I think. and CENTOS. Not sure about either. I've worked in GNOME before but not CENTOS nor GNOME-Base. and I'd like to learn the CLI but throwing myself into it isn't working as well as i'd like. I needs books.
<uvirtbot> New bug: #305646 in libapache2-mod-perl2 (main) "PerlSetEnv not working consistently in libapache2-mod-perl" [Undecided,New] https://launchpad.net/bugs/305646
<IL12> gah. must run. bbl. thanks for the info I was given though!
<mib_rjnu2aby> help
<mib_rjnu2aby> hello people
<ball> mornin'
<Ahmuck> good morning ball
<ball> hello Ahmuck
<samirnassar> I am have 2 hosts. Both are running Bind 9. Host 1 is set up as a primary DNS server, host 2 does postfix and LAMP as well as caching DNS. Slave DNS is provided by my hosting company.
<samirnassar> I am running 5 domains off of my primary DNS server, all are working well. One of those domains jumps from example.com to www.example.com
<samirnassar> but only that domain.
<LoveGuru> is there anyone Familiar with "ebox" with intrepid?
<chris-p> is there a freeradius package that can use SQL on ubuntu server
<Oli``> I have an Ubuntu server in New Jersey and I want to limit SSH so only people from England (where I am) can access the SSH server.. Any idea how I might go about doing that?
<Hawkey> Oli only people from the country?
<Oli``> Yeah. Limit it by GEOIP, or something like that
<Hawkey> Hmm interesting, but i cant help :/ ...
<Hawkey> hey how can i change ulimit in os? i'm confused bacause on other os i use command ulimit from bash
<arvind_khadri> hi, i have just installed tomcat5.5 where can i find webapps directory?
<arvind_khadri> anybody here?
<arvind_khadri> !tomcat
<ubottu> Sorry, I don't know anything about tomcat
<Hawkey> can somebody help me? i have unbuntu 8.10 and i can't find ulimit program.. i dont understand
<Hawkey> someone could help me?
<Hawkey> or in which package is ulimit function?
<exodus_ms> could someone take a look at this please --> http://paste.ubuntu.com/81391/
<mok0> exodus_ms: I've read it, but I can't help :-/
<exodus_ms> thank you mok0! do you know perhaps where I might be able to find help with this :)
<mok0> exodus_ms: could be your card is defective, though
<mok0> exodus_ms: perhaps on the kernel mailing list?
<exodus_ms> yeah, I thought about that, I will really be pissed if that turns out to be the case :P
<mok0> Just thought I'd mention it :-)
<mok0> The channels are very quiet today, I don't think there's hope of much help on IRC
<exodus_ms> mok0> cool, thanks again for your help. If something turns up I'll be sure to post back...
<mok0> great!
<exodus_ms> later
<samirnassar> I am trying to figure out why the shell thinks that my hostname is (none). I have almost matching Ubuntu Intrepid server installations and with one I correctly set the hostname and with the other I have not been able to
<steven_> does anyone know if there is going to be a new kernel for 8.10 server to fix launchpad bug 285392?..or a workaround, I can't use 8.10 because of this.
<uvirtbot> Launchpad bug 285392 in linux "Softreset failed (device not ready)" [Undecided,Confirmed] https://launchpad.net/bugs/285392
<ScottK> samirnassar: You may have Bug 8980
<uvirtbot> Launchpad bug 8980 in netcfg "hostname -f does not return a proper FQDN" [Medium,Confirmed] https://launchpad.net/bugs/8980
<samirnassar> ScottK: that's weird, Even though they are identical installs? Or close to?
<ScottK> Perhaps.  It's hard to tell.
<samirnassar> ScottK: hmm, dropping to root might be the solution.
<samirnassar> damn, nope
<samirnassar> weird, the solutiong seems to have been setting /etc/hostname manually
<samirnassar> ScottK: thanks for the tip
<eolo999> hi, i was looking for some docs about squids as an apt-proxy; any pointers?
<eolo999> !squid
<ubottu> squid is a caching proxy for the Web.  See: https://help.ubuntu.com/community/SquidGuard  See: http://www.squid-cache.org
<eolo999> !proxy
<ubottu> Many Ubuntu IRC channels prohibit access from !proxies such as !TOR and web (Java, etc) gateways due to a high level of abuse. You can however obtain a hostmask cloak: see http://freenode.net/faq.shtml#cloaks. If you're using mibbit, please try joining #ubuntu again. Mibbit takes a long time to connect, so you may have missed a message to do this.
<mok0> eolo999: I think you want apt-cacher-ng
<mok0> eolo999: squid won't do what you want
<eolo999> mok0: apt traffic is not common http/ftp?
<eolo999> so why another app?
<mok0> eolo999: because apt-cacher-ng is tailored to also deal with updates
<mok0> squid will just feed you whatever's in its cache
<eolo999> i've heard of apt-proxy too, which one doy you suggest?
<mok0> In my experience, apt-proxy is buggy, tends to hang
<mok0> I recommend apt-cacher-ng
<eolo999> mok0: really thx
<mok0> np :-)
<chris-p> when I try to install ubuntu server
<chris-p> it gets to the end and asks me to insert the cd labelled ubuntu server 8.10 intrepid ibex
<chris-p> when it's in
<chris-p> and verified
<chris-p> and it won't let me continue and thus install
<chris-p> argh, can no one help :(
<eolo999> mok0: i installed apt-cacher and i'm very happy wuth that, thx. Last question ;) where'is the report page?
<orangefly> 8.10....i have write permissions but can't write from windows....anyone help....???....
<orangefly> 8.10....i have write permissions but can't write from windows....anyone help....???....
<orangefly> samba....
<hads> ...
<orangefly> 8.10....i have write permissions in samba but can't write from windows....anyone help....???....
<orangefly> 8.10....i have write permissions in samba but can't write from windows....anyone help....???....
#ubuntu-server 2008-12-07
<alex_21> Hi, this prbably isn't the right place, but how do I set my GDM theme over the network?
<alex_21> Using ssh without the ability to use any GUI?
<sanmarcos> how can I change my dns servers so that resolvconf knows about it
<sanmarcos> apparently it doesnt give a crap about /etc/network/interfaces
<sanmarcos> i fucking hate resolvconf
<Kamping_Kaiser> /etc/resolv.conf?
<sanmarcos> no, the stupid daemon that made it 500 times more complicated
<jmarsden> sanmarcos: You have a Ubuntu Server that runs a daemon named resolvconf?  What package installed it?
<sanmarcos> everything depends on it
<sanmarcos> postfix, dnsmasq, avahi, fetchmail
<sanmarcos> there is nothing that doens't depend on that crap that makes it impossible to change my dns server
<sanmarcos> (on 6.06
<jmarsden> What does     which resolvconf    say?
<sanmarcos> /sbin/resolvconf
<jmarsden> I've not used 6.06 on a server.  OK, what does     dpkg -S /sbin/resolvconf     say?
<hads> !language
<ubottu> Please watch your language and topic to help keep this channel family friendly.
<jmarsden> sanmarcos: Hmmm, looks like there is a package called resolvconf... let me take a look for you.  It's not required in later versions.
<sanmarcos> thankfully it isn't, they admitted their error
<jmarsden> OK...
<sanmarcos> justice was done
<jmarsden> OK.  Do you have a line like:  dns-nameservers 192.168.3.45 192.168.8.10    in your iface stuff in /etc/network/interfaces?
<sanmarcos> yes but resolvconf doesn't care about it
<sanmarcos> I fixed it anyways
<jmarsden> OK.
<sanmarcos> blessed the one who took that P.O.S and set it on fire, removing it from ubuntu
<jmarsden> sanmarcos: It is still present, just optional.
<sanmarcos> as it should be. as it should be my friend, it shouldn't be a dep
<Kamping_Kaiser> maswan, i just looked at your http://ftp.acc.umu.se/about/ page. pretty cool.
<Kamping_Kaiser> now i know who to be cross with because i cant wget off cdimage.d.o too :p
<alex_21> Hi, I am following http://www.apachetutor.org/admin/reverseproxies and need some help, as things appear to be a little different on Ubuntu. I have already "enable" the modules using the a2en... scripts, but now I am stuck. I am new to web serving, so any help is appreciated, starting with where is the httpd.conf ifle, and do I have to still load the modules into it if I've used the script?
<Kamping_Kaiser> alex_21, Debian (and Ubuntu) use apache.conf instead of httpd.conf
<alex_21> Where is this file?
<Kamping_Kaiser>  /etc/apache[2]/
<alex_21> Thanks
<alex_21> Do you know if I still need to add modules to the apache2.conf file if I am using the a2en... script
<alex_21> ?
<Kamping_Kaiser> i doubt you do
<Kamping_Kaiser> a2enmod should do that stuff
<LoveGuru> Hi, Is there anyone Familiar with "ebox" i m getting some complications with installating some modules. Thankx. uSing ubuntu intrepid.
<Kamping_Kaiser> LoveGuru, ebox has its own irc channel
<LoveGuru> I just installed "ebox" package now when i try to install modules manually it gave me error like this. " http://pastebin.com/d7fd66c9a "
<Kamping_Kaiser> (incase you dont get help here ...)
<LoveGuru> Kamping_Kaiser : i mtrying to contact there since 2 days.. but no one around..
<LoveGuru> i spend 4/5 hours.. but no reply
<Kamping_Kaiser>     * Unknown post id, it may have expired or been deleted
<LoveGuru> Kamping_Kaiser: i m trying to install module, whatever module im trying gamve me similar error like that.
<LoveGuru> ahh
<LoveGuru> sorry
<LoveGuru> might be its expired
<LoveGuru> :<
<Kamping_Kaiser> :(
<alex_21> How do you access ebox?
<Kamping_Kaiser> alex_21, via a web browser
<Kamping_Kaiser> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<LoveGuru> https://ip/ebox
<LoveGuru> Kamping_Kaiser: do u have any info or did u setup ebox urself before?
<Kamping_Kaiser> LoveGuru, i tried it, but it drove me insane. i'm used to doing things manually
<LoveGuru> WARNING: the eBox package released with Ubuntu 8.10 (Intrepid Ibex) is broken and cannot be installed. See bug #255368 for information and unsupported workarounds.
<uvirtbot> Launchpad bug 255368 in ebox "ebox: Depends: libapache-authcookie-perl but it is not installable " [Undecided,Confirmed] https://launchpad.net/bugs/255368
<LoveGuru> might be its not compitable with intrepid?
<Kamping_Kaiser> LoveGuru, perhaps you need to check the ebox peoples PPA on launchpad. they might have a working intrepid version
<LoveGuru> Kamping_Kaiser: well sorry to asking. but i m new not familiar with launchpad.
<Kamping_Kaiser> LoveGuru, http://ebox-platform.com/community/installation-guide/
<Kamping_Kaiser> down the bottom
<Kamping_Kaiser> LoveGuru, remember, these are 3rd party as far as ubuntus concerned, (just fyi)
<LoveGuru> gotch.
<LoveGuru> *a
<LoveGuru> so just add " deb http://ppa.launchpad.net/ebox-unstable/ubuntu intrepid main " in my sources.lst
<LoveGuru> then do update?
<LoveGuru> and  install it?
<Kamping_Kaiser> yeah.
<LoveGuru> so nice 0f you thanks very much.. let me take short.
<LoveGuru> t
<Kamping_Kaiser> good luck with it.
<LoveGuru> thanks :)
<Kamping_Kaiser> :)
<alex_21> Hey, how do have a job run with crontab?
<alex_21> Can this be set up with ebox?
<Kamping_Kaiser> alex_21, run `crontab -e`. no idea about ebox in that regard
<alex_21> Ok, thanks
<Kamping_Kaiser> :)
<LoveGuru> Kamping_Kaiser: sir i just got that same error yesterday " http://pastebin.com/mdb2dac7 " would you please check what/where is the problem.
<alex_21> Good Night. Bani Bash
<Kamping_Kaiser> LoveGuru, do you have two network cards?
<Kamping_Kaiser> #
<Kamping_Kaiser> Interface eth1 does not exist.dpkg: error processing ebox-network (--configure):
<LoveGuru> well when i did "ifconfig" it show eth0 and lo there there is no eth1
<LoveGuru> thats what i m thiking
<Kamping_Kaiser> i'm not familar with ebox, but ebox-network may require two interfaces.
<Kamping_Kaiser> LoveGuru, could you run `lspci |grep Eth` and paste the output here
<LoveGuru> k
<Kamping_Kaiser> should only be acouple of lines
<LoveGuru>  lspci |grep Eth
<LoveGuru> 00:11.0 Ethernet controller: Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] (rev 10)
<LoveGuru> aamir@ab1adm:~$
<LoveGuru> Kamping_Kaiser: Well im Running Ubuntu server under Vmware
<Kamping_Kaiser> ah
<LoveGuru> is it problem?
<Kamping_Kaiser> ok. well, you only have one nic
<Kamping_Kaiser> wonder why ebox wants a second.
<LoveGuru> yesterday .. i just restart my router and after that my eth0 becomes eth1. so i just change my "/etc/udev/rules.d/70-persistent-net.rules" eth1 to eth0 after that in ifconfig it shows that eth0 there.. but i got this same problem again.
<LoveGuru> now my rules kinda like this
<LoveGuru> # PCI device 0x1022:0x2000 (pcnet32)
<LoveGuru> SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:29:7d:a2:9
<LoveGuru> 9", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
<LoveGuru> # PCI device 0x1022:0x2000 (vmxnet)
<LoveGuru> SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:29:72:46:d
<LoveGuru> e", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
<Kamping_Kaiser> hm. try deleting the eth1 line
<Kamping_Kaiser> or commenting it out ....
<LoveGuru> ok
<Kamping_Kaiser> since you shouldnt delete stuff without testing first :)
<LoveGuru> hehe
<LoveGuru> right
<LoveGuru> so should i restart my machine?
<Kamping_Kaiser> hm. you shouldnt have to (restarting udev should do), but you may as well
<LoveGuru> well i just did " sudo /etc/init.d/udev restart
<LoveGuru> its cool?
<Kamping_Kaiser> hopefully. i'm not to familar with udev unfortunately
<LoveGuru> ehehe
<LoveGuru> alright. so try to install ebox over?
<Kamping_Kaiser> LoveGuru, try running `sudo apt-get -f install` - it will probably ask to add or remove a lot of packages. can you run it and pastebin the output?
<LoveGuru> sure give me sec. let me sudo apt-get -f install ^ebox-.*
<Kamping_Kaiser> nah, just `sudo apt-get -f install`
<LoveGuru> ah ok
<LoveGuru> Kamping_Kaiser: Sir " http://pastebin.com/m5462a0ea "
<LoveGuru> i did "sudo apt-get -f install"
<Kamping_Kaiser> LoveGuru, f.ing awsome. thats what i hoped to see.
<Kamping_Kaiser> LoveGuru, ebox should be properly installed :)
<LoveGuru> yAhoOOoOOo
<LoveGuru> :p
<LoveGuru> Kamping_Kaiser: thanks alot n more then alot :) Let me check Quick :)
<Kamping_Kaiser> LoveGuru, nice work - hope it works for you
<LoveGuru> l0ol
<LoveGuru> yes sir..
<LoveGuru> Ever single module in my gui page.
<Kamping_Kaiser> :)
<LoveGuru> every single configuration right there :)
<LoveGuru> awsomeeee
<LoveGuru> man
<LoveGuru> Sir... Could You Please Find me A Gud ebox User Guide for me. if u can  Please.
<LoveGuru> Well Sir Nevamind .. The Link u Gave it to me . http://ebox-platform.com/community/installation-guide/ in the left there is one user-guide.
<LoveGuru> it would be guD?
<Kamping_Kaiser> no idea. not read it ;)
<Kamping_Kaiser> LoveGuru, i think now is when you should join #ebox, and provide them with feedback on the install instructions/install guide, etc
<Kamping_Kaiser> your feedback might make someone elses life easier :)
<LoveGuru> i did sir.
<LoveGuru> really :)
<Kamping_Kaiser> cool
<LoveGuru> thankx for all ur help :) let me play with ebox then after that my next lesson is learning IPV6. i do have setup of ipv6. but i really i don't know how it works. :p hehehe
<Kamping_Kaiser> good luck with it, hope you have fun with your server :)
<LoveGuru> so nice 0f ya thankyou :)
<Kamping_Kaiser> np
<uvirtbot> New bug: #305901 in xmcd (universe) "Intrepid gcc -O2 breaks string appending with sprintf(), due to fortify source patch" [Undecided,New] https://launchpad.net/bugs/305901
<alex_21> Hi, I am setting up an http proxy with Ubuntu. I get a 500 internal server error when accessing a page that is proxied. Any ideas what I can chek?
<Kamping_Kaiser> alex_21, apache log? /var/log/apache/{error,access}.log
<Kamping_Kaiser> alex_21, you might want to turn debugging up
<LoveGuru> Kamping_Kaiser: is there any guide/tutorial to learn about *nix directory/tree structure?
<Kamping_Kaiser> LoveGuru, lots. the 'net is full of them :)
<Kamping_Kaiser> heres one http://learnlinux.tsf.org.za/courses/build/sys-admin/ch03s02.html
<LoveGuru> i found some but its not detailed or in other words not gud for new users:)
<LoveGuru> ah t
<LoveGuru> tx
<anakron> Hi all
<anakron> im gabriel ruiz, asking you from Chile
<anakron> i have a bug related to this channel, ubuntu-server
<anakron> is related to nss-updatedb
<anakron> this tool is designed to work with libpam-ldap and libnss-ldap
<anakron> but there are not in suggests or recomends
<anakron> and nss-updatedb cannot work fine without these libs
<anakron> so, i want to know if i can change the package info and add libpam-ldap and libnss-ldap
<anakron> someone can help?
<anakron> answering
<mcas> anakron: hi
<anakron> hi
<anakron> :) thanks
<mcas> please fill a bugreport at https://bugs.launchpad.net/ubuntu
<anakron> its filled
<mcas> ah ok
<anakron> wait
<mcas> when did you filled it
<anakron> https://bugs.launchpad.net/debian/+source/nss-updatedb/+bug/302339
<uvirtbot> Launchpad bug 302339 in nss-updatedb "nss_updatedb error message uncorrectly reports missing libraries" [Undecided,Confirmed]
<anakron> i wasnt
<anakron> i want to make a patch for it
<mcas> ah ok
<mcas> my mistake
<anakron> so i think
<anakron> that it could be better if i add to recomends these libraries
<anakron> but i wanna know if it is possible to do or i can get some problem if i do it
<mcas> i think you can do it but i you should look for the maintainer
<anakron> ok
<anakron> ill make a patch for it
<anakron> and upload it
<anakron> and then ill send a mail to the maintainer
<mcas> ok i think this is the correct way
<mcas> you could attach the patch to the bugreport
<anakron> yes ill do it
<mcas> ok thanks for your help
<anakron> thanks for yours
<anakron> :)
<mcas> are you interested in doing some packaging work?
<anakron> yes i wanna do something like that
<mcas> cool :-)
<anakron> you know something about it?
<mcas> i am quite new in this channel but wait a moment
<mcas> i'll ask someone where you can get some information
<anakron> i have a friend that helps me
<anakron> :)
<anakron> but im looking for bitesize bugs
<mcas> you could join #ubuntu-bugs
<anakron> ok thanks
<anakron> im joined to ubuntu-motu
<anakron> too
<mcas> ah ok very good
<mcas> if i have more details for you i'll ping you
<anakron> :O thanks
<anakron> hey
<anakron> a question
<anakron> i would add it like suggest or recommends?
<riccardo> slve a tutti
<riccardo> chi mi puo spiegare come si usa questo sistaeme operativo.grazie
<unimatrix> hi, anyone know why i can't install both libapache2-mod-mono AND libapache2-mod-php5 ??
<unimatrix> each wants to remove the other
<unimatrix> so is it possible to have both a PHP5 and MONO/ASP server ?
 * lamont notes with some amusement that even in dapper, postfix, avahi, dnsmasq, and fetchmail, at most Recommend: resolvconf
<Hikor> Hello, I have some video stored on a ftp directory of my ubuntu server
<Hikor> I'd like to be able to access from my home computer, read them, browse directory
<Hikor> do you know the best way to do that ?
<KurtKraut> Is there anything like a net_avg ? A load_avg but instead of IO+CPU, considering the average load of a network conection ?
<Hikor> Oli`` i use win at home
<ip3> hi all , me problem with mysql ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)   can someone help me?
<jmarsden> ip3: mysql -uroot -p    and give it the password you chose when you installed it.
<ip3> jmarsden , i not set password , i'm runing mysql pre-installed
<jmarsden> Who installed it?  On what version of Ubuntu Server?
<ip3> 8.04 LTS
<jmarsden> I do not think 8.04 installs MySQL by default... so someone installed it... and when they did, they set that password.  Can you ask them what it is?
<ip3> I do not know who installed the system, is rented on a server data center
<jmarsden> Then ask the server data cenetr admins for info about their MySQL install?  Or uninstall it and reinstall it if you do nto care about any of the data currently stored in MySQL?
<ip3> not have data in mysql
<jmarsden> Then maybe you can just uninstall and reinstall, if you want to.  But asking the admin(s) who set it up would probably be safer.
<ip3> ok , thanks , sorry for my bad english , me from brazil, good day
<jmarsden> ip3: No problem.
<Deeps> ip3: sudo dpkg-reconfigure mysql-server-5.0
<Deeps> ip3: should allow you to reset the mysql root password
<ip3> Deeps tks , i re-installed server :)
<IL12> Anybody know how to get the minimal CentOS server GUI on the ubuntu server 8.10? if its possible? If not another possible minimal GUI thats optional to use?
<tonyyarusso> IL12: do you know the name of the GUI CentOS uses?
<IL12> no but I think a google search could probably reveal it.
<tonyyarusso> looking a bit now
<IL12> and I'm trying to see if I can intsall Webmin via CLI.
<tonyyarusso> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<IL12> Blech. alright.
<IL12> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<IL12> ty, btw. I forget about ubottu
<tonyyarusso> IL12: Oddly enough, Google isn't telling me anything.  Ebox is the recommended GUI for Ubuntu Server, and can be used both locally and over the web if you'd like though.
<tonyyarusso> ubottu's great :)
<ubottu> Sorry, I don't know anything about s great :)
<tonyyarusso> If not very intelligent.
<IL12> oh, yeah I already looked it up. I'm running 8.10 and ebox is broken for it.
<IL12> what about ... what is it.. puTTY?
<IL12> well thats just another CLI though isn't it. hm
<tonyyarusso> puTTY's just a terminal basically, useful for SSHing from a Windows box.
<IL12> could you not still SSH into a Linux box?
<tonyyarusso> You can.  The point is just to be more useful than cmd.exe for that purpose.
<IL12> Yeah.
<IL12> In reality I should have gone for the desktop version just running the server apps in stead of throwing myself directly into the CLI.
<IL12> what about trying just gnome-core or xubuntu-core for a GUI until I can get better with the CLI?
<tonyyarusso> you could certainly do that, although be warned that they still won't give you GUI configurations for the server apps, just other normal stuff.
<IL12> gahhhh.
<IL12> then there'd be no point for that since I have a laptop running Vista. I just have to admin this server off-site since it isn't being hosted at my own house.
<tonyyarusso> Then to the documentation you go :)
<tonyyarusso> !serverguide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/8.04/serverguide/C/
<IL12> Yeah. and a book on general linux CLI. I'm rather pathetic with it. :p
 * tonyyarusso thinks there's a factoid for that too...
<tonyyarusso> !cli
<ubottu> The linux terminal or command-line interface is very powerful. Open a terminal via Applications -> Accessories -> Terminal (Gnome) or K-menu -> System -> Konsole (KDE).  Guide: https://help.ubuntu.com/community/UsingTheTerminal
<tonyyarusso> yay!
<IL12> whee.
<IL12> Ty.
<IL12> Now to boot into the windows partition of it. :p Need to update its antivirus and work on the webpage. Yes, yes, terrible I know but its all i have until I can get used to this ubuntu CLI
#ubuntu-server 2009-11-30
<owh> I'm about to take control over a zone entry for a domain which is currently delegated to a DNS server outside my control. I've been advised to use named-xfer to make a backup of the zone, but that tool doesn't appear to exist in Ubuntu. Was it replaced, or am I not looking properly?
<Sattvic> Does anyone know about Google Apps for email and what happens if you switch hosting companies?
<owh> Sattvic: Not sure I understand what you're asking, since Google Apps is hosted with Google. Switching hosting companies doesn't make sense to me in that context. What do you really mean?
<Sattvic> My static html files are on a shared server.  I am using Google apps to host my email by pointing my MX mail records to them.  But now I want to switch web hosting providers and I want to know how that will effect my email
<owh> Sattvic: Well, that depends on who controls your DNS. If you only change the CNAMES for your web space, the MX records will not be affected, but if your hosting company controls the DNS, make sure that they don't "help" you by changing everything.
<owh> I'm going offline, back in about 30 minutes.
<Sattvic> I will be using zoneedit for my DNS management - will this manage MX records too them?
<jmarsden> owh: There is no named-xfer in bind v9.  named itself can do the same thing named-xfer used to do.  This is mentioned in http://www.bind9.net/manual/bind/9.3.2/Bv9ARM.ch06.html
<erichammond> soren, smoser: Is there any way that vmbuilder might somehow remove /dev/null and other /dev files? I interrupted a vmbuilder run and /dev was practically empty.  Fortunately, this was on a brand new EC2 instance so I'll just kill it and start another. http://paste.ubuntu.com/331411/
<AndyGraybeal> does anyone have a single-sign-on implementation with ubuntu server?  i'm reading this: https://help.ubuntu.com/community/SingleSignOn  it says it's still a work in progress, and i'm just assuming this is all the documentation on this subject for ubuntu because google isn't turning much else up.
<AndyGraybeal> looks like the overview is to install kerberos and ldap ;  i was wondering or considering also using radiuis for the accounting part.. can anyone help steer me?
<AndyGraybeal> *radius
<obscure> My motd tells me there are 19 packages to be upgraded some of which are security fixes, If i run apt-get upgrade to update the packages on Ubuntu Server, (apache2, php5, etc...) do I need to reconfigure them again?
<ScottK> obscure: Not as a rule, no.
<obscure> Ok, good. Thanks ScottK
<Pici> Unless something wants to use an updated config file, in which case it will present you with the option to use the new one, the old one or a diff.
<obscure> very cool
<wolfrein> hi guys,
<wolfrein> how can i route internet traffic through one interface using shorewall
<wolfrein> basically, i have two internet lines
<wolfrein> i want to shift internet traffic from one line to the other
<wolfrein> all internet traffic onto the other line, how can i do this on shorewall
<wolfrein> please advise
<jmarsden> wolfrein: I'm not familiar with shorewall, but assuming simple static routing, just set the default gateway to be the line you want the traffic on.
<wolfrein> where do i set the defaultroute?
<jmarsden> In shorewall's config files, I would think, or if not, in /etc/network/interfaces as usual on any Ubuntu server.
<khelvan> Hello, has anyone installed and configured fuppes on an Ubuntu Server (I'm running 8.10) via ssh before?
<jmarsden> Yes, someone has, it seems: http://ubuntuforums.org/showthread.php?t=1310511
<jmarsden> Ah, no that was for Karmic...
<mushroomblue> is there a reason you'd be be using fuppes?
<mushroomblue> meh.
<uvirtbot`> New bug: #490201 in samba (main) "samba fails to open shares because of fixed unknown password" [Undecided,New] https://launchpad.net/bugs/490201
<maxagaz> Is there some command line tool to check in real time the load of my network interfaces ?
<jmarsden> maxagaz: Maybe bandwidthd (and read the CDF logs it generates)?
<jmarsden> Most people would just use something like mrtg to graph network traffic and look at it with a web browser...
<maxagaz> jmarsden, I'd like something like top or htop, to be used in a command line
<maxagaz> as a command line
<jmarsden> ntop has a browser interface but is otherwise somewhat close to that.
<jmarsden> Hmmm, maybe jnettop -- I have not tried it...
<jmarsden> maxagaz: Yes, looks liek jnettop will do what you want.
<maxagaz> jmarsden, thanks! :)
<jmarsden> maxagaz: You're welcome.
<clusty> hey
<clusty> i am trying to synchronize a local development version of a site to the web server. what i am looking for is a protocol that minimizes data transmission
<clusty> could one upload data via rsync?
<jmarsden> clusty: Absolutely.  rsync over ssh would seem very appropriate for that.
<jmarsden> I rsync backups around that way quite a bit :)
<clusty> rsync-backup or how is it called?
<clusty> does rsync have any auth mechanism?
<jmarsden> If you use it over ssh, ssh keys are the auth mechanism :)
<clusty> or i simply make rsync remote demon not listen on the standard port
<jmarsden> Don't use the rsync daemon.
<clusty> and simply tunnel connection over ssh ?
<clusty> ohh ok
<clusty> so how would that work?
<clusty> the local client would figure out the diff ?
<clusty> local=development
<jmarsden> Did you man rsync?    Something like rsync -avz -e ssh remoteuser@remotehost:remotedir /local/dir/    # rsyncs from remote to local...
<clusty> ok got it
<twb> Watch those trailing slashes
<xgpt> hello
<xgpt> is anyone still awakE?
<twb> xgpt: no
<xgpt> twb, lol
<xgpt> nice
<soren> erichammond: I've certainly meant to err on the side of caution when cleaning up, but it's not impossible there's a bug somewhere that would cause that. :-/
<twb> xgpt: did you have a question?
<AlexC_> morning
<AlexC_> I've got an issue regarding partitions that need resizing on a live production server (yes, kill me later). http://ubuntuforums.org/showthread.php?p=8412551#post8412551 - I could really do with some help in this
<maxb> AlexC_: Sounds like you actually need to move hundreds of gigabytes around on the platters. I don't see you have any options other than shutting the entire thing down, and rebuilding the new desired layout on a new physical drive, then swapping out the physical drives
<AlexC_> ouch, not what I wanted to hear :P
<AlexC_> well, let me throw this out there:
<AlexC_> resize sda9 to be smaller, say by 10gb. Mv sda8 and sda7 below sda9 (to fill the new space I've just created) and then expand sda6 into the space that sda6 and 7 used to take?
<AlexC_> That would give me, 6gb extra for /var
<maxb> better, because it reduces the "move partition" dataset to 2.8G
<AlexC_> do you believe this would be viable?
<maxb> oh, sda8 is tiny
<maxb> not 2.8G, less than a gig
<AlexC_> yes it's /tmp and sda7 is swap
<maxb> that seems a lot more viable
<AlexC_> as you can probably tell - this entire partition table is messed up. I'm not sure what the installer did when I first did it, but to start with, / was 500mb =)
<AlexC_> so I've had to do something like this few months back
<maxb> The key thing here is to not be moving the start of any large partition, because that will force a full data-copy from one location on the disk to another
<AlexC_> quick question, obviously I'm going to have to disable swap which is fine - but how will the kernel handle an unmounted /tmp partition?
<maxb> The kernel shouldn't care. But userspace stuff might well
<AlexC_> ok, well I can shutdown most if not all services
<maxb> Still, you seem to have enough space on / that it should be able to get by with /tmp living on the root partition for a little while
<AlexC_> ah, yes - that'll do it
<maxb> Just remember to set the permissions properly on the /tmp mountpoint after you've unmounted it
<AlexC_> how'd you mean?
<maxb> I mean, the permissions on the underlying mountpoint will likely not be the proper ones for an active /tmp directory
<maxb> Because once mounted, it is the permissions on the mounted device which matter
<AlexC_> oh right, yes
<maxb> Thought for the future: I don't see any reason for partitioning so aggressively at all - not if everything's on the same underlying disc anyway
<AlexC_> true
<AlexC_> maxb, silly question, how do I actually get /tmp on /? Simply unmount and remove entry from fstab, then kernel should just start using /tmp on /?
<maxb> The kernel doesn't really use /tmp
<maxb> Use lsof +D /tmp to get an idea of what processes you'll need to stop / kill
<maxb> check and rememember the current permissions
<maxb> unmount and reapply permissions
<maxb> update fstab just in case, I guess
<AlexC_> maxb, how about http://ubuntuforums.org/showthread.php?p=8412551#post8412551 ? Seems like it could work smoother
<AlexC_> hum, /home is busy - how can I resolve that?
<qman___> AlexC_, umount -l will prevent new operations from starting, wait for current operations to finish, and then unmount it
<qman___> presuming that's what you were referring to
<mdz> ttx: I've made a pass over the blueprints this morning as well; they are all now either approved or back to drafting
<mdz> except for the two QA specs, which are awaiting review/approvel from marjo
<AlexC_> qman___, a ha, awesome - thanks, shall try that later on
<IcyPolecat> hiya, does anyone know if it's possible to configure ftp (pro, vs or other) to work with the www-data user and group used by apache for multiple users?
 * soren lunches
<ttx> mdz: ok, I completed my first pass this morning as well.
<ttx> mdz: will sync with smoser today to help him add details to his specs, if needed.
<maxagaz> how to have a persistent resolv.conf with ppp connection
<maxagaz> it's always replaced by the provider stuffs
<soren> mdz: server-lucid-other-cloud-providers and server-lucid-vmbuilder-multiple-outputs are still set to "review". I'm not entirely sure what to make of that.
 * zul hates snow
<mdz> soren: they aren't on https://blueprints.edge.launchpad.net/ubuntu/lucid?searchtext=server-lucid
<soren> ?!?
<soren> Oh /lucid!
<soren> Erm.. Yeah, that's unfortunate.
<mdz> soren: in terms of targeting things for lucid, I'm worrying first about the things we are doing for the first iteration (alpha 2)
<mdz> we'll be re-juggling priorities at that point anyway
<mdz> I think we have enough to do for alpha 2 already
<soren> Ok.
<mdz> ttx: that reminds me, what should we do with java-library-fixes?
<ttx> mdz: it's reasonable to target it to post-alpha2, I'd say alpha-3
<mdz> you already have euca-remote-registration and eucalyptus-karmic-retro work to do for alpha 2; do you think java-library-fixes is doable as well?
<mdz> ok, let's leave it un-milestoned then
<ttx> mdz: those are all "good to have" fixes for LTS rather than new features
<mdz> ttx: bug-zapping is milestoned for alpha 1(?!) but has no spec yet
<ttx> mdz: yes, kirkland targeted it, I think the idea was to have it started early in the cycle
<ttx> mdz: though it could be considered "completed" by the end of the cycle
<ttx> depending on whether the spec covers just the process setup or the zapping sessions as well.
<mdz> ttx: I don't even know what work is involved since there is no spec or work items
<ttx> mdz: kirkland should work on that one when UEC testing is fixed. Should be unmilestoned until you get more info
<soren> mdz: I just thought we wanted to have everything spec'ed by the end of last week, not just the stuff for alpha 2 (which AIUI is yet to be completely defined)?
 * ScottK is still trying to finish his mail integration spec.
<uvirtbot> New bug: #489201 in samba (main) "smbd crashes when connection status changes" [Medium,Triaged] https://launchpad.net/bugs/489201
<AlexC_> maxb, alive?
<maxb> hello
<AlexC_> hey
<AlexC_> right, what I did was split /dev/sda9 up to make another 50gb partition. What I then did was 'dd if=/dev/sda6 of=/dev/sda10' to copy the old /var over to the new partition. However when doing an 'fsck -n /dev/sda10' it came up with filesystem errors regarding inodes. So, I did 'mkfs.ext3 /dev/sda10' and 'cp -ar /var /vartmp' (mounted /dev/sda10 as /vartmp)
<AlexC_> however - while files do seem to be in the new /var, some things aren't. I don't think a 'cp' is the best way to do this. How else can I copy the older (smaller) partition data to the newer, larger one?
<maxb> I would have thought a cp -a would have done the job
<AlexC_> I shall try it again, it actually looks like nothing was copied. Hum
<smoser> soren, saw erichammond's question from yesterday about vmbuilder failing and removing /dev files. i've seen this too. (on nectarine)
<AlexC_> maxb, k, working. Thanks for all the help. Sorry for bothering you again
<AlexC_> much appreciated
<soren> smoser: Yikes.
<soren> smoser: /me ponders
<soren> smoser: I can't imagine why that would happen.
<Ng> are final karmic images heading for the UEC imagestore? :)
<soren> Ng: They're.. not.. there? O_o
<Ng> soren: shows RC images for me
 * soren sighs
<Ng> they might be the same, but they identify as RC
<Ng> there's two of them and the mediawiki test image thing
<soren> Right.
<smoser> i'm fairly sure they *are* rc
<smoser> per aubre
<Ng> bug #457283 makes it a little irrelevant I suppose, since they don't boot anyway ;)
<uvirtbot> Launchpad bug 457283 in eucalyptus "x86_64 images should be presented a /dev/sdb, not a /dev/sda2" [Medium,Triaged] https://launchpad.net/bugs/457283
<Ng> also while I'm on the subject - I'd like to check for, or file a bug about the naming of images pulled from the imagestore - which component is actually doing that?
<Ng> image-store-proxy I think?
<smoser> Ng, the released images should boot fine. and the RC were tested as functional, so i think the issue of "they don't boot" isn't 100% true. Multiple people have reported it, but i have not seen it, and personally did test the RC images on UEC before release.
<ttx> Ng: could also be in eucalyptus itself
<ttx> Ng: since some of the image store code is implemented there.
<Ng> smoser: I only just installed eucalyptus on some random hardware at home to test the image store and I'm seeing the above bug booting either image. I'd happily boot the instances without the (to me useless) ephemeral storage :)
<Ng> ttx: ok, well I'll start with the image-store-proxy and see what gustavo does with the suggestion
<smoser> Ng, you see that bug booting the release images ?
<ttx> Ng: sounds good.
<Ng> smoser: I haven't tried them, I just clicked the image store buttons to install those. I'm happy to try other images
<smoser> oh. ok.
<smoser> Ng, smoser@ubuntu.com ?
<smoser> pretty please update that?
<kirkland> ttx: hey
<kirkland> ttx: couple of questions/comments about the pending Eucalyptus SRU
<ttx> kirkland: yo
<ttx> kirkland: the 7.3 one ?
<kirkland> ttx: you were telling me you have another one queued up?
<kirkland> ttx: yeah, so, i have two things
<ttx> yes, I've a branch ready
<kirkland> ttx: first, i can confirm that 7.3 euca_rootwrap powerwake stuff works
<ttx> kirkland: cool
<kirkland> ttx: second, i have identified a breakage and a fix for the POWERSAVE problem
<kirkland> ttx: i'm not sure if 7.3 caused that regression, or if it's there already
<kirkland> ttx: but here's what I'm thinking ....
<smoser> ttx, kirkland... i know that it has seen no work, and you want to get a refresh out... but we really need a fix for the user-data.
<ttx> smoser: the eucalyptus part of that fix is in my branch
<kirkland> ttx: i think i can just sign off on 7.3 as is, and add my one-line fix to your 7.4
<kirkland> ttx: what do you think?
<ttx> kirkland: sounds good to me
<smoser> ttx, where?
<kirkland> cool
<ttx> that way 7.4 will be in -proposed for smoser to play with :)
<ttx> smoser: https://code.launchpad.net/~ttx/eucalyptus/karmic-sru2
<ttx> + my PPA for your testing pleasure
<ttx> smoser: see https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/461156/comments/27
<uvirtbot> Launchpad bug 461156 in eucalyptus "User data is not parsed correctly by Eucalyptus in some cases" [High,In progress]
<smoser> rock on ttx
<kirkland> ttx: is smoser's user-data fix in your SRU?
<kirkland> ttx: 7.4?
<ttx> smoser: i'm trying to see if the euca2ools SRU yo uprepared should also include bug 450044
<uvirtbot> Launchpad bug 450044 in euca2ools "euca-bundle-vol does not create essential tmpfs mounts when bundling Ubuntu images" [Medium,Confirmed] https://launchpad.net/bugs/450044
<ttx> kirkland: smoser's fix is in euca2ools
<ttx> 461156 needs two fixes, one in eucalyptus and one in euca2ools
<smoser> personally i dont care so much about that one
<ttx> the one in eucalyptus needs to go before (orr at the same time) as the euca2ools one
<smoser> bug 461156
<uvirtbot> Launchpad bug 461156 in eucalyptus "User data is not parsed correctly by Eucalyptus in some cases" [High,In progress] https://launchpad.net/bugs/461156
<kirkland> ttx: where's your branch?
<smoser> kirkland, https://code.launchpad.net/~ttx/eucalyptus/karmic-sru2
<ttx> ^
<ttx> kirkland: feel free to merge once 7.3 is cleared
<smoser> ok. ttx, so i dont care all that much about the rebunding (euca-bundle-vol). i wouldn't postpone release for it unless it is very close.
<ttx> smoser: ok
<ttx> so process is ack 7.3 out of the door, prepare 7.4 from my branch + kirkland's POWERSAVE fix (file bug about that one), commit to proposed both the euca2ools and the eucalyptus 7.4
<smoser> rebundling on a live instance doesn't make all that much sense to me, when you can just download the pristine image and chroot to change it
<kirkland> ttx: i just pinged pitti to let him know
<ttx> we'll try to sneak the rampart fix in the second bundle as well, if nurmi acks it
<smoser> ttx, so what do you need from me.
<ttx> bug 460085 -- requiring both the eucalyptus fix (in my branch) and a rampart SRU
<uvirtbot> Launchpad bug 460085 in eucalyptus "memory leak; rampart_context not freed (memory leaked per connection)" [High,Fix committed] https://launchpad.net/bugs/460085
<ttx> smoser: nothing, I think
<ttx> smoser: a debdiff / merge proposal for your euca2ools fix, maybe
<ttx> (if not already submitted)
<smoser> that is easy to produce if you want it. i will do that.
<zul> ttx: ping
<zul> ttx: for the daily vcs spec "I would split the work for each package: have one "Import debiandir + Write recipes" item and one "Upload to PPA + publicize" item for each selected package." are you refereing to the workitems?
<ttx> smoser: the debdiff in your PPA should be ok for that
<ttx> smoser: no real need to resubmit it.
<ttx> zul: yes
<smoser> ok. i was just about to post a link to it.
<zul> ttx: ok thanks
<ttx> smoser: if you need any help in fixing your blueprints based on the reviews, let me know
<ttx> smoser: you have a lot to do and it's your first time through this process :)
<smoser> i'll dig through those today and will get back to you. i agreed that there was little infomration about the boot hooks :)
<uvirtbot> New bug: #490380 in samba (main) "Please change the default permissions on SMB shares" [Undecided,New] https://launchpad.net/bugs/490380
<ttx> kirkland: hm, about bug 490382...
<uvirtbot> Launchpad bug 490382 in eucalyptus "eucalyptus-cc init script doesn't always clear /var/lib/eucalyptus/CC" [Medium,Triaged] https://launchpad.net/bugs/490382
<kirkland> ttx: yeah
<ttx> I think it's a feature.
<kirkland> ttx: i found it helped to move the rm -f /var/lib/eucalyptus/CC/* a bit higher
<kirkland> ttx: hmm, well, it's keeping SCHEDPOLICY changes from taking affect at all
<ttx> kirkland: let me dig some context
<ttx> https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/460089
<uvirtbot> Launchpad bug 460089 in eucalyptus "network state is lost if the cluster controller (CC) is stopped" [Medium,Fix committed]
<ttx> so this is indeed a regression in the -proposed package
<ttx> since this was introduced in 7.2
<ttx> kirkland: you should probably stop the presses
<kirkland> ttx: hrm, well, if I can "sudo restart eucalyptus CLEAN=1" and get the behavior I want, I can just update the documentation
<ttx> kirkland: we already know this is necessary if you change network things in eucalyptus.conf
<ttx> kirkland: which (imo) is more than confusing
<kirkland> ttx: okay, now I'm confused as to your recommendation
<kirkland> ttx: what do you recommend?
<ttx> see https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/464384
<uvirtbot> Launchpad bug 464384 in eucalyptus "Not obvious a "Clean" restart is needed after config changes" [Wishlist,Triaged]
<ttx> kirkland: just a sec
<ttx> kirkland: could you check that using CLEAN=1 is ok to workaround the "take POWERSAVE into account" issue ?
<kirkland> ttx: sure, i'll test that now
<ttx> then I'd just release 7.3
<ttx> and we make sure we fix bug 460089 with more deocumentation/helpers
<uvirtbot> Launchpad bug 460089 in eucalyptus "network state is lost if the cluster controller (CC) is stopped" [Medium,Fix committed] https://launchpad.net/bugs/460089
<ttx> arh
<ttx> not that one
<ttx> and we make sure we fix bug 464384 with more deocumentation/helpers
<uvirtbot> Launchpad bug 464384 in eucalyptus "Not obvious a "Clean" restart is needed after config changes" [Wishlist,Triaged] https://launchpad.net/bugs/464384
<ttx> kirkland: let me know if anything remains fuzzy, should be clear after reading those two bugs
<kirkland> ttx: okay, i'm testing now
<kirkland> ttx: unfortunately it takes a long time to test these
<ttx> ok
<kirkland> ttx: as it takes ~5 minutes to put the nodes to sleep
<ttx> personally I'm not that convinced about the CLEAN=1 trick. I expect configuration changes to kick in at restart. But that's a tradeoff, being able to update a running eucalyptus without losing running VMs is quite interesting as well
<ttx> kirkland: in the end it's more a documentation issue, which is the point of filing bug 464384
<uvirtbot> Launchpad bug 464384 in eucalyptus "Not obvious a "Clean" restart is needed after config changes" [Wishlist,Triaged] https://launchpad.net/bugs/464384
<kirkland> ttx: https://help.ubuntu.com/community/UEC/PowerManagement
<kirkland> ttx: yeah, i just added it to there
<ttx> kirkland: in my testing I did use CLEAN=1 though, and failed to get it to work, so...
<ttx> better confirm that first.
<kirkland> ttx: hmm, there's still something wrong
<kirkland> -rw-------  1 eucalyptus eucalyptus 1081458688 2009-11-30 10:00 eucalyptusCCInstanceCache
<kirkland> ttx: that file is not getting cleared
<ttx> hrm
<ttx> kirkland: it clears the others but not that one ? Do they have different permissions ?
<kirkland> ttx: no diff on perms
<kirkland> ttx: it doesn't look like the $CLEAN var is being passed
<kirkland> ttx: as if i remove the $CLEAN = 1 test, it does remove the files
<ttx> arh, more upstart mysteries
<ttx> then it's a regression... we should hold that -proposed release
<ttx> kirkland: if you pined pitti, you should ask him to pause
<ttx> pinged
<ttx> maybe it's the bashism
<kirkland> ttx: i think it's a shell bashism
<kirkland>         [ "${CLEAN}" = "1" ] && rm -f /var/lib/eucalyptus/CC/*
<kirkland> vs.
<kirkland>         [ "${CLEAN}" = 1 ] && rm -f /var/lib/eucalyptus/CC/*
<kirkland> "1" works
<kirkland> 1 doesn't work
<kirkland> ttx: i think that's all there is to it
 * kirkland tests some more
<kirkland> ttx: yup
<kirkland> ttx: that's it
<ttx> kirkland: what's your opinion ? we probably shouldn't release 7.3 without a way to CLEAN the cc env, imo
<kirkland> ttx: yeah, i agree
 * ttx grumbles
<kirkland> ttx: i know ....
<kirkland> ttx: it takes so long to get all parties to agree on an SRU
<ttx> two options, fast-tracking a 7.4 with only the one-liner fix
<ttx> or do a complete 7?4
<ttx> 7.4
<ttx> I prefer the one-liner option
<ttx> since I'd like long testing of the rampart/ memleak fix
<kirkland> ttx: well, if we release 7.3 as is, it's at least 1 week before -updates users get this CLEAN restart fix
<kirkland> ttx: okay, i'll upload a 7.4 with this one-liner fix
<kirkland> ttx: is mathiaz working today
<kirkland> ttx: i'd like him to ack this simple change
<ttx> kirkland: he should
<kirkland> ttx: cool
<kirkland> ttx:  http://paste.ubuntu.com/331811/
<kirkland> ttx: i'd like to upload that to karmic-proposed now
<kirkland> ttx: and ask pitti to hold off on promoting 7.3
<ttx> kirkland: do you have the power to reject it from -proposed, as an AA ?
<kirkland> ttx: yes, I think so, but we're not supposed to touch our own uploads
<ttx> ok
<kirkland> ttx: hrm ...
<cj> any canonical reps here?
<cj> if so, pm or email cjac@colliertech.org - thinking about offering support for our cloud stuff
<pipedream> .
<jpds> cj: Would be a better idea to send an email through the links at: http://www.ubuntu.com/cloud/support
<smoser> jjohansen, ping
<EtienneG> hey guys
<EtienneG> seems like I have not spent enough quality time with Eucalyptus 1.6 yet ... when/why would it use a tap device?
<EtienneG> I thought it was only for inter-cluster communication, is that right?
<jjohansen> smoser: pong
<smoser> hm... i think i figured out what i was going to ask.
<smoser> but i do have one question
<smoser> what do the lucid kernels look like for ec2 ?
<smoser> they have any changes to karmic in them?
<jjohansen> yeah, I rolled in ext4, and virtaudio
<jjohansen> I uploaded a test kernel last week
<jjohansen> smoser: I still need to finish going through the configs, but the kernel should start showing up as part of the daily builds this week
<jjohansen> smoser: 64bit 2.6.32 test kernel aki-c4c527ad, ari-d8c527b1
<smoser> ok. so the ones that are in the archive now are just karmic, but later this week you'll push "real lucid"
<smoser> right?
<jjohansen> right
<jjohansen> apw: was doing some packaging work on it this morning
<smoser> so you'll expect that 428692  would be fixed
<apw> bug #428692
<uvirtbot> Launchpad bug 428692 in linux-ec2 "ec2 kernel needs CONFIG_BLK_DEV_LOOP=y and other config changes" [Medium,Triaged] https://launchpad.net/bugs/428692
<apw> jjohansen, yep, my test builds are going now
<smoser> so those would be turned on.
<jjohansen> smoser: yep
<apw> jjohansen, are those config changes in your branch i took?
<smoser> the other part of that bug is "more like -virtual"
<jjohansen> apw: yes
<apw> jjohansen, ok thanks
<smoser> ie, pruning of non-virutal related modules
<apw> jjohansen, you happy with the ocntents of your branch, as a first stab -ec2 kernel for lucid?  assuming my builds pass now ?
<jjohansen> smoser: I haven't rolled in all the virtual config options but I did grab the ones we have some bugs against, ext4, loop, virtaudio
<jjohansen> apw: yeah
<apw> jjohansen, ack, ok my test builds look ok, so i'll be getting it up shortly
<jjohansen> apw: thanks
<smoser> jjohansen, ok... thats good, just wanting it also to be smaller, no reason for lots of drivers in ec2
<jjohansen> yeah, this first round is bigger than it needs to be, but the configs will get tightened up
<kirkland> mathiaz: hi!
<kirkland> mathiaz: i have some questions about eucalyptus clean-restart
<kirkland> mathiaz: something about this is making powersave not work quite right
<kirkland> mathiaz: also, i need to talk to you about the uec-testing spec
<cj> jpds: thanks.  I didn't know that existed.
<RoAkSoAx> kirkland, I'll work on testdrive as soon as I finish my exams :)
<kirkland> RoAkSoAx: ;-)  awesome
<RoAkSoAx> kirkland, btw... you want it to support other distributions and not only '*Ubuntu Desktop/Server/Netbook' right?
<alex88> hi all..i have a pc with ubuntu and a brand new install..is possible to use the installed debs via synaptic and install on the fresh install? cause i haven't a high speed internet here
<alex88> ok found some in /var/cache/apt/archives/
<cj> jpds: hurm, I think /cloud/support is aimed more at end-users... I want to find a way to potentially integrate a support offering in to a cloud service
<bogeyd6> !firewall
<ubottu> Ubuntu, like any other linux  distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command (see https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw), or 'iptables' (https://help.ubuntu.com/community/IptablesHowTo). GUI applications such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist
<uvirtbot> New bug: #490466 in mysql-dfsg-5.1 (main) "[armel] unrecognizable insn with -mthumb" [Undecided,New] https://launchpad.net/bugs/490466
<benedikt> I need an idea for backups. I have a private server on a remote location. Now it backups up my personal stuff from home and itself and puts it on a usb drive. I want something safer (for the server data) but i cant figure out a smooth backup plan. And i use rsnapshot for the backups.
<cemc> on my Karmic in mysql console the reverse search (Ctrl+R) does not work. how can I enable it ?
<cj> cemc: you prolly need to install readline
<cj> libreadline6
<cj> I bet mysql-client recommends it
<cj> well, the lenny one does
<cj> $ apt-cache show mysql-client-5.0 | grep -i rec
<cj> Recommends: libterm-readkey-perl
<cj> try installing libreadline6 and libterm-readkey-perl
<cemc> cj: they are installed. it seems in Karmic mysql is not built with readline, found some forum thread
<cj> cemc: ah.  yeah, there were some license issues that I recall from my tenure there...
<cj> cemc: which mysql-client do you have installed?  you might try mysql-client-5.0 if you've currently got 5.1
<uvirtbot> New bug: #490484 in qemu-kvm (main) "running 64bit client in 64bit host with intel crashes" [Undecided,New] https://launchpad.net/bugs/490484
<cemc> cj: if I try to install mysql-client-5.0, it wants to remove mysql-client-5.1 AND mysql-server
<cj> that's crazy.  do you need any of the features from 5.1?
<cj> it might be better to build your mysql-client-5.0 package yourself.  either that or connect to your server remotely
<cj> I rarely need to use the run the mysql client on the server
<cj> s/use the /
<cj> er, I meant it might be better to build your mysql-client-5.1 package yourself, since that's the one missing readline support.
<cj> it's like it's lunchtime all over the world
<micahg> was there a decision to stick with PHP 5.2 in lucid?
<genii> !info php5 lucid
<ubottu> php5 (source: php5): server-side, HTML-embedded scripting language (metapackage). In component main, is optional. Version 5.2.11.dfsg.1-1ubuntu1 (lucid), package size 1 kB, installed size 20 kB
<micahg> I guess it doesn't mean anything as 5.3 isn't even in debian unstable yet
<ttx> kirkland: howdy
<kirkland> ttx: hey
<kirkland> ttx: i told pitti to go ahead and publish to -updates
<kirkland> ttx: as I think I was just seeing the racy behavior reported elsewhere
<kirkland> ttx: which we should fix subsequently
<ttx> kirkland: ok, not a regression then
<kirkland> ttx: i'm also nearly done with the initial 1.6.1 merge
<kirkland> ttx: i don't think so
<ttx> kirkland: ok
<ttx> kirkland: We need to implement CLEAN in start anyway
<kirkland> ttx: yes, we do
<kirkland> ttx: i didn't want to block what we had alraedy any longer, though
<ttx> kirkland: might workaround the race in stop.
<zooko> Folks: what's the state of the art in union filesystems for Karmic?  I'm trying to build a USB flash drive for boot, and ideally a union with a RAM disk so that writes don't actually reach the flash.
<kirkland> ttx: i thought that it would be best to get the fixes we have out now
<kirkland> ttx: so that we can focus on the next round of fixes
<ttx> kirkland: agreed.
<kirkland> ttx: good ;-)  i was hoping we'd see eye to eye on this one
<ttx> kirkland: could you file a bug about the missing start/CLEAN=1 ?
<kirkland> ttx: well, or convert the one i opened to actually say that
<ttx> kirkland: we'll have to test if restart / CLEAN=1 as well, dunno how well tat would work
<ttx> kirkland: sure.
<kirkland> ttx: mathiaz is having some hardware issues with his laptop today
<ttx> though the race in stop is actually a separate issue from missing start/CLEAN=1 support
<kirkland> ttx: i was going to sync up with him once he's back online
<ttx> ok, see you tomorrow then.
<ttx> keep the bugs updated ;)
<zooko> https://wiki.edubuntu.org/KernelTeam/ReleaseStatus/Karmic says that aufs is chosen as the union mechanism for karmic, but https://lists.ubuntu.com/archives/kernel-team/2009-April/005184.html says that it is disabled for karmic.  Which is newer?
<zooko> Hm, and https://blueprints.launchpad.net/ubuntu/+spec/update-manager-aufs-karmic seems to say that aufs will be supported in karmic.
<aljosa> anybody knows if there is a reason why zenoss is not available in ubuntu?
<cj> heya jono
<jono> hey
<cj> I listened to your interview the other day ;)
<cj> how's it feel to be a celeb?
<soren> mdz: So, as you say lucid-server-other-cloud-providers is not on b.l.p/ubuntu/lucid. It /is/ proposed for Lucid, though. Is there no way to reject it, or is there some other reason it's kept in limbo?
<soren> mdz: As a lowly minion, I can only suggest blueprints for a particular release series, not approve them.
<mathiaz> kirkland: reading the backlog - seems you've pushed the SRU?
<mathiaz> kirkland: do you need any help on thi?
<mathiaz> kirkland: this
<kirkland> mathiaz: yes, to both
<kirkland> mathiaz: we did push the sru
<kirkland> mathiaz: however, CLEAN=1 doesn't always work for me
<kirkland> mathiaz: i think there's a race condition
<kirkland> mathiaz: or some non-determinism
<mathiaz> kirkland: hm ok.
<kirkland> mathiaz: we've decided to fix that in the next upload
<mathiaz> kirkland: IIRC CLEAN=1 is a new feature ?
<kirkland> mathiaz: i think you added it in 7.2
<mathiaz> kirkland: well - we've changed the default behavior of the init script, then added an option to fall back to the old behavior if needed
<kirkland> mathiaz: right, and I'm saying that I don't think the fallback code (CLEAN=1) is quite adequate
<kirkland> mathiaz: ie, i sometime restart with CLEAN=1 and my /var/lib/eucalyptus/CC is *not* cleaned
<mathiaz> kirkland: ok.
<kirkland> mathiaz: but sometimes it is
<mathiaz> kirkland: we can fix that in another SRU I guess
<mathiaz> kirkland: now it may be related to upstart?
<kirkland> mathiaz: yeah, ttx already has another branch going
<mathiaz> kirkland: great - anything else I can help with?
<kirkland> mathiaz: yes, as a matter of fact
<kirkland> mathiaz: i'm also working on the eucalyptus upstream merge for lucid
<kirkland> mathiaz: it seems that they have added a debian/ directory
<kirkland> mathiaz: this is giving me some trouble
<mathiaz> kirkland: right - they mentioned that at UDS
<kirkland> mathiaz: when i do a "bzr export" from their 1.6 branch, i get a debian/ in the tarball
<kirkland> mathiaz: bzr bd -S doesn't like this at all
<mathiaz> kirkland: hm... I kind of understand why
 * mathiaz thinks about a solution
<kirkland> mathiaz: we could manually create the tarball
<kirkland> mathiaz: bzr export really should have a --exclude option
<kirkland> mathiaz: i've been asking the bzr guys this for >1 year
<mathiaz> kirkland: right - but don't you run into problem when you merge the upstream branch in the ubuntu branch?
<kirkland> mathiaz: oh, well, yeah, that's another part of the problem
<mathiaz> kirkland: let me try something..
<mathiaz> kirkland: you're still using lp:~ubuntu-core-dev/eucalyptus/ubuntu/ as the branch to work from?
<mathiaz> kirkland: for your lucid branch?
<mathiaz> kirkland: and what's the upstream branch you're trying to merge?
<kirkland> mathiaz: on the phone with nurmi
<jdstrand> soren: hi! fyi, I'll be working on the libvirt merge today/tomorrow
<soren> jdstrand: Merge with Debian or upstream or both?
<jdstrand> soren: well, both
<jdstrand> soren: upstream just has a couple of things
<soren> jdstrand: You're kidding, right?
<jdstrand> soren: 0.7.2 has almost everything, but needs a few extra bits
<soren> jdstrand: the changelog from 0.7.2 -> 0.7.4 is gigantic.
<jdstrand> soren: oh, gosh, not 0.7.4
<jdstrand> soren: I meant merge Debian, and apply a couple small commits for the AA driver
<soren> jdstrand: Ah, ok. That's what I meant by "with upstream" :)
<jdstrand> soren: after this merge, it won't be as important that *I* do it
<jdstrand> soren: this one is slightly messy cause 0.7.0 has the sVirt patch and 0.7.2 has it included
<ScottK> Of course then you'll be TIL and stuck with it forever anyway.
<ScottK> ;-)
<soren> ScottK: ssshh.. All part of my master plan :)
<jdstrand> heh, maybe I'll 'accidentally' forget the changes to ubuntu15 ;)
<soren> jdstrand: Feel free to comment out the eventtest unit test. I need to poke at that a little bit.
<soren> jdstrand: Without that one, everything should work just fine.
<jdstrand> soren: ok
<kirkland> mathiaz: okay, back now
<kirkland> mathiaz: lp:eucalyptus/1.6 and lp:~ubuntu-core-dev/eucalyptus/ubuntu
<kirkland> mathiaz: i think it's going to be easiest just to create the tarball myself --excluding .bzr and debian/
<mathiaz> kirkland: ok - thanks. I'll try a couple of things to handle the debian/ directory
<kirkland> mathiaz: cool, let me know what you find
<mathiaz> kirkland: yeah - that won't solve the case of the merge though
<kirkland> mathiaz: fwiw ... http://paste.ubuntu.com/331961/
<kirkland> mathiaz: i'm trying to document what needs to be done each time i merge
<kirkland> mathiaz: i have the TODO of merging Eucalyptus into Lucid every Monday, once a week
 * mathiaz oks
<kirkland> mathiaz: those instructions are kinda broken right now, due to the debian/ wonkiness
<kane_> kirkland++ # scripting
<zooko> FWIW, the Tahoe-LAFS project is planning our next release to be early enough to get into Lucid: http://allmydata.org/pipermail/tahoe-dev/2009-November/003169.html
<kirkland> kane_: is that an affirmation?  :-)
<kane_> positive karma for automating tasks, right? :)
<kirkland> kane_: ah, yeah :-)
<mathiaz> kirkland: seems I got the merge working:
<kirkland> mathiaz: hrm, what was I doing wrong?
<mathiaz> kirkland: branch upstream-1.6, bzr remove debian/, bzr ci
<mathiaz> kirkland: branch lucid, bzr merge upstream-1.6-nodebian
<kirkland> mathiaz: oh, that's cheating :-)
<mathiaz> kirkland: well - hopefully upstream will do the same soon ;)
<kirkland> mathiaz: i talked to dan; he was going to see about removing debian/
<kirkland> mathiaz: but no promises right now
<kirkland> mathiaz: i suggested that he creates a packaging/ dir, and bzr mv's debian to there
<mathiaz> kirkland: ok - so they'll probably do the same thing
<kirkland> mathiaz: and symlinks to it when they want to build their package or something
<kirkland> tar zcvf eucalyptus_$VER~bzr$REVNO.orig.tar.gz --exclude .bzr --exclude debian eucalyptus_$VER~bzr$REVNO
<kirkland> mathiaz: ^ is what i'm doing for now
<mathiaz> kirkland: right - did you add to a get-orig-source rule?
<mathiaz> kirkland: get-orig-source target in the debian/rules file?
<kirkland> mathiaz: no ... but I will if i can make this work in an automated fashion
<mathiaz> kirkland: and the merge shouldn't be that hard actually - we know which version of the file we want
<mathiaz> kirkland: there isn't any manual editing to be done
<kirkland> mathiaz: what "file" ?
 * mathiaz tries
<majuk> I feel duuuumb. Say I have a user in group X (but is not its primary group) which is the group-owner of folder Y... with 770 permissions I can't access Y with user X. Am I missing something?
<majuk> *with user in group X
<majuk> Does it have to be that user's primary group in order to access the folder with those perms? That doesn't make any sense to me, but I am often crazy.
<kirkland> mathiaz: okay, i like your bzr rm debian method
<kirkland> mathiaz: seems to work well enough
<mathiaz> kirkland: well...
<mathiaz> kirkland: I'm looking at another way
<mathiaz> kirkland: I don't know how things will work for the *next* merge
<mathiaz> kirkland: another option is to merge upstream-1.6
<majuk> I am dumb, relogging in ftw
<mathiaz> kirkland: that will create a conflict with the ubuntu debian/ directory being moved to debian.moved (with upstream in debian/).
<mathiaz> kirkland: then you'd commit the change as is (resolving the other conflict.)
<mathiaz> kirkland: and then move back all the files from debian.moved/  to debian/
<mathiaz> kirkland: but that doesn't really solve the problem...
<mathiaz> kirkland: it would probably be a bigged mess for the next merge
<mathiaz> kirkland: bigger mess
<kirkland> mathiaz: yeah
<mathiaz> kirkland: at least here we know what files are from upstream (debian/), and which ones are from ubuntu (debian.moved/)
<mathiaz> kirkland: I think the intermediate branch is the best option
<mathiaz> kirkland: we can construct the tarball from the intermediate branch (upstream-1.6-nodebian)
<dragon> I'm unable to SSH into my Ubuntu server anymore, and I suspect it's because of a recent update.
<dragon> Automatic updates are enabled and nothing else has changed for the server.
<dragon> It's running well, still serving expected content on port 80.
<dragon> the only thing that is broken is OpenSSH server.
<dragon> currently there's no other way of accessing the server.
<cj> dragon: do you connect to the port, or is the port not open?
<mattgyver> Hi, im installing 9.10 server on my home server.  When i get to 'Installing Grub' it just knocks me out and back to the ubuntu installer main menu, any ideas?
<dragon> cj, port is open and I get as far as authentication
<dragon> cj, both password and public key methods fail.
<dragon> cj, actually they don't fail, they go through and then it hangs.
<dragon> it reminds me of an old bug that went away in Fedora 3.
<dragon> *, http://pastebin.com/d1535ebbd
<cj> dragon: try logging in as root?
<cj> dragon: maybe your home directory mount point is busted?
<dragon> cj: as far as I remember, I set root login ot without-password, so that's not expected to work
<ScottK> cj: root isn't enabled by default on Ubuntu.
<dragon> cj: my home directory was a part of /, but I can think of a different unrelated nfs mount point that is broken.
<cj> try rsync?
<cj> -e ssh, of course
<dragon> rsync goes through ssh by default...
<cj> oh?  maybe I'll start dropping -e ssh in that case.
<mathiaz> kirkland: hm - I may have another solution to merge the upstream branch directly in the ubuntu branch
<mathiaz> kirkland: discussing it currently in #bzr
<kirkland> mathiaz: okay
<mathiaz> kirkland: so basically you just merge the upstream branch into the ubuntu branch : bzr merge ../upstream
<cj> dragon: rsync might skip whatever point is failing in your login workflow
<mathiaz> kirkland: that will create a conflict with the debian directory with the ubuntu debian/ directory being moved to debian.moved/
<mathiaz> kirkland: to resolve that conflict: bzr remove --force debian/ ; bzr move debian.moved/ debian/
<kirkland> mathiaz: hmm, okay
<kirkland> mathiaz: i can give that a shot
<mathiaz> kirkland: a bzr st should show no changes being made to the debian directory
<mathiaz> kirkland: now the question is what is going to happen on subsequent merges (when there is a change made by upstream in the debian/ directory)
<kirkland> mathiaz: i'm perfectly comfortable doing your original suggestion
<kirkland> mathiaz: in fact, i've already scripted it
<kirkland> mathiaz: it's working well
<kirkland> mathiaz: and i've moved on to fighting with debian/patches conflicts
<mathiaz> kirkland: ok - that works as well.
<kirkland> mathiaz: http://paste.ubuntu.com/331994/
<kirkland> mathiaz: wait, that's old
<kirkland> mathiaz: no, that's right
<mathiaz> kirkland: REVNO=$(bzr log | head -n2 | tail -n1 | awk '{print $2}') - try to use bzr revno instead
<dragon> cj: same problem with rsync, so it's not skipping that point
<kirkland> mathiaz: see lines 4..14
<dragon> cj: i tried `ssh hostname.local ls` earlier, and encountered the same problem.
<kirkland> mathiaz: ok
<mathiaz> kirkland: REVNO=$(bzr revno)
<kirkland> mathiaz: got it
<dragon> cj: narrowing it down, I think it's an NFS share mounted on /data/common, which was pointing to another server that no longer exists.
<mathiaz> kirkland: LAST_REVNO=$(head -n 1 debian/changelog | sed "s/^.*bzr//" | sed "s/-.*$//")
<mathiaz> kirkland: so I've found a gem to do that directly using bzr
<kirkland> mathiaz: using tags?
<mathiaz> kirkland: LAST_REVNO=$(bzr log -r ancestor:ubuntu/ 1.6
<mathiaz> kirkland: LAST_REVNO=$(bzr log -r ancestor:ubuntu/ 1.6)
<mathiaz> kirkland: using the log command with the ancestor
 * mathiaz is proud of this one
<mathiaz> kirkland: I'm using it to figure the base revision of a debian and ubuntu package for my get-merge script
<kirkland> mathiaz: hmm, that's not working for me
<mathiaz> kirkland:  bzr log -r ancestor:lucid/ upstream-1.6/ | grep revno | cut -d\ -f2
<mathiaz> kirkland: ^^ that gives the last revno in the upstream branch
<mathiaz> kirkland: my local directories are named differently than ubuntu and 1.6
<ivoks> we should really go mariadb instead of mysql
 * kirkland grumbles about axis2c
<uvirtbot> New bug: #490368 in image-store-proxy (main) "image manifest names could be more informative" [Wishlist,Triaged] https://launchpad.net/bugs/490368
<kirkland> soren: i have some questions about 04-axis2c-1.6.0-rampart-1.3.0.patch
<kirkland> soren:  in eucalyptus/debian/patches
<kirkland> soren: it's the only remaining conflict i have in my merge
<kirkland> soren: the configure changes are rejected, particularly the large blob
<kirkland> soren: i'm wondering if you could take a look at that
<kirkland> soren: tell me if it's still necessary
<uvirtbot> New bug: #488293 in openssh (main) "package openssh-server 1:5.1p1-6ubuntu2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Low,Incomplete] https://launchpad.net/bugs/488293
#ubuntu-server 2009-12-01
<Ng> does eucalyptus provide the EC2 meta-data service?
<smoser> Ng, yes
<smoser> Ng, eucalyptus does provide meta-data service, but only on 2 of the netwroking setups
<ruben23> how to remove check package list n ubuntu server
<jmarsden|work> ruben23: Can you ask that a different way or be more specific?  What are you trying to achieve exactly?
<ruben23> remove a package and check it list..of the package
<ruben23> jmarsden|work: and verify if its unsinatlled already.
<jmarsden|work> ruben23: Ah, OK.  To remove it you can do    sudo apt-get remove PACKAGENAME
<jmarsden|work> To see if it is installed, try    dpkg -l PACKAGENAME     and if you see ii at the start of the output, it is installed.
<jmarsden|work> ruben23: If you want to remove it and purge all config info associated with it too, do   sudo apt-get purge PACKAGENAME    instead of remove.
<ruben23> dpkg -| PACKAGENAME
<ruben23> is that right..?
<jmarsden|work> ruben23: dpkg -l PACKAGENAME where l is the lower case letter L (say "ell")
<jmarsden|work> ruben23: Not a vertical bar | which is what you had.
<jmarsden|work> ruben23: I'd guess you need to use a better terminal font so you can see the difference :)
<ruben23>  jmarsden|work: it not working..http://pastebin.com/m454defb2
<jmarsden|work> ruben23: Please read what I wrote earlier.  dpkg -l where "l" is the lower case letter L  as in abcdefghijkl
<jmarsden|work> You are using a vertical bar which is incorrect.
<ruben23> jmarsden|work: ok
<ruben23>  jmarsden|work: how to revert back when i tried to upgrade a module then it went wrong for that versions, how do i roll back..to old version..?
<ruben23> hi i have tried the apt-get upgrade and missed up one of my application, anyone can help how do i revert it..?
<ruben23> hi anyone..?
<owh1> Where?
<ruben23> hi
<owh1> Who?
<owh1> What?
<owh1> Why?
<owh1> When?
<owh1> Welcome to the Ubuntu Server personal help desk where we attempt to help you with your Ubuntu Server. Press 1 to continue.
<ruben23> :-D
<twb> !enter
<ubottu> Please try to keep your questions/responses on one line - don't use the "Enter" key as punctuation!
<twb> ruben23: downgrading packages is not supported.
<twb> ruben23: in some cases, if you know what you're doing, it can be done, and usually isn't catastrophic (except for things like RDBMSs).
<twb> Oh, I see you're talking about "modules", so presumably this is related to apache or something, and I missed the start of the discussion.
<owh1> Is there a particular problem you're trying to solve ruben23, or was there a whole discussion prior to me arriving here?
<ruben23> twb:i have idea on this error------->http://pastebin.com/m11785a5d
<ruben23> and this error also..--->http://pastebin.com/m6581c75a
<ruben23> my whole system is down now hwihc used php and eaccelerator, what i ahve done earlier tried to do apt-get upgrade.
<twb> ruben23: did you install third-party PHP packages?
<ruben23> twb: eaccelerator is install by tar file.
<twb> ruben23: I'm sorry, I will not help you with that.
<ruben23> then i messed it up when i do the upgrade
<twb> I suspect you need to get a new tar file for eAccelerator.
<owh1> ruben23: Is it available as a Ubuntu package?
<twb> owh1: not if the package has "accelerator" in its name.
<owh1> :)
<ruben23>  owh1:ill do the package now but how do i remove the source install..?
<owh1> ruben23: That depends entirely on how it was installed. This particular problem is why we keep telling people to use packages, rather than just install stuff from all over the place. My personal suggestion would be to find out what the installer from the original package did and determine if A) it has an uninstall, B) if there is an install log, C) if there is support from the author(s).
<owh1> I realise this is probably time critical, but that's the best I can give you ruben23.
<owh1> ruben23: One thought. What else was installed when you did the upgrade? Does any of it depend on this particular version of PHP? If not, you could uninstall the currently installed version of PHP, then install the previous version. Bear in mind that this won't actually fix anything - since it's an issue waiting to happen, but it's something you might investigate - note that if your install has lots of things that depend on PHP
<owh1> ruben23: You could also install the PHP source, then compile eaccellerator yourself, but I doubt you'd get any help for that here.
<ruben23> owh1:ok ill just recompile eaccelerator by package then trsy it again
<owh1> ruben23: No need to compile PHP itself, all you're trying to do is get the eaccellorator binary.
<ruben23> yeah
<ruben23> owh1: ive done it, it worked, now system is working and back to normal..thanks on the advice..
<owh1> ruben23: Now document what you did, put it in the system administrator document file and use it next time - meanwhile go look for a packaged version :)
<ruben23> owh1: ok, thanks
<_csmith> hi, i have a quick question about netboot
<_csmith> can i get it to install a base system with a server kernel, without all the x11/cups etc... junk?
<_csmith> via netboot - the servers don't have a cdrom
<ScottK> I haven't tried it myself, but I'm pretty sure you can.
<ScottK> _csmith: Do they have USB ports?
<_csmith> yeah
<_csmith> i think i found the trick
<ScottK> If they do, you can also use usb-creator to put the ISO on a USB stick
<_csmith> if you type "cli" on the boot screen i think it may do a server install
<_csmith> i thought it meant cli install process :\
<Doonz> Hey guys is it possible to mount a device to multiple folders?
<twb> Doonz: you want the -o bind or -o rbind option to mount.
<_csmith> nah, cli option installs all the shit, too
<_csmith> >:(
<ScottK> _csmith: So take the server ISO and usb-creator and put the server ISO on a USB stick.
<ScottK> usb-creator-kde if you like such things.
<billybigrigger> Doonz, this is a little off topic, did you have a bro in the military?
<_csmith> doh, on a mac
<_csmith> i have a 1gb flash drive around, will that do the trick?
<_csmith> got some docos on it?
<Doonz> twb: thank you
<twb> the differences between the server and alternate installs are only the preseeds
<Doonz> billybigrigger: no
<twb> You should be able to extract those trivially by comparing the isolinux.cfgs on both isos
<twb> From those, you can just type in the server CD's default preseed values at the alternate CD's boot: prompt,
<twb> (From memory, the chief differences are the kernel flavour and the absence of language-pack-*)
<billybigrigger> Doonz, i used to talk to a guy on irc with that nick, years ago, can't remember what channels though...where'd you get your name from? sorry for asking just that i could have sworn he was from edmonton
<_csmith> excellent tip, thanks twb i'll check it out
<twb> _csmith: oh, I see you're netbooting -- that makes it even easier -- just copy the appropriate values into the pxelinux.cfg/default
<Doonz> billybigrigger: i was in the military
<twb> _csmith: I think current server CDs also have a preseed FILE, which you can either copy into the pxelinux.cfg (see Debian Installation Guide's appendices) or supply via HTTP
<_csmith> cool
<billybigrigger> oh, did you ever send a message to some guy on irc telling him you were his brother and that you had died on a mission or something? :P
<_csmith> will take a look
<_csmith> ok found it
<ScottK> billybigrigger: I don't find that particularly funny.
<billybigrigger> well it wasn't meant to be funny, but it's true
<ScottK> OK.  then I was confused by the :P
<maxagaz> how to check the last install/upgrade on my system since a given date ?
<uvirtbot> New bug: #425386 in dovecot (main) "dovecot package missing dovecot-sieve LDA plugin" [Wishlist,Fix released] https://launchpad.net/bugs/425386
<billybigrigger> but sorry for the off-topic banter, just saw the nick Doonz and the host from edmonton, and it gave my memory a flashback
<Doonz> billybigrigger: no
<Doonz> sorry maybe someone else?
<billybigrigger> possible i guess
<_csmith> Thanks heaps twb, i made myself a preseed file based on the ubuntu server one and modified the netboot menu config to load it via http
<_csmith> seems to have done the deed
<twb> _csmith: in the next release, you can supply the preseed file via TFTP.  Yaay!
<gnac_> Are there any resources to help me migrate from one linux server (gentoo) to another (new ubuntu-server install)?  I know what I need to do to migrate apache, but postfix and mysql present additional challenges in data integrity.
<ScottK> gnac_: For Postfix, with the exception of being chrooted by default, Ubuntu's Postfix works pretty exactly as upstream ships it, so to the extent Gentoo does the same, you should be able to reuse the same configs.
<toddtoddtodd> i just deployed ami-1515f67c (Karmic 32 bit server), and try to login as ubuntu@ with the appropriate key, and keep getting:  Too many authentication failures for ubuntu -- any tips?
<gnac_> ScottK: ty
<twb> Where does postfix chroot to?
<ScottK> twb: /var/spool/postfix/
<twb> Hm, so it doesn't create mboxes in /var/mail?
<twb> Oh, I guess only some of the postfix processes are chrooted
<ScottK> Yes.
<mattgyver> I configured RAID1 on my bios but am unclear if my install of Ubuntu 9.04 is configure properly, cant install grub 2 and see the device as /dev/mapper/pdc_bgfghjgbh2, does this sound right?
<twb> mattgyver: you are using fakeraid.  Don't do that.
<mattgyver> twb, what do you suggest?
<twb> md RAID beats fakeraid
<mattgyver> (sorry this is my first stint with this)
<jmarsden> mattgyver: https://help.ubuntu.com/community/Installation/SoftwareRAID
<mattgyver> jmarsden, excellent i didnt see this but did see a different guide, thanks!
<jmarsden> You're welcome.
<mattgyver> jmarsden, I can use ext4 correct?  This guide is using ext3
<jmarsden> mattgyver: Yes, you can use either one.  Most server admins are conservative about new filesystems though...
<jmarsden> Are you sure ext4's benefits for your application are worth the risk its newness inevitably brings?
<mattgyver> Well, in my case this is really just an upgrade to an existing home server that i have setup, everythings running fine on ext4 on that box
<jmarsden> OK.
<mattgyver> I guess, at the same time its still kind of an experimental box so im okay with what it brings
<owh1> jmarsden: Thanks for the link to the bind9 documentation from yesterday. Reading it though only indicates that the behaviour of named-xfer is now included, but I've yet to find out how I can do a simple zone backup. Does this mean that I now need to become a bind9 expert to make a simple zone backup 8-)
<jmarsden> expert?  Probably not.  Just set up a slave zone in your named.conf with the IP of an appropriate master server and it should pull the info in for you...
<owh1> jmarsden: Doesn't that imply that I'm running a DNS of some sort, rather than a workstation where I'd like a backup of the zone data, or am I misunderstanding?
<jmarsden> owh1: Yes, but you can run a caching DNS server on a workstation just fine.  What is the value of a zone backup if you have no server to service it with anyway :)
<owh1> I'm migrating the zone to different infrastructure, from a DNS server not under my control, to an ISP run DNS server where I have full web-control, just no access to the raw zone data. At the moment I have no way of determining if the previous DNS operator had some hosts or addresses defined that I know nothing about, which is why I wanted to do a zone level backup...
<owh1> I'm wondering if I can do a full query using dig instead - one that gives back everything, that would suit the purpose too.
<jmarsden> Ah, OK... I don't think dig will do that.
<owh1> Yeah, I didn't think so either. Last time I recall trying with my own domain and not discovering the IP address of a defined host - knowing full well that it was there because I put it there :)
<jmarsden> If you can control where the "old" DNS server will send full zone info to , you could use one of the free public secondary DNS servers to grab the zone info and then use its web interface to view it... but IMO yu'd do as well just to set up a little caching DNS server on your workstation and then make it a slave for the zone concerned.
<owh1> I have absolutely no control over the "old" DNS server at all.
<owh1> I have to do this for 20 odd domains :(
<jmarsden> So how do you know it would permit you to use named-xfer to grab the zone, even if you had a named-xfer binary??
<owh1> I don't. I also don't have such a binary to TIAS :)
<jmarsden> Most sane admins do not configure DNS servers to allow everyone to xfer the full zonefile these days.  if you want to tell me one of the domains I can TIAS for you :)
<uvirtbot> New bug: #490683 in net-snmp (main) "package libsnmp-base 5.4.2.1~dfsg-3ubuntu2 failed to install/upgrade: subprocess installed post-installation script killed by signal (Interrupt)" [Undecided,New] https://launchpad.net/bugs/490683
<_ruben> aww .. wiki.ubuntu.com down :(
<twb> _ruben: FYI, I can confirm that here.
<jmarsden> I filed a bug on rt.ubuntu.com about it already.
<jmarsden> Hmm, and it just came back.
<twb> Heh, Ubuntu doesn't use LP for its internal BTS? ;-P
<jmarsden> twb: I suspect it is too slow for real time sysadmin tickets like that.
<twb> Ha!
<twb> I wonder if anyone has actually deployed LP (now that it's AGPL'd) outside of lp.net
<jmarsden> twb: In private for testing, sure they have, I saw discussion about doing that in the couple of days following the open-sourcing of it.  In public for production use?  I don't know... perhaps not yet.
<twb> In production, but not necessarily publicly accessible
<twb> e.g. my ISP uses rt, but I can't browse to their rt's web interface
<twb> I'm not counting toy deployments
<uvirtbot> New bug: #490664 in samba (main) "Samba stopped working between 9.10 LiveCD and current installed system." [Low,Incomplete] https://launchpad.net/bugs/490664
<_ruben> twb: i also checked with http://downforeveryoneorjustme.com/wiki.ubuntu.com ;)
<twb> I hate that site.  The name is huge, it's .com instead of .net, and it's not "everyone" -- it only performs the test (ICMP or HTTP?) from one node.
<Shubuntu> hi, i want to choose a control panel for a ubuntu server
<Shubuntu> any suggestions?
<twb> As long as it's USB, any of them should work.
<alvin> Shubuntu: There is none. eBox is built for Ubuntu, but in my opinion it is too much oriented to Microsoft networks.
<Shubuntu> alvin,  so i'm basically screwed
<alvin> Shubuntu: No, why would you? The command line is still the best tool. (but I admit eBox looks nice)
<alvin> Shubuntu: And of course, I forget... There's Landscape, but it's not free.
<Shubuntu> alvin, i don't want to give command line access to people
<jmarsden> Shubuntu: No, that's just his opinion.  Try ebox.  If you can't live with it, try any other panels you want, but be aware some are unsupported and some don't fit well with how Ubuntu/Debian manage packages and package upgrades.
<Shubuntu> i don't want something to manage packages
<Shubuntu> just something that people can use for ftp, user, email, and website management
<alvin> That's the problem with all those control panels. None really fit in.
<jmarsden> Shubuntu: a "control panel" tends to modify configuration files... which package updates also have to deal with...
<alvin> eBox can do user and email
<Shubuntu> can ebox create virtual users and emails
<Shubuntu> and set up proftpd virtual users?
<Shubuntu> and create new sites and set their directories
<alvin> Users are ok, but it can not manage ftp. Take a look at their website.
<Shubuntu> k
<Shubuntu> thanks
<jmarsden> I don't use ebox :)   webmin can do those kinds of things but it is incompatible with Debian package management... so use at your own risk.
<alvin> I think twb talked about some management tool a while ago. Let me see if I can find that one. I still have to test that too.
<twb> The official recommendation is that you learn to use the CLI
<twb> I think
<jmarsden> twb:  Agreed.  But <Shubuntu> alvin, i don't want to give command line access to people
<twb> Ah, I missed that line
<jmarsden> webmin (or something like it) used only for email/web virtual hosting setup, and good backups of /etc/ just in case, is probably his only real option given that constraint, I think.
<alvin> Shubuntu has a point. I install servers for a living and explaining ssh and adduser to Windows users can be hard. eBox can do a nice job there, but I wish it could handle NFS too and integrate even better with Ubuntu. (e.g. when you have an existing samba installation)
<Shubuntu> is there a how to, to create my own control panel?
<twb> I'm ashamed to admit that my boss makes me deploy webmin (and GNOME!) on customers' servers.
<Shubuntu> like the things I want to do are limited
<Shubuntu> if i find a good how to i'll code it myself
<Shubuntu> the requiremnets i have aren't as deep as webmin
<twb> Given that all they REALLY need is the ability to add/remove user accounts and such, I suggested using the gnome-system-tools tunneled with putty and xming32, but I didn't get budget approval to develop the idea
<alvin> Shubuntu: In that case, you're back to eBox. It's mostly perl and it 'should be' documented.
<Shubuntu> webmin does a whole lot of things I don't care to use
<Shubuntu> i looked it up
<Shubuntu> it's horrible
<twb> You can suppress most of the webmin buttons from the end user's UI
<alvin> ok :-)
<jmarsden> Shubuntu: It is pretty modular, you can deconfigure most of it...
<Shubuntu> ebox is one of the worst things i've ever seen
<Shubuntu> very bad documentation
<jmarsden> Shubuntu: OK, you can write your own panel :)
<twb> The problem is that anyone clueful enough to build a web UI is already too clued to WANT a web UI
<alvin> hmmm, gnome with NX? nxclient runs good on Windows. (But installing gnome on a non-xdmcp server? bah!)
<twb> So all the web UIs are by clueless buffoons.
<alvin> twb: Nice theory :-) Could be true.
<twb> Now, if you could get a web UI that read and wrote puppet manifests, that'd offload a lot of the backend effort to a separate tool, so the web UI could focus on the UI
<Shubuntu> I just need like a how to
<jmarsden> twb: Some clueful people need to give away limited config access to servers to less-clueful people... that seems to lead towards development of a GUI for performing such tasks...
<twb> As it is, the backend code for webmin, at least, is utterly awful.
<twb> jmarsden: yeah, I know.
<jmarsden> Shubuntu: If you need a howto, you don't know enough to write your own panel.
<twb> jmarsden: but normally I'd just give the less-clueful a VM or something, and let them shoot themselves in the foot
<Shubuntu> i wanna code either in perl, python or php
<Shubuntu> and I do know some
<Shubuntu> but still i need some guideline to follow
<Shubuntu> and then modify things as i see fit
<twb> jmarsden: either that or I'd write a menu-driven curses app, make it their login shell, and give them putty
<jmarsden> Shubuntu: OK, take webmin or ebox and improve them into a panel you like :)
<Shubuntu> thanks, i guess that's the extent of your help
<jmarsden> Shubuntu: The chances of you finding a "howto write your own web control panel" howto are very small.
<twb> jmarsden: for e.g. point-of-sale stuff, people I talk to are still perfectly happy with their DOS-based UIs, and hate it when they're replaced with web-based solutions.  As long as it's a TUI and not a line-oriented interface, they seem to be happy enough with text...
<jmarsden> twb: True, that could work.  But once people have used a web UI to add email users/set passwords, mess with their web sites, etc it would probably be hard to persuade them to use a text interface for those functions.
<twb> Meh
<twb> I think it'd be easier to convince them than to fix webmin
<Shubuntu> the ideology of command line being good is unix, not web
<Shubuntu> the developers need to grasp that
<twb> Shubuntu: you're the developer, man.  If you think you can do better, I ain't stopping you.
<jmarsden> Shubuntu: OK, you are a developer, so go for it :)
<Shubuntu> it is not acceptable to expect end users to become os experts to be able to do web
<twb> Shubuntu: if you do a good enough job, I might even be able to get you some funding.
<Shubuntu> for real?
<Shubuntu> if i get money i'll do it
<Shubuntu> i'll create cream de la cream of all control panels if i get enough funding
<twb> Shubuntu: you get the money after you're done, if you do a significantly better job than the existing solutions, you solution is FOSS, and I can convince my boss that you'll stop developing it if you go back to your day job.
<Shubuntu> and i'll make it all open source but well documented so people can modify and use
<twb> Shubuntu: it obviously wouldn't be enough to live on
<twb> I mean, how do you think stuff like OpenLDAP gets developed?  Groups like Red Hat and MIT pay the FOSS developers to work on it.
<jmarsden> twb: Usually only after a version is created for free that mostly works...
<twb> jmarsden: granted
<twb> jmarsden: or gets open-sourced
<Shubuntu> i expect to be able to make a working version in 1 week
<twb> Shubuntu: then you're insane
<Shubuntu> ok if i set it up, I won't support antivirus and other things
<Shubuntu> only the web feature sets
<Shubuntu> i think it's not appropriate for people to try to cram everything into a control panel
<Shubuntu> control panel should handle web related material
<Ng> smoser: ah right, so because I'm futzing around with SYSTEM I'm going to get a bit stuffed by ec2-init, aren't I ;)
<Shubuntu> in my opinion web control panel shouldn't deal with system set up
<Shubuntu> it should only be a front to configuration of behaviour
<Shubuntu> a mistake all these panels are making is they try to be a cross platform system control panel
<Shubuntu> which is basically impossible
<Shubuntu> even if they only develop for linux
<Shubuntu> the only way a control panel would be able to do such a thing is if it becomes a part of a kernel family
<twb> Shubuntu: well, they could offload the application of change management to a specialist backend like puppet or cfengine
<Shubuntu> and everything is developed for it
<Shubuntu> yep, or daemons
<Shubuntu> and the control panel will act as a ui module only
<Shubuntu> which makes it light
<Shubuntu> and it won't need to have a lot of system specific object files
<Shubuntu> i do agree with the idea that linux is unix based and all root / admin management is better done using command line
<Shubuntu> that just goes with the philosophy of linux
<Shubuntu> but
<Shubuntu> web is a different feature
<Shubuntu> and trying to drag web into the linux philosophy is a grave mistake
<alvin> How can one request a backport? I asked for libsys-virt-perl in a wishlist (bug 462688). It's set to Fix Released now, but that is only for Lucid and that's too far off.
<uvirtbot> Launchpad bug 462688 in ubuntu "[needs-packaging] libsys-virt-perl" [Wishlist,Fix released] https://launchpad.net/bugs/462688
<twb> Five months is too far?
<alvin> twb: of course! I want to use it on production machines.
<twb> As for me, I wouldn't use non-LTS on a production machine...
<alvin> twb: Good point, but they are kvm servers, and our virtual guests crash on Hardy (and Jaunty). They don't crash on karmic, although karmic certainly has more visible bugs in other areas.
<twb> Yeah, I understand.  I was just grumbling, really.
<twb> I don't actually know about Ubuntu backports, either
<crohakon> So, out of no where my apache2 server is not working correctly. If you go to server, it sends a file to the browser that is named somethingblahblah.part... when you download the file it IS the index.html file... but for some reason it does not load as a website unless you go domain.com/index.html  then it loads fine. Any suggestions?
<twb> crohakon: did you think to version control /etc (e.g. with etckeeper)?
<crohakon> And it is only for the / directory. All sub-directories load the index.html or index.php fine
<crohakon> twb, what do you mean version control?
<crohakon> twb, got a wiki on the subject I can take a look at?
<twb> crohakon: apt-cache show etckeeper
<crohakon> I have not done any upgrades
<crohakon> I was moving around some of the directories for the websites, reorganizing, and after that I started having this problem.
<twb> "I was cleaning up and there was this big file called `vmunix' that nobody seemed to be using..."
<crohakon> =) This is a simple install of apache2, I was only organizing the files in var/www/ and it should not have caused an issue.
<twb> Clearly SOMETHING changed and broke it.
<twb> This is why version control (or even change management) is Good Juju -- it allows you to ask the system "what changed?"
<crohakon> When you try to go to the domain it sends a file ---> 9TcSwWXi.~.part <--- the first part of the name is always just some random numbers and letters. If you download the file and open it, it is in fact my index.html file. If I got to domain.com/index.html it loads it just fine.
<twb> crohakon: I have no idea what "it sends a file" means.  Try curl -o/dev/null -v URL
<mdz> soren: proposed is the correct state for it at this point, I'd say. we'll plan the next chunk of work when we finish this one, and we can consider the rest of the blueprints which couldn't fit into alpha 2
<mdz> soren: and you aren't a minion, you're an engineer
<twb> crohakon: the URL you /msg'd me works for me.
<Shubuntu> crohakon, perhaps it has to do with mime types?
<Shubuntu> i know for a fact that, such things happen on a lot of file name that aren't recognized
<Shubuntu> such as doc files
<crohakon> mime types? I have never messed with mime types. Got a good tutorial on it?
<crohakon> oh my...
<crohakon> I cleared my cache on my browser and all is working good... I feel like an idiot...
 * crohakon bows head in shame
<Shubuntu> crohakon, http://httpd.apache.org/docs/1.3/mod/mod_mime.html#addtype
<soren> mdz: If that's how we're doing it, I'm not sure I understand difference between "Series goal" and "Milestone target" setting of blueprints. I thought setting the series goal was something like "We expect to work on this project to some extent for release X", while setting the target milestone was more about setting a deadline for deliverables.
<Shubuntu> oh ok then
<crohakon> I will read the link anyway, it is good knowledge to have. Thanks for the help guys. Sorry for my stupidity.
<Shubuntu> yep, if in future you would like to create pdf, doc etc on yourserver, that would be useful
<twb> Suppose I am foolish enough to "ufw enable".  How does one later see the rules added at the "ufw level", as opposed to iptables-save?
<soren> twb: ufw status
<twb> Oh.  Obviously it's not reporting anything because I haven't added any rules.
<twb> Though it doesn't list the default policy for each chain...
<soren> twb: ...because it's disable.
<soren> d
<soren> Oh, sorry.
<soren> twb: ufw status verbose
<twb> Nah, still doesn't do it on 8.04
<twb> There's also some peculiar default rules...
<twb> For example, who the hell is 224.0.0.0/240.0.0.0 ?
<jpds> # allow MULTICAST, be sure the MULTICAST line above is uncommented
<twb> Oh, MDNS?
<twb> (I'm still trying to get Emacs to let me in to look at the source files.)
<jpds> That's what I'm reading in /etc/ufw/before.rules.
<twb> There we go, I just had to delete the hung ssh process.
<twb> Yeah, mDNS is 224.0.0.251
<twb> http://en.wikipedia.org/wiki/IP_multicast, and RFC 3171
<lyhana8> hi, my mysql-server-5.1 fail to start on ubuntu : http://pastebin.com/d36d3c136
<twb> jpds: I'm also far less freaked out now I realize those --dports in the INPUT child chain are just -j RETURNing
<lyhana8> how could I get more info on mysql-server start ?
<baccenfutter>  lyhana8: tail /var/log/mysql.err
<baccenfutter> and mysql.log
<baccenfutter> but since it is failing, probably in .err
<lyhana8> baccenfutter: they are empty
<markvandenborre> in response to Matthias Gug's RFP, I just added nginx to the list of proposed promotions to main on https://wiki.ubuntu.com/LucidServerSeeds
<markvandenborre> I hope that's an appropriate way to make the suggestion
<mini_ulaelable> dix
<Ng> soren: does EC2 not bring the metadata server up immediately with instances? the half an hour wait for it is... surprising... if you're running a UEC that doesn't seem to present metadata services ;)
<baccenfutter> lyhana8: have you checked syslog, dmesg, any logs that might contain detailed information about the fail?
<lyhana8> nop, I just purge it to make a reinstall
<soren> Ng: We have no clue how long it might be.
<soren> Ng: Perhaps half an hour is too much. I don't know.
<soren> I /do/ know, however, that I'm absolutely starving.
 * soren goes to make some lunch
<Ng> soren: I was just futzing around at home and built a one-box UEC cloud in SYSTEM mode and I have to wait for the full timeout ;)
<lyhana8> could the fact that /var/lib/mysql/ is a link cause trouble ?
<lyhana8> baccenfutter: it was...
<mdz> soren: the only use of series goal is that it has access control. what counts is the set of things which are BOTH targeted for lucid AND milestoned for alpha 2
<mdz> everything else is backlog
<soren> mdz: I see.
<soren> mdz: One problem I see with this approach is the burndown chart. The lucid one (as opposed to the lucid-alpha-2 one) will be quite misleading if we only accept stuff that's expected by alpha 2.
<mdz> soren: that's OK, we're reworking things as we go to accommodate the new model
<mdz> we don't plan the whole release in one go anymore
<mdz> the alpha 2 burndown chart is what counts
<mdz> we'll drive that down to zero, then start a new one
<mdz> ttx: as you touch the various specs, could you start setting jib to be approver for them?
<ttx> mdz: sure.
<acalvo> hi
<acalvo> how can I do some test/benchmarks on network speed?
<acalvo> I think I'm having issues in my lans, and some computers do not work as expected, and I'd like to identify where is failing
<baccenfutter> acalvo: mtr?
<acalvo> didn't heard of mtr
<acalvo> I'll check it
<baccenfutter> man mtr
<acalvo> I've seen some packages called iftop
<acalvo> !man mtr
<acalvo> ok
<acalvo> I'll give it a look
<acalvo> thanks!
<alvin> baccenfutter: Yes, thanks. Didn't know that program yet. :-)
<alvin> acalvo: You can also try iperf
<acalvo> iperf
<acalvo> let's see
<lunaphyte_> hi.  i'm afraid i'm getting stymied by what i think is a simple permissions issue.  i can't seem to get dhcpd to read a file that i believe it should be able to.  if i could trouble someone to look at this pastebin, i'm hoping i'm just overlooking something basic.  http://pastebin.com/d657509
<bogeyd6> lunaphyte a second, plz
<bogeyd6> lunaphyte there is no group permissions on those files
<lunaphyte_> bogeyd6: i think it does, no?  read permission for the group?  if i change the group to dhcpd, you can see it's able to read the file, which i think confirms that.
<smoser> Ng, yeah, if you dont have the metadata service, ec2-init is not going to be too happy.
<Ng> I'm not entirely sure why I don't, but I'm assuming it's because of SYSTEM
<smoser> 2 things you can do... a.) htere is a file /etc/ec2-init/is-compat-env that has 'compat=1' . you can  mount that image, and change it to compat=0
<soren> Ng: right.
<soren> Ng: SYSTEM disables the meta-data service.
<smoser> well, i guess there is only that thing that you can do. hm...
<smoser> i think that .b) was going to be that i plan for ec2-init to behave nicer in such a situation for lucid, or at least be able to give you other wasy around it.
<Ng> smoser: other than timing out sooner, I'm struggling to imagine a way it could reliably tell
<smoser> Ng, right. it really can't. thats the problem.
<smoser> we might just have to do some tests on ec2 and see how long is reasonable to wait.
<smoser> right now i think its 30 minutes...
<Ng> that's what soren's comments in his python code suggest
<cyphermox> just wondering, I've been seeing oidentd as a recommended inclusion in main on the /LucidServerSeeds wiki page, but I can't really think of a great use for it. Could somebody enlighten me? :)
<Ng> I didn't actually time mine to check, and I thought it had continued to fail from the console output, but it did actually finish booting at some point overnight
<soren> Ng: It's really a very annoying situation. Any suggestions would be appreciated. Ideally, we want to only query the metadata service if we're on EC2 or UEC, but the only thing that reveals whether you are on EC2 or UEC or not is exactly whether or not there's a meta-data service.
<Ng> soren: we are, or are going to, run a bunch of automated testing on EC2 and UEC, right?
<Ng> if the results of that could include a debug log from ec2-init that says how quickly the metadata service replied, you'd see fairly quickly whether it's *always* there when the instance boots and know how safe an assumption that is :)
<Ng> if it's literalyl always right there and responds quickly, then a timeout of a few minutes seems safer
<tuxcrafter> hello everybody
<tuxcrafter> i upgraded my production machine to ubuntu 9.10 today
<tuxcrafter> and now the network is unreachable as non root
<tuxcrafter> so now almost all systems are down
<tuxcrafter> does somebody know what is going on
<tuxcrafter> why can i ping as root but not as non-root
<tuxcrafter> if somebody has any hints just trow them :D
<tuxcrafter> i am currently getting +100 mails a minutes that are now getting denied due to unable to resolve the domains the mails come from
<lunaphyte_>  /etc/init.d/apparmor stop?
<lunaphyte_> that's a huge wag.
<tuxcrafter> lunaphyte_: i purged apparmor
<lunaphyte_> hmm.  well, like i said, a huge wag.  :)
<tuxcrafter> rebooted the system to be sure
<cyphermox> <tuxcrafter> and now the network is unreachable as non root <--- completely unreachable or just ping?
<tuxcrafter> cyphermox: all non root processes
<azteech> just a thought, have you looked to see if you are part of the network group?
<tuxcrafter> ping does not work
<cyphermox> so you couldn't say, do w3m http://some.host.on.the.network/ /
<tuxcrafter> cyphermox: wha tis the netwerk group?
<tuxcrafter> is this something new?
<smoser> Ng, it is not always "right there". thats why the retry-loop is in place.
<tuxcrafter> cyphermox: bind9 is running as non root and it is also unable to resolve
<cyphermox> I see.
<Ng> smoser: well that just sucks ;)
<soren> tuxcrafter: If someone accidentally un-setuid'ed ping, only root would be able to ping.
<tuxcrafter> postfix is also not able to resolve
<smoser> https://bugs.launchpad.net/ubuntu/hardy/+source/ec2-init/+bug/308530 is the bug, Ng.
<uvirtbot> Launchpad bug 308530 in ec2-init "Wait for network before downloading ssh credentials or user-data" [Critical,Fix committed]
<cyphermox> tuxcrafter, can you ping an IP directly?
<tuxcrafter> lets test that
<cyphermox> tuxcrafter, you keep saying resolve, so we need to be sure :)
<tuxcrafter> cyphermox: ping 74.125.53.100
<tuxcrafter> works fine as non root
<tuxcrafter> cat: /etc/resolv.conf: Permission denied
<tuxcrafter> that can not be good
<cyphermox> tuxcrafter: indeed
<tuxcrafter> -rw------- 1 root dhcp 52 2009-12-01 15:04 /etc/resolv.conf
<tuxcrafter> wtfd
<cyphermox> it should be 644 afaik
<tuxcrafter> chmod 644 /etc/resolv.conf
<lunaphyte_> chown root.root as well.
<tuxcrafter> networking is up again
<Ng> smoser: presumably it never actually takes 30 minutes to appear though?
<smoser> probably not. otherwise we'd have seen it earlier. it is much shorter than that.
<lunaphyte_> also, if you're using resolvconf, you might inspect the other associated files.
<smoser> the problem was basically that we were booting "too fast"
<tuxcrafter> resolvconf was installed with the upgrade to 9.10 ...
<tuxcrafter> lot and lots of mail incomming here :)
<[diablo]> afternoon all.. guys, does anyone know if the fedora directory server has been ported to Ubuntu?
<smoser> soren, for "set up X hosting account"
<smoser> were you doing personal accounts or "canonical" accounts
<soren> smoser: I don't know the difference anymore, sadly.
<smoser> well the difference, per what i was asking, was this a account like we have on ec2, that you and I both have acl to , and is attached to corporate credit card
<tuxcrafter> cyphermox: thanks for guiding me to the problem
<smoser> or one that you'd not like attached to corporate credit card.
<smoser> err... rather is it one that you'd rather me not have acl to, and attached to your credit card.
<tuxcrafter> go to switch irc server :)
<tuxcrafter>  /go/got
<soren> smoser: Oh, no, I just set one up myself, with my own credit card, and will have to do the expense thing for all the different ones each month. Yay.
<smoser> speaking of which.. i probalby have an amazon november bill to process a
<Linux-IRC> Has anyone here set-up bind ?
<Doonz> Hey Guys, I just installed a new raid card. I built a raid 5 array. When i fdisk -l my drives heres the output. http://pastebin.com/d470e15e7 <-- is that correctly set up?
<lunaphyte_> correctly set up for what?
<Doonz> ive never seen that message about 4000gb
<lunaphyte_> is it a 4 tb disk?
<Doonz> yeah
<lunaphyte_> then it is what it is.
<Doonz> well its 5x 1tb on a raid card in a raid 5 setup
<Doonz> #
<Doonz> Use parted(1) and GUID
<Doonz> #
<Doonz> partition table format (GPT).
<Doonz> i just followed the guide here https://help.ubuntu.com/community/InstallingANewHardDrive
<Doonz> Hey guys i think i screwed up somewhere... I have a 4tb array but when i mount it it only shows up as 2tb
<kirkland> ttx: howdy, around?
<ttx> kirkland: yo
<kirkland> ttx: okay, i almost have eucalyptus 1.6.1 merged
<kirkland> ttx: i have one patch that's generating some nasty conflicts
<kirkland> ttx: i'm wondering if its still necessary
<kirkland> ttx: 04-axis2c-1.6.0-rampart-1.3.0.patch
<kirkland> ttx: do you know anything about that one?
<kirkland> ttx: it's not very well documented at all
 * ttx looks
<kirkland> ttx: all the changelog says is:
<kirkland>   * 04-axis2c-1.6.0-rampart-1.3.0.patch:
<kirkland>     - Build against new Axis2/C+Rampart stack.
<ttx> kirkland: looks like a build patch... did you test building without it ?
<kirkland> ttx: yes, i've just commented it out of the series for now
<kirkland> ttx: the build proceeds
<kirkland> ttx: i have some work to do with the debian/* packaging
<kirkland> ttx: seems we have "1.6-devel" hardcoded in a bunch of places that needs to be changed to "1.6.1"
<ttx> kirkland: if it builds and the resulting package works, I'd just dump that patch...
<ttx> soren: ^ do you remember anything about that patch ?
<soren> It came from Dan, I think.
<soren> kirkland: What's the problem with the patch, specifically?
<kirkland> soren: 4/7 hunks fail.  Of those 4, 3 are trivial to update.  1 is absolutely massive.
<kirkland> soren: before I put in any more effort porting that patch forward, I'm looking for some justification that it's still needed.
<kirkland> soren: there's very little documentation about that patch at all.  None inline above the patch, and a one-liner in the debian/changelog
<soren> kirkland: Which blob fails?
<ttx> kirkland: well, if it builds without it, and the resulting package works, and Dan acks that it's not needed, just punt it
<kirkland> soren: the big one, 5th
<soren> kirkland: That's just in configure, isn't it?
<kirkland> soren: yes
<ttx> soren: yes
<soren> kirkland: It's autogenerated. Just ditch that bit, autoreconf, quilt refresh, win.
<kirkland> soren: okay, thanks.
<soren> Even better:
<soren> Ditch it entirely, and move it to a separate patch at the very end.
<kirkland> soren: i'm getting rid of all patches ;-)
<kirkland> soren: using bzr
<soren> That way, if multiple patches touch automake/autoconf stuff (not unlikely), they can be dealt with easily, and one just has to regenerate those bits once, separately (like $DEITY meant it to be done).
<soren> kirkland: Well... have fun with that :)
<soren> There's a reason people don't keep autogenerated stuff in VCS. :)
<ttx> hm, still strange that it would build without the rest of the patch
<ttx> kirkland: you might want to ask dan about it, if it builds without the patch I see no reason to keep it.
<kirkland> ttx: i will
<kirkland> ttx: thanks
<kirkland> ttx: fwiw, they dropped it from the debian packages that they're rolling
<kirkland> ttx: and i can see that they integrated some of the functionality (sort of)
<soren> ttx: Not really. Are you building in a sbuild/pbuilder or something?
<ttx> soren: i didn't test the build, kirkland did
<soren> kirkland: Are you building in a sbuild/pbuilder or something?
<kirkland> soren: right now, I'm just building with bzr bd locally
<kirkland> I make it to the dh_install steps
<ttx> kirkland: I committed my second euca sru fixes to the main ubuntu-karmic branch, btw
<kirkland> ttx: cool
<kirkland> ttx: are you going to upload to -proposed?
<soren> kirkland: In that case, configure probably gets rebuilt during your build anyway.
<kirkland> soren: right
<ttx> kirkland: no, doesn't it need some CLEAN=1 fixes ?
<soren> So it's not strange at all that it builds. :)
<kirkland> ttx: well, yeah, if we want to fix the non-determinism :-)
<kirkland> ttx: i'm hoping mathiaz might help with that?
<soren> What is this CLEAN=1 thing you guys keep talking about? /me is getting curious :)
<ttx> kirkland: sure
<ttx> soren: if you really want to know...
<ttx> soren: http://bazaar.launchpad.net/~ubuntu-core-dev/eucalyptus/ubuntu-karmic/revision/721
<ttx> Allows to keep VMs running when you restart the CC
<ttx> mimics the init script behavior
<soren> ttx: Ah, I see.
<ttx> used to be /etc/init.d/eucalyptus-cc cleanstart
<ttx> now is start eucalyptus CLEAN=1
<ttx> a little confusing, given how not discoverable this is...
<ttx> hence bug 464384
<uvirtbot> Launchpad bug 464384 in eucalyptus "Not obvious a "Clean" restart is needed after config changes" [Wishlist,Triaged] https://launchpad.net/bugs/464384
<soren> Heh.
<soren> ttx: Ok, thanks. That explains
<soren> .
<lunaphyte_> i hope it's ok if i ask for help again with my question from a few hours ago - http://pastebin.com/d657509 - i feel like i'm missing a basic permissions issue, but i'm at a loss.
<Doonz> Ok guys im kinda confused here. I just added a raid card and built a raid 5 array using 5 x 1tb drives. I formated it using mkfs.ext3. but its only showing as 2TB when mounted, any ideas?
<baccenfutter> Doonz: more details... it should be 4TB
<Doonz> ok
<Reepicheep> Doonz: you didn't happen to build the raid 5 with 3 of the 5 drives or have 2 hot spares or anything like that?
<Doonz> no
<Doonz> 0  Array_1  RAID 5  3.64 TB
<Doonz> dumpe2fs 1.41.9 (22-Aug-2009)
<Doonz> Block size:               4096
<Doonz> bah bbl
<mjeanson> doonz: the output of "sudo parted /dev/sdX print" would be useful
<jmarsden> Doonz: If you used a 1K block size, 2TB is the max size of an ext3 filesystem.  Does your application really require one filesystem larger than that?  Have you considered how you will back it up, how long it will take to fsck, etc ?
<jmarsden> Doonz: Also check you are using a partitioning method that allows such huge partitions... http://www.cyberciti.biz/tips/fdisk-unable-to-create-partition-greater-2tb.html
<kirkland> mathiaz: around?
<mathiaz> kirkland: o/
<kirkland> mathiaz: hi there
<kirkland> mathiaz: i was having some issues with the eucalyptus merge
<kirkland> mathiaz: i'm trying something else now
<kirkland> mathiaz: actually, the build
<kirkland> mathiaz: let me try this first, and i'll ping you if still broken
<kirkland> mathiaz: did you get your machine fixed?
<mathiaz> kirkland: yes :)
<kirkland> mathiaz: \o/
<mathiaz> kirkland: and now I've got 2x500 Gb additional hard drives in there as well
<kirkland> soren: so all of that patch is auto-generated, or just the configure part?
<iooooor> how can I tar a folder and not get the whole directory tree in the tar file, just the files in a flat list?
<kirkland> mathiaz: okay, http://paste.ubuntu.com/332470/
<kirkland> mathiaz: that's what I'm hitting
<kirkland> mathiaz: from line 3134, i'm wondering if that's something i can set in the debian/rules file?
<mathiaz> kirkland: shouldn't libmod_rampart.so.0 be a build-dependency of eucalyptus?
<mathiaz> kirkland: Note: libraries are not searched in other binary packages that do not have any shlibs or symbols file.
<mathiaz> kirkland: is rampart set correclty?
<mathiaz> kirkland: I'm not too familiar with that kind of things though
<mathiaz> kirkland: you may wanna ask in #ubuntu-devel
<kirkland> mathiaz: yes, definitely a build-dep, and i have it, the so is on my system
<kirkland> mathiaz: it has something to do with the ld lib path
<kirkland> mathiaz: i've commented out a large, broken patch that affect this
<mathiaz> kirkland: where is the .so file located?
<kirkland> mathiaz: i suspect there's more i need to do
<mathiaz> kirkland: hm - may be the patch is actually needed
<kirkland> mathiaz: /usr/lib/axis2/lib/libmod_rampart.so.0
<kirkland> mathiaz: yes, at least part of it still
<mathiaz> kirkland: IIUC the patch was regenerating the configure files?
<kirkland> mathiaz: well, part of it was a regenerated configure
<mathiaz> kirkland: /usr/lib/axis2/lib/libmod_rampart.so.0 - not sure if /usr/lib/axis2/*lib*/ would be searched for
<kirkland> mathiaz: part of it touched other files though
<mathiaz> kirkland: what happens if you copy libmod_rampart.so.0 to /usr/lib/axis2/ ?
<mathiaz> kirkland: would the package build?
<kirkland> mathiaz: let me try ...
<kirkland> mathiaz: no, that didn't help
<mathiaz> kirkland: hm - and if you move libmod_rampart.so.0 to /usr/lib/ ?
<kirkland> mathiaz: i'll try that (symlinking it there)
<mathiaz> nijaba: hi
<mathiaz> nijaba: do you know where I can find the list of -server packages that have a 5 year maintainance?
<mathiaz> nijaba: for hardy
<nijaba> mathiaz: ubuntu-maintenance-check project on LP
<nijaba> mathiaz: use the python version that mvo just uploaded
<kirkland> mathiaz: still no go
<mathiaz> kirkland: always the same error?
<kirkland> mathiaz: yeah
<rickspencer3> smoser, hi, is getting a desktop in the cloud set up by alpha 2 feasible?
 * rickspencer3 is setting up work items of a2
<kirkland> soren: can you please provide some detail as to how 04-axis2c-1.6.0-rampart-1.3.0.patch was created, and should be updated?
<mathiaz> kirkland: what does dpkg -S /usr/lib/axis2/lib/libmod_rampart.so.0 say?
<kirkland> mathiaz: librampart0: /usr/lib/axis2/lib/libmod_rampart.so.0
<smoser> rickspencer3, the freenx is the biggest question
<rickspencer3> smoser, can we just go with the google one?
<rickspencer3> or is that the question?
<smoser> getting an image built is 2 or 3 days work probably (the scripts have to be genericized to not include "-server")
<rickspencer3> ug
<smoser> that probalby should be done... so i'm happy to do it.
<rickspencer3> ok
<rickspencer3> so what do I need to do after that?
<smoser> i guess i'd just have to pick the neatx package from https://launchpad.net/~freenx-team
<smoser> and then kind of just cross our fingers..
<mathiaz> kirkland: what's the (dropped) patch you're looking at?
<kirkland> mathiaz: debian/patches/04-axis2c-1.6.0-rampart-1.3.0.patch
<kirkland> mathiaz: i'm trying to get that applying cleanly now
<majuk> Hiya fellas. Small problem. I just added a user with primary group ADMINS. The entry in /etc/passwd shows the correct default group for the user, but /etc/group does not list the user as a member. .......I do not know why this would be. Anyone care to enlighten me?
<majuk> *correct default group GID, that is
<baccenfutter> majuk: if it is his def grp it doesn't show in group
<majuk> baccenfutter! Ah. I see.
<majuk> Thanks
<baccenfutter> or do you see the user root in /etc/group behind the group root?
<mathiaz> kirkland: hm - not sure if that would help this problem though. The patch mainly adds the correct linker flags to the targets
<mathiaz> kirkland: reading the build log it seems that the correct links are already uses
<mathiaz> kirkland: *used*
<mathiaz> kirkland: I think that what is missing is either symbols or shlib files for the rampart package
<kirkland> mathiaz: yeah, that's what i'm seeing there
<mathiaz> kirkland: you  might have to fix the rampart package first, before being to build eucalyptus
<mathiaz> kirkland: http://www.netfort.gr.jp/~dancer/column/libpkg-guide/libpkg-guide.html
<mathiaz> kirkland: ^^ that should help you doing so
<kirkland> mathiaz: cool, thanks mathias
<majuk> baccenfutter! Nah
<kane_> time for food, bbl &
<uvirtbot> New bug: #490951 in quagga (main) "quagga needs libreadline5" [Undecided,New] https://launchpad.net/bugs/490951
<kirkland> mathiaz: okay, i confirmed with nurmi that that patch is no longer needed
<kirkland> mathiaz: well, the bulk of it anyway
<mathiaz> kirkland: right - you may wanna confirm in #ubuntu-devel that adding a symbol|shlib file to rampart is the solution to your build problem.
<cj> what's the process of getting a new version of lsb-release into hardy?
<cj> the current version breaks if we use a sources.list.d/foo.list with a uri unlike http://domain/ubuntu
<cj> we are keeping our repo in http://domain/packages/stable/ubuntu/
<cj> it is fixed in lenny and karmic
<JanC> cj: sounds like you want a backport
<JanC> or maybe SRU
<cj> JanC: perhaps, but I don't want to add the backports.org entry to sources.list if I can avoid it
<JanC> I was talking about ubuntu-backports, but if you're pretty sure this won't break anything you could ask for a SRU (Stable Release Update) so that it goes into ubuntu-proposed and then later into ubuntu-updates
<cj> alrighty.  where do I submit requests?
<JanC> cj: and the SRU process is documented on the wiki
<cj> okay.  google it is.
<JanC> (I don't know exactly without looking myself ;) )
<cj> https://wiki.ubuntu.com/StableReleaseUpdates :)
<cj> thanks for the tips.
<nijaba> smoser: ping
<smoser> nere
<smoser> here
<nijaba> smoser: time to talk about this plugin thing?
<smoser> ok. sure.
<nijaba> smoser: would be quiker here than through the wiki
<smoser> sure.
<nijaba> smoser: what I am seeing is something like:
<nijaba> plugin/<name> as a type
<nijaba> where name is the name of a package to install
<nijaba> then the payload of the mime section is some data to pass to the package once installed
<smoser> how do i know how to "pass to the package" for generic package
<smoser> what does that mean for anacron , app-install-data , bridge-utils ...
<smoser> (random assortment of packages)
<nijaba> smoser: the idea is that a plugin is not a random package, but a package which as a command with its name
<nijaba> smoser: is plugin/toto has a command toto that will accept data from stdin
<nijaba> smoser: but you might have a better plan
<smoser> i think i'm confused.
<smoser> you said "plugin/<name> as a type" "where name is the name of a package to install"
<nijaba> right
<nijaba> for example this would be plugin/toto
<nijaba> which would install package toto
<smoser> ah. so seeing a 'part' that had 'type' of 'plugin/toto' would indicate that i do:
<nijaba> which contain a /usr/bin/toto command
<smoser> apt-get install toto
<smoser> toto < part-file
<nijaba> command which expect some data from stdin
<nijaba> smoser: exact
<smoser> this seems to require that packages be generally crafted to have command == package name and command able to parse that input
<nijaba> smoser: what do you think? seems fairly fliexible to me
<nijaba> smoser: ok, how would you see that?
<smoser> well for your given example of 'toto'.  the 'toto' package might have a 'toto' command, but many do not have a binary in them named with package name
<smoser> my plan for "insert plugin" funciontality was more like
<nijaba> smoser: yes, I was assuming that plugins would be specially crafted
<smoser> ah. ok. i think i see now.
<smoser> my plan was more along the lines of:
<smoser> - a 'part' is of type 'plugin' is expected to be python code that implements a method 'register'
<smoser> - the 'part' is then saved and made available to python, and its 'register' function called
<smoser> - that 'register' function registers that it is interested in parts of type 'my-new-type'
<nijaba> smoser: as the mime part is the actual code?  how does this differ from passing a script?
<nijaba> smoser: how would I use a program that is not python?
<nijaba> smoser: ie, ruby for example?
<smoser> hm... i didn't thikn that it was all that big of a deal.
<smoser> baiscally, the main user-data-parser is in python, its plugins are python, and you can insert a plugin via user-data
<nijaba> so, if i understand correctly, you wold have a 2 part mime
<smoser> multi-part mime
<nijaba> part 1 has type plugin/bleh, containing some python with a handler name register
<smoser> right.
<nijaba> it reigster type bleh/mytype
<nijaba> part 2 is of type bleh/mytype
<nijaba> which it then process...
<nijaba> correct?
<smoser> right. when part2 is processed, part 1 has already registered for that type of data
<smoser> and so part 1 is called as the handler
<smoser> for it
<nijaba> smoser: ok, how would you handle the following use case.  Nick wants to
<nijaba> Nick wants to use chef to configure his instance, passing chef all necessary info to do so.
<nijaba> I would have to write a plugin in python that would be a wrapper to whatever chef expects?
<nijaba> But when (how) would I get chef installed?  from the python script?
<smoser> yeah.
<nijaba> smoser: ok.  I see
<nijaba> smoser: I guess if we provide some good example, your method is more flexible than mine.  sorry it took me so long to get it
<smoser> nijaba, i think that your generic "install package plugin" could be implemented fairly easily.
<smoser> we will have some examples, as my intent is that all the function we have will be done as plugins
<smoser> ie, the "#!" plugin, config plugin ...
<nijaba> smoser: ok, thanks for taking the time to make me understand.  you might need to document the blueprint a bit more with an example so that it is a bit more obvious
<smoser> i absolutely agree that documentation is needed :)
<soren> kirkland: Just the configure part was autogenerated, yes.
<kirkland> soren: okay, thanks;  turns out we should be able to drop this patch now
<soren> kirkland: To update it, ignore whatever does not apply and run autoconf.
<soren> Probably. It did, after all, come from upstream.
<kirkland> soren: as eucalyptus upstream has moved to this version of axis2
<soren> Good for them.
<soren> :)
<smoser> i just booted a lucid UEC build on karmic UEC (using -proposed). also, lucid builds are on ec2 and work there.
<Lichte> I just followed the Docs on the website to configure mysql, and I also just turned off apparmor but I am getting a "is not allowed to connect to this MySQL server error".........any docs or help for this ??
<Lichte> I'm trying to connect from another machine using SQLyog
<pmatulis> when using 'build-mkschroot' for karmic-i386 i get the following error:
<pmatulis> Errors were encountered while processing:
<pmatulis>  rsyslog
<pmatulis>  ubuntu-minimal
<pmatulis> E: Sub-process /usr/bin/dpkg returned an error code (1)
<pmatulis> .
<pmatulis> anyone?
<MagicFab> pmatulis, broken packages - remove/purge/reinstall them, retry
<lunaphyte_> hi.  i'm afraid i'm getting stymied by what i think is a simple permissions issue.  i can't seem to get dhcpd to read a file that i believe it should be able to.  if i could trouble someone to look at this pastebin, i'm hoping i'm just overlooking something basic.  http://pastebin.com/d657509
<lunaphyte_> it appears as though unless the file's group is the primary group for the dhcpd user, it's not able to read it.
<uvirtbot> New bug: #445990 in eucalyptus "Run instance fail with elasticfox" [Low,In progress] https://launchpad.net/bugs/445990
<zul> mathiaz: glassfish is easy merge?
<mathiaz> zul: I don't know - seems like it.
<mathiaz> zul: I may be wrong though
<mathiaz> zul: why?
<zul> mathiaz: nothing just commenting on it
<Hypnoz> Can anyone provide some more guidance? I have some big apache logs, and trying to parse out how many times each IP has connected during that log. So far I have cat info.log | grep REMOTE_ADDR | grep -v 129 | grep -v 153 | cut -b49- | sort | uniq
<uvirtbot> New bug: #484217 in eucalyptus "create keypair allows duplicates" [Low,In progress] https://launchpad.net/bugs/484217
<uvirtbot> New bug: #490623 in eucalyptus "Object get with extra headers (if-modified-since, if-unmodified-since) does not correctly parse RFC 1123 formatted datetime" [Low,In progress] https://launchpad.net/bugs/490623
<Hypnoz> that prints out a nice list of all the unique IP addresses in the log
<Hypnoz> but now I want to see how many times each of those IP's appear in the log
<Hypnoz> like a for each IP in list, grep $IP | wc -l
<Hypnoz> or something
<lunaphyte_> sort | uniq, then grep | wc -l
<Hypnoz> grep | wc -l manually for each IP in the output?
<lunaphyte_> well, you could, sure, but that seems silly.
<lunaphyte_> like you said - for each.
<Hypnoz> so how do i save that output of IP's to a list, then for each in that list do something
<Hypnoz> I know how to for each in a list
<lunaphyte_> use a variable
<Hypnoz> I can save a list to one variable
<lunaphyte_> for address in $(grep 'REMOTE_ADDR' info.log | grep -v 129 | grep -v 153 | cut -b49- | sort | uniq); do echo "${address}"; grep "${address}" info.log | wc -l); done
<lunaphyte_> or such
<lunaphyte_> assuming bash or posix
<Hypnoz> ahh sub command, clever
<lunaphyte_> command substitution.  you could write it to a var as well - same end result.
<Mickster04> well, i can log into a samba share with windows, i cant log in, but can access as guest on ubuntu, but when i run smbclient //server/shared is comes back with and error BAD_NETWORK_NAME
<Mickster04> any help?
<Hypnoz> DNS issue?
<Mickster04> well...i dunno
<Mickster04> thats the point?
<Hypnoz> no maybe that is why you're seeing BAD_SERVER_NAME
<Hypnoz> this is a section at the end of my smb.conf
<Hypnoz> [Netops Share]
<Hypnoz>    comment = Global Netops Share
<Hypnoz>    path = /u1/samba/NetopsShare
<Hypnoz>    guest ok = yes
<Hypnoz>    browseable = yes
<Hypnoz>    writable = yes
<Hypnoz>    create mask = 0755
<Hypnoz>    directory mask = 0755
<Hypnoz> the folder /u1/samba/NetopsShare is owned by samba:samba
<Hypnoz> with 777 permissions
<Hypnoz> i'm not sure if thats exactly how its supposed to all be, but thats what worked for me
<Hypnoz> and make sure the server name is in DNS with the right IP
<Mickster04> ooh ok
<Mickster04> will try some of that stuff out
<Mickster04> invalid user samba:samba
<Mickster04> its under /srv/shared
<Hypnoz> sudo chown samba:samba /path/dir
<Hypnoz> grep samba /etc/passwd
<Mickster04> yeah invalid user
<Hypnoz> does the user exist?
<Mickster04> nope
<Mickster04> why would it
<Mickster04> and anyway i had it working without thast
<Hypnoz> http://www.howtogeek.com/howto/ubuntu/install-samba-server-on-ubuntu/
<Hypnoz> read that. I believe I created a samba user, per like step 2
<Mickster04> step 2?
<Mickster04> where?
<Hypnoz> read that, middle of the page
<Hypnoz> bold section called "Create a Samba User"
<Mickster04> https://help.ubuntu.com/9.10/serverguide/C/samba-fileserver.html
<Mickster04> thats what im on atm
<Mickster04> but ill have a look at your site
<Hypnoz> i have workgroup = WORKGROUP
<Hypnoz> and security is commented out, so   ; security = user
<Hypnoz> make sure you reload samba after changes, sudo /etc/init.d/samba reload
<Hypnoz> or restart, either way
<Mickster04> well that hasnt worked?
<Mickster04> whats udner your [share] bit?
<Hypnoz> anyone know a bash command that would pull out only the IP from this line
<Hypnoz> [11-24-09 01:48:09] name = REMOTE_ADDR, value = 123.45.67.89
<Hypnoz> I was using cut -n49- or so, but timestamps seem to be different lengths
<Hypnoz> so i think i need to pull everything after the last space somehow
<lunaphyte> awk '{ print $8 }'
<Hypnoz> lunaphyte: you're a damn good scripter :)
<Hypnoz> lunaphyte: also i msg'd you earlier but no response, what's the difference between echo $address and echo ${address}
<Hypnoz> I ususally use {} to seperate out command seperated stuff, like rm -f {file1,file2,file3}
<lunaphyte> hmm, i guess i missed it.  most of the time, nothing - but it's a good habit to be in, for various reasons.
<lunaphyte> you can read up on parameter expansion if you're truly curious.
<Hypnoz> hard to keep them all straight, $`command` ${command} $(command)
<Hypnoz> you know what each of those does?
<lunaphyte> well, the back ticks are more "portable", most folks will say, so there's a benefit there, as an alternative to ${}.  but the third is command substitution, which is something totally different.
<lunaphyte> (but only a benefit if you need portability.  otherwise, imo it's much harder to misread)
<Hypnoz> VAR = $`command` evaluates the command in a subshell, and the result is saved to the variable right
<lunaphyte> no need for the $
<Hypnoz> when i changed echo ${address} to echo $address nothing changed
<Hypnoz> so i'm not understanding what the { } might do
<Hypnoz> http://www.xaprb.com/articles/bash-parameter-expansion-cheatsheet.pdf
<Hypnoz> pretty good cheat sheet involving ${ } stuff
<lunaphyte> pe is powerful stuff.
<Hypnoz> seriously, this gets so complex no one could remember all this syntax
<lunaphyte> lots of practice can change that.
<JanC> Hypnoz: $foobar is not the same as ${foo}bar  ;)
<garrythefish> as i said, not enough real drilling
<Hypnoz> I see, thanks Jan
<garrythefish> that's what's the problem with the lesbos at #ubuntu-women
<Hypnoz> it seems there's much more to it than just that though, inside the { } you can do a whole bunch of things, including replace, search, and substitute
<JanC> garrythefish: please behave
<Hypnoz> agreed. Obviously those girls would go to #ubuntu-ilovefishtacos. Please don't generalize
<JanC> Hypnoz: in bash, yes, but remmeber that not all of that works in every shell
<Hypnoz> I'm already confused by all the options in ${ }, I haven't even started to look at $( )
<Hypnoz> or $(${`command`})
<Hypnoz> i think i just gave myself a bloody nose thinking about that too hard
<baccenfutter> lol
<Daviey> !ops | garrythefish
<jpds> Daviey: Yeah, here neither.
<Hypnoz> shouldn't you +b the ip not the username?
<baccenfutter> seems garrythefish is also missbehaving in #ubuntu-de with the same foolish shit
<jpds> Hypnoz: What IP?
<JanC> might be useful to warn the -de ops then
<Hypnoz> I thought you could get the IP from doing /whois nick
<jpds> Hypnoz: [!] garrythefish (Garry the Fish) [n=fisher@unaffiliated/garrythefish] has joined #ubuntu-server
<baccenfutter> Hypnoz: nope just the HM if not using a cloak
<Hypnoz> ya thats what i see too...
<Hypnoz> maybe i'm thinking old school irc
<Hypnoz> you used to be able to get all kinds of info with a whois
<baccenfutter> cloaks make banning easier though ;)
<baccenfutter> or, let's say, more comfortable
<Hypnoz> couldn't he just change his nick and rejoin the channel?
<baccenfutter> Hypnoz: he'd have to /msg nickserv logout
<baccenfutter> as long as he keeps his n! he keeps his kloak afaik
<testmycloak> testmycloak n=backenfu@c-base/crew/backenfutter
<baccenfutter> whatever the +e flag does, it's the only thing that changes
<baccenfutter> Pici: he already has a whole bunch of +b
<Pici> baccenfutter: that was a remove
<Pici> hes gone from freenode
<baccenfutter> they d-line the acc?
<baccenfutter> he went "heil hitler" in #ubuntu-de
<Pici> I didn't see exactly, but that or a kline (which is network wide on freenode)
<baccenfutter> freenode++
#ubuntu-server 2009-12-02
<RoyK> baccenfutter: wtf - who did?
<baccenfutter> the garrythefish guy
<lunaphyte> how can i show the real group and effective group for processes in he output of ps?
<thenetduck> hi, i'm setting up postfix on my hardy heron server and I was wondering what would the best option be for a website that sends simple emails for welcome and orders?
<thenetduck> there is "internet site" internet site with smarthost"
<thenetduck> and some other options
<lunaphyte> isn't there already a mail server on your network you can use?
<thenetduck> lunaphyte: i'm using a slice from slicehost
<thenetduck> I don't know, i'm kind of new to the mail server thing
<thenetduck> there is something called sendmail I think
<thenetduck> to be honest, I acutally need some realy help getting my mail server set up
<lunaphyte> running a mail server isn't trivial.  you really should employ someone who can ensure things go well.
<thenetduck> lunaphyte: I have no money, I guess this is more of a learning experience
<thenetduck> now if I had a job... haha
<lunaphyte> employ doesn't necessarily mean money.
<lunaphyte> does slicehost provide a mailserver for their customers to use?  if so i would just use that.
<thenetduck> um, I don't know I should ask
<lunaphyte> probably a good idea.
<thenetduck> I guess the problem is my rails app uses :sendmail for the server
<lunaphyte> that's no problem.
<lunaphyte> assuming your provider provides a mail server, all you need is a null client, not an mta.
<mrchrisadams> lunaphyte: how does that normally work?
<lunaphyte> what?
<lumpEee> greetings all
<mrchrisadams> I have one account with webfaction which has a mailserver at mail.webfaction  that I can send mail through from an app
<mrchrisadams> much like thenetduck
<mrchrisadams> but I've recently started using a vps
<mrchrisadams> which doesn't explicitly have a mail server for this
<lumpEee> this is support channel for ubunter server correct?
<mrchrisadams> or at least there isn't something like mail.vpscompany.com, like webfaction provided
<thenetduck> lumpEee: no it's for elephants who like to eat peanuts
<lunaphyte> mrchrisadams: you'd just have to ask, like thenetduck
<lumpEee> oh good i fit in there too
<thenetduck> haha
<lumpEee> and thenetduck, likely i will have more dumb Qs
<mrchrisadams> ah, "A null client is a machine that can only send mail. " - http://www.postfix.org/STANDARD_CONFIGURATION_README.html
<thenetduck> lumpEee: i'm pretty much the biggest noob on the chanell so ask away ahah
<lumpEee> I like ubuntu, have needs best met by a server and am rather a n00b at ubuntu server
<lumpEee> i ain't even ready to ask yet
<lumpEee> i am reading through docs and figured it be a good idea to lurk here a bit
<lumpEee> i love ubuntu though
<lumpEee> just not used to any type of server stuff outside of CPanel
<thedoble> lumpEee: feel free to lurk, I'm a windows sysadmin who'se slowly converting to the dark side :)
<thenetduck> lunaphyte: well they do but it's 10/month for it. I'm not paying that haha
<lunaphyte> no surprise there.
<lumpEee> thedoble, i still have a ME machine running.. lol
<lumpEee> other than that one XP and the other 4 all flavors of ubuntu
<thedoble> lumpEee: heh, I am not yet a fan of ubuntu desktop, but I like the server version a lot. I have a macbook now as well so I am slowly weaning myself off microsoft !
<lumpEee> i have the studio version, the net book remix version, the desktop (although I mostly use it as storage via the network) and just build a server
<mneptok> oh yes. Apple is a *much* more open company than is Microsoft. they treat their users with respect, assuming them to be intelligent and capable.
<mneptok> </sarcasm>
<lumpEee> i am rather fond of the way they did the netbook version
<lumpEee> i really like it on this Eee
<lumpEee> studio is also very good with a real time kernel
<thedoble> lol
<lumpEee> but as for the desktop version.  I just set up file sharing and it sits in my lr
<lumpEee> my7 migration seem to be more toward ubuntu than "a company that used to be deifned by a band"
<lumpEee> heh
<lumpEee> sorry i am an apple fan in another way
<thedoble> i still struggle to get my head around linux file permissions in samba
<lumpEee> thanks for saying that
<lumpEee> one of the things i am having problems with myself
<lumpEee> corect my n00b arse if wrong
<lumpEee> it just don't seem to work right from the GUI
<thedoble> i dont know, I don't use the GUI, but I do know that it can be really confusing in the command line too
<thedoble> i think its just different
<thedoble> and i need to relearn how i think about it
<lumpEee> i am not afraid of cli
<lumpEee> just reaaaal rusty at it
<lumpEee> the last time i played with php it was 3.0
<lumpEee> i am just at a point where i really need a server
<lumpEee> so it is time to hit the books again so to speak
<thedoble> hehe
<thedoble> i dont do much work with web servers
<lumpEee> more of a database and media server in my case
<thedoble> cool
<thedoble> yeah i am mostly file/print/domain/email stuff
<thedoble> small businesses
<lumpEee> i do podcast and internet radio
<lumpEee> i do all indie artists
<lumpEee> i just need to create a server so that I am not the only one able to enter data to the database and add media to the streaming server
<lumpEee> i know it can be done
<lumpEee> i believe i am tech competent enough to do it
<lumpEee> just not sure exactly how and gotta shake some rust out of me
<thedoble> nice one
<thedoble> sounds like a good project
<thedoble> good luck :)
<thedoble> have you read through the ubuntu official documentation ?
<thedoble> some of it is brilliant stuff
<lumpEee> i am doing that as i go back and forth
<lumpEee> i have actually installed server 2x atm
<lumpEee> each time i do so, i read more, figure out a bit more and decide the do-over is better
<lumpEee> things have improved much since i played much with anything other than a CMS about 10 years ago
<thedoble> hehe
<lumpEee> and, again, that was all CPanel
<lumpEee> i did not actually have to install everything
<lumpEee> the docs are good though
<lumpEee> i am just going through them with a highligher in oo right now
<tonyyarusso> Hi, I was just looking over the server seeds proposals for Lucid.  Two relatively minor questions regarding that:
<tonyyarusso> 1)  What's the rationale for dropping vlock?  It's small, but has come in handy for me a few times.  Is there a better replacement these days, or would it be dropped without a replacement in main?
<lumpEee> gnight all
<tonyyarusso> 2)  Has there been any consideration given to possibly putting an IRCd in main, either for Lucid or later?
<twb> tonyyarusso: !anyone :P
<ScottK> tonyyarusso: You'll probably have more luck during when mathiaz`or ttx are around.
<tonyyarusso> ScottK: all righty
 * tonyyarusso idles
<marks256> Say if i had a lab of 50 ubuntu computers, could i have an update server so i dont have to download 50 400mb updates (example size). Then i would only have to download 1 400mb set, then distribute it to the lab
<twb> marks256: yes.
<marks256> twb, how would it work?
<twb> It'd be even easier to simply use LTSP, so that you maintain one image and all the lab machines are updated automatically by rebooting
<marks256> yeah. LTSP would be nice. but i'm just asking for proof-of-concept
<twb> But if you just want a local cache of package updates, I highly recommend debmirror.  If you're very tight on bandwidth, you could try apt-cacher[-ng] or apt-proxy, but both have caused me huge problems in the past.
<marks256> twb, aah ok. repos dont mind keeping dumps of them though?
<twb> In particular, one of them (apt-cacher?) is vulnerable to injection attacks by any client, which -- although being caught by checksumming -- might be overridden by an ignorant user.
<twb> marks256: debmirror magically maintains a partial copy of the Ubuntu archive.
<twb> e.g. you can tell it "keep a copy of hardy and hardy-security for i386 and amd64, but don't mirror the "games" section or the "universe" category."
<marks256> twb, neat!
<twb> IIRC a single-arch, single-release mirror is on the order of 10 to 30GB.  The updates each week are negligible (for stable releases) or significant (for ubuntu+1, testing and sid)
<twb> The other thing you could do, which I haven't tried yet, is setting up apt-bittorrent.
<marks256> oh my that's not bad
<marks256> only 30gb?
<twb> 31GB for --arch i386 --nosource --dist hardy,hardy-updates,hardy-security,hardy-backports --section main,restricted,universe,multiverse
<twb> Unfortunately I don't keep a record of downloads per week
<marks256> wow
<marks256> i though it'd be more along the lines of a few hundred gb!
<twb> Where that kind of size comes in is if you want to track all the arches that Debian supports
<twb> Which according to type-handling, is: cpus [alpha amd64 arm armeb armel avr32 hppa i386 ia64 lpia m32r m68k mips mipsel powerpc ppc64 s390 s390x sh3 sh3eb sh4 sh4eb sparc] Ã systems [darwin freebsd hurd kfreebsd knetbsd kopensolaris linux netbsd openbsd solaris uclibc uclinux]
<tonyyarusso> marks256: I've been keeping local mirrors for a while.  For fine-grained control, ie for just one release, one architecture, I've been very happy with apt-mirror.  I recently decided to do a full mirror, and I'm pulling that down with the ubumirror utility.
<tonyyarusso> (Which, btw, I put in my PPA if you'd rather apt-get than bzr branch)
<marks256> twb, aah ok ok
<marks256> tonyyarusso, ok cool. this sounds quite useful
<tonyyarusso> marks256: It's about 250GB for all supported releases, btw.
<tonyyarusso> i386 and amd64.
<marks256> tonyyarusso, :o oh my
<wolfrein> hi everybody
<wolfrein> i have a problem with one of my ipsec tunnels
<wolfrein> it doesnt come up when i do a racconctl fs isakmp followed by fs ipsec
<wolfrein> the preshared key is not issued
<wolfrein> when i check status, it shows all 0000000 in the preshared key position
<wolfrein> please advise how i can rectify this
<twb> tonyyarusso: have you used both apt-mirror and debmirror?  Would you care to compare them briefly for me?
<tonyyarusso> twb: I haven't tried debmirror, no.
<uvirtbot> New bug: #461444 in eucalyptus "memory leaks in NC: getConsoleOutput and startup_thread" [High,In progress] https://launchpad.net/bugs/461444
<marks256> tonyyarusso, twb, thanks for the hlep guys
<wolfrein> please advise about the ipsec tunnel
<twb> Why doesn't ntpd like to bind to my IPv6 address? http://hpaste.org/fastcgi/hpaste.fcgi/view?id=13480#a13480
<twb> Also, how can I just tell my 8.04 system to not use IPv6 at all?
<Clusty_> hey
<Clusty_> are there generally any issues when it comes to blooth dongles?
<Clusty_> or most chips are really supported
<twb> Answer: change /etc/modprobe.d/aliases:alias net-pf-10 ipv6 from "ipv6" to "off".
<MBCR> !ops
<MBCR> !staff
<ScottK> MBCR: What are you doing?
<MBCR> calling the ops duh
<MBCR> !ops
<ScottK> Apparently not.  Why?
<Ninjix> hello all
<Sorell> hi Ninjix
<Ninjix> greetings Sorell
<Ninjix> I'm looking to discuss Intel ICH10R "fakeraid" with anyone that has any production experience with them
<twb> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<Ninjix> twb: Hi there
<jmarsden> Ninjix: https://help.ubuntu.com/community/FakeRaidHowto
<jmarsden> Basically, it doesn't make sense to use fakeraid on a server, software RAID is more flexible and performs as well.
<Ninjix> jmarsden: Yes, I have always believed that but so many servers come with fakeraid now
<Ninjix> jmarsden: and the tech has been around a few years now
<jmarsden> Preconfigured Ubuntu servers that use fakeraid?  Interesting.  Just because the motherboard chip can do it doesn't make it a good choice for a Linux/Ubuntu server.
<Ninjix> True
<jmarsden> What would you hope to gain from using fakeraid -- how would it benefit your users or your sysadmins or your profit margin, compared to using software RAID ?
<Ninjix> I having good success with Adaptec 2258100-R cards but would rather not have to shell out extra $400
<Ninjix> I trying to move as much of our data center to commodity hardware as possible
<jmarsden> I don't think you'lld get hardware RAID performance from fakeraid; I think youu'd fine software RAID performance about equal to fakeraid... so then the chocie is between software RAID or hardware RAID... right?
<Ninjix> Disk IO is a tough obstacle, though
<jmarsden> Interesting... a lot of people are moving the other way -- a few big servers and virtualization, rather than many cheap servers.
<Ninjix> ah.. don't get me wrong. I'm moving down that path as well
<jmarsden> At the same time?  So... a few really big fast but cheap commodity servers?  :)  Where can I find some of those? :)
<Ninjix> this year we are moving off VMware and onto Ubuntu KVM virtualization
<Ninjix> after spending tons of money on Dell and HP "enterprise" class hardware for years now, I sat back and ask my team how much of those enterprise features we were really using
<Ninjix> the answer turned out to be very little
<Ninjix> this made us rethink where we spend our money, especially with the economic condition of the last year
<jmarsden> Sure... but you've had hard drives fail and may even have hot-swapped them when that happened... that's a different level of "enterprise-class" than the "lights out management" and similar things, I'd think.
<Ninjix> agreed
<freeflying> ha all
<freeflying> I can ping other machine from an instance in UEC, but can't access to the instance from other machine besides from cloud clontroller
<Ninjix> and now we're returned to rolling our own white-box servers that have redundancy where we use it the most like hot swap bays
<jmarsden> Ninjix: So maybe you really want to move towards commodity server hardware, but still hardware RAID cards and hot swap disk chassis... yup.  Makes sense.
<jmarsden> Maybe you can build two such boxes, one software RAID and one hardware RAID, and benchmark for your workload and then decide if the $400 is worth it for your situation?
<Ninjix> so far I've had mix results in our tests
<Ninjix> the fakeraid can hang with the hardware RAID on 0,1 and 10
<Ninjix> moving up to RAID 5 there's where the parity hurts
<jmarsden> I guess that makes sense.  Did you compare fakeraid with pure software (mdadm) RAID too?
<Ninjix> same hardware with Windows drivers produces better results by some extra % points
<jmarsden> But for the cost of Windows Server you can buy a hardware RAID card :)
<Ninjix> I haven't tested the ICH10R against Linux RAID yet
<Ninjix> Good point. Love FOSS cost savings. :)
<Ninjix> freeflying: I wish I could help but I still waiting to get the chance to play with UEC
<jmarsden> Ninjix: I'd think hard about doing RAID5 fakeraid in production... if things go bad and you end up needing to rescue a broken array, you're more likely to find people and tools for messing with the guts of an mdadm setup than with a (Linux) fakeraid-based array, I suspect.
<jmarsden> So unless fakeraid has significant reliability or performance benefits (which I don't think it does), I'd use mdadm software RAID rather than fakeraid.  But that's just me.
<Ninjix> yes. That seems to be the general consensus. I know guys that won't use hardware raid for that reason.
<Ninjix> No one want to get burned by proprietary drivers or even hardware
<jmarsden> Yes... although real hardware raid on a controller from a decent vendor is slightly different; the vendor can often help you rescue things, and since the RAID is hardware they don't need to know Linux to do so... only their own hardware.
<Ninjix> thankfully I have only come close to that with Dell PERC controllers
<jmarsden> We've seen some Windows servers where older Adaptec SCSI RAID5 broke badly, and their techs can do what looks near-miracles to get things going again... I think twice in the last 4 years I have seen that.
<Ninjix> yes, Adaptec hasn't ever let me down. Still have a old 2940 SCSI card around here somewhere. :)
<jmarsden> That's pretty old now, I remember those :)
<Ninjix> how about yourself? what kind of disk IO solution are you running your Ubuntu servers on?
<jmarsden> Software RAID1; we're doing smaller lower cost servers mostly where the cost of a hardware RAID card doesn't seem to be justified.  For a couple of clients that did need more serious IO we did SAS drives and an LSI MegaRAID card, I don't remember the exact model.
<Ninjix> 15k SAS drives?
<fallous_> I was always a symbios fan myself.  875-based cards were the bomb
<jmarsden> Yes, Seagate.  I'm really more of a network/sysadmin, I only get involved with low level hardware details when I have no choice :)
<Ninjix> nice chatting with you this evening
<jmarsden> Likewise.  Sometimes it is nice *not* to be helping out teenage newcomers with minimal Linux background :)
<billybigrigger> hey im 24
<billybigrigger> thank you very much
<billybigrigger> :P
<jmarsden> :)  Hi billybigrigger
<billybigrigger> jmarsden, howdy
<tonyyarusso> ttx: Hey, I was wondering if you could comment on either of these things re: server seed proposals for Lucid:
<tonyyarusso> 1)  What's the rationale for dropping vlock?  It's small, but has come in handy for me a few times.  Is there a better replacement these days, or would it be dropped without a replacement in main?
<tonyyarusso> 2)  Has there been any consideration given to possibly putting an IRCd in main, either for Lucid or later?
<ttx> 1) I don't know, feel free to ask the question in the discussion section of the spec
<ttx> 2) I guess yes
<Maleko> how do you view parition details, aside from using fdisk -l
<jmarsden> Maleko: YOu could use cfdisk if you prefer :)  What is wrong with using fdisk -l ?
<Maleko> it does not give in-depth details such as partition filesystem, total size in gb, free space etc
<jmarsden> How could it... it is just reading the partition table, which does not contain that information.
<jmarsden> If you know what fs is on a given partition you can use fs-specific tools to look at that fs...
<Maleko> hmm. what about ext* ?
<jmarsden> tune2fs -l   would work on ext2/ext3 filesystems, lots of info there, for example...
<_ruben> looks kinda "ironic" to me: process `sysctl' is using deprecated sysctl (syscall) net.ipv6.neigh.default.retrans_time; Use net.ipv6.neigh.default.retrans_time_ms instead.
<uvirtbot> New bug: #491288 in samba (main) "File corruption after copying files via samba from Karmic to Karmic" [Undecided,New] https://launchpad.net/bugs/491288
<uvirtbot> New bug: #490843 in net-snmp (main) "Confusing debconf question on dist-upgrade" [Wishlist,Confirmed] https://launchpad.net/bugs/490843
<uvirtbot> New bug: #491084 in eucalyptus "Object get requests will non determinstically fail (with the rightaws library)" [High,Fix committed] https://launchpad.net/bugs/491084
 * soren grabs some lunch
<alvin> Good to see there's another Server survey.
<ivoks> when is the meeting?
<Aison> hello
<Aison> I installed ubuntu server on two machines
<Aison> on one machine, /etc/fstab root is monted at /dev/mapper/mediaserv-root
<nijaba> ivoks: meeting is at 2PM UTC, 2h from now
<Aison> on the other machine, root is defined by an UUID
<Aison> why this difference?
<ivoks> right in the middle of working hours :/
<ivoks> Aison: it's newer version of ubuntnu
<Aison> but I installed both from the same ubuntu cd?
<ivoks> which one?
<ivoks> ubuntu ...?
<ivoks> 8.04?
<ivoks> 9.10?
<Aison> 9.10 amd64
<ivoks> so, on one you installed LVM, and on the other you didn't right?
<Aison> hmm, I just noticed that also
<Aison> ;)
<ivoks> hehe
<Aison> is there a good howto for ubuntu 9.10 to build my own custom kernel? because I've got 12 DVB-s Cards in this machine, I need to change some constant in the kernel sources
<Aison> by default, the kernel support just 8 DVB Cards at the same time
<Aison> the wiki here https://help.ubuntu.com/community/Kernel/Compile  is not working somehow
<ivoks> there's git
<ivoks> https://help.ubuntu.com/community/Kernel/Compile#Build%20the%20kernel%20%28when%20source%20is%20from%20git%20repository,%20or%20from%20apt-get%20source%29
<ivoks> this should work
<Aison> thx
<Aison> :)))
<zul> morning
<acalvo> how can I grow a LVM partition, if it is mounted as /?
<alvin> acalvo: The same way as you grow other logical volumes. It works.
<acalvo> but, shouldn't it be unmounted first?
<alvin> no, you can resize online
<alvin> first, use lvresize, and then resize2fs
<acalvo> even with ext4?
<alvin> yes, even with ext4
<acalvo> thanks alvin, I'll try it
<acalvo> is it worth to have vmware tools installed on a production server?
<zul> morning
<nijaba> morning zul
<nijaba> acalvo: if your server is running on ESX or a VMware product, yes, it makes a lot of sense
<acalvo> thanks nijaba
<acalvo> last question then: are the vmware packages available in any repository?
<soren> open-vm-tools.
<soren> I don't know if it works. Haven't used it in....
<soren> err...
<soren> a very long time.
 * soren desperately needs coffee
<acalvo> soren: quick question: where you from?
<soren> acalvo: Denmark
<acalvo> ok :)
<zul> aka vikingland
<soren> The very same.
 * zul smacks net-snmp around some
<soren> jdstrand: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=32f021f2664290cffe34723c52435ac4a62fb365 fixes the eventtest thing.
<soren> jdstrand: If you'd rather leave that to me, that's perfectly cool as well.
<jdstrand> soren: ok, thanks
<soren> ..but there it is.
<jdstrand> soren: I ran into some other issues (hal), but am working through them. I'll apply that commit too
<cyphermox> I'm trying to setup a full kickstart for a ubuntu server using the kickstart compatibility config format. What would be the way to skip the creation of the initial user?
<cipix> hi all. I'm having an issue on a ubuntu server with grub2 installation in that when server boots it gives me the error "You need to load the kernel first" and I tried grub-install and update-grub and I don't know what else to check to see what's wrong and to fix it. can you help me please?
<uvirtbot> New bug: #485760 in php5 "Need to upgrade integrated zip module" [Undecided,Fix released] https://launchpad.net/bugs/485760
<RoyK> u hm... http://www.grist.org/article/2009-11-18-oil-enough-energy-to-melt-glaciers
<mathiaz> ttx: byobu isn't brought into main only by Recommends - http://people.canonical.com/~ubuntu-archive/germinate-output/ubuntu.lucid/rdepends/byobu/byobu
<mathiaz> ttx: it's a dependency from a bunch of packages
<ttx> mathiaz: ok, good.
<mathiaz> ttx: what I'm grepping for is packages that  only have Reverse Recommends and that they're brought in by one of the server seed (ultimately)
<mathiaz> ttx: the goal was to have a (rather) short list to review by hand
<mathiaz> ttx: and make proposal from it
<xfrogman5> Are ssl features installed and enabled with a standard Ubuntu LAMP installation?
<nijaba> xfrogman5: yes they are installed but not enabled
<xfrogman5> Can you point me to a detailed howto for enabling ssl within apache2
<nijaba> xfrogman5: https://help.ubuntu.com/9.10/serverguide/C/httpd.html
<xfrogman5> thx
<nijaba> xfrogman5: see ubuntu.com/server/doc for a summary of resources available about ubuntu server edition
<heath|work> can some pastie there source.list for 7.10, I'm getting nothing but 404's
<heath|work> or did support end and I not know it
<mjeanson> heath: http://old-releases.ubuntu.com
<soren> heath|work: Support ended more than 6 months ago. You should upgrade ASAP.
<heath|work> we are moving servers, I just needed to install git for a test thanks soren
 * MenZa makes mental note to upgrade his 8.10 box the moment 10.04 is out
<soren> MenZa: 8.10->10.04 is not a supported upgrade path, fwiw.
<MenZa> aye, I know
<soren> It may Just Work, but we put no effort into testing anything at all.
<MenZa> I'm scared to do it
<MenZa> I might just do a full backup and install 10.04
<soren> Bah. It's only bits and bytes.
<soren> :)
<MenZa> I regret not installing Hardy back when I set my box up
 * soren is still running hardy on most of his production systems.
<MenZa> I ought to on my server
<MenZa> I never considered using it for anything else than irssi, but I'm now running multiple websites and stuff on it
<soren> I suppose my primary work laptop is sort of a production system (at least in the sense that I'd be severely impaired if it broke), but it's running Lucid.
<MenZa> soren: So, you mean Jaunty with a new toolchain? and /etc/apt/sources.list?
<MenZa> er
<MenZa> s/Jaunty/Karmic
<MenZa> I can't keep up with releases anymore
 * MenZa has lived to see Breezy, Dapper, Edgy, Feisty, Gutsy, Hardy, Intrepid, Jaunty, Karmic and Lucid
<MenZa> Christ, that is a lot of releases.
 * MenZa feels old.
<soren> MenZa: No, Lucid is waaay past just being an updated toolchain.
<MenZa> soren: I suppose - Alpha 1 is out soon
<smoser> mathiaz, or anyone, have you done command line compltion before (ie, added bash completion hooks for a package) ?
 * soren goes to pick up his daughter at day care
<TeTeT_> how to exchange the self signed certificate for UEC with a CA signed?
<Rascal999> have setup up rsa/dsa so i don't need password for ssh but i get this error pop up in auth.log Error attempting to add filename encryption key to user session keyring; rc = [1]
<MTecknology> If my server is running on xen and I don't want xen to control the kernel; what kernel can I use that already has xen support built in?
<MTecknology> I tried -generic and -virt but neither seem to have xen support
<smoser> MTecknology, it depends on what version of xen you have. ... newer xen can boot either of the above kernels (i think) in pv_ops
<smoser> additionally there is the xen hvm, which i htink you mean by your statement of "don't want xen to control the kernel"
<MTecknology> smoser: I'm running on a Linode if that helps
<smoser> doesnt help me, sorry.
<MTecknology> smoser: I'm getting this error   ERROR Invalid kernel: elf_xen_note_check: ERROR: Will only load images built for the generic loader
<MTecknology> or Linux images
<MTecknology> xc_dom_parse_image returned -1
<smoser> MTecknology, i'm sorry, i can't be much more help. sorry to get your hopes up.  maybe someone else here can help.
<MTecknology> ok, thanks
 * ttx hates C
<Rascal999> ttx, why do you hate C?
<ttx> Rascal999: struggling with some memory management, I forgot how painful it can be.
<Rascal999> ttx, oh, not been there yet
<Rascal999> based on what I've learnt and done in C so far, I'm liking it
<Rascal999> but I haven't really touched on memory management, multi-threading or the rest
<kirkland> ttx: where is your eucalyptus SRU branch?
<kirkland> ttx: last i recall, it was a private branch owned by you
<kirkland> ttx: could you push it somewhere ubuntu-core-dev owned?
<ttx> kirkland: done already
<kirkland> ttx: sweet, link me :-)
<ttx> kirkland: http://bazaar.launchpad.net/~ubuntu-core-dev/eucalyptus/ubuntu-karmic/changes
<ttx> committed as rev725..726
<kirkland> ttx: thanks; i'll hack the new CLEAN=1 operations today
<kirkland> ttx: fixing the non-determinism seems, um, a bit harder
<ttx> kirkland: I didn't observe any non-determinism in my testing
<ttx> kirkland: doesn't mean there isn't any, by definition
<kirkland> ttx: https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/490382/comments/3
<uvirtbot> Launchpad bug 490382 in eucalyptus "eucalyptus-cc init script doesn't always clear /var/lib/eucalyptus/CC" [Medium,Triaged]
<ttx> i.e. stop eucalyptus-cc CLEAN=1 always PASSed
<kirkland> ttx: you wrote "Looks quite non-deterministic from here."
<ttx> arrh
<kirkland> ttx: typo?
<ttx> yep
<ttx> commenting
<kirkland> ttx: ah, would you add another comment to that effect?
<ttx> i progress
<kirkland> ttx: i was happy you had seen something similar to me :-)
<ttx> kirkland: https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/490382/comments/5
<uvirtbot> Launchpad bug 490382 in eucalyptus "eucalyptus-cc init script doesn't always clear /var/lib/eucalyptus/CC" [Medium,Triaged]
<ttx> sorry about that
<kirkland> ttx: no problem
<kirkland> ttx: so i'll add the new CLEAN=1 support, test that a bit, and push to proposed?
<ttx> yes, sounds good
<ttx> If you still observe some non-determinism, let me know which commands you tested
<ttx> I couldn't make it fail with "stop eucalyptus-cc CLEAN=1"
<ttx> but that's rather counter-intuitive
 * soren goes to dinner... bbl
<kirkland> ttx: question about https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/490382/comments/3
<uvirtbot> Launchpad bug 490382 in eucalyptus "eucalyptus-cc init script doesn't always clear /var/lib/eucalyptus/CC" [Medium,Triaged]
<kirkland> ttx: your comment about the env not being passed from eucalyptus to eucalyptus-cc upstart script ...
<kirkland> ttx:  is that supposition, or confirmed operation?
<kirkland> ttx: ie, do i need to chase keybuk down and ask him about that ?
<ttx> kirkland: supposition.
<kirkland> ttx: okay, i'll confirm with scott
<ttx> kirkland: I see no reason why it would be propagated to upstart tasks that get triggered by another event
<ttx> kirkland: but sometimes I'm surprised by upstart :)
<xfrogman5> Looking for detailed howto for converting an IIS6 ssl cert to be used on a Ubuntu Apache2 Openssl system.
<uvirtbot> New bug: #491481 in tomcat6 (main) "package tomcat6 6.0.20-2ubuntu2 failed to install/upgrade: el subproceso script post-installation instalado devolvi? el c?digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/491481
<Aison> is there some ldap howto (samba, pam, radius, etc...)   for 9.10?
<Aison> I tried https://help.ubuntu.com/community/OpenLDAPServer
<Aison> but eg. on 9.10 /etc/ldap/ldaps.conf is a directory
<Aison> err slapd.conf
<ahasenack> Aison: look for the server guide
<Aison> this? https://help.ubuntu.com/9.10/serverguide/C/index.html
<Aison> :D
<ahasenack> I was looking for it, let me see
<ahasenack> ah, help.ubuntu.com
<ahasenack> Aison: yes, that's the one
<ahasenack> Aison: https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html
<Aison> with sudo dpkg-reconfigure slapd I can't set the default suffix :(  I also can't set the manager password
<Aison> brb, reboot, back soon ;)
<tuxcrafter> hi all
<tuxcrafter> yesterday i updated my server to ubuntu 9.10
<tuxcrafter> and i had a mediawiki install
<tuxcrafter> and now it is gone
<tuxcrafter> it is asking me to setup the wiki first
<tuxcrafter> i am so afraid i am lossing all the data
<Aison> re
<Aison> back to my question ;)  with sudo dpkg-reconfigure slapd I can't set the directory or ldap manager password :(
<tuxcrafter> i do got daily mysql dumps of the media wiki
<ahasenack> Aison: in karmic, there is no such password anymore in the default tree
<ahasenack> Aison: using -H ldapi:// -Y EXTERNAL in your ldap* command-line tools is enough to become the rootdn
<adurity> I need to update the ESM firmware on a Dell PowerEdge server.  Does anyone have experience doing this under Ubuntu?
<ahasenack> Aison: there is a regexp in the config mapping that form of local authentication to the directory administrator user
<Aison> k
<ahasenack> Aison: try "ldapwhoami -H ldapi:/// -Y EXTERNAL"
<ahasenack> Aison: it will tell you that you are cn=localroot,cn=config IIRC, which is the rootdn
<Aison> ok, yes
<Aison> eg. there's a sample ldapsearch call to view the tree
<Aison> ldapsearch -xLLL -b cn=config -D cn=admin,cn=config -W olcDatabase={1}hdb
<Aison> there a password is requested....
<ahasenack> because you added -W
<ahasenack> is that in the doc?
<Aison> yes
<ahasenack> ugh, then it's wrong
<Aison> it's copy&past from https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html
<ahasenack> replace all authentication options with "-H ldapi:/// -Y EXTERNAL"
<ahasenack> and the commands should work locally, when run on the same server
<ahasenack> so, drop -x -D -W -w
<Aison> the doc also tells me that "sudo dpkg-reconfigure slapd" let me configure the default suffix
<Aison> but I cant
<ahasenack> note it's a bare bones tree, so you will eventually want to add something to it, like users and so, so at some point you will be using -D, -W, etc
<ahasenack> yeah, looks like it's outdated then
<Aison> well, it also tells me, that the suffix is taken from the FQDN
<Aison> but I don't remember that i've ever set the FQDN at installation
<ahasenack> there is no suffix yet
<ahasenack> it's from the older distros documentation
<ahasenack> in 9.10 it's really bare bones, just a bare cn=config database
<ahasenack> if you want a script to populate it, you can check out launchpad.net/openldap-dit
<ahasenack> although it highlighted a bug in openldap, let me commit a workaround
<ahasenack> hmm
<Aison> on the old distribution I used mysql for users and such, but now I changed to ubuntu (also changed my RAID device, raised raid capacity to 8TB, etc....)
<Aison> and I would like to use ldap ;) so far, everything works nice
<Aison> bind setup was easy, etc..
<uvirtbot> New bug: #491271 in samba (main) "testparm changes syntax" [Low,Incomplete] https://launchpad.net/bugs/491271
<mathiaz> Aison: the ldap section of the ubuntu server guide in 9.10 hasn't been updated to match the new slapd configuration
<mathiaz> Aison: most of the ldif files are good, but the command won't work, and you'd have to create a default database/tree as well.
<ahasenack> mathiaz: how does its updating work? Is it a wiki, does a diff need to be pasted in some LP ticket, or just a discussion in the mailing list?
<mathiaz> ahasenack: the server guide is actually a bzr branch and a package
<ahasenack> hmm
<mathiaz> ahasenack: so the update uses the standard SRU process
<ahasenack> mathiaz: what's the branch?
<mathiaz> ahasenack: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase#Documentor%20resources
<mathiaz> sommer: lp:ubuntu-docs
<mathiaz> sommer: ?
<mathiaz> ahasenack: ^^
<Aison> mathiaz, too bad :)  i'm new to ldap, so it's not that easy for me ;)
<ivoks> it's quite easy once you understand it
<ivoks> ....once...
<mathiaz> ahasenack: I meant to write a blog post about using slapd in Karmic
<ahasenack> cof cof
<mathiaz> ivoks: a couple of days ago you mentioned that we switch to MariaDB - why?
<ivoks> mathiaz: they listen
<ivoks> mathiaz: we had a bug in mysql for ages
<ivoks> reported a year ago
<ivoks> until uds and meeting with mneptok, nothing moved
<RoAk> ivoks, should corosync be merged from debian/testing or should we just work on the packages provided by madkiss?
<ivoks> then in two days all was resolved :)
<ivoks> RoAk: i haven't looked at merges yet; i plan to do that this night
<ivoks> mathiaz: they have newer stuff
<mathiaz> ivoks: well - there are plenty of bugs - I'd rather not base such a decision because 1 bug was fixed promptly
<ahasenack> mariadb is a mysql fork or what?
<mathiaz> ahasenack: yes
<RoAk> ivoks, ok I was planing on grab the packages of Madkiss and recompile them for ubuntu. He has also made available packages for karmic in his repo
<ivoks> mathiaz: of course, but as i said, they have newer featuers
<ivoks> features
<ivoks> once 5.1 is released, i'll do some testing and if everything goes as advertised, i'll replace mysql with mariadb on my servers
<mathiaz> ivoks: right - the maria db engine, a few other patches?
<mathiaz> ivoks: I think that's perfectly reasonalbe
<ivoks> mathiaz: it's mysql 5.6 + patches
<mathiaz> ivoks: 5.6? IIRC they're merging from 5.1
<ivoks> so mariadb 5.1 is at the same level as mysql 5.6
<mathiaz> ivoks: my understanding was that MariaDB 5.1 is 5.1 + patches
<ivoks> true
<ivoks> but those patches come from 5.6
<ivoks> not all, of course
<ivoks> anyway, once it is released, i'll test it
<mathiaz> ivoks: I think we should make it as easy as possible for people to experiment with mariadb
<ivoks> and, if you are interested, i could provide some analysis
<ahasenack> mathiaz: I branched that url, but I don't see a file related to openldap in it
<mathiaz> sommer: ^^ - could you ahasenack with the server guide? I haven't looked at it lately
<mathiaz> ivoks: I'm always interested in such analysis
<mathiaz> ivoks: the main issue for now is that haven't released anything
<ahasenack> hmm, found it
<ahasenack> network-auth.xml
<ivoks> mathiaz: correct
<mathiaz> ivoks: which is a bit annoying for the LTS
<ivoks> of course
<mathiaz> ivoks: there was a discussion about MariaDB during the last UDS - were in there?
<ivoks> yes it was
<ivoks> i was
<mathiaz> ivoks: ok - I think that what mark suggested in the end is the best option for LTS
<ivoks> imho, having mariadb at least in universe would be very smart thing to do
 * mathiaz agrees
<ahasenack> the branch is already more up-to-date than the published page
<ivoks> who knows what could happen to mysql and having a fail over would be awesome
<ivoks> in universe, but very well maintained
<mathiaz> ahasenack: bug 463684
<uvirtbot> Launchpad bug 463684 in ubuntu-docs "openldap sections in ubuntu server guide not updated for packages in karmic" [Medium,Triaged] https://launchpad.net/bugs/463684
<enquora> I have an Asus EEE box with 8.04lts on it that I want to upgrade to 9.04 server. do-release-upgrade complains that no upgrade is available and booting from external CD fails when installer can't locate driver for external drive. any suggestions?
<enquora> Sorry, want to upgrade to 9.10 server
<ivoks> first of all
<ivoks> you can't do 8.04 -> 9.04
<ivoks> you have to do 8.04 -> 8.10 -> 9.04 -> 9.10
<enquora> I know that
<ivoks> or wait for 8.04 -> 10.04
<ivoks> now, by default, only upgrades from LTS to LTS are enabled in LTS releases
<enquora> I assumed that when I saw 'no upgrade available'
<enquora> Is there a way to over-ride that?
<ivoks> if you want to update to non-LTS, you have to edit /etc/update-manager/release-upgrades
<ivoks> Prompt=normal
<enquora> ivoks: I see the setting. Thks.
<ivoks> np
<Aison> uhm, what is recommended as ldap web frontend
<ivoks> as in management?
<Aison> something like phpldapadmin
<Aison> I just tried this, but no chance ;)
<ivoks> my preference is apache directory studio
<ivoks> it's not web based
<Aison> well, if it's not webbased, that's ok als
<Aison> also
<ivoks> then go for it
<ivoks> it rocks.
<ivoks> http://directory.apache.org/studio/
<mneptok> ivoks / mathiaz: FYI, i'll be talking to Norbert Tretkowski (Debian MySQL packager) about MariaDB packages for Debian. so hopefully Lucid can inherit universe packages directly from Debian.
 * mneptok and nobse have a call scheduled for this weekend
<Aison> thx
<Aison> but first I need somehow to setup my ldap
<Aison> that crap is not working ;)
<mathiaz> mneptok: great - that's the best option IMO
<ivoks> learn it
<Aison> the docs of 9.10 aren't really up to date
<Aison> :(
<mathiaz> Aison: true - any help in updating them is welcome
<ahasenack> Aison: would you like to try the openldap-dit script?
<Aison> ahasenack, well, if that helps, why not ;)
<mneptok> mathiaz: also, i pointed bytee (Colin Charles) in your direction as regards AppArmor profiling for MariaDB. if he has questions, he might poke you.
<ivoks> 'what is dit?'
<ivoks> :D
<Aison> ahasenack, since my ldap is empty anyway, I can't damage much
<ahasenack> Aison: it's supposed to be run right after installing the karmic slapd package
<Aison> ok, so I reset my small changes, sec...
<ivoks> hm, i could give that a try :)
<ivoks> and probably provide patches for email services :D
<ahasenack> Aison: people.canonical.com/~andreas/openldap-dit-0.20.tar.gz
<Aison> ok, and now?
<ahasenack> Aison: after opening the tarball, run "sudo make install" and then as root "/usr/share/slapd/openldap-dit-setup.sh" and answer the two questions
<ahasenack> (I never tried "sudo /usr/share/slapd/openldap-dit-setup.sh" now that I think about it, but should work)
<ivoks> mneptok: there's a new patch for croatian collation in mysql 6.0
<ivoks> mneptok: it should be merged
<ivoks> mneptok: i'll file a bug or reopen the old one
<Aison> ahasenack, ok, finished
<Aison> no error so far ;)
<mneptok> ivoks: perfect
<ahasenack> Aison: I need to leave for about 30min, but will be back
<Aison> ok, cu
<ahasenack> Aison: now just use that admin dn as the root one
<mneptok> ivoks: bump the old bug. if there's no reaction within 24h, i'll start screaming.
<Aison> ok
<ahasenack> Aison: it installed a basic tree with people and group locations
<ahasenack> bbl
<ivoks> mneptok: :)
<kirkland> mathiaz: ping
<kirkland> mathiaz: re: uec-testing
<mneptok> ivoks: some people in the US have learned that solving problems in the Balkans before they grow too large is a good idea.  ;)
 * mneptok giggles
<ivoks> hahaha
<kirkland> mathiaz: " * Eucalyptus to make their stress test suite publicly available: TODO"
<MTecknology> You guys have any experience with uptrack?
<kirkland> mathiaz: can we mark that DONE, now that we have the tests from nurmi?  or is that not "public" enough?
 * mathiaz o^14 kirkland 
<MTecknology> !info python-yaml
<ubottu> python-yaml (source: pyyaml): YAML parser and emitter for Python. In component universe, is optional. Version 3.09-1 (karmic), package size 162 kB, installed size 728 kB
 * kirkland tries to figure that one out ...
<mathiaz> kirkland: hm - for the scope of uec-testing I think so
<mathiaz> kirkland: making them public means putting a license on it
<mathiaz> kirkland: so that they could be included in the packages
<kirkland> mathiaz:
<kirkland>  * Obtain the Eucalyptus test suite: DONE
<kirkland>  * Eucalyptus to make their stress test suite publicly available: TODO
<mathiaz> kirkland: seems like a good plan
<kirkland> mathiaz: okay, can we take a quick look at https://blueprints.edge.launchpad.net/ubuntu/+spec/server-lucid-uec-testing together?
<ivoks> mneptok: such a small area and so much problems :)
<mathiaz> kirkland: sure
<kirkland> mathiaz: i think you went over the work-items and split a few up
<mathiaz> kirkland: yes
<kirkland> mathiaz: mdz asked me to go over these and carve up any that are more than a day or two worth of effort
<mathiaz> kirkland: right - jos pinged me earlier as well
<mathiaz> kirkland: 10:47 <jib> i think the main thing missing is the plan for the eucalyptus test integration. could you please amend that?
<kirkland> mathiaz: i'm looking at the tests from nurmi right now
<mathiaz> kirkland: right - these are stress testing
<kirkland> mathiaz: right ... so these would run on one machine (through testbox), and point at an existing cloud setup
<kirkland> mathiaz: getting the cloud setup itself is outside of the scope of checkbox, AFAICT
<MTecknology> !search jps
<ubottu> Found:
<mathiaz> kirkland: yes
<mathiaz> kirkland: and I wouldn't integrate with checkbox yet
<mathiaz> kirkland: that was my main update to the WI
<kirkland> mathiaz: cool
<mathiaz> kirkland: checkbox doesn't have the concept of running tests spanning multiple systems
<kirkland> mathiaz: right
<kirkland> mathiaz: okay so looking at the work items for those that might take >2 days ...
<kirkland>  * Automate the installation of UEC for the different topologies on the assigned hardware: TODO
<kirkland> mathiaz: ^ could be complex
<mathiaz> kirkland: well - I was thinking about preseeding
<kirkland> mathiaz: but that really just depends on how many and how complex the topologies might be
<mathiaz> kirkland: and may be throw some puppet in there
<mathiaz> kirkland: right - I have to loook into that
<kirkland> mathiaz: sure ...  if we're talking about 3-4 reasonable topologies, i think that's 2 days worth of work
<mathiaz> kirkland: but maximum 6 physical machines?
<mathiaz> kirkland: oh right
<mathiaz> kirkland: I see what you mean
<mathiaz> kirkland: let me look up the different topologies
<kirkland>  * Automate the installation of UEC for the 3-4 different topologies on the assigned hardware: TODO
<kirkland> mathiaz: i scoped it like that ^
<mathiaz> kirkland: well - I'd split in one WI per topologie
<kirkland> mathiaz: right!
<kirkland> mathiaz: do you want to agree on a few topologies right now?
<kirkland> mathiaz: i think that's one of the TODO items :-)
<kirkland> mathiaz: i'm not sure who needs to sign off on that .... though
<mathiaz> kirkland: yes - ttx already defined them actually
<mathiaz> kirkland: mdz told me so
<kirkland> mathiaz: oh?  where?
<mathiaz> kirkland: I'm looking for the spec right now
<mathiaz> kirkland: the intstaller improvmeent
<kirkland> mathiaz: url?
<kirkland> mathiaz:  * Define a comprehensive, finite list of topologies to be tested: TODO
<kirkland> mathiaz: you can mark that DONE, then ;-)
<mathiaz> kirkland: :) - that's the one I'm searching for
<mathiaz> kirkland: https://wiki.ubuntu.com/FoundationsTeam/UECInstallerEnhancement
<mathiaz> kirkland: https://blueprints.launchpad.net/ubuntu/+spec/foundations-lucid-uec-installer-enhancement
<kirkland> mathiaz: cool, i'm subscribed now, wasn't before
<mathiaz> kirkland: since this is the work to be done in the installer - it makes sense to prepare a test plan for these topolobies
<kirkland> mathiaz: ack
<mathiaz> kirkland: there is also https://blueprints.launchpad.net/ubuntu/+spec/server-lucid-euca-remote-autoregister
<kirkland> mathiaz: that looks like 5 different topologies
<kirkland> mathiaz: are those the 5?
<mathiaz> kirkland: where do you see 5 topologies?
<kirkland> mathiaz: https://blueprints.edge.launchpad.net/ubuntu/+spec/server-lucid-euca-remote-autoregister/
<kirkland> mathiaz: grep "("
<mathiaz> kirkland: same as https://wiki.ubuntu.com/EucalyptusRemoteAutoRegistration - Test/Demo plan section?
<kirkland> mathiaz: hmm, 3 of them are the same, never mind
<kirkland> mathiaz: okay, well, there's 5 there too
<mathiaz> kirkland: yes
<mathiaz> kirkland: so that 5 WI
<Aison> ivoks, this apache directory editor is really nice :D
<Aison> thx
<kirkland> mathiaz: the separate networks ... is that something you can automate?
<mathiaz> kirkland: you mean - (CC2+SC2 will be registered manually)?
<mathiaz> kirkland: I think what needs to be tested here is manual entry of IP - ie not using avahi
<kirkland> mathiaz: http://pastebin.ubuntu.com/333382/
<kirkland> mathiaz: how does that look?
<kirkland> mathiaz: i split that 1 item up like that
<mathiaz> kirkland: looks good to me
<kirkland> mathiaz: refresh https://blueprints.edge.launchpad.net/ubuntu/+spec/server-lucid-uec-testing
<kirkland> mathiaz:  * Enable Eucalyptus upstream test suite: TODO
<kirkland> mathiaz: that looks like the hardest / most ambiguous remaining item
<kirkland> mathiaz: otherwise, I think it looks okay now
<mathiaz> kirkland: hm - we're not testing "three adjacent networks" and "two remote networks (CC2+SC2 will be registered manually) "?
<mathiaz> kirkland: last two test cases from https://wiki.ubuntu.com/EucalyptusRemoteAutoRegistration?
<mathiaz> kirkland: upstream test suite - right - I don't know how hard it is
<kane_> kirkland, mathiaz if that's any more than 1-2 days of work, we'll want to split that out. and i'm trusting at least one of you's seen the code & test suite in question?
<kirkland> mathiaz: that's what i was asking you before ... i don't think that's going to be easy to automate the testing of
<mathiaz> kirkland: I just remember dan mentioning they had a test suite
<kirkland> kane_: both of us have the tarball, i'm looking at it now
<kirkland> kane_: neither of us have run it though
<mathiaz> kirkland: I've actually run it
<mathiaz> kirkland: it requires some small changes
 * kirkland bites his tongue
<mathiaz> kirkland: but overall it works
<ivoks> Aison: great
<kirkland> mathiaz: kane_: okay, in that case, I think everything remaining in that spec is less than 1-2 days work
<Aison> ivoks, what's the difference between New Entry and New Context Entry?
<mathiaz> kane_: what did you mean exactly with 10:47 <jib> i think the main thing missing is the plan for the eucalyptus test integration. could you please amend that?
<ivoks> Aison: you are using it on 9.10? 32 or 64 bit?
<kirkland> mathiaz: kane_: Drafting -> Review now
 * ahasenack is back
<mathiaz> kane_: one of the WI in the blueprint is to actually write up the plan for integration testing
<Aison> well, the ldap server runs on 64bit 9.10
<mathiaz> kane_: and then another WI is to automate that plan
<kane_> mathiaz: it was specifically " * Enable Eucalyptus upstream test suite: TODO"
<mathiaz> kane_: ah ok.
<ivoks> Aison: i'm asking about apache dir.?
<mathiaz> kane_: I'd defer that to kirkland  - it's a packaging WI
<kane_> which could be anything from 'add line to shell script' to 'massive refactoring required to work'
<mathiaz> kane_: right - may be we should first investigate the feasility of it
<kirkland> mathiaz: kane_: I don't think it's going to be possible to enable the tests that I've seen in the package build, as they have to be run against a real live cloud on your network
<kane_> mathiaz: that'd be great, or at least document the uncertainty there
<Aison> ivoks, gentoo ;) 64bit
<mathiaz> kane_: hm - well - if it's possible to do it
<kirkland> mathiaz: kane_: that's different than, say, the perl binary testing 64-bit floating arithmetic against itself
<kane_> understood
<mathiaz> kirkland: right - I have no clue about what dan was refering to as their test suite
<mathiaz> kirkland: I thought it was a kind of API unit testing suite
<kane_> so, let's figure out what we're dealing with and what it would take for us to " * Enable Eucalyptus upstream test suite: TODO"
<kirkland> mathiaz: kane_: in my opinion, that item is either not a packaging one, or should be dropped altogether
<mathiaz> kirkland: I don't think he was refering to the stress testing scripts I send you
<kirkland> hmm, okay
<kirkland> then we need to ask them that tomorrow, kane_
<kane_> well, we have a very strong wish to enable upstream tests in our processes, so let's figure out what's needed
<mathiaz> kirkland: I thought there was a test suite similar to the mysql/openldap test suite
<kane_> kirkland: ok, then let's add that to list if it isn't already on mdz's mail
<mathiaz> kirkland: may be we should first talk to upstream about what kind of test suite they have (1 WI)
<mathiaz> kirkland: and then enable the one that makes sense in the build (1 WI)
<kirkland> mathiaz: agreed; i'm working with nurmi right now
<kirkland> mathiaz: i'll ask him about it shortly
<kirkland> mathiaz: right now, we're reviewing eucalyptus/debian/patches/*
<kane_> mathiaz, kirkland: if you guys can demistify that bullet point for me, i'm happy to have it in review
<kirkland> kane_: k
<kane_> if that takes a call with Euca, then so be it. earlier is better though.
<mathiaz> kirkland: yeah - it may well turned out that I misunderstood what dan was saying
<mathiaz> kirkland: kane_: this WI is based on one sentence that dan said when we were in Austin talking about the stress test scripts
<mathiaz> kirkland: "we also have a test suite we run against the internal API/components..." something like that - that's what I remember
<MTecknology> I want to run Apache on my website but I want it to only run as the httpd user (www-data). It seems that it's default is to run as root...
<kane_> mathiaz, kirkland: updated the spec to reflect the above point, just for record keeping purposes
<MTecknology> Am I right or wrong on that? If I'm right; how do I change that without breaking anything?
<ScottK> kane_: It might be nice if you sent a mail to the ubuntu-server mailing list introducing yourself.
<kane_> MTecknology: the parent process runs as root, and then drops privs afaik
<kane_> ScottK: good point, thanks
<kirkland> kane_: ack, cheers
<MTecknology> kane_: /var/www and /var/www/* are owned by root:root
<MTecknology> kane_: I guess a fun way to test that would be to make a simple php script that writes to a file that's 700 root:root and 700 www-data:www-data
<smoser> jjohansen, so the lucid ec2 kernel is in archive...
<ivoks> urgh... hate windows
<smoser> but linux-image-ec2 seems to still depend on linux-image-2.6.31-302-ec2,
<smoser> so i wont pick up the kernels in nightly builds.
<smoser> hello mr erichammond
<mathiaz> kirkland: anything else on the /server-lucid-uec-testing spec?
<kirkland> mathiaz: i don't think so
<kirkland> mathiaz:  i marked it for review
<kirkland> mathiaz: i need to get back with you when i understand the different test suites dan and eucalyptus have
<mathiaz> kirkland: ok
<kirkland> soren: around?
<soren> smoser: I've figured out why /dev might be nuked by vmbuilder cleaning up.
<kirkland> soren: question about this commit: http://bazaar.launchpad.net/~ubuntu-core-dev/eucalyptus/ubuntu/revision/543#debian/patches/04-axis2c-1.6.0-rampart-1.3.0.patch
<soren> kirkland: Oui, oui.
<kane_> MTecknology: ps aux|grep apache will show you the children run with www-data privs. apache default installation comes with nothing more than an index.html that says 'it works'
<kirkland> soren: i'm curious why a new aclocal.m4 file was added to that patch
<MTecknology> kane_: I just tested with php too :P
<MTecknology> kane_: thanks
<kane_> np
<soren> kirkland: I don't see the string "aclocal" anywhere on that page?
<soren> kirkland: Ah, sorry. My bad.
<kirkland> soren: see debian/patches/05-axis-alternative-repository.patch
<smoser> soren, thats good.
<soren> kirkland: For PKG_CHECK_MODULES, I think.
<smoser> if your box is hosed, you can get it back with udevadm trigger
<soren> kirkland: ..but why it's not in /04-axis2c-1.6.0-rampart-1.3.0.patch instead... I don't know.
<kirkland> soren: hrm, yeah, i think it might make more sense there
<soren> smoser: It's not. I was just looking at the code and realised where it might go wrong.
 * soren is about to call it a day
 * soren does so
<MTecknology> Would there be any issue in changing www-data shell to bash; or is there a chance that could hurt performance?
<MTecknology> I only ask because I intend to only modify web data as that user from now on
<MTecknology> I have a feeling that'll fix a lot of issues I've been having with Apache; but if it's at the cost of performance - I can get used to dash or w/e it uses -- or perhaps I should ask #httpd
<jjohansen> smoser: https://edge.launchpad.net/ubuntu/+source/linux-ec2
<jjohansen> smoser: but there is still some meta packaging work to be done so that updates can happen
<smoser> jjohansen, hm...
<jjohansen> yeah its not ideal, but I thought it best to let you guys know as soon as it hit the archive instead of waiting until the meta packaging was updated
<smoser> ah. ok. so it will happen.
<smoser> and the karmic dailies will just pick it up and publish it when it appears there.
<smoser> jjohansen, we're ramdisk free riht now with the -31
<jjohansen> really? nice
<jjohansen> Then we should be able to be with -32 too
<smoser> yeah, so hope that the -32 still boot :)
<smoser> i tested boot to mount root on kvm, uec and ec2 with the 20091201 images.
<jjohansen> hehe it better, I did smoke testing of both i386 x86_64 before handing it to andy
<jjohansen> and then I did it again with his ppa
<smoser> you're the ubuntu-server kernel person, right?
<jjohansen> yep
<smoser> so this would fall on your lap eventually...
<smoser> if we're thinking we want to be ramdisk free as much as possible for virtual systems.
<jjohansen> hrmm, I suppose
<smoser> i dont know what extra hard ware support would need to be turned to 'y' in the kernel to support microsoft and/or vmware vms without ramdisk
<smoser> virtualbox obviously another one. i've not tested that.
<jjohansen> ugh, me neither
<smoser> i do think its reasonable (given the fairly small amount of hardware) that -virtual would support just about everything
<jjohansen> yeah it should
<jjohansen> well within reason
<jjohansen> there is some strange stuff out there
<sbeattie> smoser|jjohansen: if you've got kernels that need testing in virtualbox or vmware esx, I can help out.
<jjohansen> sbeattie: thanks, basically we need to step through and test booting sans initramfs
<jjohansen> hitting as many platforms as possible
<smoser> sbeattie, well... yeah. http://uec-images.ubuntu.com/lucid/current/unpacked/
<smoser> you can just grab the lucid-uec-{i386|amd64}-vmlinuz-virtual kernel there and try it.
<smoser> you should be able to moutn root filesystems on an existing image.
<smoser> the images there are'nt terribly friendly today to environments other than UEC or ec2, but we're working on that.
<Aison> re
<Aison> why do I have to add organizationalUnit for posixGroup entry?
<Aison> else it's not accepted
<kirkland> mathiaz: okay, i confirmed with nurmi that these tests are not all of the tests they are planning to give us
<kirkland> mathiaz: he said we'd talk more about the test suites in tomorrow's meeting with Eucalyptus
<mathiaz> kirkland: ok
<mathiaz> kirkland: so far we only have the stress tests right?
<kirkland> mathiaz: right
<kirkland> mathiaz: they have a functional suite too
<mathiaz> kirkland: that's probably what dan was refering to
<mathiaz> kirkland: and I though about enabling it in the build (if possible)
<kirkland> mathiaz: if possible -> sure
<sbeattie> jjohansen|smoser: one issue with virtualbox is that it can (and in newer versions defaults to) use a virtual e1000 nic.
<jjohansen> hrmm vmware has that as an option too
<jjohansen> though it defaults to its lance or vmxnet
<MTecknology> What's the 'correct' way to set my hostname? I tried to do   123.123.123.123  server.domain.com     server   in /etc/hosts but that didn't seem to change anything
<baccenfutter> MTecknology: also edit /etc/hostname
<MTecknology> oh. thanks
<jmarsden|work> MTecknology: hostname -F
<baccenfutter> or that
<baccenfutter> which does the same
<MTecknology> thanks
<MTecknology> actually /etc/hostname doesn't exist..
<sbeattie> jjohansen: vbox also supports pcnet interfaces
<MTecknology> there we go - thanks :D
<jjohansen> sbeattie: thanks, that is good to know
<Aison> argh, i'm getting crazy ;) ldap nss is working now, but so far no chance for samba
<uvirtbot> New bug: #491623 in nmap (main) "ndiff crashes when its called with not nmap files" [Undecided,New] https://launchpad.net/bugs/491623
<Mike_lifeguard> Apache's error logs show lots of IPs trying to access stuff that doesn't exist (/var/www/mysql, /var/www/pma, /var/www/mysqladmin, /var/www/phpadmin etc) - I guess those are looking for something to try to break into? In any case, is there a way to get rid of them? Should I not worry about it?
<uvirtbot> New bug: #491639 in mysql-dfsg-5.1 (main) "instalation fail in folder "" [Undecided,New] https://launchpad.net/bugs/491639
<baccenfutter> anybody happen to have a nice pic of system respond times
<baccenfutter> like a visualization or anything fancy you could put in a presentation
#ubuntu-server 2009-12-03
<Rascal999> when i try and ssh into box with public key encryption auth.log says Error attempting to add filename encryption key to user session keyring; rc = [1]. What do I need to change?
<billybigrigger> anyone aware of a decent app to graph cpu usage, network traffic and disk io?
<jmarsden> billybigrigger: gkrellm if you want on screen graphs; mrtg or similar things using rrdtool if you want longer term trends and graphs on web pages...
<jmarsden> billybigrigger: cricket or cacti too, for the web-based type of monitoring...
<mathiaz> billybigrigger: munin - is in main since hardy
<mathiaz> billybigrigger: cacti is in universe while cricket is dead  upstream
<benedikt> billybigrigger: hobbit (now xymon)
<billybigrigger> cacti looks nice, just a little big more than what i need
<ScottK> mathiaz: Is cricket dead enough we want it removed?
<mathiaz> ScottK: yeah - seems like it
<ScottK> mathiaz: Would you please file a removal bug then?
<mathiaz> ScottK: yeah - that's one of the next step
<mathiaz> ScottK: first we discuss it
<ScottK> Thanks.
<ScottK> mathiaz: Didn't we just do that?
<mathiaz> ScottK: and then we take all appropriate actions
<ScottK> My threshold for removals is pretty low.
<mathiaz> ScottK: we'll do a last round of requests for comments with the whole list
<mathiaz> ScottK: I'm still working on potential packages to be moved out of main/universe
<ScottK> OK.  Just finished my mail server spec.  Hopefully ivoks can get a chance to look at it soon.
<mathiaz> ScottK: cricket is in the list anyway
<ScottK> OK.  Good.
<ScottK> I'm having a very hard time following that spec based on email.
<whatchasay> !ops
<ubottu> Help! Channel emergency! soren, lamont, mathiaz or tom
<Pici> whatchasay: Whats up?
<whatchasay> !ops
<whatchasay> peace dog
<Pici> whatchasay: Why are you doing that?
<MTecknology> lovely..
<Eloff> ...
<jetole> hey guys, I fubar'd my sudoers file on a remote server and I can no longer run sudo, I can't use su because there is no root password, does anyone know how else I can get a root shell?
<kane_> jetole: can you reboot single user mode and access the serial console?
<quizme> is there a way for me log into my friend's computer and have him watch the commands that i type into his terminal ?  cuz i want to show him some stuff.
<arj> screen -x
<kane_> quizme: shared screen session is the way to go, or use vnc for graphical sharing
<quizme> shared screen session sounds good
<quizme> how do i do that ?
<quizme> what does he need to do
<quizme> he is at home
<kane_> quizme: ubuntuforums are great for this: http://ubuntuforums.org/showthread.php?t=299286
<quizme> thanks
<quizme> i'm trying to forward messages from port 9000 on my server to port 80 on my localhost.  Does anybody know how to construct that ssh command?
<kane_> quizme: tried man ssh?
<quizme> ssh -gNR 127.0.0.1:80:thirdreplicator.com:9000 dev@thirdreplicator.com  <---  i tried that
<quizme> i tried that
<kane_> you're missing a -L infront of the 127
<quizme> oh
<quizme> i need -L and -R ?
<quizme> ssh -gNR -L 127.0.0.1:80:thirdreplicator.com:9000 dev@thirdreplicator.com
<quizme> ?
<kane_> you just want -N -L 80:thirdreplicator.com:9000
<quizme> what about -g ?
<quizme> i'm typing this locally
<quizme> not on the server
<kane_> quizme: if you want to know more, you should really read a howto, like this: http://www.debianadmin.com/howto-use-ssh-local-and-remote-port-forwarding.html
<kane_> google's your friend
<quizme> ssh -N -L 80:thirdreplicator.com:9000 dev@thirdreplicator.com
<quizme> Privileged ports can only be forwarded by root.
<quizme> i have been googling for hours
<quizme> and manning for hours
<quizme> that's why i'm here
<kane_> you didn't type 'ssh port forwarding howto' then
<kane_> quizme: you can forward only non-privileged ports as a normal user
<kane_> so, use 1080 instead for example
<quizme> google is not my friend.
<quizme> he is my enemy at this point
<kane_> there's bing ;)
<quizme> lol
<kane_> take a look at the link i gave you, it walks you through step by step
<kane_> if you still can't make it work, feel free to ask here
<quizme> thanks
<quizme> reading..
<twb> quizme: "ssh -NL 8080:127.0.0.1:80 fs" connects 127.0.0.1:80 on fs to 8080 on the ssh client.
<twb> quizme: I suspect you just got the 80 and 9000 the wrong way around
<quizme> oh
<quizme> yeah probably
<quizme> and i don't know the difference between -L and -R
<quizme> let me try
<twb> quizme: -L connects a local port to a remote port, -R connects a remote port to a local port.
<twb> quizme: you almost always want -L
<quizme> are you assuming this command is run on the server or on my laptop ?
<twb> quizme: laptop
<quizme> ok
<quizme> that's what i'm assuming
<twb> e.g. ssh -fNL 8080:127.0.0.1:80 www.foo.com && sensible-browser http://localhost
<quizme> maybe i should explain what i am trying to do
<quizme> i'm trying to suck down messages sent to port 9000 on my server down to my localhost's port 80 (apache) server.
<twb> quizme: for that, you want -R
<quizme> ok.. hehe
<jetole> kane, I already went to the data center and modified the kernel line to have init=/bin/bash
<jetole> back already
<twb> jetole: IME "single" or "rescue" is less hassle (if they work)
<jetole> twb, yeah I didn't try rescue cause I was kinda under the suspicion that it would need a root passphrase which there isn't one
<twb> jetole: Ubuntu doesn't ask
<kwork> you can always get away with single
<kwork> if you dont know the root pw
<twb> kwork: no, on a normal system single will still require you to enter the root password
<quizme> ssh -NR thirdreplicator.com:9000:127.0.0.1:80 dev@thirdreplicator.com
<quizme> does that look right ?
<jetole> twb well for my server thats cool
<twb> kwork: Ubuntu is weird in that it doesn't
<jetole> they are all in a locked rack
<kwork> twb,  hmmmz im pretty sure you can get away without root on debian awell
<twb> It annoys me, even though I know that if they have physical access you're screwed in other ways.
<kwork> twb,  i remember doing smt like that
<twb> kwork: if root's password is the null password (not the same as NO password), then Debian's single will say "hit enter for a maintenance shell" instead of "enter root password for a maintenance shell"
<kwork> but maybe you needed cd for it
<quizme> twb thanks!
<jetole> does anyone know how I can setup open-iscsi to map to a specific disk on each boot or a static path to access it by?
<jetole> oh wait
<twb> kwork: yes, you can also do "rescue" from a d-i CD
 * jetole looks at uuid
<twb> kwork: d-i rescue doesn't require a root password, on ubuntu or debian
<kwork> twb,  basicaly if i can chroot into the system i should be able to change the pw right ?
<quizme> twb: it worked!
<twb> jetole: /dev/disk/by-uuid?
<jetole> thats what I am thinking
<twb> jetole: run vol_id on the device name you already know
<jetole> I see the UUID there and I am assuming they consistantly map to the same iscsi drives on each boot
<jetole> twb: I don't have vol_id on ubuntu server 9.10
<twb> jetole: it's part of udev!
<twb> jetole: even 8.04 has it
<jetole> twb: is it a bin? volname is the only thing bash tab completes starting with vol and `which` comes back empty
 * jetole googles it and looks for a man page so I at least know what it did
<jetole> ah
<twb> jetole: are you still in init=/bin/bash?
<jetole> oh no
<twb> jetole: vol_id should be in /sbin/
<jetole> I went to the data center and am now back at my office
<jetole> twb, bash won't tab complete it for "vol" and which doesn't return anything
<twb> Shrug
<jetole> oh shit
<jetole> /dev/disk/by-path/
<jetole> that shows the full iqn names
<jetole> that is something better since I have vm booting off iscsi
<twb> Shrug
<xperia> hello to all. is here somebody with experince hot to install andconfigure red5
<jussi01> Hi all, where are samba passwords usually managed?
<RoyK> jussi01: that depends how you configure samba
<jussi01> RoyK: hrm, well thats frustrating as Ive no idea how the person before me configured it.
<RoyK> jussi01: just look in smb.conf
<RoyK> it's pretty self-explainatory after having read through that and its comments
<jussi01> right, ive just been reading man pages, I can change a logged in users password with smbpasswd but how do I list all of the users?
<Daviey>  /3
<jussi01> Nevermind, I got it figured.  :)
<zul> morning
<uvirtbot> New bug: #481292 in ntp (main) "often see 'starting/stopping ntp server' note before xsplash (dup-of: 489585)" [Low,Incomplete] https://launchpad.net/bugs/481292
<MTecknology> Is there any easy way to have all my logs in one central location?
<kwork> syslog central server ?
<kwork> and all servers sending syslog to that box
<MTecknology> nifty - thanks
<uvirtbot> New bug: #484698 in ntp (main) "ntp package should not install a drift file" [Wishlist,Triaged] https://launchpad.net/bugs/484698
<MTecknology> kwork: That looks amazingly simple - http://news.softpedia.com/news/Setting-Up-a-Central-Syslog-Server-44063.shtml
<kwork> yeah followed the same tutorial some days ago
<kwork> works like a charm :)
<MTecknology> :D
<kwork> okey actualy lies
<kwork> or atleast karmic has rsyslogd
<kwork> but its really similar
<MTecknology> I love  ufw + apparmor + denyhosts + central logging
<MTecknology> don't have the logging server just yet though
<MTecknology> kwork: where will the logs be stored?
<kwork> MTecknology,  you define file per host
<jdstrand> (ufw in lucid will ship an rsyslog configuration)
<MTecknology> ok, thanks
<smoser> nijaba, or anyone else maybe can answer
<smoser> i'm under the impression that backports do not get "official canonical support" for the lifetime of normal support
<smoser> is that correct?
<nijaba> smoser: correct on backport support
<smoser> thanks
<ScottK> smoser: Generally if there's a problem with a backport, we just update it with a newer backport to fix the problem.
<xperia> hello to all ! anybody here how can help me with virtual hosting ?
<MTecknology> xperia: the question seems to be missing from the backlogs
<xperia> MTecknology: have solved it thank you a lot !
<rags> Hello, i'm using racoon to establish ipsec tunnels..can some one tell me how to remove a SA manullly...
<rags> I nknow I can use racoonctl to remove isakmp sa'...based on peer address...
<zul> jjohansen: ping
<rags> but this doesn't seem to work with SA's....
<rags> Also, I've found it very difficult to find any documentation on ipsec-tools and racoon...am I using something tht is archaic?...wht do ppl usually go for?...OpenSwan?
<rags> hmm..does anybody work on ipsec here?
<CyberSnooP> What's the proper way to prevent "localhost [127.0.0.1]" mentionings in outgoing mail with postfix ?
<ScottK> CyberSnooP: Why do you care?
<CyberSnooP> Mail I'm sending gets immediately marked as spam.
<CyberSnooP> (I've just started sending registration confirmation mails to users)
<CyberSnooP> My SPF-records are okay, reverse DNS is checked and lot's of servers seem happy (like gmail). But Hotmail and some universities immediately throw away the message
<CyberSnooP> (without anybody marking it as junk, as it's the first time we mail them.. new server, new website etc..)
<CyberSnooP> So, I've read that spam-scanners care about "localhost" mentionings
<CyberSnooP> ScottK: Does that make any sense or does it make clear that I shouldn't run a mail-server at all :P
<ScottK> You can remove them with Postfix header checks, but be careful as it's done with regular expression matching, so it's easy remove more than you want
<ScottK> I think it's unlikely to help, but I've heard other people give similar theories.
<ScottK> People do weird stuff to try to filter spam, so who knows.
<eagles0513875> !ufw
<ubottu> Ubuntu, like any other linux  distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command (see https://help.ubuntu.com/community/Uncomplicated_Firewall_ufw), or 'iptables' (https://help.ubuntu.com/community/IptablesHowTo). GUI applications such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist
<adurity> Is there a way to hold a package at a specific version, so that when apt checks for updates, it ignores updates to that particular package?
<MTecknology> adurity: apt-get {hold,unhold}
<adurity> thank you!
<MTecknology> :)
<eagles0513875> hey guys im just wondering
<eagles0513875> with ufw is there a way i can allow access on a range of ports
<MTecknology> eagles0513875: you'd need to specify each individually
<adurity> MTecknology, even better, I found the Forbid option
<jdstrand> MTecknology: actually it depends on the version
<jdstrand> eagles0513875: what version of ufw?
<eagles0513875> jdstrand: 0.29
<eagles0513875> the server is running karmic
<jdstrand> eagles0513875: yes, ufw supports multiport rules
<MTecknology> jdstrand: oh.. nifty
<eagles0513875> how do i do that im follwoing the ufw link the bot provides
<jdstrand> eagles0513875: eg: ufw allow proto tcp from any to any port 80,443,8080:8090
<eagles0513875> https://help.ubuntu.com/community/UFW?action=show&redirect=Uncomplicated_Firewall_ufw
<jdstrand> eagles0513875: it's in the man page
<eagles0513875> so basically sudo ufw allow 6000-7000
<jdstrand> eagles0513875: man 8 ufw
<jdstrand> eagles0513875: you must use the extended syntax
<CyberSnooP> ScottK: header_checks succeded in removing the header. But at least hotmail still doesn't seem to like my e-mails (and they don't say why)
<jdstrand> eagles0513875: eg:
<jdstrand> ufw allow to any port 6000-7000
<ScottK> CyberSnooP: Hotmail is very random.  No one outside Hotmail really knows how it works, AFAIK.
<jdstrand> MTecknology, eagles0513875: the ufw features list can be seen here: https://wiki.ubuntu.com/UncomplicatedFirewall#Features
<CyberSnooP> Yeah, well I hope other mail-servers will start to work due to this change at least.
<CyberSnooP> Thanks for the tip anyway :)
<eagles0513875> jdstrand: i did like the example you gave me but its saying bad syntax in regards to 6000-7000
<jdstrand> eagles0513875: oops
<jdstrand> ufw allow to any port 6000:7000 proto tcp
<jdstrand> eagles0513875: ^
<eagles0513875> jdstrand: ahhh ok ty
<jdstrand> eagles0513875: assuming you want tcp...
<eagles0513875> sry for the 20 questions im green when it comes to ufw
<eagles0513875> ya
<mgpcoe> Having trouble getting Postfix+Dovecot to listen on port 25.. SSL and TLS say hello fine, but basic SMTP is totally nonresponsive... anybody run into this before?
<lamont> could it be that your ISP is blocking it?
<lamont> mgpcoe: that's usually the issue
<mgpcoe> lamont: Thought that, but I tried SSHing to an outside server and going in that way.
<mgpcoe> lamont: Same result, and I'm sure I've been able to get in on port 25 from that server in the past.
<mgpcoe> Oh, FFS, when I tried doing it from the server, using the public IP I got right in.. this just became a whole other problem, I think.
<mgpcoe> Does Hardy do any filtering on 25 by default?
<lamont> ufw might, but installing postfix should open that
<lamont> what does lsof -ni :25 have to tell us (as root)
<mgpcoe> lamont: Gives me two lines, one on IPv4, one on IPv6, both NODE: TCP and NAME: *:smtp (LISTEN)
<mgpcoe> lamont: And they're both running as root, if that helps; command is `master'
<billybigrigger> master = postfix
<billybigrigger> mgpcoe, iptables blocking it?
<lamont> and (just for completeness...) does the IP you're trying and failing to connect to exist on the machine, or somewhere else  (I hate it when I do that)
<mgpcoe> billybigrigger: I'm not sure; how would I find out? Last time I tried listing anything with iptables, I couldn't make heads or tails of the information.
<mgpcoe> lamont: Yeah, usually I just enter the domain and let it resolve itself. IP matches all the way across the board.
<lamont> and "ip route get $IP" points where you think it should?  (lo, I expect..)
<lamont> mgpcoe: iptables -t nat -nvL; iptables -nvL
<lamont> and simplest to toss that output into paste.ubuntu.com
<mgpcoe> lamont: ip route tells me "local IP.IP.IP.IP dev lo  src IP.IP.IP.IP"
<mgpcoe> lamont: http://paste.ubuntu.com/333984/
<lamont> mgpcoe: so what that says is you have no iptables rules, and are using the default (accept) for everything
<lamont> which then gets to "what command are you using to talk to it?"
<mgpcoe> Right now, just telnet x.x.x.x 25
<VaineDragon> I just did a fresh insta and configure of pure-ftpd and am unable to logon, here is the output: http://pastebin.com/d4eb60235
<mgpcoe> lamont: which merrily reports "trying x.x.x.x..." and never gets there. I'm tailing /var/log/mail.log on the server and it never even reports the attempt.
<lamont> mgpcoe: so... "tcpdump -ni lo port 25" as root and then telnet to the IP...
<lamont> should show the normal SYN SYN+ACK ACK - and at that point, I suspect that postfix is trying to resolve your source IP and is failing miserably - lets look at /var/log/mail.log, and /var/spool/postfix/etc/resolv.conf and see if they tell us anything useful
<lamont> and, (seriously), see if leaving it alone for 5 minutes makes a difference at all
<mgpcoe> lamont: Doesn't show a thing... I'm starting to wonder if the external server I'm using to access port 25 is crippled on that port too..
<lamont> well, if you're talking on lo, you should see yoursefl
<mgpcoe> Aha, righto. One second.
<mgpcoe> There it is.
<mgpcoe> lamont: When I connect from the server itself, it doesn't have an issue
<mgpcoe> lamont: Problem is I need to be able to connect to this thing from the cloud, with smtp auth.. and Evolution and Thunderbird won't even connect.
<ScottK> mgpcoe: Use Port 587 (submission)
<mgpcoe> ScottK: I do, and SMTPS for dumber clients, but when Evolution can't even figure out what auth mechanisms are supported, even I know there's something Wrong.
<ScottK> You're mixing different problems then.
<ScottK> Do you need port 25 or do you need MUA's to be able to submit?
<lamont> the cloud blocks port 25, so that spammers don't spam from the cloud.
<mgpcoe> ScottK: Well, I'm trying to set up an SMTP server for a business client so that they can send email from their domain. The server's a virtual host somewhere in, I don't know, Texas, so in order to let my client use the server for their outgoing mail, but not let just anyone do it, I'm trying to set up authenticated SMTP. I can get into it with 465 and 587, and they appropriately bitch about it, but it looks like 
<lamont> like most ISPs, outbound port 25 gets blocked... enable submission (587) and use that
<mgpcoe> (and by bitch about it, I mean they give me the relay access denied message, as they should)
<MTecknology> If I start opening ssh to certain IP's with ufw; am I safe to assume anything not in the ip ranges given will be blocked; or like hand written iptables, do I need to specify a default reject ?
<jmarsden|work> MTecknology: man ufw.  You get to choose.  sudo ufw default deny incoming    # is probably what you want.
<BeardedChimp> exit
<BeardedChimp> oops :P
<MTecknology> jmarsden|work: thanks :)
<jmarsden|work> MTecknology: You're welcome... but try to get in the habit of reading the man page *before* asking on IRC :)
<zul> jjohansen: ping when you are around I got a kernel package question for you
<BeardedChimp> I have a ppp0 device connected to a server. When running iptables -t nat -A PREROUTING -i ppp0 -j accept ; it gives no hits for packets accepted even though I can see packets coming in through tcpdump -i ppp0. This is very confusing because I'm trying to dnat the incoming packets but the nat table doesnt seem to see them
<mgpcoe> lamont: I'm starting to wonder if it might be worth it to just gun all the email set it up and do it again from scratch. I've been working from, like, six different tutorials because nothing's been able to get it completely set up...
<jjohansen> zul: whats the question?
<zul> jjohansen: im suppose to be reviewing an asterisk MIR and it depends on a couple of kernel-packages such as zaptel is there a linux-restricted-modules package for lucid anymore or is all dkms?
<lamont> mgpcoe: delivering to port 25 from the cloud is a non-starter.  figuring out whether or not the ISP blocks outbound to port 25 is the first step of any such attempt
<jjohansen> zul: all dkms
<zul> jjohansen: crap
<zul> jjohansen: ok thanks ;)
<jjohansen> yeah, its a pain
<jjohansen> have you tried asterisk at all?  Do we need to up the kernel Hz for it?
<zul> no i havent i dont have a landline
<jjohansen> hehe me neither
<mgpcoe> lamont: I'm 99% certain that in one of the business partners' case it does, but I don't know what ISP the other uses. I figure, if Gmail and my old university can get it set up that I can use their outgoing servers instead my ISP's, it's not out of the realm of possibility for me to set the same thing up... Apparently it's just Really Exceedingly Difficult, or I'm missing something.
<lamont> that's what god invented the submission port for.  If you're an MTA, you use port 25, if you're submitting mail outbound, then you use submission.
<uvirtbot> New bug: #492026 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 (not installed) failed to install/upgrade: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ Ð½Ð¾Ð²ÑÐ¹ ÑÑÐµÐ½Ð°ÑÐ¸Ð¹ pre-installation Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,New] https://launchpad.net/bugs/492026
<mgpcoe> lamont: So, users from the Tubes would be connecting to submission rather than smtp, right? Do I have to specify to the clients that they need to use a different port?
<lamont> yes, and yes.
<lamont> at least, that's my expectation
<lamont> and experience
<lamont> afk
<mgpcoe> lamont: Oh, I was afraid of that... so Evolution's probably trying to make the auth mechanisms connection over smtp, because I never see that connection.
<smoser> jjohansen, fyi
<smoser> IMAGE aki-b8de3cd1   ubuntu-kernels-testing-us/ubuntu-lucid-i386-linux-image-2.6.31-302-ec2-v-2.6.31-302.7-kernel.img.manifest.xml
<smoser> IMAGE aki-9436d4fd   ubuntu-kernels-testing-us/ubuntu-lucid-i386-linux-image-2.6.32-300-ec2-v-2.6.32-300.1-kernel.img.manifest.xml
<smoser> those went up last night, and the latest amis have them as their kenrel. just verified that
<smoser> ami-4037d529   ubuntu-images-testing-us/ubuntu-lucid-daily-i386-server-20091203.manifest.xml
<smoser> boots fine
<jjohansen> nice :)
<smoser> hm.. my aki pastes above were supposed to be i386 and amd64, not old i386 and new i386, but you get the picture. the -2.6.32-300 kernels are up there now.
<erichammond> smoser: The S3 "location" is "us-west-1" for AMIs in the "us-west-1" EC2 region.  This means we chose a suboptimal (inconsistent) naming scheme for the us-east-1 buckets, but life goes one.
<smoser> this is released information ? link ?
<erichammond> Yep, very little fanfare
<smoser> does suck that i chose sub-optimal naming :-(
<mathiaz> kirkland: whody!
<zul> come si come ca
<mathiaz> kirkland: did you write up a wiki page with minimal configuration for UEC systems?
<erichammond> smoser: Oh, by the way, boot from EBS also launched :)
<smoser> where do you see such things?
<erichammond> http://developer.amazonwebservices.com/connect/ann.jspa?annID=537
<erichammond> http://aws.typepad.com/aws/2009/12/expanding-the-aws-footprint.html
<smoser> http://aws.amazon.com/about-aws/whats-new/
<smoser> thanks. hmm... now, i wonder what we do about naming
<smoser> should i say all new stuff goes into newly named buckets? or new region stuff goes into newly named buckets.
<kirkland> mathiaz: what do you mean by minimal configuration?
<mathiaz> kirkland: things like RAM, CPU, disk sapce
<mathiaz> kirkland: *space*
<kirkland> mathiaz: yeah!
<Aison> hmm, with ldap, everything is so complicated now :( how do I add a new schema?
<kirkland> mathiaz: all of them are under https://help.ubuntu.com/community/UEC
<Aison> on 9.10 it's quite crazy
<kirkland> mathiaz: you're looking for https://help.ubuntu.com/community/UEC/SystemRequirements
<mathiaz> kirkland: I'm writing up the hardware requirement for UEC testing
<smoser> root volumen on ebs is very interesting.... i wonder jjohansen if you could hibernate
<smoser> and resume from hibernation on ebs volume
<mathiaz> kirkland: ty
<kirkland> mathiaz: no problem; feel free to update that page if you have any other suggestions
<jjohansen> hrmm, that would be interesting.  I haven't looked into ebs at all but as long as it could be mounted early it should be possible
<kirkland> mathiaz: this was intended as a rough guide for our users
<erichammond> smoser: I don't think hibernation is an option for the new "stop" state on EC2.  It is possible to do things like change the kernel associated with the instance while it is stopped.
<smoser> well, yes, but if you didn't change the kernel, you could presumably resume from hibernate
<erichammond> smoser: "stop" is a shutdown
<smoser> change kernel or do other things to the volume that would result in inconsistent state for resume
<smoser> hm.. yeah, but if started from user space
<erichammond> smoser: I recommend the new buckets be named the same as the existing ones, replacing "us" with "us-west-1" and I recommend grabbing them quickly.
<smoser> i think i might own them already
<smoser> erichammond, http://paste.ubuntu.com/334039/
<neonfreon>  /wg 1
<smoser> http://paste.ubuntu.com/334040/ is the complete list of canonical owned buckets
<smoser> my land grab paid off
<erichammond> smoser: I wouldn't change the existing "us" ones to "us-east-1".  It gets confusing to have multiple buckets for a single region.
<MTecknology> I've been reading up on remote rsyslog but I'm seeing that the information is passed in clear text and there's no method to actually prevent these messages from being altered
<smoser> erichammond, yeah, i think you'reright.  i think we'll stay "consistent" in that the naming convention is <basename>-<S3_LOCATION>
<smoser> for a region
<erichammond> smoser: I'm going to be mostly unavailable for the next 6-10 hours, but if you have any quick questions about migration, feel free to give me a call on my cell.
<erichammond> bug 492037
<uvirtbot> Launchpad bug 492037 in ubuntu "Migrate Ubuntu AMIs to us-west-1 region" [Undecided,New] https://launchpad.net/bugs/492037
<smoser> nice. thanks, erichammond (the bug).
<erichammond> smoser: I'd recommend dropping whatever else you were doing today and performing the migration.  EC2 customers are now waiting on *you* to use the new region that Amazon has released.  Welcome to EC2 AMI support and maintenance :)
<smoser> :)
<smoser> i dont know.. its kind of nice to have people wait on me. makes me feel powerful
<zul> crazy chicano
<mathiaz> kirkland: could you have a quick look at https://wiki.ubuntu.com/UECTesting - in the Test/Demo Plan section
<kirkland> mathiaz: sure
<mathiaz> kirkland: does the hardware requirements and network topology requirements look sane/comprehensible?
<kirkland> mathiaz: yeah, totally
<kirkland> mathiaz: you should be able to get up to 4 small guests on each of the NCs
<kirkland> mathiaz: and host a decent number of images
<mathiaz> kirkland: hm - 4 guests per NCs - that's 8 guests max
<mathiaz> kirkland: I'd rather have 8 GB minimum then
<mathiaz> kirkland: to max out at 16 guests
<kirkland> mathiaz: well you might be able to get away with 256MB guests
<kirkland> mathiaz: you'll also need to tweak the eucalyptus.conf to allow for more than one vm per cpu core
<mathiaz> kirkland: well - considering that we wanna test the default configuration, I'd rather increase the RAM
<kirkland> mathiaz: fair enough
<mathiaz> kirkland: more than one vm per cpu core -> does this mean that there should be at least 8 cores on the NCs?
<mathiaz> kirkland: to be able to run up to 8 VMs?
<kirkland> mathiaz: well, the default configuration is only 1 VM per core
<kirkland> mathiaz: so 8 cores would give you up to 8 vm's
<mathiaz> kirkland: hm - so the limiting factor here is the number of core, not the amount of RAM?
<mathiaz> kirkland: a small guest is 1 core + 512 M of RAM?
<kirkland> mathiaz: it's both
<kirkland> mathiaz: you know how ec2 has various different machine types?  -t m1.small or -t c1.medium, etc?
 * mathiaz nods
<kirkland> mathiaz: in the ec2 world, the machine types that start with "m" are "memory" rich machines
<kirkland> mathiaz: and the "c" ones are "cpu" rich machines
<kirkland> (kind of)
<kirkland> mathiaz: but Amazon gets to decide what those machine type/sizes are
<kirkland> mathiaz: one of the advantages of running your own cloud is that YOU get to decide how big the machine types are
<kirkland> mathiaz: with UEC, you can make any of your machine types any size you want
<kirkland> mathiaz: it's in the web interface, on the configuration tab
<mathiaz> kirkland: ok - so what are the default machine types?
<kirkland> mathiaz: there are defaults, of course, but you can trivially change those
<mathiaz> kirkland: ok - so what are the default machine types in UEC?
<kirkland> mathiaz: let me check ...
<kirkland> mathiaz: http://rookery.canonical.com/~kirkland/screenshot.png
<kirkland> mathiaz: those are the defaults; you see how easy it is for an admin to change though ...
<mathiaz> kirkland: great - thanks
<kirkland> mathiaz: i'm trying to find where the config is to change the allowed vm's per core
<RoAkSoAx> are there any lucid server iso's available yet?
<kirkland> RoAkSoAx: there was for a while, but they're broken now
<kirkland> RoAkSoAx: the last good one I have was from 27 Nov
<RoAkSoAx> kirkland, is there a place where I can get it?
<RoAkSoAx> since I cannot seem to find any in
<RoAkSoAx> the website
<majuk> Hey guys. I'm having an issue with networking. My server has 2 1g/s NICs and is connected to a 1g/s switch and a 100mb/s router that routes the rest of the hosts. The switch also connects the main T1 gateway. The problem is, it seems the server is using the router as a gateway as my entire network caps out at 100kb/s, including the server.
<kirkland> RoAkSoAx: you can download from me, if you like
<majuk> Anyone have any ideas on how to diagnose that this is actually the problem? tracepaths show the server hitting the T1 gateway first, so it looks like it's functioning correctly, but I should be able to get more than 100k/s or at LEAST 100k/s on the server AND through the router to the other hosts.
<kirkland> RoAkSoAx: in the mean time, you should bug cjwatson or someone in ubuntu-devel about getting the daily server iso's fixed
<RoAkSoAx> kirkland, I'll bug them then
<kirkland> RoAkSoAx: cjwatson may be gone for the day, poke slangasek
<RoAkSoAx> ok will do :)
 * majuk cries
<mathiaz> kirkland: seems that 8 cores + 4 RAM is enough max out both RAM and nb of cores
<mathiaz> kirkland: about disk space - the capacity defined in the type is how much space is allocated to the guest?
<mathiaz> kirkland: does this take into account the cache image?
<kirkland> mathiaz: no, it does not
<kirkland> mathiaz: eucalyptus can be a pig about disk space, i learned
<kirkland> mathiaz: back in the jaunty cycle, i was trying to use a 32GB SSD in one of my NCs
<kirkland> mathiaz: i never could get an instance to launch, failed for strange, non-exception-handled reasons
<mathiaz> kirkland: right - I remember
<mathiaz> kirkland: now how much space is needed by the image cache?
<mathiaz> kirkland: I guess it depends on the image
<kirkland> right, exactly
<kirkland> mathiaz: and how many different images you're talking about
<kirkland> mathiaz: each image will be cached once
<kirkland> mathiaz: if you only have 1 image, then the requirement isn't very high
<kirkland> mathiaz: and you can clear that cache at any time
<mathiaz> kirkland: yeah - according to my calculs, I can run up to 8 guests on one NC
<kirkland> mathiaz: will just take longer each time you start a non-cached image
<mathiaz> kirkland: which means up to 8 different images
<mathiaz> kirkland: would 20 Gb / image cache be a good approximation?
<kirkland> yeah, that should be safe
<mathiaz> kirkland: that would mean at least 160 GB for image caching on each NC
<kirkland> mathiaz: our images are pretty small, now
<kirkland> mathiaz: like under 1GB compressed
<mathiaz> kirkland: what is used on the NC - raw or qcow2?
<kirkland> mathiaz: oh, no, you're way over shooting
<azteech> majuk, if memory each connection will only be as fast as the slowest connection on your network - because you are using a 100mb/s router - the network most likely will never go faster. you need to upgrade to a router that is capable of running the gigabit speed.
<kirkland> mathiaz: the cache is just the bare image itself
<mathiaz> kirkland: oh ok - so 5 GB /image cache?
<kirkland> mathiaz: let me check my NC
<mathiaz> kirkland: isn't the NC cpying the image at some point?
<azteech> majuk, meant to say if memory servers me correctly
<kirkland> mathiaz: yes, to run the image
<kirkland> mathiaz: the cache, though, as I understand it, is just the local, master copy of the image
<majuk> Hmmmm.... so you mean since the 100mb/s router is connected through the gig switch, the gig switch will only run at 100mb/s speeds?
<mathiaz> kirkland: and that gets copy for each instance
<majuk> azteech! ^^
<mathiaz> kirkland: and there is also another file allocated for each type of instance (capacity)
<kirkland> mathiaz: http://pastebin.ubuntu.com/334084/
<kirkland> mathiaz: this node has run 2 different images (emi's)
<kirkland> mathiaz: each of which is ~564M cached
<azteech> majuk, that is what I am saying.
<mathiaz> kirkland: what's in the emi-* directories?
<kirkland> mathiaz: after the *instance* is terminated, eucalyptus cleans up the backing disk image
<kirkland> mathiaz: -rw-r--r-- 1 eucalyptus eucalyptus 2.1G 2009-11-24 21:30 disk
<kirkland> -rw-r--r-- 1 eucalyptus eucalyptus 5.9K 2009-11-24 21:31 disk-digest
<kirkland> mathiaz: where those are sparse files
<kirkland> mathiaz: do you want access to my NC to poke around?
<mathiaz> kirkland: right - and these are m1.small?
<mathiaz> kirkland: oh yeah - if possible
<mathiaz> kirkland: that would be easier I guess
<majuk> azteech! Alright, thanks man
<azteech> majuk, yw
<kirkland> smoser: yo
<kirkland> smoser: mathiaz has a question for you about uec vs. ec2
<mathiaz> smoser: yeah - seems that on UEC, there isn't any local storage in instances
<mathiaz> smoser: IIRC on EC2 you get some scratch space on /mnt (like 100s of GB)
<mathiaz> smoser: it seems that UEC doesn't provide that
<smoser> mathiaz, not true
<smoser> :)
<smoser> hold on
 * mathiaz stops breathing
<aubre> mathiaz: on my extra large instance I have around 17gb in /mnt
<mathiaz> aubre: on EC2?
<aubre> doh
<aubre> nope
<aubre> talking UEC
<mathiaz> aubre: is /mnt a separate partition?
<mathiaz> aubre: does it use another disk?
<mathiaz> aubre: what's the kvm command on the NC?
<aubre> mathiaz: it is /dev/sda2
<aubre> mathiaz: and I didn't have to do anything to make it happen, it was automatically there when I created the instance
<aubre> mathiaz: I am using the 64-bit img from the store btw
<mathiaz> aubre: right - extra large gives you 20 Gb by default
<aubre> mathiaz: on ec2, doesn't what you put in /mnt go away when you close the image?
<mathiaz> aubre: yes - that's correct - it's just scratch space
<mathiaz> aubre: I don't seem to have that on my UEC instances though
<aubre> mathiaz: what size are you using?
<kirkland> mathiaz: you're running c1.medium
<kirkland> mathiaz: which is only a 5G instance
<mathiaz> kirkland: right - so I see a /dev/sda2 in the instance
<mathiaz> kirkland: but it's not mounted by default in the image
<aubre> mathiaz: hmm
<smoser> ok. i'm back.
<aubre> mathiaz: so it may be a function of which image you are using?
<mathiaz> kirkland: on the NC side, it's just one big 5Gb file
<aubre> mathiaz: so you could just fdisk it and mount it on your own
<smoser> euca-describe-availability-zones verbose
<mathiaz> aubre: right
<smoser> that tells you how much "disk" you have
<smoser> if your root filesystem uses all of that "disk" you dont get any more. whatever you dont use goes in /dev/sda2
<aubre> mathiaz: try the images from the store, mine automagically mounted /dev/sda2 to /mnt
<smoser> thats basically the case.
<smoser> it "shoudl work".
<mathiaz> smoser: ok - seems like this is what I get indeed
<mathiaz> smoser: (except that sda2 is not mounted on /mnt by default)
<mathiaz> kirkland: which emi- were you using?
<smoser> mathiaz, what is the image ? the released karmic should do that.
<smoser> the lucid probably has issues (mountall)
<smoser> or could have issues
<aubre> smoser: mathiaz my released karmic automounts
<mathiaz> smoser: that being said - I thought that on EC2 the scratch space on /mnt was much bigger
<smoser> on ec2 it is.
<smoser> 160G
<mathiaz> smoser: and euca-describe-instances verbose on EC2 would show a disk space of 160?
<aubre> smoser: on all instance sizes?
<smoser> http://aws.amazon.com/ec2/instance-types/
<smoser> euca-describe-instances verbose is a euca specific tool
<smoser> since you can configure your eucalyptus sizes
<smoser> you cannot do so for ec2 . you get what they say.
<mathiaz> smoser: right - gotcha
<mathiaz> smoser: so everything looks good to me.
<mathiaz> smoser: except that the emi I'm using doesn't mount sda2 - I don't which image is actually used though
<smoser> http://docs.amazonwebservices.com/AWSEC2/latest/DeveloperGuide/concepts-amis-and-instances.html#instance-types has real info on what you get on ec2
<smoser> mathiaz, the rc karmic images i think had issues with that. i dont really recall, but released karmic shoudl work
<smoser> and obviously we need to make lucid work
<marks256> when Newegg says that piece of hardware (RAID controller) is supported under "Linux (RedHat, SuSE, Debian, Mandrake, TurboLinux, CentOS, etc.)" does that "etc" include Ubuntu? I believe ubuntu is based on Debian...
<ScottK> Ubuntu is based on Debian.
<ScottK> The kernels are not the same however, so it's not guaranteed to be close enough.
<ScottK> Etc probably would include Ubuntu, but no way to know for sure.
<marks256> ScottK, i asked on #ubuntu and everyone who replied said it should work. Thanks anyway :)
<MTecknology> I did this 'ufw allow proto tcp from 138.247.0.0/16 to any port 22' and now trying to make an ssh connection to my server isn't working. I did default deny as well.  My IP starts with 138.247
<MTecknology> Maybe it's not ufw; I'm getting this error "ssh_exchange_identification: Connection closed by remote host"
<MTecknology> nevermind... hosts.deny
<unit3> I'm having some weird issues with LVM on one of my servers, and some of the /dev/vg/lv links are missing.
<unit3> they exist under /dev/mapper/whatever, but all the references in config files and stuff point to the other paths.
<unit3> is there an easy way to get udev to recreate those paths?
<Aison> damn, after some uptime, I get an endless lop of these messages: Dec  3 22:47:32 mediaserv kernel: [  387.818430] saa7146: interrupt_hw(): warning: interrupt enabled, but not handled properly.(0xe7fcfbb7)
<Aison> both cores are used 100%
<Aison> the machine is almost not reacting
<unit3> that's a video capture card, right?
<Aison> yes
<unit3> Sounds like the driver for that is buggy. can you rmmod saa7146?
<unit3> and if so, do things even out?
<Aison> trying, each keystroke takes 10 seconds ;)
<unit3> heheh oh man, that's really messed.
<Aison> it's not the first time, it happens all the time ;)
<Aison> before with gentoo, now with ubuntu server
<unit3> oh man, that's harsh. definitely a bug with that kernel module then.
<unit3> File it on launchpad, they'll forward it upstream.
<unit3> also, you may wish to load the module with the saa7146_debug parameter set to something > 0. That way, it should log more info about why it's dying to syslog, give you more to report.
<Aison> sec... I'm also ask #linuxtv, I know some guys there
<unit3> Sure. Really sounds like a driver bug to me though, so I'm not sure there's much they'll be able to do, unless there's a different driver for that card.
<Hypnoz> anyone know how to make apt-get install nis silent (prompts for domain name currently), for use during like an unattended pxe install?
<billybigrigger> -qq
<billybigrigger> Hypnoz, simple apt-get help shows that
<billybigrigger> -qq No output except for errors
<billybigrigger> -y  Assume Yes to all queries and do not prompt
<Hypnoz> -y I believe is only to accept the install, not for the queries the packages prompt during their install
<Hypnoz> apt-get -y install nis  didn't work, it still prompted for a domain name
<Hypnoz> will try -qq
<Hypnoz> still prompts for a domain name
<dinger1986> hello does anyone have experience of hylafax?
<xperia> hello to all. i have just successful installed red5 on my server and have now a qustion about the protocol rmtp
<xperia> if i do in the browser "http://mywebserver.com" it works everything like expected
<xperia> but if i do "rmtp://mywebserver.com" i am getting rmtp protocol not registered
<xperia> my question is what could be the problem ?
<xperia> do i need to put some new lines on my bind name server for this special protocol. i suppose no as i dont has anything to do with domain names or i am wrong ?
<unit3> rmtp is a protocol for multimedia apps. Generally web browsers don't speak rmtp.
<unit3> what are you trying to do, exactly?
<xperia> need to test if my new installed red5 flash media server works good. tested some demos but all freeze my webbrowser or dont do anything till yet
<unit3> so you've got some web pages with flash apps that are configured to point at your red5 install, then?
<xperia> the port 1935 for rmtp is openend on my router
<xperia> till yet i just try only the demos unit3 in the next day i will try to adopt my flash apps to use my new red5 server
<unit3> ok, so you've got some demo flash apps in a web page configured to point at your red5 server?
<xperia> unit3: yes here is the link http://wificom.ch:5080/
<xperia> sorry:  http://wificom.ch:5080/demos
<xperia> the bandwidth test application freeze my browser
<xperia> the chat application dont do anything. dont know why
<xperia> and the port testing application fails !
<unit3> right, I see that.
<sysErroR> I have openssl installed on my vps, and I compiled an IRCd with ssl support, yet, it can't find openSSL, can anyone help me?
<unit3> xperia: this looks like a red5 configuration issue, but I don't know a ton about red5. you'd probably have better luck asking on their support forums or irc channel, since this doesn't seem to be a problem with your actual ubuntu server install.
<unit3> I mean, your install is there, it's reachable, and it's complaining about stuff. That seems like a configuration issue with red5.
<xperia> unit3: thank you for your helpfull tips. have asked here to veryfie if something is wrong with my server. will join red5 irc chanell but this people arent very helpfull
<unit3> yeah, I think your server's fine, this looks like a red5 configuration issue.
<unit3> port 1935 is open, so the port tester should work, but it isn't. to me that says there's extra access controls on the red5 side blocking the connection.
<unit3> but again, never setup red5 myself, so I'm not really certain.
<mathiaz> kane_: hi - is https://wiki.ubuntu.com/UECTesting - Topologies section enough to keep the ball rolling for getting the hardware?
#ubuntu-server 2009-12-04
<sysErroR> I have openssl installed on my vps, and I compiled an IRCd with ssl support, yet, it can't find openSSL, can anyone help me?
<unit3> sysErroR: which openssl package are you using?
<unit3> hmm... looking at those topologies for UEC is interesting. it looks like it's yet another infrastructure with single points of failure. (CLC/Walrus/CC/SC)
<unit3> I wish someone would design something that isn't that... where you have nodes, and any of them can also be the coordinating node, and if the coordinator disappears, they have an election and make a new one, transparently.
<unit3> that'd be more useful for failover and management.
<sysErroR> openssl.0.9.8g
<sysErroR> Unpacking openssl (from .../openssl_0.9.8g-16ubuntu3_amd64.deb) ...
<unit3> sysErroR: and what does "ldd" show for your binary, sysErroR?
<unit3> erm, which missing ones, anyway?
<sysErroR> sec
<sysErroR> uh, I've never used ldd, what's the command to show missing binaries? sorry if I seem like a noob.
<unit3> something like:
<unit3> ldd myprogram | grep "not found"
<unit3> ;)
<unit3> or without the grep just to see all the lib dependancies.
<xperia> unit3: i am just curios ! how can i test on my server what for ports are open at the moment?
<unit3> xperia: nmap's good. only problem is you have to run it from somewhere outside your firewall to see reasonable results.
<sysErroR> syserror@linode:~/ircd/etc$ ldd openssl
<sysErroR> ldd: ./openssl: No such file or directory
<sysErroR> syserror@linode:~/ircd/etc$
<sysErroR> I might have done that wrong
<unit3> sysErroR: you run it against the compiled binary you generated, whatever that's called.
<unit3> whatever it is, it's probably not in the /etc subdir. ;)
<unit3> xperia: if you just want to see what ports your server has open locally, you can use netstat. "netstat -tlpn" will tell you tcp ports, "netstat -ulpn" will tell you udp ports.
<unit3> and what processes have them open, which is good for figuring out "mystery" ones. ;)
<unit3> heh, finally found the answer to my own lvm q earlier (didn't look at man pages hard enough)
<unit3> "vgscan --mknodes" was what I wanted. I knew it existed! ;)
<Guest16660> hey i am running postfix on ubuntu server and can email myself and receive email from a windows server 2003 running hmail, but when i try to send from linux box to server 2003 I get a: "recipient address rejected: user unknown in local recipient table" any thoughts?
<unit3> is server2003 running exchange or some other MTA? and is the user you're trying to send to set up there?
<Guest16660> no just hmail, and the user is setup on the other end
<unit3> in the error message you get back on the linux mail server, does it specify which mail server is giving that error (the linux one or the win2k3 one) and is there any more details?
<Guest16660> the linux mail server is receiving the error from what appears to be the win2k3 server, and there are no more details beyond that.  There are also no log entries regarding the error.
<billybigrigger> what about on the win2k server? surely an error report there no?
<unit3> can you test sending to the same address on the win2k3 server just via telnet? that's always my fallback when I'm working with two MTAs and I don't know which one is misconfigured.
<unit3> telnet to port 25 on the server, send it some raw (simple) smtp commands. see what happens.
<Guest16660> no error in the logs on 2k3, but i can send to myself on 2k3, testing telnet now
<piotrekm> hello
<piotrekm> is it posible to configure own dns server to support subdomains for a dyndns domain?
<unit3> Guest16660: ideally, you'd telnet from the linux server to the windows server on port 25, and then send a really simple message, and see if it gives you the same error.
<unit3> piotrekm: I don't see why not, but that'll only work if your dyndns provider does subdomain delegation to you, which they might not do.
<piotrekm> unit3: so it's not possible in every case?
<unit3> nope.
<Guest16660> telnet connection refused
<Guest16660> i think my bind server might be off
<unit3> erm, should have nothing to do with it. you're telnetting to port 25, right?
<unit3> on the windows server?
<Guest16660> yup
<Guest16660> from linux to windows
<unit3> well... sounds like it's not allowing connections from your linux box. which doesn't explain the error you got before.
<unit3> were either of these machines working properly before this? or are they both new installs?
<Guest16660> they are basically fresh installs and everything has been configured from scratch
<unit3> ahhh... that's tough then, since you have two servers where you're not certain either are working or configured correctly.
<unit3> I'd try them each against an external source, like a gmail account, to try and narrow down which one is broken, since it's unlikely to be both of them.
<Guest16660> yeah i know, I pretty much have nothing to go off of
<unit3> and from what we've discussed here, it sounds like it's the windows server. ;)
<Guest16660> I will do that, I really appreciate the help
<unit3> np
<Hypnoz> anyone here familiar with making apt-get install silent? apt-get -y install nis still prompts me. Making it hard to put it in a pxe image
<unit3> Hypnoz: did you try -qq like was suggested before? what did that do?
<Hypnoz> it silenced output, but it still put up a full screen prompt for NIS domain
<Hypnoz> tried --force-yes too
<unit3> ahhh...
<unit3> you need something to change the prompting level for debconf.
<Hypnoz> hmm let me try a higher silence level
<Hypnoz> apt-get install -q=2 didn't change anything
<unit3> Hypnoz: http://blog.hjksolutions.com/articles/2007/07/27/unattended-package-installation-with-debian-and-ubuntu
<unit3> that's probably a better solution, where you feed it the answers you want at install time.
<Hypnoz> i'll read through, thanks for the link
<unit3> np
<kenyabob> Is there a way to configure postfix so that when I test comment forms on development sites, the addresses I send the test to dont reject it as spam?
<unit3> not really... that type of classification is done on the receiving side, obviously, so unless you control the receiving mail servers, there's not much you can do about it.
<unit3> sort of the point of spam filtering that the sender can't really influence how it gets classified. ;)
<kenyabob> unit3, someone had mentioned trusted relay?
<unit3> that works if you know what relays the receiver trusts. again, you'd sort of have to run those mail servers to know that.
<unit3> if you have spam filtering options on the receiving side, you can possibly whitelist the addresses you're sending from.
<kenyabob> So, really, there is no way to test out comment forms to other people when you are simple an unmarked machine and IP?
<lamont> kenyabob: I certainly hope not.   at least not to random addresses...
<unit3> kenyabob: sure there is, but it's dependant on the receiving mail server.
<unit3> if you don't control the receiving mail server, then it's really not up to you how it's interpreted at the other end.
<lamont> kenyabob: given the amount of effort that has gone into making it so that webform-generated spam gets dropped as spam, that is
<unit3> for test purposes, you'd generally set up your own receiving mail server, and then test against that until you were ready to go live on a real web host.
<unit3> that's usually sufficient.
<ghostlines> does virt-manager work with the latest version of Xen?
<unit3> it should, but check the libvirt page for Xen support info.
<ghostlines> thanks will do
<kenyabob> unit3, lamont, thanks guys
<teddymills> is it possible to add mdadm to a single drive server?
<RoAkSoAx> cemc, ping
<krabador> this is the 64bit version of ubuntu?
<billybigrigger> how come i can see one of my users logs in via ssh, but doesn't show in 'who' or 'last' commands?
<billybigrigger> Dec  4 03:13:31 localhost sshd[10128]: Accepted password for matts from 7
<billybigrigger> Dec  4 03:13:31 localhost sshd[10128]: pam_unix(sshd:session): session opened for user matts by (uid=0)
<jmarsden> billybigrigger: Do other users that ssh in show up in last output just fine?  And does /var/log/wtmp exist on your machine?
<billybigrigger> my regular user shows up in last and who
<billybigrigger> wtmp exists yes
<billybigrigger> i know root used to show up aswell, before i disabled root logins that is
<jmarsden> teddymills: Yes, you can add mdadm to a single drive server.  If you want to take a giant performance hit, you can even create a "RAID array" made from two partitions of the same drive, but that is pretty silly... :)
<jmarsden> billybigrigger: When matts logged in, did he in fact create a shell session, or was he using scp or something like that?
<billybigrigger> ssh port forwarding
<billybigrigger> that must be why he doesn't show then
<jmarsden> Yes, if he isn't running a shell he won't show up in wtmp, I think.
<teddymills> i installed ubuntu 8.043 server on single drive server test box..and installed mdadm after the install was done...then i changed the partitions to 'fd' to my amazement the system still boots up!. I changed the partions from ext3 to linux raid autodetect and installed mdadm AFTer the OS was installed. I think I am home free!
<Orfeous> hi everyone!
<Orfeous> trying to get slapd (LDAP server) to work! i have followed guides on https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html but i cant get it to work :( that tutorial is missing that on karmic when installing or configuring slapd there are no password configuration so the first steps doesnt work..
<ScottK> Orfeous: It tends to be pretty quiet here this time of day.
<ScottK> You might ask again during the normal US/European work day.
<git___> hi
<git___> what fs do you guys use when you install ubuntu server?
<KurtKraut> ScottK, or asking in a forum, what would'nt require him and the person that may know the answer to be online at the same time :D
<ScottK> KurtKraut: True, but in general I don't find forums are typically a source of expert advice.  Along those lines the ubuntu-server mailing list would be better, I think.
<Orfeous> git___: EXT4 as default suggested
<ScottK> git___: It depends a lot on what you're using it for and which release you are using.
<git___> 9.10
<Orfeous> but reiserfs on stuff data disks
<Orfeous> ScottK: what time is it?
<ScottK> git___: ext4 is the default.  Personally, I'm conservative, I still use ext3.
<Orfeous> brb changing client..
<uvirtbot> New bug: #490790 in ubuntuone-client (main) "/etc/samba/smb.conf error in some line" [Undecided,Invalid] https://launchpad.net/bugs/490790
<Orfeous> ScottK: what time is it?
<twb> Time to respect the rock?
<Orfeous> its 07.32 overe here :P
<Orfeous> time to sleep some hours then come back and ask about LDAP
<Orfeous> see you!
<RoyK> hehe
<RoyK> Orfeous: have a coffee
 * RoyK is in CET too
<Orfeous> my GF just went to work ;) and i havent gone to bed yet
<Orfeous> she know what my hobbie and biggest intrest is.
<Orfeous> bye!
<teddymills> 3am here at 7L, building seven i7 i920 servers.
<twb> teddymills: 7L?
<Aison> hello
<Aison> I added some nfs shares to fstab
<Aison> doing mount -a call after worked well
<Aison> but now on reboot, the server hangs because it cant mount these shares
<Aison> no idea why, but it guess the networkdevices aren't configured at that point
<ivoks> hangs?
<ivoks> ubuntu 9.10?
<Aison> yes, ubuntu 9.10
<Aison> ok, I can still boot
<Aison> but it asks for my root password
<Aison> then I can modify fstab, remove the nfs entries
<Aison> and reboot
<ivoks> so.. you have 0 2 on nfs shares?
<ivoks> paste the line with nfs share
<ivoks> in fstab
<Aison> hmm, no, it's 0 1
<Aison> is that the fault?
<ivoks> replace that with 0 0
<ivoks> 0 1 - stop everything if that can not be mounted
<ivoks> there's a bug in 9.10, where network shares are started before networking
<ivoks> so, combination of those two makes your system unbootable
<tomodon> im currently at a university with an extra computer I would like to serve a page on over the network. I had it working well until it started getting an IPv6 address. I'm not sure how other computers could access it. Could I force it to get an IPv4 address?
<ivoks> it gets ipv6 address?
<ivoks> from dhcp?
<ivoks> you don't get ipv6 address, you set it up
<Aison> ivoks, it was 0 0 not 0 1
<ivoks> 0 0 is ok
<Aison> and the error is DNS Resolve failed for 10.0.0.2
<Aison> 10.0.0.2 is my nfs server
<ivoks> DNS Resolve failed for 10.0.0.2
<ivoks> ?
<ivoks> there's no dns resolving
<Aison> yes, I know, but that's the error
<ivoks> that's a client or server?
<ivoks> how do you set up your ip?
<Aison> client that can't boot
<Aison> ok, this client is also a server ;)
<ivoks> so, you have a static ip?
<ivoks> static ip in /etc/network/interfaces?
<Aison> yes, static, but i'm using bonding, to get 2gbit/s
<Aison> http://pastebin.com/m4a18885e
<Aison> for bonding, I also added /etc/modprobe.d/bonding.conf  to setup bonding module correctly
<soren> Heheh...
<Aison> maybe that's the problem
<ivoks> heh...
<soren> ttx: http://piware.de/workitems/server/lucid/report.html <--- We're in pretty good shape! :)
<twb> NFS shares shouldn't have "0 1" or "0 2" or anything.  Just remove the fsck and dump fields entirely.
<ttx> soren: haha
<ttx> soren: let's take a few weeks off and fix that
<soren> http://piware.de/workitems/qa/lucid/report.html <--- Not so much :)
 * soren whistles innocently
<ivoks> Aison: i would suggest adding post-up in interfaces for nfs shares
<ttx> soren: you break things where you go, dude :)
<soren> I can recognise me by my trail of destruction.
<ivoks> Aison: there's a problem with network filesystems in ubuntu 9.10
<ivoks> Aison: they are mounted before network is started :/
<ivoks> 'mounted'
<twb> The system *should* wait for the network to be up before attempting to mount NFS filesystems.  It does so for me!  Confirm that NetworkManager isn't installed.
<Aison> that's what I suggested ;)
<ivoks> Aison: so post-up command with mount should fix the issue
<twb> ivoks: oh, sorry, I didn't know 9.10 had a problem
<ivoks> soren: scott promised fix for network filesystems before network, right?
<Aison> twb, network manager isn't installed
<ivoks> for karmic
<Aison> so where do I have to add this postup command?!?
<ivoks> Aison: man interfaces
<ivoks> post-up
<ivoks> i'm off
<soren> ivoks: I think he promised to fix Everything[tm].
<ivoks> take care
<soren> o/
<Ng> huh, so installing eucalyptus takes over avahi?
 * Ng hmms
<Ng> so I only lose mdns for the CC machine if the eucalyptus upstart jobs are all stopped
<soren> Ng: "Takes over" avahi?
<Ng> soren: on my karmic eucalyptus machine, the avahi upstart job is telling it to use the config file /etc/eucalyptus/avahi-daemon.conf
<Ng> I filed my particular concern about this as bug #492235 :)
<uvirtbot> Launchpad bug 492235 in eucalyptus "mDNS for CC hostname is only available while eucalyptus-cc is running" [Undecided,New] https://launchpad.net/bugs/492235
<soren> Ng: Interesting. I believe cjwatson masterminded the avahi stuff in Eucalyptus (unless someone changed it later on). Perhaps he can shed some light.
<Ng> soren: I'm entirely confident that his grasp on the subtleties of this is significantly tighter than mine :)
<twb> Hehe, "masterminded"
<cjwatson> Ng: this is changed in lucid already
<Ng> aha :)
<cjwatson> it was kirkland's workaround for a bug, which I've now fixed in a different way
<cjwatson> well, by "in lucid" I mean "in eucalyptus bzr not yet uploaded"
<twb> Is eucalyptus an Ubuntu-specific thing?  I assumed it was an upstream project.
<cjwatson> it is an upstream project
<twb> Righto
<cjwatson> however Ubuntu is doing a lot of work with it
<cjwatson> oh, actually, I think my changes have been uploaded now
<cjwatson> kirkland: when doing the sort of thing you did with eucalyptus bzr that creates two changelog stanzas, please use debuild -v so that your upload automatically closes bugs properly
<cjwatson> kirkland: in fact, it would have been better to merge the unreleased stanza into the one you were uploading
<Pupeno> I have an ubuntu machine running Zope and Apache with WordPress on MySQL and it can't server more than 100 visits per hour without running out of it 720MB of RAM. Is that normal?
<twb> Interesting; I'd always just sent emails to NNN-done (with a Version: M-1 on the first line), since I didn't know about dpkg-genchanges -v.
<twb> Pupeno: by "visits" do you mean individual GET requests?
<Pupeno> twb: yes.
<twb> Pupeno: how much ram do those services use when you first start them?
<Pupeno> twb: I've restarted half an hour ago, let me check.
<twb> I mean 720MB just to BOOT UP wouldn't surprise me if it was Java
<cjwatson> twb: if you're going to do that with debbugs, it's better to imitate dak precisely and use Source: and Source-Version:
<cjwatson> there are some slight semantic differences
<Pupeno> Zope is using the most at 152mb.
<Pupeno> Apache second with 46mb.
<twb> cjwatson: ah, thanks.
<Pupeno> Generally the first process to be killed due to out of memory is MySQL.
<Pupeno> Hold on, I think I'm reading the numbers wrong. That is VIRT in top.
<twb> Pupeno: certainly a badly-written app could achieve that kind of resource usage.  I don't know how fugly zope and wordpress are internally.
<Pupeno> MySQL is already at 131m.
<twb> Pupeno: you'll also want to check that it's not doing something coincidentally, like rebuilding an index or something.
<Pupeno> twb: well, zope never receives those visits. I mention it just because they eat a big part of the 720MB.
<Pupeno> twb: it happened pretty consistently. The last three times my blog was on reddit, my server died.
<twb> Shrug
<twb> That kind of silliness is why I prefer simple, static infrastructure like ikiwiki.
 * soren goes to lunch
<nyk2005> Hi! My ubuntu server just crashed last night because of low memory condition. In /var/log/messages I saw that when the kernel handled the low memory situation, it only saw 1.3GB swap as free, which is the swap partition on an SD disk, but I added an additional 25GB swap file on a raid5 to give it room in low memory situation. Why didn't the kernel use it?
<uvirtbot> New bug: #492257 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/492257
<nyk2005> cat /proc/meminfo shows SwapTotal: 27547744 kB, but in the last message from the kernel before it killed syslog it says Total swap = 1333352kB
<nyk2005> So why didn't it use the swap file?
<kirkland> cjwatson: good point; will do so in the future
<kirkland> cjwatson: sorry about that
<cjwatson> np, I closed the bugs by hand
<soren> nyk2005: And you're confident it knew about that 25 GB swap file yesterday?
<Aison> re
<Aison> how do I suppress error codes on commandline again?  eg. i've got "post-up mount /mnt/public" in my interfaces. but it shouldn't fail, even when the mount command fails
<arj> || true ?
<arj> without the ? obviously
<nyk2005> soren: yes, very confident!
<BeardedChimp> I'm trying to DNAT incoming packets on a ppp0 interface, however even if i do iptables -t nat -i ppp0 -j ACCEPT ; it doesn't show any packets when I do iptables -t nat -nL ; Does anyone know why this might be happening? They do come up if i do iptables -t mangle -i ppp0 .... but i dont want to mangle them i want to nat them
<soren> nyk2005: Can you check? Do you your full syslog all the way back to when it was added?
<twb> BeardedChimp: you can't ACCEPT in a nat table; it's not meaningful to do so.
<twb> BeardedChimp: talk to #netfilter about it.
<nyk2005> soren: yes..
<soren> nyk2005: Try grepping for "Adding .* swap"
<Aison> arj, I think it's something like 2>&1
<nyk2005> soren: Dec  3 11:31:50 biodata2 kernel: [603121.488761] Adding 26214392k swap on /mnt/raid/swap_file.  Priority:-2 extents:7 across:81774840k
<arj> Aison, that does not prevent it from failing
<twb> Aison: 2>/dev/null will suppress error MESSAGES.  || true will suppress the error EXIT STATUS, which is what post-up cares about.
<arj> but that supresses the messages, not the codes
<arj> what he said
<Aison> ok, thx
<soren> nyk2005: Ok. which kernel version is this?
<BeardedChimp> twb: Ah, I was only doing accept to demonstrate that it wasn't recognising the packets
<BeardedChimp> twb: If i did -j DNAT .... it still picks up no packets
<soren> BeardedChimp: which chain are you adding this rule to?
<BeardedChimp> nat
<BeardedChimp> prerouting
<BeardedChimp> ie. iptables -t nat -A PREROUTING -i ppp0 -j DNAT --to-destination ....
<twb> BeardedChimp: #netfilter handles this question every day.  I encourage you to talk to them about it.
<BeardedChimp> Yeah I've gone in there, cheers for the #
<nyk2005> soren: Linux biodata2 2.6.31-15-server #50-Ubuntu SMP Tue Nov 10 15:50:36 UTC 2009 x86_64 GNU/Linux
<soren> nyk2005: Ok. Sorry, I don't know. You could ask in #ubuntu-kernel. They should know better than I.
 * soren hides for an hour or so to do some hacking
<Aison> strange, I installed phpsysinfo on both servers
<Aison> on one server it works, on the other it tries to download the php file?!?
<Aison> wt
<arj> install php
<Aison> it is installed?!?
<arj> oh?!?
<RoyK> Aison: perhaps you're missing php file handle
<RoyK> filetype
<RoyK> don't remember
<Aison> well, it's quite funny, because both servers are installed exactly the same way ;)
 * RoyK blames Bill Gates
<Aison> damn crap
<Aison> ok, now it's working
<Aison> hmm, but just with knoqueror ;) firefox still try to download the file
<Aison> lol
<arj> cache?!?
<RoyK> erm
<soren> zul: Can you make Jos the approver of https://blueprints.edge.launchpad.net/ubuntu/+spec/server-lucid-improve-testcases again?
<zul> soren: yep
<kane_> zul: actually, i was trying to pass that to marjo
<soren> kane_: ^ That way you should get access to fiddle with it again.
<zul> done
<soren> zul: No, that's the assignee.
<zul> whoops done ;)
<zul> meh need more caffine
<kane_> i think zul knew exactly what he was doing ;)
<soren> kane_: There we go. Now you should be able to do with it what you want :)
<soren> kane_: Heh :)
<xperia> hello to all. i am trying to get the php extension xdebug on my ubuntu server to run but for some reason i have problems with this.
<xperia> i was able with "sudo pecl install xdebug" to fetch and install the extension on my server.
<xperia> in the php.ini file /etc/php5/apache2/php.ini i have added this line here "extension=xdebug.so" and restarted apache2
<xperia> but php -m dont show me that the extension was loaded till yet.
<xperia> can somebody help me with this ?
<zul> yeah it was a freudian slip
<soren> xperia: /etc/php5/apache2/php.ini is the config file for mod_php5.
<soren> xperia: If you run php from the command line, you're not using mod_php5.
<soren> xperia: If you want xdebug to work from the command line, you should also tweak /etc/php5/cli/php.ini
<xperia> hmmm i am using a normal ubuntu server setup. in this case i have then also to change /etc/php5/cli/php.ini
<xperia> okay thanks
<xperia> soren: woow it has worked ! thanks
<soren> xperia: sure
<Aison> i'm searching a web filebrowser for my fileserver, possibly with ldap authentication
<Aison> can somebody explain how to add a new schema to ldap?!? with this new cn=config crap of 9.10 I don't get it :(
<sommer_> Aison: here's a guide: http://doc.ubuntu.com/ubuntu/serverguide/C/openldap-server.html
<Aison> hmm, thx, I always used this docu: https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html
<Aison> there it's guite strange
<sommer> Aison: ya, that section didn't get updated for some changes in the slapd package for 9.10.  If you have any issues with the doc.ubuntu.com guide (which is the "beta" version) let me know
<Aison> nice, with your docu it's better to understand :D
<tdn> smartmontools tells me that my disk has 10 in  reallocated_sector_ct. Is this bad? And how serious is it?
<uvirtbot> New bug: #492322 in whois (main) "Recently-allocated IP addresses not known by whois" [Undecided,New] https://launchpad.net/bugs/492322
<Aison> weeee, radius with ldap is working (proud) lol
<jdstrand> ttx: hey, would you mind looking at my comments in bug #274350?
<uvirtbot> Launchpad bug 274350 in likewise-open "apparmor HOMEDIRS not adjusted for likewise" [High,Confirmed] https://launchpad.net/bugs/274350
<jdstrand> ttx: I'd like to get likewise and apparmor playing well together for lucid
<ttx> jdstrand: that's a worthy goal :)
<jdstrand> ttx: I'm confident it can be done, we just need to think about it a bit
<ttx> jdstrand: I think forcing to use /home/likewise-open/NAME_OF_AD_DOMAIN/username as home directory is a little... heavy
<ttx> jdstrand: also there is the upgrade scenario that may get complex
<jdstrand> ttx: this is only for new installs
<jdstrand> ttx: upgrades have presumably fixed the profile
<jdstrand> people doing upgrades have presumably fixed the profile
<ttx> jdstrand: could a file with accepted domain names be dropped somewhere and the tunable use it ?
<jdstrand> ttx: I see administrative benefits to putting them in /home/likewise-open as well-- it is much easier to do local backups, etc
<jdstrand> ttx: yes
<jdstrand> ttx: we need to update the tools, but it can be done
<ttx> jdstrand: because I /think/ the domain name is a known quantity once we join the domain
<jdstrand> though I guess if %D doesn't really change, there aren't many admin benefits
<ttx> jdstrand: I'd suggest discussing the issue with Jerry Carter, he knows the likewise side of the story better than I do
<jdstrand> ttx: when installing likewise, are you prompted to configure %D?
<ttx> jdstrand: and will get very creative to avoid creating homedirs in a subdirectory :)
<ttx> jdstrand: no, but you actively join the domain
<ttx> so the domainjoin tool could drop/modify the tunable
<ttx> though there is this domain trust thing... joining one domain for auth might give you several "users" domain
<ttx> ... and we are almost reaching the limits of my AD knowledge
<ttx> jdstrand: I'll send an email to Jerry introducing the issue and yourself to him
 * jdstrand wonders if apparmor would need to be reloaded in that scenario...
<jdstrand> jjohansen: if I change /etc/apparmor.d/tunables/home, do I have to regenerate all the cached profiles?
<ttx> I don 't want us to design a solution that would end up breaking likewise-open usage, just because we ignore a lot about likewise-open ;)
<jdstrand> ttx: sure
<jjohansen> jdstrand: yes
<jdstrand> ttx: we carry our own lwiauthd.conf, and 'template homedir' is configurable, so it seemed like an easy change
<jjohansen> jdstrand: currently the parser only check the stamp on the profile file, and not any of its dependencies (includes)
<jdstrand> jjohansen: ok
<jjohansen> something we intend to fix
<jdstrand> ttx: what is Jerry's nick again? is it coffeedude?
<ttx> yes
<jdstrand> (seems like it may be...)
<ttx> coffeedude: around ?
<jdstrand> coffeedude: hi! when you get a chance, can you look at bug #274350?
<uvirtbot> Launchpad bug 274350 in likewise-open "apparmor HOMEDIRS not adjusted for likewise" [High,Confirmed] https://launchpad.net/bugs/274350
<ttx> jdstrand: I follow-up to him with an email
<ttx> just in case he misses the notice
<jdstrand> jjohansen: if you want to peek at that bug too, I surely wouldn't mind ;)
<jdstrand> ttx: can you privmsg me his email?
<coffeedude> ttx, hey
<ttx> You'll have his email in 2 minutes, whe you receive the cc :)
<ttx> arh
 * ttx drops his email draft
<ttx> coffeedude: Just a quick reminder, we are expecting the bugs being filed (with appropriate fixes) to kerberos and openldap by December 7 :)
<coffeedude> Is this the apparmor home directory things?
<ttx> coffeedude: yes
<coffeedude> ttx, I know.
<jdstrand> coffeedude: yeah
<ttx> coffeedude: Most solutions involve confining homedirs created by likewise-open in a specific directory, which might not look very good from a user perspective.
<ttx> but more subtle solutions might break likewise-open or require some actions from domainjoin
<coffeedude> let me loot at the whole thing.  brb.
<jdstrand> coffeedude: if you read my latest comment in the bug, the current situation and problem should be clear
<coffeedude> Hey jdstrand.  Yeah.  It's pretty clear.  I don't think most user's would really care where the home directory goes initially.  And if they did (e.g. nfs mounts), then they probably manage that themselves anyways.
<coffeedude> jdstrand, ttx, that said....upgrades would be a pain.
<jdstrand> coffeedude: well, I wasn't really thinking we would do anything on upgrades
<coffeedude> jdstrand, or would be leave the home directory template left as is on an upgrade?
<jdstrand> coffeedude: we'd punt, assuming they already adjusted tunables before now
<jdstrand> coffeedude: exactly
<coffeedude> jdstrand, I'm kind of a noob wrt to apparmor.  When you modify a profile, does it require an apparmor reload or reboot or reparse or something?
<jdstrand> coffeedude: yes
<jdstrand> coffeedude: it is just one command though
<coffeedude> jdstrand, Modifying the @HOMEDIRS in apparmor during domain join is not really a viable option either since new domain trusts maybe added after the join....template homedir = /home/likewise-open/%D/%U seems best.
<jdstrand> coffeedude: I might say that this bug is as old as likewise is in Ubuntu, so likewise users in the past have had to do something to tunables anyway. it is new installs I'd like to get fixed
<ttx> coffeedude: yes, that was my fear
<jdstrand> coffeedude: that is excellent news, and the most easy to implement :)
<coffeedude> jdstrand, ttx, I'll go ahead and add that change the likewise-open 5.4 packaging....
<jdstrand> so, just need to (not) handle upgrades gracefully
<coffeedude> jdstrand, I'll need to talk to ssalley (on my side).  We'll figure out something.
<jdstrand> coffeedude: cool. if this is Ubuntu specific packaging, do you mind adding the suggested comment above template homedir, so people can more easily avoid pain?
<coffeedude> ttx, Planning on having the openldap/krb5 status and changes to you on Monday.  Tuesday morning GMT-5 at latest.
<ttx> coffeedude: sounds good !
<MenZa> My 'coffee' highlight is getting abused :(
<coffeedude> jdstrand, Q - Is this a change going into 8.04 or just moving forward with Lucid?
<jdstrand> coffeedude: I'll adjust apparmor tunables accordingly
<jdstrand> coffeedude: just Lucid
<coffeedude> jdstrand, k.  We've agreed on /home/likewise-open/* then
<coffeedude> MenZa, Sorry :)  Had this nick for years.
<jdstrand> coffeedude: hardy users only got hit by this when the trid to use cups-pdf afaics
<MenZa> coffeedude: Not a problem.
 * MenZa sends a large mug of coffee in coffeedude's direction.
 * coffeedude makes a sound like "ahhh....."
<jdstrand> coffeedude: there are more profiles in lucid, notably evince, so it'd be painful to not fix
<coffeedude> jdstrand, ACK.  I'll update the bug report with the decision
<jdstrand> coffeedude: thanks!
<jdstrand> ttx: thanks for your help too :)
<ttx> jdstrand: np
<karname> Hi , I executed rm * -rf to delete content of directory , but ubuntu server 9.10 start to delete anything , but I denied it in first second , but some folder like /sbin deleted , can me restore my server or I should to reinstall it ?
<karname> I have access to ssh now
<Pici> karname: You're probably better off reinstalling at this point.
<karname> but I should to pay reinstall cost
<karname> and time
<karname> isn't anyway
<ahasenack> one could probably cook up a script to compare the existing files with the installed packages, and then list which packages need to be reinstalled
<ahasenack> rpm -V <package> shows missing files, dpkg probably has something similar
<karname> how ? is there any script like it ?
<karname> bash: /usr/bin/python: No such file or directory
<ahasenack> it depends on how much time you are actually saving by doing this instead of reinstalling from scratch
<smoser> erichammond, ping
<Pici> It'll be much faster to reinstall the system imo.
<ahasenack> and if data files were also deleted (for example, a database) instead of just programs
<karname> sbin folder deleted
<karname> bin also
<karname> thanks , I think I must to reinstall it , bye
<ivoks> has anyone tried setting up cups with multiple quotas?
<ivoks> like, one quota per job and another for number of pages per seconds
<ivoks> or just two quotas for job-quota-period
<ScottK> ivoks: Did you get my request to comment on the mail filtering spec?
<ivoks> ScottK: probably, but i had 0 time for ubuntu development last couple of days
<ivoks> i'll have two hours now :D
<ScottK> OK.  Please review as we're at/past the deadline for approval (I didn't have a lot of time for spec writing recently)
<ivoks> :/
<smoser> ttx, https://bugs.launchpad.net/eucalyptus/+bug/461301 . euca2ools is marked fix-released, but i dont see it anywhere
<uvirtbot> Launchpad bug 461301 in eucalyptus "euca-run-instances unnecessarily encodes user data (dup-of: 461156)" [Undecided,Fix committed]
<uvirtbot> Launchpad bug 461156 in eucalyptus "User data is not parsed correctly by Eucalyptus in some cases" [High,Fix committed]
<smoser> hmm... maybe just not filtered through yet.
<smoser> shoot. no, euca2ools 1.0+bzr20091007-0ubuntu2 is currently not in -proposed or in -updates for karmic.
<mathiaz> ttx: hi!
<mathiaz> ttx: anything else to add on uec-testing on -seeds before I leave?
<mathiaz> ttx: I'll send the seeds proposal later today to -server@ to get the discussion started
<ttx> just a sec
<ttx> smoser: it's fix-released in Lucid
<ttx> fix-committed in karmic
<ttx> still waiting for a gentle AA to approve it to -proposed
<ttx> https://edge.launchpad.net/ubuntu/karmic/+queue?queue_state=1&queue_text=
<ttx> smoser: btw it should show up as one of your uploads, sponsored by me
<ttx> mathiaz: nothing from me
<smoser> ok. i dont know how to see such things, (link?)
<smoser> so, johnwillis is trying to set up eucalyptus right now, and needs this fix
<smoser> setup/demo
<smoser> how should i indicate that he get it?
<ttx> hm
<smoser> i thought that pitti's comment was that it is in proposed
<ttx> eucalyptus in proposed, and your PPA
<ttx> (for euca2ools)
<smoser> ok. so need eucalyptus 1.6~bzr931-0ubuntu7.4 from proposed
<smoser> and euca2ools from my ppa.
<ttx> yes, until euca2ools gets accepted in -proposed.
<smoser> thanks ttx.
<mdz> kane_, ttx, I filed bug 492387 about the (minor, cosmetic) update-motd issue I saw in my test install
<uvirtbot> Launchpad bug 492387 in update-motd "run-parts: /etc/update-motd/00-header exited with status 1" [Undecided,New] https://launchpad.net/bugs/492387
<mdz> I didn't bother about the kernel/installer issue as cjwatson said he had already fixed it
<ttx> mdz: ok
<Pistol-McGee> Can anyone suggest some good vpn server software?
<arj> openvpn?
<Pistol-McGee> openvpn never installed a config
<Pistol-McGee> unless im missing something
<arj> is that the single requirement, "must install config"?
<Pistol-McGee> tbh, imma bit of a noob when it comes to linux/terminal
<arj> I am not aware of a good single click solution, but downloading configs from the openvpn website worked for me
<mdz> smoser, I just tried to fire up a lucid daily AMI, but I can't get in using my ec2 ssh key. is it me?
<smoser> hm... i think i verified 20091203 yesterday, but let me check
<glphvgacs> hi, i need some help with using ping to analise my dig Query Time
<smoser> mdz, i just verified ami-4037d529 (20091203 i386) is functional
<mdz> smoser, I must have blown it somehow, though I'm not sure how
<smoser> can you pastebin console-ouptut ?
<smoser> and remember that '--key' is necissary
<mdz> smoser, http://pastebin.com/f2bf7e959
<mdz> smoser, I copy/pasted from http://uec-images.ubuntu.com/lucid/current/
<mdz> (and yes, I updated my environment variable to EC2_KEYPAIR_US_EAST_1)
<mdz> debug1: Next authentication method: publickey
<mdz> debug1: Trying private key: ./ec2-keypair.pem
<mdz> debug1: read PEM private key done: type RSA
<mdz> debug1: Authentications that can continue: publickey
<mdz> debug1: No more authentication methods to try.
<mdz> Permission denied (publickey).
<smoser> mdz... hmm... i dont know.
<mdz> smoser, somehow my local key file got out of sync with what AWS had
<mdz> maybe pilot error in driving eucalyptus
<mdz> smoser, it might be nice if the EC2 images provided an "installation media" identifier, like systems installed from the CDs have
<mdz> smoser, that way, bug reports would include the build number, not just the AMI
<mdz> smoser, see earlier discussion in #ubuntu-devel re: bug 364649
<uvirtbot> Launchpad bug 364649 in ubiquity "Please include installation media build number in installation logs" [Wishlist,Fix released] https://launchpad.net/bugs/364649
<smoser> mdz, yeah, amis suck.
<smoser> you can get the manifest from the metadata service though
<mdz> smoser, all you have to do is drop the appropriate line of text in /var/log/installer/media-info
<smoser> if we're not collecting that, maybe we should. at least if it is in a bucket that we own
<mdz> smoser, we get the ami-manifest-path but that's just a url or something, right?
<mdz> we don't try to read it
<smoser> i'm confused. dont try to read it. i realize i was confused a bit above, but in the manifest path has something like:ubuntu-images-testing-us/ubuntu-lucid-daily-amd64-server-20091203.manifest.xml
<smoser> which is basically the build version
<smoser> and i thought that apport was getting it. it might be nice to put that in the console output (along with other useful data, like "adding public key with id 'smoser@brickies' to /root/.authorized-keys"
<mdz> smoser, apport is getting that string "ubuntu-images-testing-us/..."
<mdz> or should be, I haven't checked it since it was originally implemented and it seemed to work
<mdz> smoser, I don't think we've sufficiently trained folks to report bugs from the instance using ubuntu-bug
<mdz> blog topic maybe?
<erichammond> mdz: You finally got me doing it after however many years I've been using Ubuntu.
<smoser> yeah, i have a major 'blog' todo. primarily in "start writing one" and "get on ubuntu planet"
<smoser> it acutally suprises me how often people on ec2ubuntu use the ami id
<mdz> smoser, you can refer to http://mdzlog.alcor.net/2009/03/31/please-dont-report-ubuntu-bugs-directly-to-launchpad/ for the general spiel on why ubuntu-bug is a good idea
<smoser> as "i'm running ami-xbaddfsa", which makes me have to check if thats erichammond's fault or mine :)
<erichammond> smoser: likewise :)
<mdz> smoser, perhaps we should have a bot in here which automatically translates?
<erichammond> mdz: +1
<smoser> that would be neat
<mdz> ubottu, can you do that for us?
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<mdz> oh well
<erichammond> mdz, smoser: If you think it would help, I could do a short blog post on alestic.com about reporting bugs on EC2 instances with ubuntu-bug.
<mdz> smoser, http://www.wordpress.com/ and you can be up and running in a few minutes
<mdz> erichammond, that would be great
<mdz> smoser still should have a blog though ;-)
<erichammond> smoser: Thanks for trying to kick me out over on ##aws.  I'm really leaving now.
<ab2283> hi, quick question: is there any known issue with vsftpd and pam_smbpass.o authentication in karmic? my vsftpd segfaults or denies authentication, seemingly at random :/
<RoyK> ab2283: try to compile it and debug it if it happens again :P
<RoyK> you prolly can't gdb / backtrace the one installed
<ab2283> RoyK: i didn't really want to go that far. the configuration is pretty much stock. that's what's bothering me
<ab2283> RoyK: i don't know what i possibly could have done to screw it up
<RoyK> then I'd recompile it with the config from apt-get source
<RoyK> problem is that the one installed is stripped, so you don't have much symbols
<RoyK> meaning it's not possible to make a backtrace
<RoyK> if it crashes on random places, the chance of memory error is prominent
<RoyK> perhaps running memtest86 can find something
<RoyK> but then, that takes a while
<cjwatson> RoyK: https://wiki.ubuntu.com/DebuggingProgramCrash explains how to use ddebs.ubuntu.com to get debugging symbols
<RoyK> cjwatson: k - didn't know that - the guy left anyway
<glphvgacs> hi, i wanna know which ROOT is responding to my queries; any idea what's the best way to use ping or any other tool for that? thnx
<arj> what kind of queries?
<unit3> can you clarify that?
<unit3> yeah.
<arj> mysql ones?
<arj> dns ones?
<glphvgacs> dns
<arj> and what does ping have to do with it? :)
<arj> dig +trace
<glphvgacs> cool
<arj> tcpdump
<uvirtbot> New bug: #492599 in apache2 (main) "package apache2 2.2.14-2ubuntu1 failed to install/upgrade: error writing to '<standard output>': Input/output error" [Undecided,New] https://launchpad.net/bugs/492599
<ahasenack> is there a ubuntu-* package for the server installation?
<ahasenack> like we have ubuntu-desktop for the desktop one?
<ahasenack> maybe a combination of ubuntu-* packages?
<unit3> ahasenack: not really, it's mostly just a base install + linux-server.
<unit3> then it's up to you to install what you want. ;)
<ahasenack> unit3: ok, thanks
<unit3> ubuntu-minimal + linux-server, maybe?
<ahasenack> or ubuntu-standard
<unit3> yeah, or that.
<unit3> ubuntu-standard may be more accurate.
<cjwatson> it's a little more than that. There's a seed for it, and you can see the expanded results at http://people.ubuntu.com/~ubuntu-archive/germinate-output/ubuntu.karmic/
<cjwatson> (I do mean "a little" literally, it's quite a small number of extra packages on top of ubuntu-standard by default)
<cjwatson> http://people.canonical.com/~ubuntu-archive/germinate-output/ubuntu.karmic/server
<unit3> oh, neat, handy.
<j03lar50n> in 9.10, i am trying to setup a DHCP server behind a Charter Business ISP (static ip) - i will be serving Windows clients . Questions: 1)must i include Subnet Mask and Gateway, specific to the static ip, under the Fixed IP section in /etc/dhcp3/dhcpd.conf? 2)dhcp3-server says i "need to specify a WINS server for your Windows clients..", is this just including 'option netbios-name-servers xxx.xxx.x.x;'? what ip should i
<unit3> ok, a, you don't need a wins server. it's hardly necessary on most networks.
<unit3> b), you want to have a separate, reserved subnet for your computers, nothing to do with the charter IP.
<j03lar50n> great
<unit3> and you'll want it on a separate interface, firewalled using nat to the interface with the charter IP. otherwise, your DHCP server will interfere with other charter users, and get you in trouble. ;)
<aubre> pick a nice 192.168.x.x subnet
<unit3> yeah, or 10.x.x.x.
<unit3> reminds me, one of these days I need to play with ipv6 at home. get a good handle on that IRL, rather than just reading about it.
<j03lar50n> right now i'm just using my linksys router to as DHCP - so looking through the config/setup there and pasting into dhcpd.conf most pieces thx all :)
<mneptok> j03lar50n: what model Linksys?
<j03lar50n> wrt54g
<mneptok> j03lar50n: not WRT54GL or WRT54GS?
<j03lar50n> nope mneptok straight WRT54G
<mneptok> j03lar50n: which revision?
<j03lar50n> v5 mneptok
<mneptok> j03lar50n: pity. alternative firmwares only support v1-4.
<mneptok> j03lar50n: Tomato or OpenWRT on the Linksys will give you a lot more functionality. but they do not work with the revision you have.
<j03lar50n> dang it mneptok - too bad for us. would you know if moving the DHCP to a 'real' server box running 9.10 & acting as our DHCP server would improve performance versus that of the router serving it?
<mneptok> j03lar50n: no way to tell. that is depenedent on so many variables that any answer without knowing your network topography well will be meaningless.
<j03lar50n> gotcha
<mneptok> j03lar50n: but it may well improve things. the v5 WRT54G has reduced flash and RAM than prior revisions. memory overhead is severely constrained.
<unit3> yep.
<unit3> it's not a great router.
<smoser> erichammond, getting closer... now i can upload images, just not kernels
<cjwatson> kirkland: if the eucalyptus CLC and CC are on separate machines, do they each need their own SSH key?
<cjwatson> kirkland: (I'm nearly done with foundations-lucid-uec-installer-enhancement; this is one of the last pieces)
<cjwatson> kirkland: oh, also, is a standalone eucalyptus-cloud installation meant to run an httpd? if not, we'll have to figure out how to expose the preseed file through axis somehow, I think; I would welcome help on that
<cjwatson> kirkland: lp:~cjwatson/eucalyptus/cloud-preseed
<cjwatson> a standalone eucalyptus-cloud installation does not appear to run a separate httpd right now, but I don't know whether this is expected/intentional
<uvirtbot> New bug: #492639 in postfix (main) "newaliases fails on a system with no IPv4 address configured" [Undecided,New] https://launchpad.net/bugs/492639
<donspaulding> anyone have any tips on how to do some post-mortem analysis on a remote server that has to be restarted every day?  When it hangs, ping still responds, but ssh connections fail.
<richierich> hello
<jeiworth> donspaulding: i would check where sshd logs to and analyze that file
<richierich> hey guys is there a way to stop samba and NTP from printing in tty1 login on my ubuntu server?
<adac> i installed gnoe on my server but now the gdm greeter appears all the time. how can I set that the server starts in textmode again?
<adac> *gnome
<jeiworth> adac: quick and dirty, you could simply chmod -x  /etc/init.d/gdm
<jeiworth> but iirc there is a file where you can configure autostart behaviour, i did that for openvpn but i have absolutely no idea where that was...hmmm
<richierich> adac: couldnt you just alt+ctrl+backspace and kill X and then start it up when you need it again?
<adac> richierich, could do that, but i would prefer that it starts in textmode in the first place
<jeiworth> adac: ah, i think it was in /etc/default/openvpn maybe you have a file called gdm there?
<richierich> i think gdm would try and restart it automatically anyways you might have to do something like sudo /etc/init.d/gdm stop to make sure that doesnt happen
<adac> jeiworth, I meant on the physical server machine starts up gdm/gnome login window
<richierich> adac: try this http://www.cyberciti.biz/faq/prevent-xorg-from-starting-in-linux/
<jeiworth> adac: yeah, so?
<adac> jeiworth, what has that to do with openvpn?
<adac> richierich, I'll ty that out!
<jeiworth> adac: if you would actually read what i wrote i was using openvpn merely as an example
<jeiworth> chmod -x will do the trick for any service located in /etc/init.d
<adac> jeiworth, ohh I see!! sorry I missed the last part!
<richierich> adac
<richierich> adac: this looks a easier http://hack2live.blogspot.com/2008/05/stop-gdm-from-loading-on-boot.html
<jeiworth> adac: np
<ruben23> how do i install..jdk-1_5_0_11 on package...in ubuntu server..?
<j03lar50n> unit3 you said "you want to have a separate, reserved subnet for your computers, nothing to do with the charter IP...and you'll want it on a separate interface, firewalled using nat to the interface with the charter IP..." - - the bit about separate interface, does this mean i should have eth0 direct to the (Charter) modem and eth1 serving DHCP to my switch(es)?
<jfb_h2o> folks, my system hangs with tab completion and a simple 'ls' . It seems to be related to autofs, but not in remote mounted directories?
<jfb_h2o> None of my path variables are on mount points either. Any thoughts?
<jmarsden> jfb_h2o: Does the issue go away if you do  OLDPATH=$PATH ; PATH=/bin     and then try to tab-complete ?
<jmarsden> In other words, see if you can simplify the test case.
<cjwatson> also try without /etc/bash_completion.
<cjwatson> (comment it out in .bashrc)
<cjwatson> (and maybe /etc/bash.bashrc too)
<ruben23> how do i install..jdk-1_5_0_11 on package...in ubuntu server..?
<unit3> are you running some really old ubuntu server release that you'd want an old jdk?
<unit3> as opposed to just installing the current sun-java6-jdk package?
<cjwatson> or better openjdk. however, there's a sun-java5-jdk package in releases up to 9.04, in case you need specifically that for some reason
<unit3> true.
<cjwatson> (sun-java6 is planned to move to the partner archive for lucid, in the cause of trying to further encourage the use of openjdk when possible)
<unit3> oh, cool. didn't know that.
<cjwatson> https://blueprints.launchpad.net/ubuntu/+spec/foundations-lucid-dropping-sun-java6
<unit3> makes sense though, since openjdk works fine these days.
<cjwatson> apparently not for everything, but yes it's generally a good replacement
<cjwatson> gah
<cjwatson> kirkland: could you please commit when you make a release of eucalyptus, so that I'm not blindly carrying on with the existing changelog entry? :-/
 * cjwatson goes to tidy up
<mabus> how do I manage what services are started at boot in 8.10
<unit3> update-rc.d ?
<unit3> or did you want something more involved than that?
<mabus> not sure, I'll read the man first. thanks
<mabus> oh, yeah, I didn't want to remove the init script, or chmod -x it. is that the only way?
<unit3> umm, it doesn't remove init scripts, it just adds and removes links to them in the /etc/rcX.d directories.
<unit3> which is fairly safe.
<unit3> the init scripts stay in /etc/init.d/, regardless of where you symlink them to.
<TDJACR> What would be the best way to load balence three web servers running Apache?
<unit3> depends on the content on them, what kinds of edge cases are acceptable.
<unit3> if it's just static content, then you can stick keepalived in front of them and be done with it.
<unit3> otherwise, you'll have to take a look at your data flow, see how to replicated it between servers, etc.
<TDJACR> It's dynamic through Django and other Pythonic frameworks
<unit3> ok, and is all data stored in MySQL? because you could use MySQL multimaster replication then, and still stick keepalived in front.
<TDJACR> Yes, it is. I want to balence both the loads to apache (over 3) and MySQL over two
<unit3> why just over two? why not over all 3, so you have better failover coverage?
<TDJACR> I suppose so.
<unit3> in any case, the only problem you're going to have is keeping data files uploaded by users synced. if you had a SAN you could put the web files on a distributed filesystem like OCFS2, and that'd cover it.
<unit3> or, if you had only 2 systems you could use DRBD for that as well.
<unit3> if users never upload files outside of the database, then you're ok too. just make sure that the web files don't get out of sync manually.
<unit3> regardless, keepalived on a firewall in front of them will handle the load distribution, and works quite well.
<TDJACR> Well, I expect more database than actual files, but, how does a group such as wikimedia manage their photos across many servers?
<TDJACR> Also, does Keepalived need to be in front of the switch, or can it be a node that's purpose is contacting the others
<TDJACR> On the same network, in the same position
#ubuntu-server 2009-12-05
<unit3> TDJACR: generally speaking keepalived is on a firewall isolating the servers from a different network segment. you could potentially do it on the same segment, but then you'd introduce clients possibly end running around keepalived and avoiding getting load balanced.
<chmac> Any idea how to delete a file that generates "rm: cannot remove `14.': Input/output error" ?
<janae_> I'm trying to get exim4 set up to authenticate smtp but it doesn't work. Any ideas of what I need to do differently?
<janae_> i've followed this documentation https://help.ubuntu.com/community/Exim4 but can't get it to work
<jmarsden> chmac: What is the '14.' that you are trying to delete -- a normal file, a directory, or a device file?  And you did try     sudo rm 14.     # already, I take it?
<chmac> janae_: I suggest you post a specific error or issue. "I can't get it to work" doesn't allow anyone to help you...
<chmac> jmarsden: Same error for sudo rm. It's a regular file.
<janae_> chmac, I'm not getting any error messages I can't get the exim to ask for authentication when trying to send an email through it.
<jmarsden> chmac: Sounds like the filesystem concerned is in trouble, or the hardware it is on (your disk drive)... I'd (a) back up that filesystem somewhere safe and then (b) umount that filesystem and then run e2fsck over it and see if it finds errors.
<chmac> janae_: I'm not really familiar with exim, so can't really help. But you'll get a better response with a specific description of your issue. Your last comment is already streets ahead of your last one...
<chmac> :-)
<jmarsden> janae_: Have you tried asking in #exim ?  Sounds like SMTP auth is not actually fully enabled in your configuration yet.
<iarp> is the user 'backup' system required? i can't remember if i created it months ago and i'm having to clean up users
<janae_> jmarsden, I'll check there thanks
<jtaji> iarp: backup user is created by the install
<iarp> jtaji: ty
<jmarsden> iarp: A user backup exists here too, with home dir of /var/backups -- so that was a system created user, or created by a backup application that was installed.
<iarp> i have a folder within /home/ for backup but theres nothing inside it, think it'll be fine to delete
<jmarsden> Probably.  Who owns it?
<iarp> myself actully lol
<jmarsden> Then yes, it is safe to delete.
<iarp> thx mate
<jmarsden> No problem.
<kshah> I added a user to the group, and id reveals that they are in fact a member, however when a script is run by that user, they don't appear to have permissions, i have that script outputing the results of their call to `id` and confirmed they aren't a member
<kshah> am I suppose to reinit the user some how?
<clusty1> hey
<clusty1> a bit of a retarded question: what is the regex that matches files of this pattern:
<clusty1> R<2 numbers>_2<anything>.csv
<clusty1> basically [0-9] twice
<uvirtbot> New bug: #296841 in vm-builder "root account has ! as default password" [Critical,Fix released] https://launchpad.net/bugs/296841
<chmac> Any idea how to delete a file that generates "sudo rm: cannot remove `14.': Input/output error" ? Regular file...
<jmarsden> chmac: Did you fsck that filesystem yet?  Anything show up?
<chmac> jmarsden: I ran an fsck a while back, I could try it again, good advice
<jmarsden> chmac: You could also check /var/log/messages for messages regarding disk i/o problems.
<chmac> jmarsden: Nothing pops up in /var/log/messages when I try rm again
<jmarsden> chmac: What does     ls -l 14.      output?
<chmac> jmarsden: "ls: cannot access StraightPress.off/14.: Input/output error"
<jmarsden> chmac: Hmmm.  So it can't even read the directory entry for the file.
<chmac> jmarsden: Yeah
<jmarsden> chmac: You could try mkdir /tmp/safeplace && mv StraightPress.off/* /tmp/safeplace    and if that moves everything except 14., you can then try rm -rf StraightPress.off and then mkdir it and move the files back... :)  But this really does look like there is something wrong with the filesyste/directory concerned.
<jmarsden> Of course, if you have a few TB of files in that directory this may not be a smart thing to try :)
<chmac> jmarsden: Yeah, the folder was StraightPress, the .off is because I moved all the other files out :-)
<chmac> jmarsden: rm -rf StraightPress.off/ gives me the same error, it tries to rm the files recursively
<jmarsden> OK.  So... fsck seems called for.  Boot from a livecd if you need to
<chmac> jmarsden: I figure the alternative kernel will probably do the trick, I'll try it, I had fsck issues once before, I think that's when it started
<jmarsden> If the directory is on a partition that is not your / partition, then yes, booting into recovery mode will do it.
<chmac> jmarsden: Oh yeah, it's on my /home partition, I could probably unmount that if I logged in as root
<jmarsden> Go for it :)
<chmac> Nice, that'll be ever so slightly simpler
<chmac> jmarsden: Thanks for all your help
<jmarsden> No problem.
<erichammond> "smoser: erichammond, getting closer... now i can upload images, just not kernels" <- Welcome to my world :-\
<Y_Guy> i can't for the life of me get apache to work
<jmarsden> Y_Guy: You'll need to be considerably more specific if you want anyone to help you with that :)
<Y_Guy> ok
<Y_Guy> i unzip the package, and try to use make command
<Y_Guy> and make install won't work - it says nothing needs to be done for install
<Y_Guy> but nothing is done, thats the thing
<jmarsden> Wait... on Ubuntu server you unzip something???  sudo apt-get install apache2   #  will install apache2
<Y_Guy> using apt-get also leaves me with nothing, have already unistalled and reinstalled
<jmarsden> What are you unzipping and where did you get it from?
<Y_Guy> tried already, so i resorted to trying the unzipping the download thing
<Y_Guy> http://webdesign.about.com/cs/apache/a/aainstallapache.htm
<Y_Guy> followign this
<jmarsden> Let's go back to the packaged approach :)
<Y_Guy> ok sure
<jmarsden> What exactly happens if you do     sudo apt-get install apache2
<Y_Guy> it says its installed - newest version etc
<Y_Guy> but when i look under root/etc there's no apache2 folder
<jmarsden> Look for /etc/apache2/  not root/whatever
<jmarsden> Who or what told you to look under root/ ?
<Y_Guy> there is no apache2 :s
<Y_Guy> no one did, i know i'm in the etc directory
<Y_Guy> i'm just getting my terms wrong, its been a while :P
<jmarsden> OK, what does    ls -ld /etc/apache2      output?
<jmarsden> Y_Guy: You can just cut and paste the command from your IRC session into your command shell window...
<Y_Guy> ls: cannot access /etc/apache2: No such file or directory
<jmarsden> Hmmm.  What does   dpkg -l apache2     say (just the last line)?
<Y_Guy> ii  apache2                           2.2.11-2ubuntu2.5                 Apache HTTP Server metapackage
<jmarsden> Looks sane... what's missing?    Try   dpkg -l apache2.2-common   and tell me the last line again?
<Y_Guy> ii  apache2.2-common                  2.2.11-2ubuntu2.5                 Apache HTTP Server common files
<Y_Guy> what if i had deleted the apache folder? i was attempting to instal using the zipped thing and i removed it a few times
<Y_Guy> its definitely possible i deleted the apache folder by accident
<jmarsden> Sigh.  OK.    sudo apt-get purge apache2.2-common
<jmarsden> And then we will reinstall and see if that helps.
<Y_Guy> done
<Y_Guy> so normal reinstall now?
<jmarsden> Yes, sudo apt-get install apache2
<Y_Guy> done
<jmarsden> Now does ld -ld /etc/apache2   show you a directory?
<Y_Guy> yes, the dir is there
<Y_Guy> now, i suppose i should start it just to see if its working
<jmarsden> OK.  When you did the install, did it say it started the apache2 server?
<Y_Guy> its apache2ctl start correct?
<Y_Guy> oops sorry, let me check
<Y_Guy> it did indeed say that
<jmarsden> sudo /etc/init.d/apache2 start     # should work, but it should have done it for you.
<Y_Guy> ok - so how could i test that?
<jmarsden> So browse to http://localhost and see if you get "It works"
<jmarsden> use lynx or w3m or any text mode browser of your choice.
<Y_Guy> going to need a full command there i think
<Y_Guy> if you don't mind :s
<jmarsden> Like....   lynx http://localhost
<jmarsden> Or    w3m http://localhost
<jmarsden> If they are not installed, sudo apt-get install lynx     # or   sudo apt-get install w3m
<Y_Guy> yes, done
<Y_Guy> got the it works!
<jmarsden> OK, so you bnow have a working apache2.
<Y_Guy> thanks a ton :)
<jmarsden> No problem.  Always use packaged software whenever you can, only experts should try installing non-packaged stuff.
<Y_Guy> yeah, i figured it was a bad idea :/
<Y_Guy> quick question again
<Y_Guy> i want to change  documentroot in httpd.conf
<Y_Guy> is that the only thing i need to change to change the dir i host from? what's the difference between docroot and serverroot?
<jmarsden> Server root is where a lot of other things apache uses are, do not change that.  Why do you want to change DocumentRoot?  Might be better to set up a new virtual host for whatever you do what to do, instead.
<Y_Guy> i was under the impression that was what i had to change to serve files from a different directory?
<jmarsden> You are sort of correct but need to understand the way Debian sets up Apache.  For example httpd.conf is empty :)
<Y_Guy> ahh i see - i admit the majority of the experience i've had with apache has been on windows
<Y_Guy> obviously quite different
<Y_Guy> if I do want to change the directory i host from, how would i go about it if httpd.conf is empty?
<jmarsden> First read the Ubuntu Server Guide (which you should have done before you started all this :)  https://help.ubuntu.com/9.10/serverguide/C/httpd.html is probably the relevant bit.
<Y_Guy> i actually did read some of that already
<Y_Guy> i have this habit of diving into things head first, regardless of rocks :P
<jmarsden> OK. So then you know where to make a new virtual host and set its parameters up the way you want them; use the default one as a starting point and change only what you need to change.
<Y_Guy> well, i'm off now, i need sleep
<Y_Guy> thanks again for all your help :)
<jmarsden> No problem.
<sporedi> how do i install windows xp on ubuntu want understand with cloud
<jmarsden> sporedi: You could install virtualbox-ose on Ubuntu and then run Windows XP inside a virtual machine, if you have modern hardware and understand how virtual machines work.
<sporedi> ok
<sporedi> thx
<sporedi> can i send u pm
<jmarsden> Just discuss here, unless it is truly personal :)
<jmarsden> That way others can learn from the discussion.
<sporedi> ok ,this is my 1st ubuntu server installation  i play with some other linux some time back but now i want to configure cloud with ubuntu i have install server now do i need to client on local or i can acess my cloud over vpn
<sporedi_> sorry i was rebooted
<jmarsden> sporedi_: This is your first Ubuntu server installation and you want to set up your own cloud already?  Seems very ambitious.
<jmarsden> See https://help.ubuntu.com/community/UEC
<sporedi_> should i try or learn more ubuntu stuff
<jmarsden> sporedi_: I would say learn more about Ubuntu server and managing a single Ubuntu server first, then learn the cloud stuff later.
<sporedi_> ok
<khelvan> Hello, I am trying to download torrents via rtorrent on my headless ubuntu server. However, nothing can download. I'm a newbie at this - can someone help me understand what I need to check to see if the proper ports are open on my server?
<mabus> khelvan: try visiting http://www.utorrent.com/testport?port=6881 from the IP address you're using, with port being set to whatever you're using
<khelvan> mabus - thanks, but the ip address is a headless server, I don't have access to a browser
<jmarsden> khelvan: Just use a text mode browser.   ssh into it and sudo install w3m    and then use w3m http://whatever...
<mabus> khelvan: well either nmap it, or yeah, what he said
<khelvan> mabus, jmarsden, thanks - my port does not appear to be open. Any suggestions on how to open it? I have it open at the router.
<khelvan> And properly port forwarded.
<mabus> nmap localhost from the ubuntu box
<jmarsden> khelvan: Is something on the server listening on that port (your torrent software or whatever)?  If not then a test will most likely not show it as open.
<khelvan> jmarsden - No, I didn't...I started rtorrent and now the test worked. I still have a problem though, my rtorrent download won't begin (I'm trying to troubleshoot it).
<khelvan> The tracker keeps timing out.
<jmarsden> I'm not a torrent expert at all; networking in general I can troubleshoot, but we've already done that and you now have the port open.  Puls it is midnight here and I should go to bed soon :)
<mabus> khelvan: what's the tracker?
<mabus> im oot
<khelvan> jmarsden - thanks
<khelvan> mabus - Not sure, like I said I'm a newbie at this. I got it from piratebay :)
<khelvan> mabus - aha: http://eztv.tracker.thepiratebay.org/announce
<noobuntu> good morning, anyone has the time to give me some tips about best approach how to partition a multi-host LAMP for development purposes?
<arj> aone big partition?
<noobuntu> arj: shouldn't I separate at least /home ?
<crohakon> ä¸­æ¹å°çµ±æ²»ä¸ç
<Belloto> Hello. Is there any package which lets me easily get summaries of apache server logs? (I mean, counting total numbers of visits grouped by visitor IPs, pages ... things like that)
<Belloto> I mean a package for doing it from command line
<mabus> awstats?
<Belloto> thank you awstats, something like that but focused to produce summaries in linux command line ... as I read in awstats page, this is more a web interface
<Belloto> I meant thank you mabus  ;)
<bmb> Anyone wanna help ME?
<bmb> me*
<arj> just ask
<arj> noobuntu, for simple servers I usually don't bother
<noobuntu> arj: i would like at least to separate my project files from the system
<noobuntu> arj: my projects are websites
<noobuntu> arj: mail server will be also there, since I need it for testing mailing functions integrated into CMS (mostly drupal)
<uvirtbot> New bug: #492790 in mysql-dfsg-5.0 (universe) "package mysql-server-5.0 (not installed) failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/492790
<Aison> hello, apache error log reports this error: PHP Startup: Unable to load dynamic library '/usr/lib/php5/20060613/ldap.so
<broreg> I'm having a problem with my belkin wireless usb adapter on karmic ubuntu server, the connection keeps constantly dropping, when it's up there seems to be a lot of latency between internal desktops and the server over ssh
<broreg> the id for the card is  ID 050d:705a Belkin Components F5D7050A Wireless Adapter
<broreg> This is how my /etc/network/interfaces looks http://paste.ubuntu.com/335169/
<embrik> I need a command to send a message to all users logged on my system. I've tried wall, but I couldn't get it to work. Is there a command to send a message to the users like pop-up on their desktop?
<alex88> Aison: is it there?
<alex88> embrik: write user [ttyname] ?
<Aison> alex88, now it is. I had to reinstall php5 ldap
<alex88> Aison: maybe it has been corrupted
<alex88> the important is that it's working now..
<alex88> broreg: have you tried that usb adapter on other pc?
<alex88> btw can someone help me upgrading my vps?
<alex88> using normal upgrade from 9.04 to 9.10 just make it non-booting
<broreg> alex88: on the same pc different OS it's fine, same adapter on another pc different os is fine too
<alex88> mmhh..have you tried to make it connecting with wpa_supplicant?
<noobuntu> i'm getting a problem during karmic install - Installing the base system - Configuring console-setup... on 65% and stays there forever
<smoser> embrik, 'echo hello | wall'
<Skaag> is upgrading as simple as changing hardy to jaunty in sources.list and doing a dist-upgrade?
<arj> don't froget to apt-get update first
<jtaji> Skaag: I think you're supposed to use do-release-upgrade
<Skaag> do-release-upgrade finds no candidates
<Skaag> arj: of course, update, then dist-upgrade
<Skaag> weird thing is that do-release upgrade does this: Checking for a new ubuntu release
<Skaag> No new release found
<jtaji> Skaag: there's something you have to change, right now it's keeping you to LTS
<Skaag> I see
<jtaji> forget where
<Skaag> the latest LTS is still 8.04 I guess?
<jtaji> yes
<torkel_> i'm trying to setup a vpn tunnel forcing my local subnet to access the internet via the vpn connection (using openvpn tunnel). I can successfully ping internet ip adresses, but anything else does not work. My iptables are not filtering anything as far as I can see :/ Anybody got any suggestion?
<Liberty> what is the command to update my karmic server to get the latest security and stuff
<alex88> apt-get update->apt-get upgrade
<alex88> torkel_: have you set ip-masquerade and enabled ip_forward?
<Liberty> thanks..
<alex88> can someone help me??? how can i check how my vps boots? cause there are no files in /boot... it's a xen vps
<Liberty> update gets the files and upgrade installs .. correct?
<alex88> Liberty: update gets the packages versions, upgrade downloads and installs packets
<torkel_> alex88: on the server on this subnet i'm using  iptables -t nat -A PREROUTING -s $PRIVATE -j DNAT --to-destination remote-end-of-vpn-ptp
<torkel_> alex88: ip_forward is set to 1 on both servers
<alex88> mmmhh..are you using openvpn?
<Liberty> torkel_ thank you very much..
<torkel_> alex88: and on the remote openvpn point i use iptables -t nat -A POSTROUTING ... -o eth0 -j MASQUERADE
<alex88> so you use 2 servers? mmmhh
<torkel_> alex88: ping passes fine, anything else is dropped at the final openvpn destination
<torkel_> alex88: mysubnet->mygateway->openvpn over internet->anotherserver->internet
<alex88> like: yourpc->home router->internet->openvpn server->internet?
<alex88> or yourpc->openvpn server->internet->openvpn server->internet?
<torkel_> the last one
<Liberty> alex88 thanks so kindly
<alex88> Liberty: glad to help
<alex88> torkel_: mmhh..it's strange... have you any firewalls on the servers? have you added the secure interfaces to the whitelist?
<torkel_> or actually mypc -> home router -> homeserver -> vpn -> internet -> vpn -> remoteserver -> internet =)
<torkel_> no firewalls, only masquerading/forwarding
<incorrect> which is the best kernel to use for kvm?
<incorrect> server or generic
<torkel_> alex88: and all traffic reaches remoteserver (tcpdump -i tun0 (vpn interface) shows that), only icmp echo passes
<alex88> dunno man..i'm using openvpn only in one server... i've just installed apf, and set tap as trusted interface
<alex88> set the masquerading and it's enough..
<alex88> have you tried with tap and not tun?
<torkel_> no, but i guess i'll have to try that.
<torkel_> i'll try some more before giving up :)
<alex88> i don't know so advanced ip-tables config..sorry
<alex88> incorrect: dunno, i think server.. maybe it's improved for background processers
<alex88> incorrect: dunno, i think server.. maybe it's improved for background processes
<incorrect> i probably should compile a custom kernel anyway
<incorrect> other than phpldapadmin, can anyone suggest a good desktop ldap admin tool?
<alex88> never used ldap i'mm sorry
<Daviey> alex88: on xen you often don't get to pick the kernel from within the domu/vps
<Doorman352> Anyone recomend a good network analyzer, to spot collisions or retransmits?
<sjr> My new Mac OS X machine, is having VERY poor network preformance with my two ubuntu machines, one Ubuntu Server 9.04. It doesn't matter what protocol it is, SMB, SSHFS, HTTP, it seems to stay around 1 MB/sec. Now the weird thing is, that the UBuntu Server has a Windows Virtual Machine on in it and I can transfer between that just fine
<eagles0513875> !ia32libs
<eagles0513875> !info ia32libs
<ubottu> Package ia32libs does not exist in karmic
<eagles0513875> hey guys what has replaced ia32libs
<Guest82271> hey everyone, Im having a problem with my cloud i keep getting this error "in MANAGED-NOVLAN mode, priv interface 'eth1' must be a bridge, tunneling disabled"
<Guest82271> has anyone else had this problem?
<eagles0513875> Guest64268: i havent tried cloud computing but thats saying something wiht how your network is laid out
<eagles0513875> something about virtual lans
<Guest82271> ye i have to say there isnt much documentation out there, the steps that i followed seemed correct
<eagles0513875> im not much help as this cloud computing is new to ubuntu as of karmic
<Y_Guy> I know this is off-topic but i can only access my server thru my lan, not online - entering the ip address gives me nothing
<Y_Guy> if anybody could help just throw me a pm, thanks :)
<eagles0513875> Y_Guy: do you have openssh-server installed
<eagles0513875> then all you need to access ur server is the ip and an ssh client
<Y_Guy> command to tell? but i'm pretty sure i do
<eagles0513875> apt-cache policy openssh-server
<Guest82271> netstat -punta | grep 22
<Y_Guy> i want to access the site - i already using ssh to access my server remotely
<eagles0513875> what site
<eagles0513875> a website
<Y_Guy> but the site i'm hosting i can only get to by entering the lan address
<Y_Guy> yes
<Guest82271> port forwarding on a router?
<Y_Guy> that may be my problem
<Y_Guy> i have a router - 1 desktop connected, 1 server, and 2 laptops
<Guest82271> have u tried to telnet to port 80 from outside your network?
<Y_Guy> i haven't done anything to it
<Y_Guy> no, i haven't tried
<rj175> try that
<rj175> if u cnt telnet into it then im guessing its your router or iptables or possibly both
<Y_Guy> i can't telnet
<Y_Guy> it definitely could be my router - haven't touched it
<rj175> ye prob is
<Y_Guy> how would i go about fixing it?
<rj175> what kind of router do u have?
<Y_Guy> sec
<Y_Guy> dlink wireless
<rj175> do u have a model ?
<Y_Guy> i will find it, sec
<rj175> np :)
<Y_Guy> DIR 615
<rj175> http://portforward.com/english/routers/port_forwarding/Dlink/DIR-615/Apache.htm
<rj175> that should help you
<Y_Guy> great, thanks a lot :D
<rj175> np :)
<rj175> that sites good for setting up other port forwards, ive started making my servers DMZ and using IP tables
<Davidf88> rj175: hello
<rj175> Davidf88: Hey funny seeing you here :P
<rj175> any cloud experts here?
<zroysch> where is the log that tells me why tcp connections fail on my server for several minutes before coming back up. during this time i can still ping
<Aison> is anybody using mrtg on ubuntu server?
<arj> I used to
<arj> cacti now
<arj> with rrd
<Aison> hmm, maybe I should check that also
<Aison> hard to install?
<torkel_> is it possible to route all traffic coming from a given subnet/interface to an alternative route? It is possible using netfilter with an extension that have  a route target, but i can't say i want to compile netfilter/patchomatic/kernel from source on  this eee :)
<Aison> yes
<Aison> use ip route to create alternativ routing tables
<Aison> and "ip rule" to define filters which packets have to go to the alternative route
<Aison> eg. ip rule add from 192.168.0.0/24 table yourRoutingTable
<Aison> now all packets from 192.168.0.0 are routed to your routing table "yourRoutingTable"
<torkel_> ahh, found a webpage describing it :D thanks, saved me alot of time
<Aison> the name "yourRoutingTable" have to be defined in "/etc/iproute2/rt_tables"
<Aison> this file is a simple name to index list
<Aison> simply take a unused index
<Aison> arj, do you use cacti-spine?
<ruben23> hi i run this command--->dpkg âget-selections | grep sun-java------> got error http://pastebin.com/m4e4513c, anyone have idea..?
<arj> the error is quite clear
<arj> it's --get-selections
<ruben23> arj: what arguments should it be..?
<arj> what i just said
<ruben23> arj: even i remove it still the same error
<arj> remove what?
<jmarsden> ruben23: man dpkg and look at the --get-selections option more carefully.  Much more carefully.  Note that it takes an argument.  Provide one, and it will work.
<arj> it doesnt take an argument
<arj> but he does need to look carefully at the option
<jmarsden> dpkg -get-selections sun-java\*    # sure it does.
<jmarsden> dpkg --get-selections sun-java\*    # sure it does.
<arj> oh yeah
<arj> it doesnt need one, but it does take on
<arj> e
<arj> you're right
<ruben23>  jmarsden:thanks
<jmarsden> ruben23: You're welcome.  Please do read man pages when you have issues like this, they really do help :)
<trimeta> My installation was humming along nicely, until I got to the grub-install step.
<trimeta> I'm getting "Unable to install grub to /dev/sda: Executing 'grub-install /dev/sda' faiiled. This is a fatal error."
<trimeta> How can I figure out what's going on and fix it?
<trimeta> Should I switch over to the virtual terminal and try running grub-install myself?
<trimeta> I can't find "grub-install" in /bin, /usr/bin, /target/bin, or /target/usr/bin, but there is a grub-installer in /usr/bin; should I try that?
<trimeta> Shit, I just realized my problem. Does anyone know how to eliminate a RAID device? Such that I can use those same physical volumes for a new RAID device, ideally one with the same name?
<Maleko> i notice there are lot of console-kit-daemon processes running in my server after upgrading from 8.10
<Maleko> whats up with this
<uvirtbot> New bug: #491148 in apache2 (main) "wollte gallery installieren und bekam fehler" [Undecided,Invalid] https://launchpad.net/bugs/491148
<Aison> arj, this cacti is really cool
<Aison> hehe
<Aison> I added 10 devices ;)  all my switches and servers :D
<Aison> anybody using cacti and ldap?
<Nafallo> AAAAA
<foo> If badblocks -vvv is reporting 95 badblocks, should I replace the drive?
<Nafallo> quagga is broken in both jaunty and karmic. just saying.
<Nafallo> soren: ^--
<foo> Gah, sorry, lost connection. If badblocks -vvv is reporting 95 badblocks, should I replace the drive?
<jmarsden> foo: Probably.  In any case you should make frequent backups of any data on it!
<foo> jmarsden: I do. How can I have smartctl reconfirm my beliefs? I need to be 100% sure. If in doubt, I'll replace it. I've spent 6 hours trying to figure this stuff out
<andol> foo: In case you need to be 100% sure, then you should replace it.
<foo> well, maybe I'm exaggerating, but I just want to understand this stuff
<foo> should I use smartctl to help me?
<foo> I've been reading on that... but it doesn't seem to be in accordance with badblocks
<andol> foo: In short, if those 95 bad blocks have surfaced during a short period of time, then it is bad for real. If they have surfaced gradually during a long time it might only be semi bad.
<jmarsden> sudo smartctl -H /dev/sda   # will tell you smartctl's current assessment of drive health
<neonfreon> they could have been there from the factory
<foo> thanks guys, it's a 40GB drive that's years old
<neonfreon> like andol suggests, whats important is how the number changes
<foo> here is the output from smartctl -a  http://x03.ath.cx/temp/smartsdc.txt
<foo> neonfreon: yeah
<foo> jmarsden: let me try that
<foo> jmarsden: that says overall-health self-assessment test result: passed
<neonfreon> ive had drives fail with no warning from smart
<neonfreon> good luck
<neonfreon> 40gb must be old indeed
<andol> foo: Also, compare the time and cost you are spending on figuring out whatever to replace the drive in comparsion to the time and cost it will take to replace the drive.
<foo> andol: that's important, but I want to do a little learning to make sure I understand this better
<foo> andol: this is for a local home server
<foo> (mine)
<andol> foo: True, learning is always a good investment.
<foo> what's confusing me is I've done smartctl -t long on a drive and it fails with a read error... on the 40GB drive. But I did the same thing on one of my 1TB < 1year old drives... and it says the same thing... which is very strange to me, so I'm not sure that's an accurate measure
<foo> I am trying to reconcile badblocks with what smartctl is telling me
<foo> ... and so far I am unable to :)
<jmarsden> foo: Your smarttctl -a output does seem to show some read failures during selftest... I'd replace the drive, an 80GB drive will only cost you a few dollars.
<andol> foo: Let me guess, badblocks isn't showing you any bad blocks?
<foo> andol: on the 1TB drive?
<foo> jmarsden: ok, so is it safe to assume that by showing that it's time to replace the drive?
<neonfreon> just back it up!
<andol> foo: never mind.
<jmarsden> foo: There is nothing certain in life except death and taxes :)  But badblocks and some read errors in smartctl... sure looks like time to replace the drive to me.
<trimeta> So, I had some issues installing grub; the first time around, I'd stupidly put my /boot partition on a RAID5 device, and the ncurses-based installer choked. I then copied everything in /boot off to /boot-backup, zeroed the components of the array, stopped it, rebuilt it as a RAID1 array, and copied everything back.
<foo> neonfreon: I have :) I'm learning
<andol> foo: Anyway, I agree with jmarsden. Myself I would replace the hard drive rather soon. Remeber that hard drives are evil and just keep waiting for the most inconvienent time to cause you trouble :)
<foo> jmarsden: haha, good point
<foo> :)
<trimeta> This still didn't make the ncurses thing happy, but it did let me run grub-install from a chroot, and then I went back and ran the ncurses step.
<neonfreon> ide drivers are expensive now
<neonfreon> -r
<trimeta> So, everything seemed to be working fine; the new system boots and everything.
<trimeta> Then I tried to mount /dev/md0 so I could update my kernel. And found I didn't have a /dev/md0.
<trimeta> What's going on?
<trimeta> I tried to reassemble /dev/md0, but it told me that the first physical partition was already in use. In use by what? mount didn't show anything using it.
<trimeta> Did grub not let go of it?
<trimeta> I don't understand the grub2 configuration enough to know what's happening here.
<trimeta> Does someone else?
<jmarsden> trimeta: Who knows?  Assuming this is a fresh Ubuntu server installation, I suggest you just install the whole system more conventionally, rather than using your own strange methods, and then wondering why you get odd issues ?
<trimeta> I wanted to start from a degraded RAID1 array, and the ncurses installer doesn't allow that.
<trimeta> So I tried making the array separately, but screwed up and made it RAID5.
<trimeta> Then I went back and made it RAID1 again, though that didn't entirely work, as noted above.
<foo> andol / jmarsden / neonfreon  - thanks for the tips guys, I'm going to replace the drive
<trimeta> I tried using the ncurses installer to install grub, and the last time it seemed to work.
<trimeta> I mean, it did work, insofar as the machine boots. But whatever it did with grub doesn't let go of /dev/sda1.
<jmarsden> trimeta: So... just start over.  dd a few MB of zeroes to each drive if you want to be sure, and then reinstall from scratch.  Why do you want to start from a degraded RAID1 array anyway -- it is more logical to start with a working system, not a broken one :)
<trimeta> Since the fourth drive, which will eventually go into the array, has all of the data I want to eventually copy onto the array.
<trimeta> I could start over from scratch, but that would involve wiping the main RAID5 array used for /, and I have no reason to believe there's anything wrong with that.
<trimeta> Also, it's 4.5 TB. I don't exactly want to reformat that.
<trimeta> If I thought that booting the install disk and carefully bypassing the main "install the main system" step would work, I'd do it, but after I messed with stuff I went back and reran all the steps in the installer which had failed.
<trimeta> And that obviously didn't work.
<jmarsden> trimeta: OK... it just sounds like you have gone down a rabbit trail and got lost, and now things are peculiar... is borrowing a spare drive to use a temp storage not an option?  So you can copy your data to the spare drive, then install the system conventionally, then copy data off the spare drive.  Job done, no messing about needed.
<trimeta> It's 1.5 TB. I don't have a "spare drive" I can just happen to use for that.
<trimeta> Seriously, is this the "Ubuntu way"? Do things precisely as the instructions say, or you're on your own and we won't try to help you?
 * mneptok blinks
<jmarsden> trimeta: I have no idea.  I do not work for Ubuntu.  Seriously, doing things the way most people do is more likely to be successful than exploring new weird ways of doing things and getting stuck.  That's just based on 20+ years of professisonal computing experience, not nearly all of it Ubuntu-related.
<mneptok> trimeta: people on IRC are volunteers. no one, anywhere on IRC, is obligated in any way to help you.
<mneptok> trimeta: the good news is that Canonical sells support contracts for Ubuntu. purchase one, and the paid Canonical support staff *will* be obligated to help you, as long as you are discussing supported packages (Main repo).
<trimeta> I know, but if you don't know what's going on, just say that, not "you did something weird, so don't come back until you do it normally."
<ScottK> trimeta: If you do something in a non-standard way, I am more likely to know how to help you.
<mneptok> ScottK: s/non\-// ?
<ScottK> mneptok: Yes.
<mneptok> trimeta: maybe my scrollback is a bit messy, but i don;t see anyone ven coming close to saying "don't come back until ..."
<mneptok> *even
<trimeta> That's fine, but presumably I considered the standard way. "Stop doing things weird" isn't useful advice. "I don't know," while not useful advice either, at least doesn't carry the implication of "you're dumb for having tried anything else."
<ivoks> ah...
<ivoks> i wanted to help, but too much text :)
<mneptok> ivoks: my standard reply to prfessors when Tolstoy was assigned reading.
<ivoks> :)
<ivoks> crime and punishment?
<ivoks> that's a good book
<ivoks> i've read it in 3 days :D
<ivoks> ah, no, that was dostoyevsky :D
<mneptok> Warts And Fleas
<scix> good evening from norway. I'm new to OpenVPN and i'm reading this guide https://help.ubuntu.com/9.10/serverguide/C/openvpn.html Is there some type there. Can't get the urls and config files to add up this the previus step
<scix> *some type of typo
<cjwatson> eagles0513875: it's ia32-libs, not ia32libs (it was never spelled "ia32libs")
<eagles0513875> i got it
<eagles0513875> didnt have repos that had it enabled
<Davidf88> guys, bluetooth dongle on ubuntu server - need help!
<uvirtbot> New bug: #490732 in qemu-kvm (main) "KVM guests no longer start after upgrading host system from 9.04 to 9.10 (i386)" [High,New] https://launchpad.net/bugs/490732
<zroysch> where is the log that tells me why tcp connections fail on my server for several minutes before coming back up. during this time i can still ping
<zroysch> i was tcpdumping to a file and it just stops, without saying much of why its stopping.
<A|3x> hi
<A|3x> i am having difficulties with apache, anybody care to help?
<A|3x> what should be the owner and group of files in /var/www/
<ScottK> A|3x: Please ask a specific question and people will generally answer, but this channel is generally pretty slow on the weekends.
<A|3x> mod_rewrite doesn't work
<A|3x> after i moved my wordpress installation over to ubuntu server from centos mod_rewrite doesn't work
<zroysch> A|3x: not sure. tried #apache?
#ubuntu-server 2009-12-06
<jmarsden> A|3x: sudo a2enmod rewrite    # would be a good start, I don't think it is enabled by default ?
<alex88> jmarsden: no it's not
<A|3x> jmarsden: been there, done that...
<jmarsden> A|3x: Can you test mod_rewrite in a simpler virtualhost you create yourself, and then test in your wordpress installation when you know mod_rewrite works?
<jmarsden> Going from zero to a large database-backed site is... skipping a few steps, if you see what I mean.
<uvirtbot> New bug: #493020 in vm-builder (universe) "vmbuilder: Deletes most of /dev on interrupt" [Undecided,New] https://launchpad.net/bugs/493020
<erichammond> Is it possible to rename Ubuntu packages?  I'd love for "python-vm-builder" to be simplified to "vmbuilder" in Lucid as the programming language used to implement it seems irrelevant.
<ScottK> erichammond: It is possible.
<erichammond> ScottK: Thanks.  Is there a formal way to suggest it or should I just mention it to soren?
<erichammond> When I report bugs with ubuntu-bug, I keep assuming that the vmbuilder package is named vmbuilder and then have to go look up or remember the long name with dashes in odd places.
<ScottK> erichammond: Is python-vm-builder just an application or can it also be used programmatically as a python module?
<erichammond> ScottK: As far as I know it's just a program you run.  It is written in a modular style so that it is possible to write plugins for different architectures, but a lot of software is like this, so I'm not sure that is sufficient reason to put the programming language in the package name.
<ScottK> Then just mention it to the primary maintainer.
<erichammond> Soren would be the person driving this and may have good reasons.  I'm just interested in giving my usage experience.
<foo> is it safe to assume ext4 is stable on ubuntu server 9.10?
<ScottK> foo: It's the default file system for new installs.
<foo> ScottK: I know, but is it stable?
<foo> ScottK: eg. if my system improperly shuts down, should I be concerned
<foo> ?
<foo> I just saw it installed on karmic
<ScottK> I think it's a reasonable assumption that the developers considered it stable enough for general use since they made it the default.
<ScottK> I know some people that use ext2 because they are concerned ext3 is not stable enough.
<foo> that's what I thought, just wanted to be reassured :)
<foo> thanks ScottK
<foo> haha, I see
<ScottK> So this isn't something that can be stated in absolutes.
<foo> this is my local server, and I'll have that data backed up, so it should be ok, I imagine
 * foo nods
<foo> If they made it the default, I imagine it has to be pretty stable too
<ScottK> I'm sure they believed it to be stable, which is not exactly the same thing.
 * foo nods
<foo> Hm, should I opt to install security updates automatically?
<foo> I imagine that should be fine
<foo> local home server/router
 * foo does, and tries to not overthink this
<foo> hm, this cloud computing options makes me curous
<foo> curious *
<erichammond> smoser: I forget where we were discussing it, but I just remembered that it is /etc/fstab which can be used to tell fsck not to check a file system on boot.  fsck on S3 AMIs seems like an impossible task, but on EBS boot AMIs it could theoretically be done with a snapshot of the volume attached to a different instance.
<r00tintheb0x> Im you're firestarter, twisted firestarter.
<somebody__> Hi all,
<somebody__> I am trying to use the cups web interface to set it up
<somebody__> I am trying to set up a serial printer. How do I know what port it is attached to? Please PM
<God_Im_So_Elite> what?
<God_Im_So_Elite>  cups web interface, wtf?
<somebody__> I mean my machine has two serial ports and I don't know which one the machine is attached two. CUPS shows two ports
<God_Im_So_Elite> "aptitude -y install lshw"
<God_Im_So_Elite> Or plug in the printer, and do a "dmesg"
<somebody__> Thanks for your help
<somebody__> GoodNight.
<trimeta> Will running "dpkg-reconfigure grub-pc" redo the necessary grub installation stuff?
<trimeta> I'm not sure what I should be passing to grub-install to make it work.
<trimeta> That seems to have worked...I hope it didn't mess anything up.
<uvirtbot> New bug: #493100 in openldap (main) "init.d/slapd script reports an error message that could be improved." [Undecided,New] https://launchpad.net/bugs/493100
<syncrondi> hey everyone.. does anyone know a way to get php4 running on Jaunty? I tried installing from source but without success
<syncrondi> Is there an old package location that would work?
<syncrondi> I've got some crap code that gives bloody errors when moved to php5 and I hope it's less work to install php4 on my new server
<alex88> how can i know how my server is booted?
<alex88> cause i'm on a vps and i can't change boot kernel...the /boot folder is empty
<DrNick_> well you could try pinging it see if it replies
<DrNick_> although if you've nothing in /boot (however the heck that happened), then i doubt it's booted  :/
<shrikant> how i can select multiple packages and install them
<DrNick_> just type the package names in a list after 'apt-get', so for example, 'apt-get install samba samba-doc bind9'  would install those 3 packages with one command
<syncrondi> does anyone know how to resolve conflicts when iinstalling a deb pkg
<DrNick_> normally, if you attempt to install the .deb first using dpkg, then let it moan about dependency errors.  then issue an 'apt-get install -f' which should fix the dependences and then install the .deb for you afterwards
<syncrondi> DrNick_: I'm getting a 'libaprutil1 conflicts with php4-mysql '
<syncrondi> That's different story than dpeendencies, no? This is a conflict with a currently installed package.
<DrNick_> well... it probably does then.  some combinations of packages can't be installed together at one time.  i believe the man page migth describe a way to force an installation - not that I'm saying that's at all a good idea...
<DrNick_> either that or remove php4-mysql
<DrNick_> (which might be a bad thing)
<syncrondi> yeah, I'm trying to install php4-mysql
<DrNick_> ah, other way around then, remove libaprutil1
<syncrondi> hm I'll have to look up what that does
<syncrondi> oh that looks important
<alex88> how can i change the kernel of my vps? there are no files in the /boot folder...and i don't know how to boot from newly installed kernels..
<`jpg> Hey guys, anyone here using Ubuntu Enterprise Cloud?
<Bruns> Does anyone know where I could go to hire someone to code for my website?
<alex88> Bruns: you mean for continuate developing? or occasional things?
<Bruns> Well, I have a website based on kusaba software. I am wanting to do some drastic changes to it. Also to keep in touch with the person in case I need something.
<alex88> i can help you on free-time....4 free
<Bruns> are you sure? I was wanting to hire.
<alex88> i can't offer every-day coding, i'm studying and also developing other sites..
<Bruns> Well I don't mean every day.
<piotrekm> hi, i'd like to ask which of the database systems is less resource (both cpu and mem) consuming, mysql or postgresql?
<piotrekm> hm, my /etc/cron.d seem not to be read (jobs there don't get executed), altough cron is running, what may be the reason?
<pmatulis> piotrekm: pastebin your file
<piotrekm> pmatulis: thanks, while pasting it into the form i noticed there's one "0" instead of "*";)
<pmatulis> piotrekm: there you go
<shrikant> after installing private cloud whiile installtion can i install public cloud
<eagles0513875> hey guys im on a karmic server and im just wondering is there a way i can see what file system i have installed?
<jtaji> eagles0513875: type mount
<eagles0513875> jtaji: strange cuz when i look at top
<eagles0513875> its showing some interesting processing such as jfscommit jfsio jfssync and xfsdatad and the file system installed is ext3
<eagles0513875> this is on a vps
<eagles0513875> any idead jtaji
<jtaji> eagles0513875: I see the same thing on my Linode
<eagles0513875> funny thing this vps is also from linode
<eagles0513875> are those jfs and all that for something thats part of their backend
<jtaji> I'm really not sure
<jtaji> I'll tell you I'm not worried about it ;)
<eagles0513875> thing is i have on this server 350mb of ram and all i have free is bout 26mb
<eagles0513875> jtaji: seems like they have a channel on here
<jtaji> eagles0513875: they do but the one on OFTC is much more active
<eagles0513875> ya just noticed
<jtaji> eagles0513875: also I'm assuming you know how to determine your true free memory?
<eagles0513875> ya
<jtaji> could be an ubuntu 9.10 issue too
<jtaji> that's what I'm running
<eagles0513875> thing is i had it on my laptop near me and no issues of that sort
<jtaji> same here
<jtaji> good point
<eagles0513875> im wondering if its xen related
<eagles0513875> unless xfs isnt the file system but the xen file system
<jtaji> but jfs?
<eagles0513875> true
<eagles0513875> xfs isnt anything to do with xen
<eagles0513875> http://en.wikipedia.org/wiki/XFS http://en.wikipedia.org/wiki/JFS_%28file_system%29
<eagles0513875> jfs according to wikipedia means journaled file system
<eagles0513875> in that case jfs makes sense since we are using ext3
<eagles0513875> jfs = 64bit journaled filesystem
<jtaji> I'd assume that's not generic jfs, but the JFS filesystem developed by IBM
<eagles0513875> possibly
<eagles0513875> i dont know how that would tie into ext3
<eagles0513875> !jfs
<eagles0513875> !info jfs
<ubottu> Package jfs does not exist in karmic
<eagles0513875> stupid bot
<jtaji> oh that's right I'm running a linode kernel again... for awhile I was using pv-grub
<jtaji> so those processes are from the linode kernel
<eagles0513875> ahh ok
<eagles0513875> kind of pointless though are thtey not
<jtaji> they don't seem to be using any memory
<eagles0513875> i am not sure though whats taking most of the memory on my vps
<broreg> I'm having a problem with my belkin wireless usb adapter on karmic ubuntu server, the connection keeps constantly dropping, when it's up there seems to be a lot of latency between internal desktops and the server over ssh
<broreg> This is how my /etc/network/interfaces looks http://paste.ubuntu.com/335169/
<broreg> the id for the card is  ID 050d:705a Belkin Components F5D7050A Wireless Adapter
<MatBoy> woei, monit rocks big time
<pmatulis>                    dantalizing
<moldy> hi
<moldy> i am having severe trouble with 9.10 and raid
<moldy> i have a 2-disk raid1 system with 1 removed disk
<moldy> if only the working disk is preent, all is fine so far
<moldy> but as soon as i plug in the second (empty) disk so i can re-add it to the raid, the system fails to boot
<moldy> i don't understand this... the second disk does not even contain a raid superblock, to the best of my knowledge
<uvirtbot> New bug: #489619 in phpldapadmin (main) ""Our attempts to find your SCHEMA for "attributetypes" have FAILED"" [Undecided,New] https://launchpad.net/bugs/489619
<moldy> why does it fuck up the boot process even if i merely plug it in?
<moldy> if i boot from a live cd, i don't even see the partitions!
<moldy> fdisk shows them, but /proc/partitions does not, it only shows the drives themselves
<moldy> wtf is going on here?
<cj> hey folks
<cj> my new system is only showing 2G of memory where it should have 4G
<cj> $ cat /proc/cmdline
<cj> BOOT_IMAGE=/boot/vmlinuz-2.6.31-16-generic root=/dev/mapper/vg0-root ro quiet splash
<cj> any idea what's up?
<moldy> cj: 32-bit? i think you need a special kernel (server kernel) to address more than 2g
<jtaji> cj: I think you want -generic-pae
<cj> moldy: no, 64
<cj> $ uname -a
<cj> Linux calcifer 2.6.31-16-generic #52-Ubuntu SMP Thu Dec 3 22:07:16 UTC 2009 x86_64 GNU/Linux
<cj> the BIOS says 4G, as does the site off of which I bought the hardware.  I can pull the case off and look at the memory chips, but I believe it's got the memory in it
<moldy> hm, not sure if 64-bit systems need the pae extension to address >2g
<moldy> i thought they didn't, but maybe i was wrong
<cj> no, pae is only i386
<jtaji> cj: what does 'sudo lshw -C memory' tell you
<cj> http://pastebin.com/m4dffc04f
<cj> description: SODIMM Synchronous 1067 MHz (0.9 ns) [empty]
<cj> hurm
<jtaji> try swapping modules
<cj> jtaji: alrighty.  thanks.  back in a bit.
 * cj &
<cj> jtaji++
<cj> $ free | grep '^Mem:'
<cj> Mem:       4047136     910160    3136976          0      51060     295312
<moldy> ubuntu raid is broken
<moldy> that stupid prompt "do you really want to start with a degraded raid?" seems to fuck up the boot process
<moldy> result: impossible to recover from a drive failure in the usual way. nice.
<jussi01> !language | moldy
<ubottu> moldy: Please watch your language and topic to help keep this channel family friendly.
<moldy> yeah yeah :p
<EsatYuce> hi
<ChrisRut> Anyone here have experience with UnixBench, that can help me decipher the results on 2 different VPS's? http://bit.ly/5QZnu0 I am confused why one test took considerably longer to run then the other yet it got a BETTER score?
<ChrisRut> Both VPS's running Ubuntu Server 8.04
<ChrisRut> 64bit
<dwasp> I would like to run ubuntu-server to host 4-5 virtualized ubuntu instances for use in my development environment. Being a dev environment I would like to simply buy a ~$400 machine from Frys to do this. I want to know if it is required for the processor ubuntu-server is running on have the hardware virtualization extensions built-in to use kvm for virtualization?
<RoyK> I think most cpus have that today
<RoyK> anyway, you could run virtualbox or xen or something that doesn't require that
<dwasp> This is my first use of virtualization and I just want to use it to simulate my production env which has 4-5 boxes. Would you recommend virtualbox or xen over kvm in terms of ease of setup?
<RoyK> dwasp: it really doesn't matter what you use - they do the same thing, more or less
<RoyK> dwasp: I prefer virtualbox, but that's just my preference since that's what I started using, and I use it in production - three Linux VMs on an opensolaris box
<kpettit> lo anybody have any thought on vmware server vs virtualbox?
<RoyK> kpettit: I guess the difference is about the same as linux vs solaris vs *bsd
<kpettit> Have a 9.10 64bit vmware-server that couldn't keep the vm running, it would die everynight.  Traced it down to some lower level stuff that makes it easier to just re-install and use 32bit stuff.
<RoyK> or vi vs emacs
<RoyK> virtualbox works well with both 32 and 64bit, same with xen and prolly kvm
<kpettit> yeah, I hear all that.   On the desktop that's true for me, but on the server doing CLI access type stuff I wasn't sure how vmware comares to virtualbox
<RoyK> well, I use virtualbox in prod
<kpettit> how do you like the CLI access?
<RoyK> host os opensolaris, three linux guests
<RoyK> I use rdp
<RoyK> for the console
<RoyK> the commandline interface with VBoxManage and the rest just works
<kpettit> I've got a Win2003 guest I got from using VMWare conveter.  Causing me lots of headaches
<RoyK> haven't tried converting from vmware - sorry
<kpettit> If If I can use the vmdk in Virtualbox and do bridging with no problems i think I'll go that route.  I like vmware ok but the web GUI is flakey and I'm really pissed about it not being able to keep the guest running
<kpettit> the vmware converter was pretty slick.  the problems I was having with VMware I/O type stuff.  I'd do a backup on linux and it'd kill the guest.  Inside the guest I'd do a backup and it'd lock up.  Anything that did lots of I/O would kill the guest basically.
<RoyK> try with vbox 3.10  (and /j #vbox) - I think there are some new stuff in the latest version
<kpettit> Do you know if I can use a vmdk with no problems?
<kpettit> it's not a spilt one, just a normal 1 file 50GB or so vmdk
<RoyK> ask on #vbox
<kpettit> ok.  thanks for the feedback
<opticon> with ubuntu i managed to join it to my windows domain but im trying to configure network shares in ubuntu to allow access based on group accounts in active directory but its not working out so far anyone have suggestion?
<teddymills> 'virtual machine host' i am pretty sure is kvm..it will install even if you do not have kvm capable cpu...is that right?
<RoyK> teddymills: try on #kvm
<glphvgacs> hi, how do i find the path to some server's export (shared over nfs dir) on my network? thnx
<glphvgacs> hi, how do i find the path to some server's export (shared over nfs dir) on my network? thnx
<RoyK> look into /etc/exports on the server
<glphvgacs> i can't loginto server
<RoyK> well, ask someone
<glphvgacs> shouldn't it announce it's avail. resources?
<RoyK> no
<RoyK> if you're supposed to mount the share, you should have the path
<RoyK> with nis/ldap you'll use automount
<RoyK> is it a server on a network you're trying to hack into?
<glphvgacs> showmount -e servername
<RoyK> ah. didn't know that
<kpettit> what is the best way to change the default runlevel?
<kpettit> I installed ubuntu-desktop becuase I needed the GUI stuff, but for the most part I want to run it without the GUI
<guntbert> !runlevel
<ubottu> In Ubuntu all runlevels except 0,1 and 6 are by default equal. Also keep in mind that Ubuntu now uses !Upstart instead of System V init so there is normally no /etc/inittab.
<kpettit> ah ok.  So what's the best way to edit what starts by default on system boot?
<guntbert> kpettit: I keep forgetting - something like sudo update-rc remove gdm ?
<kpettit> guntbert, cool thanks for the help
<guntbert> kpettit: np - was it actually the right command?
<kpettit> I used to do the server install's but it just seems easier to do the desktop and turn off stuff.   Any problems with doing that approach?
<guntbert> kpettit: I didn't understand that statement
<kpettit> For most of my servers I would use ubuntu-server version.  I'm wanting to start doing ubuntu-desktop version becuase it has alot o fthe stuff I end up installing anyways
<kpettit> but didn't know if there was anything different enough in the desktop version that would cause me problems running it as a server
<kpettit> FYI guntbert that rc-update command doesn't work.
<kpettit> Looking through the init's gdm is a symlink to upstart-job  so I'm trying to figure out how that works
<guntbert> kpettit: sorry, it must be something similar
<kpettit> this would be the command though if it was a normal startup "update-rc.d gdm disable"
<guntbert> kpettit: have you seen http://www.ubuntu.com/products/whatisubuntu/serveredition/documentation ?
<kpettit> man that new init stuff is a pain in the ass
<kpettit> each startup script basically has it's own config file that you have to edit.   Nothing as simple as a "don't start", got to figure out how that file works
<kpettit> guntbert, I'm looking at it now, thanks
<`jpg> Hey any body here runing ubuntu cloud?
<ropetin> Does anyone have experience sending syslog via a network connection?
<guntbert> ropetin: be aware that the syslog daemon has been changed from syslog to rsyslog
<ropetin> guntbert: yeah, I'm looking at using either rsyslog or syslog-ng, but I wondered if either has the option to 'buffer' messages if the remote server is unavailable
<ropetin> I think I found one of the pay versions of syslog-ng has that feature, but I was hoping to not have to pay for it
<guntbert> ropetin: I cannot answer that: my purpose was a simple udp catching of logs
<ropetin> Thanks anyway!
<guntbert> ropetin: good luck - ah have a look at http://www.ubuntu.com/system/files/CentralLogging-v4-20090901-03.pdf
<ropetin> Awesome, thank you!
<uvirtbot> New bug: #493325 in mysql-dfsg-5.0 (universe) "mysqld crashes with large key_buffer (25G)" [Undecided,New] https://launchpad.net/bugs/493325
<asdasd> http://www.sexy-lena.com/?uid=97447
<asdasd> http://www.sexy-lena.com/?uid=97447
<mgpcoe> ï»¿Anybody know what would make /var/spool/postfix/private/auth-client disappear? I had Postfix, Dovecot and Courier running, with Dovecot and Courier both rigged for IMAP, so I uninstalled Courier and now auth-client's gone and nothing I've read has given any indication how to put it back. Even tried using aptitude to reinstall Postfix and Dovecot; no dice.
<Semko> hi
<Semko> how can i count lines of a txt file using grep?
<Ninjix> Semko: you can use the 'wc' command
<Semko> Ninjix, can you give me an example?
<Ninjix> cat file.txt | grep foo | wc -l
<Semko> Ninjix, grep shows 0(zero)?
<Semko> i am sure they are over a tousand
<Ninjix> try this one
<Ninjix> egrep mmx /proc/cpuinfo | wc -l
<Ninjix> should produce same number as your system CPU cores
<Semko> ok
<Semko> i will
<Semko> i am currently trying "grep itcwww-small.txt |wc -l"
<Semko> it takes a lot of time and still havent produced the result
<Ninjix> Semko: you need to tell grep what to search for
<Semko> it is  itcwww-small.txt
<Semko> and i want to see how many lines are there
<Ninjix> ah
<Ninjix> wc -l itcwww-small.txt
<Ninjix> no grep needed
<Semko> :)
<Semko> Ninjix, thanks
<Semko> that worked
<Ninjix> np
<mgpcoe> Anybody know postfix and dovecot really well? I've been having a hell of a time getting this working...
<Roath> how do i change the vga setting on the ubuntu install screen, on previous versions i've installed it always had a VGA option (usually F4) but now its gone, and i need to change it or it will screw up the display on a virtual machine
<trimeta> I copied over my /var/www/ from an old system (8.04, to be specific), but now whenever I try to access my site through a browser, I'm getting a 403 error.
<Ninjix> Roath: can you just pass the vga setting you need via the boot line?
<trimeta> Except, oddly enough, when I try to access /var/www/index.html from within the local network. That works.
<Roath> i hope so, but have no idea what to write or where in the boot options to write it
<Ninjix> Roath: what vga mode do you want?
<Roath> 640x480x32
<Roath> since its on a virtual machine
<Ninjix> appending vga=786 should work
<trimeta> Does the apache user need to own stuff now? It's all either 755 for directories or 644 for files, so it shouldn't matter, right?
<Roath> Ninjix, after or before quiest --
<Roath> quiet --
<Ninjix> you can put it after quiet
<mgpcoe> trimeta: If you're uploading things from your website, it can't hurt to have www-data own the directory it's going into.
<Roath> ok
<Ninjix> quiet just hides the nerdy kernel startup messages
<Roath> Ninjix, all it does then is open a "popup" called Boot loader, which says /install/vmlinuz, i can only click OK, then nothing happens
<trimeta> mgpcoe: That doesn't seem to have helped.
<Ninjix> Roath: which Ubuntu version are you trying?
<mgpcoe> trimeta: What are you trying to do?
<Roath> 9.10
<Roath> i just downloaded it
<Ninjix> Roath: server or desktop?
<Roath> 32bit ubuntu server 9.10
<Ninjix> Roath: nice...
<trimeta> mgpcoe: At the moment, figure out why it's giving me a 403 error when I try to access it.
<mgpcoe> trimeta: .htaccess maybe?
<Roath> i need the server on a virtual machine because it gives me more control when testing web systems and programming than a normal wamp/xamp does
<Roath> but usually i can just hit F4 at the disc install screen to select VGA, but on this F4 is Modes
<Roath> Ninjix, if it helps i can write the entire boot options line here
<trimeta> mgpcoe: I tried that, by moving the entire /srv/www (I actually have /srv/www rather than /var/www, but I changed that in sites-available/default) to /srv/www-old and making a new /srv/www which only holds an index.html. It didn't help.
<Ninjix> Roath: afk for a moment
<Roath> ok
<trimeta> OK, hmm...it was one of my sites-enabled that was doing it. Now to figure out which one, and how it was doing that.
<Ninjix> Roath: back
#ubuntu-server 2010-12-06
<cokegen> thx qman__
<Slyboots> Uh.. Why does the JRE install want to add things like X11.. Gnome..
<Slyboots> I just want the java cli compiler.
<qman__> Slyboots, did you try with --no-install-recommends?
<qman__> also, pretty sure you want the -headless option
<qman__> openjdk-6-jre-headless - OpenJDK Java runtime, using Hotspot JIT (headless)
<Slyboots> Hmm.. let me try it now
<Slyboots> Yea thats a lot better :D
<Slyboots> Thanks :)
<cokegen> testing
<_Techie_> is it possible to have ubuntu-server setup as a router with the modem and wireless connected to the same NIC?
<twb> _Techie_: you mean you have a wireless AP and a commodity appliance modem, and you want to plug both of those, plus your server, into a 802.1 ethernet switch?
<_Techie_> yes
<_Techie_> im too broke to buy another NIC atm
<qman__> technically possible, but you're going to have lots of DHCP issues
<qman__> as all the traffic from the internet is going to be floating around on your switch
<_Techie_> i dont use the dhcp on my modem
<qman__> no
<qman__> you may or may not get DHCP from your ISP
<qman__> and may or may not use it on your LAN
<qman__> but if you do, in either case, it will interfere
<_Techie_> i use a half bridge, and my external IP and routing is manually configured on my server
<qman__> so you're not sharing the internet connection?
<qman__> anyway, it is technically possible, but you're still going to have internet traffic on the wire throughout
<_Techie_> meh, not a problem
<qman__> which is a bad idea security wise
<_Techie_> i dont use the wireless anyway
<qman__> and what I was getting at is, anything attached to that switch will all have to be manually configured, as you won't be able to firewall DHCP out
<_Techie_> wait
<_Techie_> why will they have to be manually configured?
<qman__> because DHCP is DHCP
<qman__> anything connected that asks for a lease is going to ask your entire ISP for one
<_Techie_> my modem is only acting in half bridge, and ive since disabled the DHCP on it
<qman__> I don't know what you mean by that
<qman__> it's either letting traffic through or it isn't
<qman__> unless it's a sophisticated firewall appliance, in which case I have to wonder why you're doing this anyway
<_Techie_> its a astandard DSL modem+ router with DHCP spoofing
<qman__> spoofing?
<_Techie_> it is spoofing a dhcp server inside the network that contains the external ip
<qman__> that's not spoofing, but ok
<_Techie_> its a weird topic and is hard to find the proper terms
<qman__> anyway
<qman__> any time a computer comes online, it's going to make a DHCP request
<qman__> unless that unit differentiates by MAC, it's going to give it out
<_Techie_> the DHCP on the modem has since been disabled
<_Techie_> i moved the configuration to be static on my servers NIC
<qman__> ok, but the other problem is, if it's in a bridging mode, your switch is now in the internet
<qman__> and your DHCP requests will go to the other side, unless that device is sophisticated enough to filter them out
<_Techie_> it is sophisticated in a way
<_Techie_> it was originally setup as a normal home ADSL modem/router
<_Techie_> so it would normally pick up DHCP requests and assign them 192.168.1.X
<_Techie_> so DHCP getting through to the internet wont happen
<qman__> that doesn't mean anything
<qman__> when you change to bridged mode, all that goes away
<qman__> it doesn't route anymore, so unless it has a decent operating firewall, they'll still get through
<_Techie_> it does route
<_Techie_> its not fully bridged
<_Techie_> it still uses NAT and everything
<_Techie_> it just extends the external IP to an internal machine using the inbuilt DHCP server which has since been disabled
<qman__> that's not technically possible
<_Techie_> it is
<qman__> there's no point to it, either
<_Techie_> there is if you live somewhere like me, where you cant get cable internet or a PPPoE connection
<_Techie_> or even a decent modem without spending mega bucks
<qman__> no, I mean to providing such a function
<qman__> there's no point in having your external IP assigned internally and simultaneously assigning private addressing
<qman__> you might as well just use the DMZ setting
<qman__> it's a lot less complicated and doesn't violate the principles of routing
<_Techie_> well i use it to make managing my server slightly easier as it appears to be connected directly to the internet
<qman__> sounds like a security nightmare
<qman__> anyway, you could do what you were asking, but it's complicated
<qman__> you need two virtual interfaces on your server
<qman__> well, subinterfaces
<qman__> eth0:0, eth0:1, etc
<qman__> that is, if you want to do the routing through your server
<qman__> which I'm assuming is the reason you want to
<_Techie_> im going to try get away with one
<_Techie_> eth0-my comp       eth1-modem with eth1:0 being the wifi
<qman__> you have two interfaces?
<qman__> then just use them
<qman__> put the AP on the inside
<_Techie_> its sort of the reason
<_Techie_> 2 NIC's
<_Techie_> one 10/100 and the other gigabit
<_Techie_> and all my network hardware is 10/100
<_Techie_> and i want to be able to use the gigabit link to link my pc and the server for streaming HD content from the media shares
<_Techie_> up untill today is was using a 10/100 switch connected to the gigabit of the server
<_Techie_> which was all nice, it kept my LAN inside a secure area, but cut off the ability to use the gigabit link
<qman__> ok
<qman__> well, it's still not a good setup, but you can do it that way
<qman__> however, I have to warn you
<qman__> a setup using eth1 and eth1:0 at the same time has never worked for me
<qman__> always had to de-configure eth1 and use eth1:0 and eth1:1
<qman__> and I would still advise against using DHCP on that part of the link
<qman__> is your wireless AP a wireless router, or just an AP?
<_Techie_> doign this also frees up 10m of cable
<_Techie_> as it removes the need for the reverse link providing a connection for wireless users
<qman__> if it's a wireless router I suggest going that route instead of AP mode
<qman__> if your wireless AP is actually a wireless router, I suggest using it for providing DHCP to the wireless clients
<qman__> to keep the DHCP traffic off of that interface on your server
<qman__> trusting your DSL modem/router to protect you from that trouble is risky
<qman__> up to you, though
<kaje> Can someone tell me how I can have my dhcp server update the hostname of a client? I've seen this done on other networks, but I can't find the right directive for my host entries...
<kaje> nevermind
<twb> Why does lucid have both /etc/init/ssh.conf and /etc/init.d/ssh ?
<uvirtbot> New bug: #685724 in openvpn (main) "openvpn server loses internet after bridge activation" [Undecided,New] https://launchpad.net/bugs/685724
<pmatulis> twb: b/c upstart can't handle sshd running in a chroot
<twb> Ah, looks like the init.d ssh is not enabled by default
<twb> I can live with that
<twb> I have an Ubuntu router with console=/dev/ttyS0, and that serial port is cabled to ttyUSB0 on a server.
<twb> An Ubuntu server, that is.
<twb> What's the "right" way to have the server log ttyUSB0?
<cokegen> log all activity ?
<cokegen> bc you'll have the console there man
<twb> cokegen: basically I want the output of ttyUSB0 (particularly the printks) to be logged into /var/log somewhere.
<twb> Obviously I'll need a way to *stop* that logging so I can do "screen /dev/ttyUSB0 115200" when I need to control the router via console.
<cokegen> I was trying to find a way to "split" the serial ports
<twb> plan B is something like a udev rule that says "when a USB serial device is created, run screen -dmC foo.conf", where foo.conf is a screenrc that says something like "chdir /var/log; screen /dev/ttyUSB0; log on"
<cokegen> I don't know really what to say
<twb> Which would result in output to /var/log/screenlog.0
<twb> Ah, an ":logfile /var/log/router-console.log" to change the logfile
<cokegen> twb
<cokegen> what about just reading the serial port like this in a loop ?
<cokegen> READ=`dd if=/dev/ttyS1 count=1`
<cokegen> and run screen whenever you want
<cokegen> read only would be
<cokegen> stty -F /dev/ttyS1 raw speed 9600
<cokegen> just found that somewhere
<arrrghhh> hey all, i have created a pub/priv key combo for this laptop before, but using putty/windows.  can i use that same key combo in ubuntu somehow?
<twb> arrrghhh: I don't know what that means.
<twb> arrrghhh: oh, you mean an SSH keypair.
<twb> The PuTTY and OpenSSH formats for SSH keypairs are different, but I think there's a tool to convert from one to the other.
<arrrghhh> hrm
<arrrghhh> i see the different
<arrrghhh> difference*
<arrrghhh> i can't just copy/paste?
<twb> Dec  5 02:29:25 alpha kernel: [58505.044670] WARNING: at /build/buildd/linux-2.6.32/kernel/softirq.c:143 local_bh_enable_ip+0x61/0x90()
<twb> ...and then a kernel backtrace.  How do I find out WHAT I'm being warned about?
<vraa> is there a program that'll fix permissions of a serveR?
<vraa> i actidently chowned everything in / to root:root
<twb> vraa: no
<twb> vraa: it'll be easiest to just do a full reinstall
<twb> What are these ntpd messages about?  http://paste.debian.net/101624/
<joschi> twb: http://bugs.ntp.org/show_bug.cgi?id=452
<uvirtbot> bugs.ntp.org bug 452 in ntpd "kernel flipping between PLL and FLL" [Normal,Verified: fixed]
<twb> Thanks
<twb> Any idea if I should do anything, and if so, what?
<joschi> twb: nope, but since it doesn't seem to be an error, I'd ignore it.
<joschi> twb: I also have *some* of these messages in my logs
<twb> I have *lots*
<joschi> twb: all virtual machines?
<joschi> twb: I have these messages only on virtual machines (vmware to be specific)
<joschi> twb: ok, skip that. it also occurs on "physical" machines
<twb> No, this is a router
<twb> But I do also see a kernel backtrace re ntpd, which I suspect means I need  "notsc"
<twb> FWIW I only see a couple of flips on my lucid server
<uvirtbot> New bug: #685801 in minicom (universe) "Serial console not working on Ubuntu 10.10" [Undecided,New] https://launchpad.net/bugs/685801
<Guest13119> Hi
<Guest13119> Just a question. Does anybody know how/when Apache Tomcat is updated within Ubuntu, as we have some problems with the current version (6.0.24)?
<ikonia> Guest13119: in what way "how" it's updated ?
<Guest13119> Ubuntu currently delivers 6.0.24
<Guest13119> but we need a newer version to get our application working, but don't wan't to force our customers to install it without apt-get
<ikonia> Guest13119: you'll need to log a bug requesting a package update then
<Guest13119> ah okay, thanks, so now only the question, where can I do this ?
<Guest13119> http://www.ubuntu.com/community/report-problem
<ikonia> Guest13119: launchpad.net
<Guest13119> Thanks al ot
<Guest13119> a lot
<ikonia> Guest13119: it may not hurt to find out who built that package and chase them for help directly or your request will just set there doing nothing
<Guest13119> okay
<twb> Guest13119: as a rule, RELEASED versions of Ubuntu do not ever receive new (upstream) versions of constituent packages.
<twb> lucid (10.04) has tomcat 6.0.24, but maverick and natty both have 6.0.28.
<twb> IMO you should probably either fix your application to work with .24, or advise your customers to upgrade to a non-LTS version of Ubuntu.
<Guest13119> hm, not good, as enterprise customers always need LTS
<twb> At least your customers are running 10.04
<twb> Almost all of mine are either on RHEL4 or 8.04
<twb> Kerberos debug time!
<twb> I followed the ubuntu-serverguide's Â§6.3 kerberos chapter.
<twb> I went into kadmin on the kdc and did "addprinc fred", giving the password as "fred".
<twb> On the krb client machine (also 10.04), I've configured it per Â§6.3.3 (Kerberos Linux Client), and I can "kinit fred", but I *do not* get a TGT automatically when I log in on tty1.
<twb> (Where I log in to a local user account created with "adduser fred", also giving the password as fred.)
<LagMonste> anyone here have experience with an Areca 1230 12P sata raid controller? Considering buying one used to upgrade storage, but can't find much about it's compatibility with Ubuntu server
<twb> LagMonste: I tend to go with md RAID
<milligan> I'm getting a Error 15: FIle not found while trying to boot a machine. The kernel images appear to be where they should be ..
<LagMonste> yea i've been running MD raid for the 4 onboard drives (AMD SB600) and it's never had a single issue
<LagMonste> sb700*
<twb> milligan: from grub?
<milligan> twb, yes
<twb> That's probably grub trying to find its stage 2 in /boot/grub/
<twb> I don't debug grub problems anymore, I just install extlinux.  But that's not the party line, so I guess I'll shut up.
<twb> God damn.  I just installed slapd on the dom0 instead of a domU
<milligan> twb, is there any way I can fix it? :(
<twb> milligan: probably you would need to boot a live medium and piss-fart around rerunning grub-install and hoping it guesses things correctly.
<milligan> gah
<twb> There's a low-level utility (grub-setup?) that you can use to Do What I Tell You, but IIRC they try to hide it from you
<twb> Waaay back I used to have to use it to force it to load the grub md raid1 and lvm modules, when I was experimenting with /boot on LVM on RAID1.
<milligan> Is rescue mode from the 10.04 install cd useless?
<twb> Basically, yes.
<twb> If you are clever like me, you can do some things with it.  But generally I use the Debian Live "rescue" image, or the CentOS 5 live CD
<milligan> I did a reinstall of grub, without that making any difference..
<twb> I think reinstalling grub only works if you shake magic pixie dust over the rack or something
<milligan> this is gay. fuck dist-upgrade :(
<twb> FWIW, dist-upgrade is not the supported upgrade method -- do-release-upgrade is.
<milligan> yeah, that's what I used.
<twb> http://cdimage.debian.org/cdimage/squeeze_live_beta1/amd64/iso-hybrid/debian-squeeze-live-beta1-amd64-rescue.iso for the Squeeze rescue CD
<tsimpson> milligan: please keep your language and topic in line with the Code of Conduct
<twb> Yeah, the PC term is "fagtacular"
<twb> >duck<
<tsimpson> ..., seriously
<milligan> hm, could it be that the uuid of the disk has changed?
<milligan> (Or even missing ?)
<twb> milligan: disks don't have UUIDs; filesystems, LVM LVs and md RAID arrays do.
<twb> IIRC disks have bus addresses
<milligan> well, the grub menu def has a uuid set as the root .. could that uuid be wrong .. ?
<twb> milligan: sure, that's the filesystem UUID for /boot (or /)
<milligan> ooooo - think I got something running here..
<milligan> Atleast it's moving forwards now.
<twb> tune2fs -l will list the UUID for an ext[234] fs
<twb> blkid will probably work for anything
<jpds> milligan: ls -l /dev/disk/by-uuid/
<[diablo]> anyone have any idea why an NFS mount on a 10.10 Server is giving me totally incorrect uid:gid on all dirs and files please?
<twb> Or that :-)
<milligan> Let me check :)
<twb> [diablo]: NFS does not keep IDs in sync between hosts
<twb> [diablo]: are you using something like NIS or LDAP for that?
<[diablo]> twb, Hi... nope
<[diablo]> twb, the NetApp has all the dir's and files owned by id:80 (www-data) on all other machines
<twb> [diablo]: for example, if "id fred" returns a UID of 1000 on the NFS client but 500 on the NFS server, that is why.
<[diablo]> twb, other machines being CentOS 5
<twb> [diablo]: NetApp is the NFS server?
<[diablo]> twb, but its mounting in with Access: (0777/drwxrwxrwx)  Uid: (4294967294/ UNKNOWN)   Gid: (4294967294/ UNKNOWN
<[diablo]> twb, yep, NFS is on the NetApp
<twb> 4294967294 is probably because one of your machines is using signed UIDs, the other unsigned, and the NFS export is root_squashed, so one man's nobody:nogroup is another's UNKNOWN:UNKNOWN.
<twb> [diablo]: try sshing into each box and running "getent passwd" and "getent group", and checking what accounts have different UIDs/GIDs
<[diablo]> twb, good point about the signed UID's
<twb> I had an osol10 backup server explode because its UIDs are actually smaller (like, int32 vs uint32), and the RHEL box's nobody account didn't fit.
<milligan> jpds, twb , the uuid is wrong it seems. Can I just edit it in the /boot/grub/menu.lst and it'll be fine ?
<twb> milligan: it's grub.cfg now
<twb> milligan: but yes, probably.  I don't know if update-grub will blow that away and put hte wrong UUID back
<milligan> what's the default password for a rescue session, ssh ?
<twb> NFI
<[diablo]> twb, can I should you the two mounts?
<twb> I usually boot into single and run passwd to break into it, becauise it's easier than remembering
<twb> [diablo]: whatever, man.  Use pastebin for anything large.
<[diablo]> twb, bs-nas02:/vol/dev_gfx on /mnt type nfs (rw,vers=4,addr=10.10.10.244,clientaddr=10.10.10.211  <---- Ubuntu Server 10.10
<[diablo]> twb, nas2:/vol/gfx on /nas/gfx type nfs (rw,addr=10.10.5.62) <--- centos 5
<twb> [diablo]: that doesn't matter
<twb> Well, I suppose NFSv3 vs. NFSv4 might.
<twb> Also, you should be inspecting /proc/mounts -- don't trust /etc/mtab, it's full of lies.
<[diablo]> :)
<twb> In /etc/ssl/foo.info, what's the correct syntax so that the key is valid for both "foo" and "foo.example.net" ?
<milligan> Fixing the UUID in menu.lst looks to be working. At least the machine and services are booting back up now. How can I fix this permanently? And why would grub be installing the wrong uuid ?
<twb> milligan: just run update-grub and confirm it doesn't put the wrong UUID in there
<twb> milligan: then it's fixed about as permanently as you're going to get
<milligan> It seems wrong for all the other kernels .. but still correct for the one that I managed to boot.
<[diablo]> odd, seems I can not force the mount to v3
<[diablo]> even setting vers=3
<[diablo]> it mounts it as nfs4
<twb> [diablo]: I don't know much about nfsv4
<[diablo]> np
<twb> Much as I hate Microsoft, I'll take a homogeneous SMB2 network over a heterogeneous SMB2-for-Windows/OS X, NFSv4-for-Unix.
<bigbrovar> I guess I just had to compile the latest alsa driver to get sound to work on a friends laptop. is there a way I can create a dkms script to auto install the drives when there is a kernel upgrade? are there docs on how this can be done on Ubuntu?
<Daviey> bigbrovar: ideally, create a seperate package... and use one of the existing dkm'sified as reference
<Daviey> i'm sure others will appreciate it, if you push it to a PPA
<bigbrovar> unfortunately I am not a packager and have no skill at packaging :) I am willing to learn though if you point me to a doc.
<bigbrovar> just a guy trying to help out
<twb> bigbrovar: try #ubuntu-devel
<dsalvetti> Hi, anyone experienced some timezone related issue with postgresql on 10.04 overnight?
<dsalvetti> for about 2 hours I had the following error on my servers: "psycopg2.OperationalError: can't set datestyle to ISO"
<dsalvetti> at about the same time, on a different set of server I had SET TIME ZONE failed
<dsalvetti> I went through the logs but cannot find anything
<patdk-wk> well, what timezone do you use?
<dsalvetti> also the "issue" seems to have resolved by itself
<patdk-wk> and maybe, what timezone is your clock set to
<dsalvetti> EST
<patdk-wk> very odd
<dsalvetti> indeed :-)
 * RoyK labels a couple of driver 'Naughty sectors' and returns them whence they came
<[diablo]> OK I still can not get an nfs3 mount going... it will only mount as nfs4 ... grrrr
<[diablo]> anyone help please?
<jdstrand> hallyn_: hi! fyi, qemu manpage disappeared again:
<jdstrand> $ man kvm
<jdstrand> man: warning: /usr/share/man/man1/kvm.1 is a dangling symlink
<jdstrand> $ man qemu
<jdstrand> No manual entry for qemu
<hallyn_> grrr
<hallyn_> jdstrand: you use schroot, right?  have you had to do anything to make it work in natty?
<jdstrand> hallyn_: so I have another weird kvm issue. are you on natty yet?
<jdstrand> hallyn_: I run natty
<hallyn_> yes i am, and yes i have issues too.  i just haven't had time to investigate
<jdstrand> hallyn_: have you seen this:
<jdstrand> [39656.368496] unregister_netdevice: waiting for vnet0 to become free. Usage count = 1
<jdstrand> hallyn_: where kvm in libvirt won't shutdown?
<hallyn_> hm, no i haven't.  it sounds familiar from years ago with an lxc issue
<hallyn_> all right, i think that's a libvirt issue then
<jdstrand> no
<jdstrand> well, I don't think so
<hallyn_> kvm from cmdline does the same thin?
<jdstrand> if I downgrade to the maverick kernel, all is fine
<hallyn_> (I thought I'd started a few and not had that, but...)
<jdstrand> so this morning I am trying to find a simple kvm reproducer, and I get something that acts similarly:
<jdstrand> /usr/bin/kvm -M pc -m 256 -no-acpi -drive file=./disk0.qcow2 -net nic,vlan=0 -net tap,vlan=0,ifname=tap0
<jdstrand> hallyn_: ^ that is unkillable, even with kill -9
<jdstrand> hallyn_: I tried with ',script=' too, same thing (the vm actually starts though, but I can't kill the kvm process)
<hallyn_> jdstrand: what about with the qemu daily build?
<jdstrand> I haven't tried that
<hallyn_> so, meanwhile - you have no issues with sbuild under natty?
<jdstrand> it seems like a kernel thing-- userspace shouldn't be able to block SIGKILL
<hallyn_> right
<jdstrand> hallyn_: I did have issues until my upload on friday. are you referring tot he sysvinit thing?
<hallyn_> yes
<jdstrand> hallyn_: just upgrade and it should work
<jdstrand> 0.60.5-1ubuntu2
<jdstrand> hallyn_: I will file a bug on the unkillable kvm. I will add two tasks-- qemu-kvm and linux so that both camps know about it
<hallyn_> jdstrand: huh, thanks - i upgraded saturday, but still have -1ubuntu1
<hallyn_> jdstrand: thanks.  there's also a (separate?) issue with starting windows vm's
<jdstrand> maybe the buildds were benind...
<hallyn_> i'm hoping to clear my plate so i can look at these
<jdstrand> behind
<hallyn_> or benign
<jdstrand> hehe
 * hallyn_ says "hm" and goes to check lkml for vnet0/kvm clues while wiating for upgrade to finish
<hallyn_> oh well, i'll try both qemu daily and the kernel daily builds, and roll the dice
<jdstrand> hallyn_: fryi bug #685991
<uvirtbot> Launchpad bug 685991 in qemu-kvm "cannot stop kvm processing that use 'tap'" [Undecided,New] https://launchpad.net/bugs/685991
<jdstrand> wow, that is a horrible bug title
 * jdstrand fixes it
<hallyn_> jdstrand: interesting, i think the manpage fix was a victim of loic's fix of my snafu in using UDD to pull in the new 0.13.0 release.  if you follow  :)
<uvirtbot> New bug: #685991 in qemu-kvm (main) "cannot stop kvm processing that use 'tap'" [Undecided,New] https://launchpad.net/bugs/685991
<glen1> hey
<Wh1teL0tus> hello all
<cap_00> howdy
<Wh1teL0tus> i got a question
<Wh1teL0tus> i'm new in using linux but i want to learn to understand and to configure linux servers whats the best way for me to start ?
<cap_00> me too
<cap_00> i picked up a book from a local store
<Wh1teL0tus> you bought a book about linux servers in general or a specific one ?
<cap_00> it was about 8.04 and 9.10
<Wh1teL0tus> well i use 10.10 so i think best way is to buy a book from the 10.10 version ^
<cap_00> called "the official ubuntu server book"
<Wh1teL0tus> yesterday i did set up a lamp server on my running ubuntu client but i dont know how to acces or what i can do with it so need to learn it first
<cap_00>  most book descriptions will say which version they're based on, and in reality, there aren't gigantic changes
<Wh1teL0tus> i hope i can find it here in belgiu ^
<Wh1teL0tus> belgium*
<Kimmono> http://www.amazon.co.uk/Official-Ubuntu-Server-Book/dp/0137081332/
<Wh1teL0tus> thats an option too , tahnks
<cap_00> there are also lots of support documents on the web,
<cap_00> https://help.ubuntu.com/
<AndyGraybeal> i'm getting mtrr: type mismatch for d000000,8000000 old: write-back new: write-combining ... in my dmesg; what should I do?  this scares me.
<cap_00> between the documentation, and the book i've been able to start up and start learning
<cap_00> @WhlteL0tus i'm not sure what the consensus is but, it always made sense to me that servers should be based on the LTS release like 10.04
<Wh1teL0tus> kk
<Wh1teL0tus> found a document named ubuntu server guide, i'll be looking into that first
<cap_00> i've refered to that a couple of times when i was trying to setup some of the features for me samba that the book didn't detail enough
<cap_00> actually it pointed to the samba howto collection that was exhaustive
<bluethundr> does anyone know if openssh-5.6p1 has been packaged for ubuntu yet?
<SpamapS> zul: bump, can you give bug 611316 a looksy.. just nominated it for lucid/maverick (fix is pending for natty). Thx
<uvirtbot> Launchpad bug 611316 in php5 "Segmentation fault in php5-sybase" [Medium,In progress] https://launchpad.net/bugs/611316
<zul> SpamapS: sure
<Wh1teL0tus> am i right if a lamp server is able to understand php, perl and python ?
<Pici> Wh1teL0tus: The usualy 'P' in LAMP is for PHP.
<Wh1teL0tus> yea but i readed somewhere that it also stands for perl and python
<Pici> It can.
<Pici> I just was referring to what the lamp-server task installs on Ubuntu.
<Wh1teL0tus> but does it means that this lamp server is able to handle the scripts made in php or perl ?
<Wh1teL0tus> i'm sorry that i'm asking this noob questions bu i have to start somewhere right ?
<Pici> Wh1teL0tus: Well perl and python are installed by default on Ubuntu, so they may be able to be run, although the apache modules for them may not be setup.
<Pici> or enabled.
<Wh1teL0tus> ooh so for it to work the apachemodules have to be installed aswell
<Wh1teL0tus> is that also possible to make the server understand java scripting ?
<Pici> Do you mean Java or Javascript?
<Wh1teL0tus> Java
<Pici> Theres Apache Tomcat.
<Pici> I'm not too familiar with it though.
<Wh1teL0tus> i'll look it up, thanks for the info
<robbiew> SpamapS: kirkland: Daviey: zul: what time is the mumble on the installer today?
<zul> dunno..:)
<zul> robbiew: i think Daviey is EoD as well
<robbiew> zul...uh...he suggested the meeting :/
<zul> i thought it was clint
<robbiew> nope...I distinctly remember Daviey suggesting Thu/Fri, but folks were on holiday, so we pushed to Monday
<zul> *sigh* Daviey should have a stern lecturing then ;)
<uvirtbot> New bug: #686044 in apache2 (main) "default httpd.conf (blank) causes server name error" [Undecided,New] https://launchpad.net/bugs/686044
<Delemas> What is the correct way to get a upstart controled service, such as statd, to start on every reboot? autofs needs it but it isn't starting by default. This just gives errors: update-rc.d statd enable
<UndiFineD> Are there any known issues with Launchpad mailing list ?
<UndiFineD> I get email stating they cannot send to the ML
<bluethundr> shouldn't debuild 2&>1 foo.txt redirect output of this command to a text file?
<Kaffien> is there anything better than vnc for visual desktop connections to linux?
<Kaffien> ie RDP clones / knock offs
<ivoks> ssh -X
<SpamapS> Kaffien: NX
<eriksson26> Hi, need help. Have a newly made raid5, with 5 disks. But after some problem with mdadm.conf file it now only assembles with 4 out of 5 disks. Says the last one is removed.
<eriksson26> How can I fix this?
<Ninjix> pastebin  your /proc/mdraid
<eriksson26> is it a file or comand? I dont have a /proc/mdraid only /proc/mdstat
<eriksson26> When I assemble the raid, it says that the missing disk sdg has no
<eriksson26> raid superblock, and wrong uuid
<eriksson26> The raid is working, and I got a spare identical disk in the machine. So can I add that disk, and then afterwords grow the raid with the missing sdg?
<ScottK> I've got a small arm based server that I need to use a usb stick to provide /var/cache.  On boot it's not recognized.  I have to remove and insert the stick after boot, then do fdisk -l /dev/sdb, and then mount /dev/sdb1.  Any suggestions on how I might make this work at boot?
<resno> ScottK: i just put the commands in local.rc
<resno> and it automatically takes care of the sudoing
<ScottK> resno: I guess I just need to figure out how to get it to recognize the device without removing and reinserting after boot.
<ScottK> Thanks.
<resno> ah, hopefully that will help you along... thats the most i can offer
<ScottK> Every little bit helps.
<eriksson26> How do I remove a ext2 file system from a disk so I can add it to a raid?
<jfroebe> dd if=/dev/sda1 of=/dev/md1
<lifeless> (but unmount it first)
<jfroebe> good point :)
<eriksson26> I have deleted the partition and recreated it, it stil says it contains a ext2 when trying to create a array with it. it ask if I shuld do it anyway. Anyone know if its ok to go ahed, or will it couse truble?
<jfroebe> well you'd do the dd after you created the array - assuming that they are separate
<jfroebe> another option would be to tar up the file system somewhere else and extract it after
<lifeless> eriksson26: I think you should read the docs
<lifeless> eriksson26: you've got two different layers confused
<eriksson26> Well I have set up raid before, but never goten this warning.
<jfroebe> if you don't care about the 'hidden' ext2 file system, tell it to go ahead..  if you do, dd is your friend
<eriksson26> No I dont care about it, oki then I tell it to create =)
<eriksson26> thanks for the help.
<eriksson26> Is it ok to add two disks to a rebuilding array? or shuld I let it finish first?
<jfroebe> if you already started, then let it finish
<jfroebe> eriksson26 - just out of curiosity, what does your server do?  db?
<eriksson26> file storage
<jfroebe> gotcha
<eriksson26> it will take 2 days for it to complete, but that is fine, will add the two other disk later.
<eriksson26> oki maby only one day =)
<digital_chaos> is it illegal for me to store historical data such as  break-in attempts/scanning
<digital_chaos> its no secret our servers get hit hard... but what if i want to collect data and save it? i am facing the internet but i do not invite not a one.
<jfroebe> doubtful - but not doing so may be..
<jfroebe> depends on where the server is, where your company is, etc
<digital_chaos> no company. old pc sitting in my room
<jfroebe> up to you then
<digital_chaos> cool because im starting to dump my logs into a database
<digital_chaos> i think this can be prove useful
<jfroebe> lots of good info on there I would suspect
<digital_chaos> oh ya and makes you wonder what code is behind there requests
<digital_chaos> not sure how to get that safely but im sure i could query it from there evil servers easily
<digital_chaos> alot of requests from china and russia sctipters
<Pici> Thats rather normal as far as internet facing servers go.  I get a number of login attempts on my boring server each day.
<digital_chaos> through ssh or other means?
<Pici> Through ssh mostly.
<Pici> I use fail2ban though.
<digital_chaos> ya me too i was not too worried about that as much as apache
<digital_chaos> whats fail2ban
<jfroebe> changing the port for ssh (22) to something else cuts down on the number of hits... won't prevent anyone that is doing bad though
<digital_chaos> i was thinking about blocking but i want to log what they doing ya know
<digital_chaos> i want to learn whats out there not avoid
<jfroebe> you might want to consider setting up a honey pot if you don't care about that old box
<digital_chaos> ya thats a good one.
<Pici> fail2ban is not just for ssh, it has apache filters setup by default as well.
<digital_chaos> no i need the box but as soon as i can come up on another one or two i will make a sweet sticky pot!!
<digital_chaos> is fail2ban more software?
<Pici> !info fail2ban
<ubottu> fail2ban (source: fail2ban): bans IPs that cause multiple authentication errors. In component universe, is optional. Version 0.8.4-2 (maverick), package size 93 kB, installed size 660 kB
<Pici> Its the first thing I install after I install ssh.
<jfroebe> you can usually pick up a p4 box for about $15 in garage sales
<digital_chaos> oh i see. sounds cool. i will look into it. you could write a script to do it light weght style or even iptables can block
<digital_chaos> you know i wonder how to tell if someone actually compromised my system. i mean i suspect none but you never know unless you planned from the beginning on checking
<jfroebe> take a look at tripwire
<Lintt> Hey all , I have a question , have any of you tried connecting multiple networks using the same subnet over bridged vpn. Ie bridging 3 or more locations. Does STP work correctly over tap interfaces ? Are there known problems ?
<digital_chaos> yes i have.
<digital_chaos> i mean not you Lintt
<Lintt> i kind of assumed , since it would lean you read very fast
<Lintt> mean
<digital_chaos> haha
<digital_chaos> have you tried what you prpose yet
<digital_chaos> oh yes that tripwire. i remember.
<digital_chaos> my server install happened before i knew anything about linux. i mean i landed on the command line like wtf is this.. i need gui.. i need buttons!!! hahaha boy have times changed
<digital_chaos> speaking of gui. does anyone know a good cli for irc
<Lintt> telnet
<Lintt> JK JK
<digital_chaos> ha!
<digital_chaos> telnet Lintt@weak_network !!
<Lintt> hey !
<digital_chaos> playin
<Lintt> irc is mostly plai text
<Lintt> plain
<Lintt> you could prolly do a lot with telnet
<digital_chaos> ya i used to use it years ago using mirc and invision on windows
<digital_chaos> i just got on yesterday
<digital_chaos> i spend mass hours all so alone doing my nerdy stuff with not a one to talk to on my level its sucks balls so i am in here looking for those who eat and breath information technology such as i
<digital_chaos> i must admit those i have not seen a technical conversation of interest yet.. even bash room was lame..
<digital_chaos> <-- going crazy
<digital_chaos> how does one go about remaining anonymous of there location. a direction would be nice.
<Lintt> in what way ?
<digital_chaos> i do not fully understand proxy i know about tor
<digital_chaos> like for example i want to visit a site say wiki leaks and be as anonymous and untracable as possible
<Lintt> you have free minimal accrezs that can be used for chat etc
<Lintt> go read at "my freedom"
<digital_chaos> i mean i wanna hide
<digital_chaos> can i google that?
<Lintt> eep
<Lintt> i mean
<Lintt> "your freedom"
<Lintt> it uses openvpn
<Lintt> so you can do anything .. the free accouhnt is quite slow
<Lintt> you have a feqw countries you can hide behind
<Pici> What does this have to do with Ubuntu?
<digital_chaos> everything my friend!!
<Lintt> exactly
<digital_chaos> newbs
<digital_chaos> haha
<Lintt> there's beter places than this channel mr chaos
<Lintt> for stuff like that
<soren> Yes. Yes, there is.
<digital_chaos> juts for the record ubuntu is my os of choice i highly recommend it i use it i kill i love it alright
<digital_chaos> i am trying to start conversation about ubuntu and using it
<digital_chaos> no one is talking about anything ok
<soren> That's beside the point.
<Coder7> hey, anyone happen to know why all of my Ubuntu 10.04 servers are no longer allowing me to login with SSH? They seem to be running fine, and log messages indicate the SSH sessions are authenticating fine, but they just hang. This is a recent development on several servers I have.
<Lintt> try the other channel
<digital_chaos> this is boring i want to talk with people who do what i do
<Pici> digital_chaos: Try #ubuntu-offtopic then
<digital_chaos> k
<soren> Coder7: DNS problem, perhaps? Does revers DNS lookups work?
<Coder7> let me check
<Lintt> there was a borked auto update yesterday if i remember
<Lintt> idk if it was ssh related
<Coder7> I'm thinking that an auto update might be to blame... nothing has really changed configuration wise
<Lintt> i know i had 4 "tail-f" that were stuck at that point this morning
<soren> Lintt: That's probably just logrotate doing its thing.
<Lintt> probably
<Lintt> strange they were all stuck at the auto updater line though
<Coder7> soren: if it were reverse DNS, wouldn't the DNS eventually time out?
<Coder7> also, wouldn't me hard coding the IP/hostname into the /etc/hosts file get rid of that?
<Lintt> so , does anyone have any info on what i should look out for when bridging multiple tap interfaces on multiple locations .. will stp figure stuff out as needed even over vpn .. i don't want to create loops
<Coder7> because neither is true in this case
<soren> Coder7: Yes.
<soren> Coder7: (on both counts)
<Coder7> I'd just reboot the stuff, but one of the machines affected is a UEC controller with several instances on it
<Coder7> some of the instances are affected as well, and I now have no way to gracefully shut them down since I can't login and they have no real terminal to fall back to
<Coder7> it seems only the machines/instances configured to automatically install security updates are affected
<Coder7> which is why I suspect a botched update
<Coder7> needless to say, I'll now be disability all auto updates on Ubuntu for the same reasons I did in windows... they break more stuff than they fix
<Coder7> disabiling*
<SpamapS> damnit
<SpamapS> I had an answer
<binBASH> :)
<binBASH> query him then :D
<soren> SpamapS: What was it?
<blistov> My dhcpd server previously had range 192.168.1.2 192.168.1.254 specified, but I've since removed the range and restarted dhcpd, but clients are still being given ip's in that range so long as they had previously had a lease.  Anyone know how to stop this?
<pmatulis> blistov: crazy that it happens isn't it
<blistov> pmatulis, Yea, rebooting the server fixes it, but now on to another problem.
<blistov> Now my ddns-updates aren't working, but no errors logged.
<blistov> dhcpd: if ubuntu-temp0.cranesmart.com IN A rrset doesn't exist add ubuntu-temp0.test.com 3600 IN A 192.168.1.30: not a zone.
<blistov> Idea's?
<SpamapS> soren: I was going to suggest that he run sshd on an alternate port in debug mode
<soren> SpamapS: Ah.
<soren> SpamapS: I thought you knew what was wrong :)
<domas> hi! where can I find ddebs for lucid lynx server kernel?
<Patrickdk> archive.ubuntu.com
<domas> thanks!
<domas> odd, can't see them in http://archive.ubuntu.com/ubuntu/pool/main/l/linux/
<domas> thats because I'm blind
<domas> was looking for -3*
<Patrickdk> http://archive.ubuntu.com/ubuntu/pool/main/l/linux/linux-image-2.6.32-26-server_2.6.32-26.48_amd64.deb
<domas> yes yes
<domas> need linux-image-debug though
<RoyK> anyone around_
<RoyK> ?
<FunkyBob> morning, all
<RoyK> evening
<FunkyBob> well, 285 is a lot easier to manage than 1502 :P
<FunkyBob> am just exercising ubuntu server as a virtual server host...
<RoyK> wtf are those numbers?
<FunkyBob> people in here vs #ubuntu
 * RoyK is setting up a test suite for testing zfs-fuse vs openindiana
<RoyK> ah
<RoyK> FunkyBob: I have a bunch of VMs on my primary (private) server
<RoyK> works well
<FunkyBob> well, I ran virt-instl... but then nothing showed in virsh...
<FunkyBob> and after I reconfigured qemu to listen globally, not just localhost, I had to reboot to get it to change...
<FunkyBob> now I can't find any way to find that vm...
<FunkyBob> so.. whilst the tools are clear and easy to drive... they're not impressing me by actually _working_ yet
<RoyK> virt-manager?
<RoyK> I just use virt-manager
<RoyK> works well
<FunkyBob> is that the gui tool?
<RoyK> yes, but I only use it remotely
<FunkyBob> the docs say it is... so it's not an option
<RoyK> ssh in, start virt-manager
<RoyK> why isn't that an option?
<RoyK> I don't run X on my server
<RoyK> just the x libs
<RoyK> which don't take up much space
<FunkyBob> yeah, well... for many many reasons, we avoid _requiring_ gui tools where possible
<RoyK> well, up to you
<MeltingKeyboard> i have a question...
<RoyK> FunkyBob: I like to have the opportunity to start an X app if in need
<FunkyBob> where are the virtual maching details stored?
<MeltingKeyboard> sorry for interrupting
<RoyK> /var/lib/libvirt iirc
<RoyK> MeltingKeyboard: just ask
<FunkyBob> and.... what condition would cause virt-install to succeed, but virsh to not see it?
<RoyK> FunkyBob: it merely automates things - works for me - do it with a hex editor if you want to - I'd use virt-manager
<FunkyBob> lovely... it says the name is in use, but there are no files in /var/lib/libvirt
<MeltingKeyboard> ok, I just upgraded my server from karmic to lucid so that I could use some of the new PHP 5.3 features in my installation of ZenPhoto...
<RoyK> FunkyBob: did you start it as root?
<MeltingKeyboard> and when I get everything upgraded it says that the mysql extentions are no longer there in the installation of 5.3
<MeltingKeyboard> and ZenPhoto breaks as it requires mysql extentions
<RoyK> MeltingKeyboard: you _upgraded_ from rh to ubuntu?
<FunkyBob> I'd call that an upgrade :P
<MeltingKeyboard> no, i upgraded from ubuntu 9.10 to 10.04
<MeltingKeyboard> also an upgrade :D
 * RoyK is tired
<MeltingKeyboard> i checked in the php.ini files for the extention=mysql.so
<MeltingKeyboard> and all of them are not commented... however, the extention is not available to ZenPhoto... any thoughts?
<MeltingKeyboard> I remember that during the upgrade, i opted to use my existing php.ini files... was that a mistake perhaps?
<FunkyBob> RoyK: as for the "not installing X" ... it's a habit from the other side of the business... I have to keep remembering which side I'm working on
<FunkyBob> RoyK: the "other" side has to be ultra paranoid about security, so we don't install anything we don't _have_ to
<FunkyBob> also... virt-manager doesn't see the instance I set up... lovely
<MeltingKeyboard> ok... i just located all the mysql.so files on my system... and none of them seem to be in the new installation directories... just in backup directories... where is mysql.so supposed to go?
<MeltingKeyboard> hey i just fixed it
<MeltingKeyboard> in the extention directory line of the php.ini file
<MeltingKeyboard> it was pointing to the wrong extention directory
<MeltingKeyboard> nice...
<MeltingKeyboard> fixed
<MeltingKeyboard> thanks for the help
<hackeron_> how do I disable the feature of ubuntu showing the boot menu on failed boot? - This happens from time to time on my ubuntu servers and it's extremely annoying in a server configuration - I'd much rather have a timeout
<tonyyarusso> failed boot?
<hackeron_> tonyyarusso: well, it's not a failed boot, a system froze, I asked a local admin to press the reset button and ubuntu falsely thought the system failed to boot and shows the grub menu on screen instead of booting
<hackeron_> tonyyarusso: so then I need to ask someone to plug a keyboard and press enter - this is all because ubuntu switched from a timeout before default boot to this weird failed boot detection
<twb> hackeron_: I have lots of problems with it, too
<twb> For example, I made an LV read-only at the LV level, which made the fsck pass on it fail, which made mountall exit(4), which made upstart refuse to boot AT ALL.
<hackeron_> twb: I know I can edit the boot scripts, but that breaks every new grub revision
<twb> There was no way to fix it without using a live medium, despite that LV having NOTHING to do with the boot process
<hackeron_> twb: yeh, I get that removing the 5 seconds from a desktop boot is useful, but this is just silly for a server to *force* user interraction in these cases
<twb> hackeron_: I tend to just replace grub with extlinux
<hackeron_> twb: it's not even grub, it's the new boot scripts in ubuntu, you need to edit them to remove the /failboot or whatever they use detection
<hackeron_> but apt-get upgrade breaks it again :(
<hackeron_> I will try extlinux, thanks
<twb> Yeah, that's no nearly so easy
<hackeron_> wonder which dev thought this is a good idea for a server distribution
<twb> I doubt they thought about it at all
<Hypnoz> I adjusted hdd size in vmware, and trying to have the guest recognize the new disk size without rebooting. It shows up in dmesg but not in fdisk. any suggestions?
<hackeron_> twb: ok, so I just do apt-get install extlinux and reboot?
#ubuntu-server 2010-12-07
<twb> hackeron_: no
<twb> http://paste.debian.net/101692/ some notes I wrote on the subject
<fluvvell> I know there's hardly anyone around, but an opinion please: Am I better with IBM's SAS raid hardware onboard a new x 3100 M3 series (entry level) or linux raid ? Its just a simple mirror setup, and the controller seems to have been detected ok.
<fluvvell> I've installed linux software raid so far, but I've no idea how to compare them anyway.
<ivoks> do you see both disks on your controller?
<ivoks> in linux
<ivoks> advante of linux raid is that you can unplug your disks and plug it in anywhere
<ivoks> advantage
<FunkyBob> ivoks: and by "linux raid" you mean "software raid"?
<FunkyBob> fluvvell: hardware raid is just that -- the hardware does it, so the OS is ignorant of the fact there's more than one disc
<hansin> Question here: I once has U-server installed on an older small PII box (300Mhz, 512Mb RAM). It ran fine. Great little box I would just SSH into. It is a little loud so only ran when needed. When I shutdown the server (done via 'sudo shutdown -h now' when SSH'ed in), it shuts down but it doesn't full turn the computer off. I have to manually hold the power button to shut it off completely....
<hansin> ...Thing is, I went ahead and installed Debian Testing and it shuts down completely. I want to go back to U-server (10.10) but would rather it just shutdown completely. As a side note, I have never run latest U-server on this. Any thoughts? Thanks.
<hansin> I would think if Debian could shut this down completely, Ubuntu should too.
<fluvvell> FunkyBob, I guess the OS knows via the SAS driver modules, but my colloquial question "better off" was meaning which will perform better, or give the biggest all around benefit.
<fluvvell> FunkyBob, last time I did a comparison, it was with old paradise raid controllers, and the linux community found software raid to perform better
<fluvvell> ivoks, yes I see both disks on the controller, and yes to the software raid.
<FunkyBob> fluvvell: hardware raid is generally much faster
<FunkyBob> "hardware assisted" raid, otoh... not always so good
<qman__> real hardware raid (usually) offers better performance
<qman__> linux software raid offers better compatibility and more options
<qman__> which is better depends on your needs and preferences
<qman__> fake raid is useless
<qman__> only performs as good as software raid with the feature limitations of hardware raid
<qman__> hansin, use `sudo poweroff`
<qman__> if that still doesn't work, it's probably an APM/ACPI driver problem
<hansin> qman__: Thanks. I just wrote all that down so I can try once I install. I think I get the driver thing as well, as in if it can't communicate the the HW to power off, the OS will shut down, but the HW will still be on. I'll test it all out.
<hansin> Okay, one more question: I know U-Server can be updated to new releases (say 10.4 -> 10.10 -> 11.4) with 'do-release-upgrade' found in 'update-manager-core'. What I am wondering is, are there sometimes things that just can't update and get you to where you would be with a fresh install?
<hansin> I get that things like the files system (ext3 vs. ext4) are usually set, and often GRUB will stay at GRUB vs. GRUB2.
<hansin> (I don't care about these since I will install as ext4 and GRUB2). But are there other things? Like the transition from 'sysvinit' to 'upstart
<hansin> ', where there any issues there? Anything else that might miss out on an upgrade between releases? Thanks.
<qman__> not really
<qman__> the way it works is, certain packages won't be changed by default
<qman__> if you want to, you can still switch to the new ones
<qman__> like grub and grub2
<qman__> another one is the switch from sysklogd to rsyslog(?)
<qman__> if you upgrade it won't change over automatically
<hansin> qman__: Thanks again. I'm going to move back to U-Server and give it another go. I just wanted to clarify the upgrade part. Knowing what you just said, I can more carefully inspect the release notes for new releases.
<qman__> ubuntu has actually been using upstart since 6.10
<qman__> just in sysvinit compatibility mode
<qman__> the major change recently was a bunch of services to upstart scripts
<qman__> they're actually trying to phase out sysvinit now
<fluvvell> qman__, hardware profile says I have SAS1064ET PCI-Express Fusion-MPT SAS   - driver mptsas.  I'm not sure where I'll have compatibility issues, if its saying the dirver is already loaded...
<qman__> fluvvell, what I mean by compatibility is, with software RAID, you can hook your array up to any computer running any recent linux kernel and access it
<qman__> whereas if your hardware controller fails, you must find another compatible one to access it
<hansin> qman__: Okay, thanks. One example where there is an issue with Debian but not U-Server is using the Drizzle (MySQL derivative) PPA. It uses an Upstart script, yet Debian seems still stuck on Sysvinit. Anyway, I
<hansin> I'm going to switch back.
<hansin> Thanks.\
<qman__> no problem
<fluvvell> qman__ ; yes, I've needed to do that in the past, though had failure for unrelated reasons. But with mirrored raid, all the data is on both disks <shrug>
<qman__> not disk failure, controller failure
<qman__> with hardware raid, reading the data off the disks is impossible without a compatible controller
<fluvvell> qman__, even with mirror array?
<qman__> yes
<qman__> well, theoretically possible with a mirror
<qman__> in practice though you'd have to test
<qman__> every manufacturer does it a little differently
<fluvvell> they're standard SATA drives
<qman__> that's not what matters
<qman__> the controller still has to store RAID information on the disks
<qman__> and how and where it creates the volumes
<qman__> with software raid this is standard and open
<qman__> but with hardware raid it isn't
<qman__> a mirror should be recoverable with some analysis, even if you can't find a compatible controller, but it may not be easy
<fluvvell> yes, well part of my trepidation over doing the hardware raid setup was not knowing. Its all in the bios but unfamiliar to me
<Patrickdk> is it real hardware raid? or fake raid?
<qman__> fake raid is another story
<fluvvell> It does seem a pity though to have a nice piece of hardware sitting there unused
<qman__> since it's really just software raid, dmraid can access it even without a compatible controller
<Patrickdk> I like real hardware raid with bbc, makes writes really good
<fluvvell> the IBM has four sata quick load trays. They all go back to the PCI card
<fluvvell> bbc?
<Patrickdk> battery backed cache
<qman__> yeah, that's some serious hardware
<qman__> where you really see the performance gains
<fluvvell> OK I'm talking sub $1K, for server and hard disks!
<Patrickdk> you can spend <1k on a server? without disks or raid? :)
<qman__> my disks cost nearly that much
<fluvvell> :-) WITH both
<Patrickdk> fluvvell, ya, software raid is your best bet
<qman__> but yeah
<qman__> in that price range, the hardware is unlikely to have significant performance gains
<Patrickdk> ya, my disks are going start at 3k, I'm hoping for 4k though
<fluvvell> reliable array of inexpensive disks
<qman__> to the point where the features of software raid are worth the difference
<Patrickdk> mediocer array of expensive disks :)
<fluvvell> there's only 5 staff in the building
<Patrickdk> doesn't matter
<Patrickdk> have 7 staff
<qman__> my file server is consumer grade stuff
<Patrickdk> but we have 96 300gig sas dual channel 6g drives
<qman__> and it still cost more than $1k
<Patrickdk> but we are running around 80 vm's loaded mainly with mssql :(
<qman__> unfortunately it's failing on me
<qman__> the motherboard is shot, keeps crashing
<fluvvell> ok just a little over $1K
<Patrickdk> motherboards seem to be one of the biggest failing points these days
<Patrickdk> it used to be psu, but now I think motherboard is worse
<qman__> well, it was built on a budget
<qman__> socket 939 foxconn
<fluvvell> by the time I put two WD Blue 1Tb 7200 drives in
<qman__> when I get the money to replace it, it'll be an AM3 gigabyte
<fluvvell> I've never had one of the IBM mbs fail. All others I've had some failures.
<fluvvell> Long term, I've had heaps of gigabyte mbs fail, caps leak, weird chipset failures.
<Patrickdk> heh, I just replace the caps
<qman__> they use japanese caps now
 * fluvvell lacks a good extracting temp controlled solder sucker
<qman__> so far, so good anyway
<SpaceBass> hey folks
<SpaceBass> after an upgrade, my box doesn't have a syslog file anymore... any idea how I can recreate it?
<fluvvell> Patrickdk, where I have replaced caps (on a graphics card) it didn't fix the failure so I gave up. Not worth it on a $60 card :(
<Patrickdk> oh?
<Patrickdk> I have fixed 13 motherboards so far that way
<qman__> I actually had a VRM fry on a TV tuner, a friend replaced it and it's good as new
<fluvvell> I guess the caps leak might have led to failures elsewhere.
<Patrickdk> but for graphics cards I probably wouldn't bother
<Patrickdk> most of the motherboard had >13 dead caps
<qman__> SpaceBass, which file are you referring to?
<SpaceBass> /var/log/syslog.log
 * fluvvell better go
<qman__> that's pretty strange, do you still have the other log files, messages, dmesg, kern, auth?
<SpaceBass> yep
<qman__> and it's logging new data to them?
<SpaceBass> just checked, yes
<qman__> I haven't run into that problem, I've upgraded hardy servers directly and a jaunty server -> karmic -> lucid
<qman__> and on my systems it's /var/log/syslog, no .log at the end
<SpaceBass> likewise, never seen it myself
<qman__> is it running sysklogd or rsyslogd?
<SpaceBass> qman__, your right, it should be /var/log/syslog
<SpaceBass> syslog     616  1.7  0.0  36472  1256 ?        Sl   Oct24 1113:04 rsyslogd -c4
<qman__> well, rsyslog uses /etc/rsyslog.conf and /etc/rsyslog.d/*.conf
<SpaceBass> thanks, I'll check them
<qman__> my jaunty upgrade has both of them on it for some reason, rsyslogd is running but sysklogd still has cron files and init scripts
<SpaceBass> qman__, can you check owner and perms on your syslog file?
<qman__> -rw-r----- 1 syslog adm 1007K 2010-12-06 21:25 /var/log/syslog
<SpaceBass> thanks
<SpaceBass> going to try the ole sudo touch /var/log/syslog
<Cygnus_Rift> Hello everyone, can someone let me know if I have everything correct to ssh to my ssh server?
<Cygnus_Rift> I installed sshd on my server and forwarded my selected ports from my router to my statically addressed server
<lwizardl> hello
<lwizardl> I was wondering how do I figure out how much of a server I need as a virtual server host? for my other servers
<hansin> lwizardl: I really don't know, but I am sure you need to determine first how many guests you want to run, what resources each of there need, and then what overhead exists on the host server. My guess is that you can "overprovision" the guests based on some formula, but don't know what the rule of thumb is.
<lwizardl> hmm ok
<Error404NotFound> what was the latest version having python2.5 as default python?
<twb> rmadison will tell you
<uvirtbot> New bug: #686343 in postfix (main) "package postfix 2.6.5-3 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/686343
<Error404NotFound> twb, found it, it was karmic, in lucid they dropped p2.5
<twb> Why is /etc/init/ssh.conf "stop on runlevel S"
<twb> Surely it should be "stop on runlevel [06]"
<twb> Yep
<ivoks> fluvvell: so if you see both disks, then it's not hardware controller
<fluvvell> ivoks, you missed the part where I said I never set up the hardware controller during the installation.
<twb> ivoks: there are some amazingly shit controllers that IBM ship which present as separate disks to normal linux kernels
<twb> IIRC /dev/ccmra01 or something like that
<ivoks> fluvvell: could be; i was half sleeping at 2AM
<ivoks> twb: whenever someone says 'hardware on board controller', i just look on the other side
<lwizardl> hey
<lwizardl> anyone know of a place where I can find a list of what all games have a dedicate linux server option for hosting your own lan servers
<twb> update-motd provides nothing but an empty directory
<twb> What *invoked* update-motd?
<twb> pam_motd.so
<twb> Silly me for thinking it was generated DAILY
<jussi> Hi all, I just got a new vps with ubuntu, but it doesnt seem to have tab complete enabled, could someone direct me how to turn tab complete on?
<twb> jussi: . /etc/bash_completion
<twb> (Note the leading dot.)
<jussi> well I guess this is why its borked...
<jussi> jussi@vps323:~$ . /etc/bash_completion
<jussi> -bash: /etc/bash_completion: No such file or directory
<twb> Then you probably need to install it
<twb> That or you are not actually looking at ubuntu
<jussi> jussi@vps323:~$ lsb_release -a
<jussi> Distributor ID: Ubuntu
<jussi> Description:    Ubuntu 10.04.1 LTS
<jussi> and so, you were right, it wasnt installed. thanks"
<jussi> right, so one more quick thing, Im migrating servers now, how do I pull mysql DB's out and plug them into the new server?
<tonyyarusso> jussi: Google for "Wordpress database backup restore"
<jussi> tonyyarusso: ok :D (its not for wordpress, but still I guess its the same)
<tonyyarusso> first two links
<al> why don't you just copy the datafiles, jussi?
<tonyyarusso> jussi: It's just that the WordPress people have a pretty good no-nonsense writeup on the matter.
<jussi> al: because I have no idea I can!
<al> well, you can
<jussi> where are they likely to be located?
<al> /var/lib/mysql?
<al> maybe /var/db
<jussi> ooh!
<jussi> hrrr... someone remind me of the tar command that actually makes a tar.gz file? my combinations fail...
<al> tar cvzf your.tar.gz stuff/ to/ back/ up/
<tonyyarusso> tar cz...bah
<al> or, well, czf will do ;)
<al> create, zip, file <filename>
<al> but for server migrations i find rsync -az --delete much more convenient
<al> (resp. without the --delete ;)
<jussi> Im still having issues with it downloading the index.php not loading it - any ideas?
<twb> al: the z is actually for gzip
<tonyyarusso> jussi: s/it/something useful/
<tonyyarusso> g
<al> twb, yea, so?
<twb> You said zip, is all
<al> twb, which is still correct
<twb> zip and gzip both use the Lempel-Ziv algorithm, but they are not interachangable.
<al> i didn't mean to imply that
<twb> Okey dokey.
<njin> bug 588993
<uvirtbot> Launchpad bug 588993 in linux "mcelog does not work due to lack of kernel support" [Undecided,New] https://launchpad.net/bugs/588993
 * SpamapS curses the baby for waking him up at 2am
<Jeeves_> :)
<ruben23> hi guys where do i can edit the iptables rules on my ubuntu server..? any idea where is it localted like on centos its localted on---> .etc/sysconfig/iptables <-------------for ou ubuntu server where is it...?
<ruben23> any idea guys..?
<Jeeves_> ruben23: How did you configure your firewall untill now?
<ruben23> i just put it on my /etc/rc.local/ teh ruesl i set like masquerade since this box is set to be router.
<twb> SpamapS: that's what I'd call a disproportionate response
<ruben23> Jeeves_:..?
<Jeeves_> ruben23: So, just keep editing that?
<Jeeves_> Or use ufw
<twb> iptables rules should be loaded during rcS, not rc.local.
<twb> Otherwise, you are in "allow all" mode for the entire init process.
<twb> Note that (usually) iptables rules can be loaded before any network devices exist.
<ruben23> Jeeves_: how to used ufw...? on ubuntu-server...?
<Jeeves_> ruben23: https://help.ubuntu.com/community/UFW
<twb> Blergh
<twb> diff -u <(w3m -dump https://help.ubuntu.com/10.04/serverguide/C/kerberos-ldap.html) <(w3m -dump https://help.ubuntu.com/10.10/serverguide/C/kerberos-ldap.html)
<twb> ...zero changes to that section in six months.
<ruben23> Jeeves_: but there is no config file that i can put rules and edit directly on ufw..?
<Jeeves_> ruben23: See /etc/ufw
<twb> ruben23: if you are capable of writing complex netfilter rules, you probably don't want ufw
<twb> http://paste.debian.net/101737/ is such a firewall I set up, using the iptables-persistent package.
<twb> Oops, the first file is http://paste.debian.net/101738/
<ruben23> twb:  this is the script of the iptables..? - it just im more compatible like editing the iptables config file itself- adding rules on it.
<twb> ruben23: I don't understand the question.
<ruben23>  twb: sorry , i sued to do firewall with centos and i just edit the file iptables and add rules in there and apply whihc is more simple- its juts im not familiar how is it with debian.
<ruben23> or ubuntu server..
<Zumu> yo
<Zumu> I just made "apt-get upgrade" on 2.6.32 server
<Zumu> upgrade had grub-pc in it, but rootfs is on raid1 ..
<Zumu> should I worry that it won't boot?
<patdk-wk> zumu nope
<Zumu> patdk-wk: but it asked where to install boot loader
<patdk-wk> yep, install it to the root of the raid
<patdk-wk> then it will get written to both drives, and your good
<Zumu> the choice was to install to sda or sdb..
<Zumu> I killed that post-install trigger
<patdk-wk> guess your using softraid, or it would be so complicated
<patdk-wk> mine has 3 options /dev/sda, /dev/sdb, /dev/mapper/......
<jdstrand> ruben23: there is a file you can edit directly with ufw. they are in /etc/ufw/*.rules. you probably want /etc/ufw/before.rules. see 'man ufw' and 'man ufw-framework' for details
<jdstrand> ruben23: but you are right, there is not one firewall system for Debian. ufw is on all Ubuntu installations, but it is opt in and you still have the choice of everything that is in Debian (or writing your own)
<lau> how can I handle https://bbs.archlinux.org/viewtopic.php?pid=606993 on ubuntu-server machine ?
<uvirtbot> New bug: #676508 in samba (main) "Lucid won't share printers via samba" [Undecided,Incomplete] https://launchpad.net/bugs/676508
<stanman246> hi, i've got a stuck mysqld, anyone know how to fix this? I can't reboot
<aliverius> since i am not familiar with how ubuntu and esp lts versions deal with package updates...
<aliverius> how is it decided if a pkg is updated or not?
<TeTeT> aliverius: you want to read about the SRU (stable release update process) on wiki.ubuntu.com
<TeTeT> aliverius: besides SRU there are also security updates
<aliverius> ok
<aliverius> so it seems that if an application was accepted in the repos when it was at an early stage of its development,
<aliverius> and now there is a release with more features that actually makes it more useful. then i will have to wait for another ubuntu release...
<aliverius> except,of course, if i build a package myself or use a package from another ubuntu release
<resno> aliverius: whats your question?
<aliverius> [16:38:58] <aliverius> how is it decided if a pkg is updated or not?
<aliverius> i see quassel-core irc client is stuck at 0.6.1
<aliverius> 0.7.1 has important security additions (not a security update)
<aliverius> and in the end i am wondering how i can use the latest release
<awanti> I wan to configure samba server in my office. In our office their is 4 department like Sales, Marketing, Data-base, Finance. There are 25 users in our office and have to add those users in their respective departments. But here my question is i have to give different permission for particular users in department. So plz. help me to configure this!
<pmatulis> aliverius: an application's major version does not change in the course of a release's lifetime
<pmatulis> !info quassel-core
<ubottu> quassel-core (source: quassel): distributed, KDE/Qt-based IRC client - core/server component. In component universe, is optional. Version 0.7.1-0ubuntu1 (maverick), package size 270 kB, installed size 1068 kB
<pmatulis> !info quassel-core lucid
<ubottu> quassel-core (source: quassel): distributed, KDE/Qt-based IRC client - core/server component. In component universe, is optional. Version 0.6.1-0ubuntu1.1 (lucid), package size 261 kB, installed size 1028 kB
<pmatulis> aliverius: so use maverick
<awanti> is any buddy can help regarding samba (acl)
<aliverius> i will use maverick's quassel pkg. i chose lucid cause it is an LTS afterall!
<aliverius> or can i use the source pkg and build it on lucid? dependency wise it should be feasible, but i am comming from the archlinux world so i dont know how packages work here!
<pmatulis> aliverius: yes, you can build your own package
<aliverius> can i just download a buildscript and run it?
<pmatulis> aliverius: no.  it's more involved.  you can either build an actual .deb file or use the PPA system (send changed source and build info to launchpad)
<pmatulis> aliverius: you will need to do some reading
<aliverius> ok
<pmatulis> aliverius: i would say that PPA is easiest
<pmatulis> aliverius: as there are multiple ways/tools to build a .deb (confusing)
<pmatulis> aliverius: see #launchpad for LP-related questions
<aliverius> ok ty. i will do some research 1st
<uvirtbot> New bug: #686607 in openssh (main) "ssh client should mention ssh-keygen on mismatched keys" [Undecided,New] https://launchpad.net/bugs/686607
<JoeyJoeJo> I've just installed ubuntu-server to a dell poweredge and all it's running is samba. What else can I run?
<pmatulis> JoeyJoeJo: what release did you install?
<JoeyJoeJo> 10.04
<pmatulis> JoeyJoeJo: here: https://help.ubuntu.com/10.04/serverguide/C/index.html
<JoeyJoeJo> pmatulis: Thanks, that was a great link
<pmatulis> JoeyJoeJo: you're welcome
<MWelchUK_work> I'm having a bit of trouble configuring the DHCP server in Ubuntu 10.04. Specifically, PXE booting.
<MWelchUK_work> I have a set of host sections, each specifying a filename. The config worked in Ubuntu 8.04, but isn't working for devices using the Intel Boot Agent on 10.04
<MWelchUK_work> It seems that the file and sname don't get set in the response if the DHCPDISCOVER provides a Parameter Request List.
<MWelchUK_work> I've tried setting option bootfile-name in the host sections, but this doesn't work - it only seems to work as a global option. Any ideas?
<MWelchUK_work> Hey jono
<jono> hey MWelchUK_work
<MWelchUK_work> I assume the weather is a bit warmer with you :-)
<uvirtbot> New bug: #686627 in samba (main) "Samba server crashes on file read." [Undecided,New] https://launchpad.net/bugs/686627
<kirkland> JamesPage: hey, can you join us in #ubuntu-meeting?
<JamesPage> kirkland: yep - just seen the time...
<mpavel> I have an old computer that I want to setup as server and play about with it while in university
<mpavel> I'm using dyndns to use a free domain name and point that to my router which will point to my server
<mpavel> is there a way to setup subdomains so that I can have different websites on each running on the server?
<disposable> i've just installed 10.04.1 on a system with 2 disks creating software raid. I created 3 raid1 MD devices in the installer. i formatted md0(/), md1(/var) and left md2 alone so that i could play with it later. when i do fdisk -l now, i don't see just /dev/md2, i get md2p1 md2p2 and md2p3. what are they? http://pastebin.com/8seZdjWr
<RoAkSoAx> kirkland: still around?
<kirkland> RoAkSoAx: in a meeting
<RoAkSoAx> kirkland: ok. no worries then
<RoyK> hm... pbpool                     514K  97.2T  66.1K  /pbpool
 * RoyK has room for some pr0n
<Wh1teL0tus> hi all , i installed a LAMP server yesterday but i'm new into it and i was wondering where to find the folder to put your web pages in ?
<uvirtbot> New bug: #686671 in openssh (main) "ssh-copy-id assumes $HOME" [Undecided,New] https://launchpad.net/bugs/686671
<jeremyA> hello.  I've recently upgraded from 8.04.01 LTS to 10.04.01 LTS.  I'm experiencing hard hangs -- which is new.  This is a server running 2.6.32-26-server, without X started.  I do use virt-manager over ssh-tunneled X.  Nothing is logged in /var/log/messages or /var/log/kern.log
<jeremyA> amd64 architecture, 8gb of ram.  SATA storage in softraid 1 setup.
<jeremyA> dual-core athlon X2 5400+.
<jeremyA> where should I start looking?
<jeremyA> I can induce hard system hangs predictably by installing an OS on a virtual machine -- this affects VirtualBox and KVM both (I switched to KVM thinking VBox was the culprit)
<cokegen> dmesg ?
<jeremyA> nothing shown
<jeremyA> just the standard iptables kernel logging bits.
<cokegen> hardware could fail at all times
<cokegen> I'd not discard hardware so fast
<jeremyA> I ran the identical hardware quite hard with 8.04.01 LTS for several years -- running both vmware server 1.0.6 and VirtualBox.  This never happened before.
<jeremyA> which is not to say it can't be hardware.
<jeremyA> since nothing is getting logged to dmesg, any tips for isolating the hardware?
<cokegen> memtest + cpuburn
<mpavel> Wh1teL0tus: /var/www/
<cokegen> doesn't hurts to turn off the machine for half an hour to test it
<jeremyA> roger.  I'll try cpuburn now, then rebooted into memtest this afternoon
<RoyK> cokegen: I somehow think the machine is hard to test while it's off :Ã¾
 * RoyK ducks
<cokegen> RoyK, :D
<cokegen> I have my methods ...
<cokegen> jeremyA, I'm booting a system rescue cd to see if it actually has cpuburn in it
<jeremyA> thx
 * RoyK just booked a long weekend in ReykjavÃ­k to thaw a bit
<cokegen> mprime could be another option
<jeremyA> cpuburn has run for 8 minutes now, and temperature on the cpu is stable at 32C
<cokegen> what is exactly what you define as a "hard hang" man ?
<jeremyA> video goes blank.  keyboard mouse unresponsive.  system no longer responds to pings or any network traffic
<cokegen> tried noacpi ?
<cokegen> and that kind of parameters booting the kernel ?
<jeremyA> I have not yet tried noacpi.  I can give that a shot.
 * jeremyA drops off channel to reboot the gateway (which is the server in question)
<cokegen> jeremyA tried something already
<cokegen> ?
<jeremyA> rebooted with noacpi in place, I thought....
<jeremyA> shouldn't the "noacpi" show up in /proc/cmdline then?
<cokegen> I think it should
<jeremyA> must not have taken it.  better go plug a monitor into this and force it from the grub command line.
<jeremyA> bbiab
<cokegen> k
<donspaulding> ssh-keygen -t rsa -C "tekkub@gmail.com"
<donspaulding> <forehead slap>
<donspaulding> aka <facepalm>
<cokegen> jeremyA, yes it should (confirmed)
<Wh1teL0tus> thanks mpavel !
<jeremyA> yep, acpi SHOULD show up in /proc/cmdline
<jeremyA> it does now
<cokegen> yep
<cokegen> jeremyA, acpi=off could be too
<jeremyA> neither were there, I must not've updated grub.
<ZacLnxNewb> hello
<cokegen> I'd search the kernel docs for the kernel version you have there
<jeremyA> anything in particular I should be looking for, cokegen?
<ZacLnxNewb> I have a server,  beyond-sight.com
<jeremyA> when I drop off next time, it'll be due to server crash...
<ZacLnxNewb> and I have utterly no idea how to configure webpage hosting for multiple web pages on the same server,  other.beyond-sight.com    versus     beyond-sight.com
<cokegen> k
<cokegen> hopefully not ...
<jeremyA> Zac:  name-based virtual hosting!
<Pici> ZacLnxNewb: You'd need to setup virtual hosts in your apache config and on your dns records.
<jeremyA> when I get back from lunch, I can help you with that ZacLnxNewb
<jeremyA> but someone here will probably beat me to it
<cokegen> jeremyA, I think most of the commands are there when you boot an install
<ZacLnxNewb> jeremyA:  Awesome. :D
<cokegen> noacpi is one and there could be others of relevance
<cokegen> just saying that if I were you I'd try those parameters ...
<ZacLnxNewb> Pici:  DNS records how?  I have a  DNS updater, I need to add that to update the dns network?
<ZacLnxNewb> Pici: and then Apache config for name based virtual hosts?
<mpavel> does anyone know of a good guide on how to do name based virtual hosts?
<smoser> i dont knwo what that would mean. "name based virtual hosts"
<Pici> ZacLnxNewb: You'll need to setup a new A record for the subdomain.
<smoser> oh.. apache.
<smoser> sorry, i was thinking the other type of "virtual" (lxc/kvm/xen)
<Pici> ZacLnxNewb: And then something like the following in your apache site configruation: http://paste.ubuntu.com/540727/
<jeremyA> some sample configs for you, ZacLnxNewb, at http://ccis2122.linux-classes.com/week12/
<ZacLnxNewb> Thank you
<Pici> ZacLnxNewb: I guess you could use a CNAME instead of an A record if your subdomain is being served off of the same IP as the main domain.
<ZacLnxNewb> jeremyA:  Pici  I'm trying to figure out how to make a new A record...
<ZacLnxNewb> Pici:  Same IP, same server hosting two web sites. :p
<mpavel> Pici: is there a way to do that through a free domain from dyndns?
<Pici> mpavel: I'm really not sure, but I'd guess no.
<mpavel> probably that's why I wasn't able to do it so far :)
<mpavel> it should work with users (maybe?)
<mpavel> i couldn't get php scripts to execute though like that - but it could've been a php thing
<Pici> mpavel: I'm just thinking out loud here, but you might be able to setup a new virtualhost for a different dyndns domain that points to your same IP>
<mpavel> hmm
<mpavel> Pici: never thought of that
<elnur> Hi. Is there a trend about grub and xen fuckup in latest days?
<jeremyA> ZacLnxNewb:  http://ccis2122.linux-classes.com/week3/
<jeremyA> my lecture on Bind
<jeremyA> sorry the notes aren't more explanatory
<ZacLnxNewb> jeremyA:  So I think I've set up the A records, subdomains with  "a record" settings at the name hosting site
<pmatulis> !language | elnur
<ubottu> elnur: Please watch your language and topic to help keep this channel family-friendly, polite, and professional..
<ZacLnxNewb> jeremyA:  my guess is I need to set the DNS updater to update those A records to point to my server's ip addrtess?
<elnur> * Hi. Is there a trend about grub and xen problem in the latest days?
<Pici> ZacLnxNewb: Indeed.
<mpavel> what would be the best solution to have multiple websites on same server?
<ZacLnxNewb> That's currently what I'm tackling
<mpavel> would the easiest thing to do just be that I have a SITE_PATH variable in php and put websites in sub directories?
<ZacLnxNewb> mpavel:  ^
<mpavel> ZacLnxNewb: I thought so :)
<mpavel> ZacLnxNewb: me too ... for a few weeks now
<ZacLnxNewb> mpavel:  PHP does have that, but I think there's something that's cleaner and easier, and less hacky, hopefully.
<mpavel> ZacLnxNewb: I have one server (old computer) to play with and would like to setup multiple websites
<i0nic> Hi, I was thinking of using amazons S3 service for server backups, what do you guys think about this?
<mpavel> ZacLnxNewb: what do you think that is?
<ZacLnxNewb> mpavel: Same
<guillaume_> hi all
<Pici> Using Apache's virtualhosts is really easy as long as you can easily change your dns records.
<guillaume_> i have a good question for you
<i0nic> I have always used dedicated boxes and setup incremental rsync scripts to backup my data to the box.
<i0nic> So this amazon cloud thing is very living on the edge for me, just wanted to get some input.
<Pici> s/is/are/
<guillaume_> i am using ubuntu 10.04 server for proxy with squid + dansguardian everything fine except i need ncsa auth and i am unable to make it working and i have already tried  most of the how to on the net any idea ??
<mpavel> Pici: I'm just thinking (i'm very unexperienced in servers stuff) that working with the dns and apache vhosts would be much easier if I'd have a full domain name
<mpavel> Pici: and a static IP address :)
<Pici> mpavel: It would indeed.
<cokegen> i0nic, S3 just works
<i0nic> what about redundancy
<i0nic> ?
<cokegen> they handle it
<cokegen> you don't have to worry about your data
<i0nic> uh
<cokegen> that's with S3
<cokegen> EC2 could have more failures
<i0nic> but im essentially on a cloud
<i0nic> so would i need to encrypt my data?
<cokegen> but haven't seen one myself yet
<cokegen> I think S3 has something regarding that
<i0nic> okay
<cokegen> anyway I'd recommend to encrypt and upload and forget about any problems
<i0nic> are large enterprises adopting the cloud as a backup solution?
<jeremyA> ZacNwbLnx:  yes
<cokegen> amazon recently made available a new API to work with their services
<cokegen> had a friend that was playing with it but I can't say much about that
<cokegen> apparently works like a charm
<elnur> http://paste.ubuntu.com/540735/ -- anyone knows how to solve this?
<elnur> This 'ignoring' stuff shouldn't be there, I guess.
<jeremyA> cokegen:  looks like noacpi MIGHT have done it.  Just installed a VM successfully
<mpavel> Pici ZacLnxNewb: I will give another try to users approach
<mpavel> you can basically have your.free.domain/~user/
<mpavel> and I was thinking to create different users for each website and access it like that
<jeremyA> ZacLnxWeb:  the server at linux-classes.com actually has several names
<Pici> mpavel: Setup mod_userdir: http://httpd.apache.org/docs/2.2/howto/public_html.html
<jeremyA> ZacLnxWeb:  I have multiple CNAMEs and A Records pointing to it's IP
<mpavel> Pici: exactly :)
<jeremyA> ZacLnxWeb:  then I just map each name to a different dir using vhosts
<ZacLnxNewb> Pici: jeremyA   I'm setting up DDclient to update the A records.
<ZacLnxNewb> Pici:  jeremyA  I appreciate your help so far. :D
<cokegen> jeremyA, good thing to hear then
<cokegen> I had only one or two machines in my life that required noacpi ...
<mpavel> Pici: any idea if that solution would stop php scripts from running?
<Pici> mpavel: It shouldn't.
<mpavel> Pici: or would there be a need to alter something in php.ini ?
<mpavel> if for example the user directories are in /home/~user1/ /home/~user2/ and php is not set to execute scripts from /home/*
<mpavel> or something ... just thinking :-/
<Pici> mpavel: But remember that www-data would need to be able to access the php files, so you'll need to make sure that is the case.
<mpavel> so include each user in the www-data group
<Pici> mpavel: Thats one way to do it.
<mpavel> Pici: that's the only way I know. but I can search online for alternatives
<Pici> mpavel: No, thats a fine way (in my opinion), but there are a whole bunch of options on how you'd want to do this depending on how restrictive you want your security policy to be.
<jeremyA> cokegen:  yeah, this machine didn't need noacpi under 8.04.01, but new kernels == new features, new problems.  At least I'm off vmware server and virtualbox now
<mpavel> Pici: cool. not really interested in security right now for this kind of setup. i'm just looking for easier ways to setup a working testing/playing-about environment for some projects
<cokegen> sure ... a bit of testing is due when you switch versions
<mpavel> Pici: thanks for all your help!
<jeremyA> anyone using iptables with bridged traffic?
<jeremyA> I'm getting a lot of logs like this:
<jeremyA> Dec  7 13:13:49 localhost kernel: [ 2791.493463] IN=br0 OUT=br0 PHYSIN=vnet0 PHYSOUT=eth0 SRC=192.168.15.17 DST=224.0.0.251 LEN=115 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=95
<jeremyA> my bridge device is br0, the physical device is eth0, and I want my LAN to be able to talk to my virtual machines as if they were on the same network segment
<jeremyA> (like they used to be on vmware)
<cokegen> jeremyA, the other day I was here and a guy solved his problems with ebtables (which I didn't know it existed)
<jeremyA> okay, cool, thanks
<cokegen> to work with bridged stuff like you
 * jeremyA nods
<cokegen> just saying you should look into that
<jeremyA> I've been meaning to learn ebtables for about 9 years now
<jeremyA> googling now
<cokegen> never needed to work with bridges but it's a must when working with all that virtualized stuff
<jeremyA> have I mentioned I dislike virtualization in general?  too much extra work ;)
<jeremyA> keeps the electrical bill lower, tho, I guess
<cokegen> have to buy a VT-x capable processor
<jeremyA> they're sub-$100 now.
<jeremyA> :)
<cokegen> want to try how well it runs win
<cokegen> not here (argentina)
<jeremyA> oh, I bet.
<ZacLnxNewb> jeremyA: Pici   I'm having trouble adding servers to ddclient
<jeremyA> ZacLnxNewb:  I use ipupdate.pl for freedns.afraid.org, or adjust the DNS manually, I'm afraid :(
<guillaume_> some of you well knoe squid+dansguardian config ?
<jeremyA> sorry, guillaume, I know nothing about that
<guillaume_> lol
<guillaume_> thanks for answering
<guillaume_> it seem to be hard to find pepole who know
<jeremyA> bridging with kvm needs no ebtables, only iptables:  iptables -I FORWARD -i br0 -o br0 -j ACCEPT   where br0 is your bridge device
 * RoyK books a trip to ReykjavÃ­k to thaw up a bit
<fluvvell> I really need to get this cpu fan under control, the heatsink is stone cold, but the fan constantly speeds up and slows down. sensors is alleging that fans are at 0RPM. pwmconfig alludes to increasing the fan divisors, I have no idea what that is and I cant find the doc
<fluvvell> ok found the doc.
 * RoyK hands fluvvell a screwdriver
<fluvvell> he he, disconnect the fan?
<qman__> well, you want to make sure it's all PWM equipment, I've got some older stuff that was pre-PWM and is not compatible
<fluvvell> qman__, na its brand new - four wire fan to cpu.
<qman__> ok
<fluvvell> ive found the fan divisor setting, I think, but pwmconfig still finds current speed of 0 for all fans
 * fluvvell is wondering where to find hwmon0/device/pwm1   ?
<fluvvell> weird. Now its all quiet!
 * RoyK takes his screwdriver back
 * fluvvell frequently leaves screwdrivers behind clients servers and finds them on later visits
<RoyK> fluvvell: the leftover screws goes into the pocket, eh?
<fluvvell> RoyK, I have dozens of little snap lock bags with screw selections in them :) and bitz containers on the window sill!
<i0nic> I'm trying to setup key authentication for ssh
<i0nic> and it keeps asking for the password
<i0nic> what am I doing wrong?
<RoyK> i0nic: well, I guess that depends on what you are doing.....
<i0nic> RoyK: is there a program to shoot my sshd_config to a pastebin program? does ubuntu provide one of thes in the repos?
<guntbert> !info pastebinit | i0nic
<ubottu> i0nic: pastebinit (source: pastebinit): command-line pastebin client. In component universe, is optional. Version 1.1-2 (maverick), package size 22 kB, installed size 404 kB
<i0nic> ah thanks
<i0nic> here is a copy of my sshd_config
<i0nic> http://pastebin.ubuntu.com/540785/
<i0nic> not sure why its still asking for a password
<guntbert> i0nic: do you want to disable password based login completely?
<cokegen> you need to cat the public key to the machine's ~/.ssh/authorized_keys2
<cokegen> and then provide ssh with the key
<cokegen> when connecting I mean
<cokegen> like this
<i0nic> guntbert: yes
<i0nic> to roots /.ssh/authorized_keys2 ?
<cokegen> ssh -p 22 -i /path-to-private-key/machine-key root@111.222.333.444
<i0nic> i put the public key in the users .ssh/
<cokegen> and you could generate your keys like this
<i0nic> that should be all it needs?
<i0nic> i put the public key in the users .ssh/
<cokegen> ssh-keygen -t rsa -b 4096 -f /path-to-private-key/machine-key
<cokegen> you get 2 files with that last command
<cokegen> one is the private key and the other the public key (.pub)
<cokegen> that .pub you need to cat to the target machine's authorized_keys2
<cokegen> i0nic, hope I was clear enough ;-)
<guntbert> i0nic: it is .ssh/authorized_keys  by now (no 2), does key based login work at all or does it ask for password anyway?
<cokegen> no, just connect
<i0nic> guntbert: it asks for the password
<cokegen> but you have to provide ssh with your identity (private key)
<i0nic> guntbert: so apart from being in userhomedir/.ssh/ it also needs to be in /root/.ssh/authorized_keys ?
<guntbert> i0nic: listen to cokegen too
<i0nic> i am
<i0nic> im just trying to understand whats going on before i use the steps he gave me
<i0nic> cokegen: gotcha.. i am adding it now..
<i0nic> cokegen: does it need to be in usershomedir/.ssh/ as well? the pub key?
<cokegen> think so
<cokegen> I just placed always into the /root dir
<cokegen> so I can't tell, but I'd expect to be for the user I'm trying to conect to
<i0nic> cokegen root doesnt have a .ssh dir
<i0nic> just create it?
<cokegen> create it
<fluvvell> i0nic, it depends who you are going to log in as. Best practise would be to log in as your privileged user, and sudo any root commands. In that instance, you'd ssh-copyid to the user@host
<i0nic> k
<cokegen> yep
<cokegen> ssh-copyid is the best method, but if you have ssh running in a non-standard port it fails
<cokegen> and I don't know if it has a port parameter (last time I checked I think it hasn't)
<fluvvell> i0nic, but on the machines where I have root login, I have removed the root password after setting up ssh keys.
<cokegen> probably could work with "oPort=non-standard-port-number" but I don't know
<fluvvell> cokegen, you can setup ports for each host in your .ssh/config file
<cokegen> what do you mean by each host ?
<fluvvell> the format is Host=hostname.org   then next line port=#
<cokegen> I like to connect to IP addresses, but cool to know
<fluvvell> eg, I've got a dozen machines I regularly ssh into, there is a Host=hostname.org entry for each of them naming the non standard port I use.
<fluvvell> cokegen, yes but your hosts have names eventually,  you could add them in your hosts file.  I've got dns set up for all of them, dyndns.org for the ones on dynamic ips.
<i0nic> its still asking for the password, cokegen
<cokegen> how are you trying to connect i0nic
<i0nic> cokegen: ssh as a user.
<cokegen> ssh -i /path/key root@ip
<cokegen> did you cat'ed the key to authorized_keys2 ?
<i0nic> i did it to authorized_keys
<cokegen> cat keyfile >> ~/.ssh/authorized_keys2
<i0nic> yah
<i0nic> keys2?
<cokegen> yep
<cokegen> 2
<cokegen> on my machine works without the 2, but don't know why
<cokegen> could be keys of SSH1 ?
<cokegen> don't know really, but do the cat to the authorized_keys2
<guntbert> cokegen: the '2' *was* necessary, they switched back since
<cokegen> ok, good
<i0nic> so, the owner of these files needs to be root?
<cokegen> if you're trying to connect with root, I think yes
<guntbert> i0nic: on the target server? yes, if you want to connect as root
<fluvvell> cokegen, I've just set it up on a machine without half of the complexity you've suggested.
<i0nic> still not working
<cokegen> half ? share with us please
<cokegen> ;-)
<i0nic> guntbert: no im connecting with users, I just want key authentication setup.
<fluvvell> http://www.linuxconfig.org/Passwordless_ssh  gives the method
<guntbert> i0nic: the auth..keys file must be in .ssh  of the user you want to connect as
<fluvvell> the only pre-requisite is the same user exists on both machines
<cokegen> fluvvell: I didn't told him more than what that webpage says
<cokegen> maybe added the port parameter to some of the commands etc etc
<cokegen> it's the same
<guntbert> fluvvell: why is that?
<fluvvell> cokegen, sorry it was guntbert
<cokegen> ahhh ok ;-)
<fluvvell> guntbert, for the method shown on the linuxconfig
<fluvvell> not in general, but it de-confuses a bit.
<fluvvell> guntbert, ssh-copy-id copies the auth keys over
<guntbert> fluvvell: ok, I obviously didn't see the complete context -- ignore me please :-)
<cokegen> mind that ssh-copy-id doesn't works on non-standard ports
<fluvvell> cokegen, it does if you add the hostname into your .ssh/config file.  I think ip address will work as well
<i0nic> so what does the command ssh-copy-id do, because it works now that I've used this command?
<fluvvell> sorry ~/.ssh/config
<cokegen> fluvvell: now I get it
<fluvvell> :-)
<cokegen> anyway, still prefeer doing it manually
<cokegen> do you know a good method to manage a good number of those keys ?
<fluvvell> i0nic, ssh-copy-id  copies the public key into the authorized_keys file in one command.  It does simply, what guntbert described (I think was the old way)
<fluvvell> cokegen, its my key being copied onto the server at the other end. ssh agent allows for the revocation of keys from specific servers I believe.
<fluvvell> so one key to rule them all ;-)
<guntbert> fluvvell: for administration of several servers I use just one key (with a *very good passphrase* â¢ ), and I call ssh with -A for agent forwarding
<cokegen> didn't investigated that, but I will
<fluvvell> guntbert, yes I never could get around the having to type my passphrase into my machine first when I opened a new shell. I ended up typing it in over and over, negating the passwordless access to the servers. hints?
<guntbert> fluvvell: usually ssh-agent is running, you can add a key any time you want with ssh-add <path-to-key-file>
<fluvvell> I would recommend that i0nic not leave a root password on the server though
<eriksson26> Hi, how do I set up remote desktop to a computer that I only have ssh acc to? I am admin.
<FunkyBob> eriksson26: do you need a full remote desktop? or just access to X apps running on it?
<MeltingK33board> ok so i have ssh-copy-id'ed my key to my server, and then tried to log in, and it still asks me for the password of my user on the server... why?
<MeltingK33board> did somebody just try to answer me? 'cause my tab just closed when i got the notification...
<RoyK> MeltingK33board: did you copy the key to ~/.ssh/authorized_keys?
<RoyK> MeltingK33board: also keep in mind that the .ssh dir and its contents should not be readable by everyone, chmod -R go-rwx .ssh is a good start
<MeltingK33board> yep
<MeltingK33board> it is in there
<MeltingK33board> I checked
<MeltingK33board> ok
<MeltingK33board> i will check the permissions
<MeltingK33board> RoyK: does my client machine need to be in the known_hosts file?
<jeremyA> cokegen:  so much for noacpi doing it.  Is noacpi still supported, or with kernel-2.6.32-26 should I be saying "acpi=off" ?
<fluvvell> MeltingK33board, this discussion happened about an hour ago, have you seen http://www.linuxconfig.org/Passwordless_ssh  gives the method
<MeltingK33board> yeah
<MeltingK33board> fluvvel: i was watching the conversation
<i0nic> anyone have a suggestion for a server monitoring program
<i0nic> for 5 servers?
<MeltingK33board> how about Untangle?
<MeltingK33board> they are a pretty robust solution... but perhaps not the right one for your needs
<SpamapS> i0nic: nagios has been hugely popular for a long time now
<SpamapS> though I believe it is forked now into something else
<MeltingK33board> you can also check out the monitoring section of the Server Guide... it talks about nagios and munin
<SpamapS> Icinga is the name
<jeremyA> I love nagios.
<jeremyA> I use it all the time.
<SpamapS> Yeah, its a really nice piece of software
<SpamapS> Icinga's just trying to modernize it a bit
<SpamapS> the Nagios devs have kind of gone "open core" lately where all the good stuff is in the enterprise version
<JanC> there is also zabbix for monitoring
<i0nic> SpamapS: nagios seems way intens
<i0nic> e
<dragoon123> I am currently having problems resolving the ca.archive.ubuntu.com repo for apt-get
<dragoon123> i can ping it, but it will not connect any ideas?
<MeltingK33board> is it in your sources.list?
<dragoon123> Temporary failure resolving 'ca.archive.ubuntu.com'
<MeltingK33board> ah so it is a dns issue perhaps...
<MeltingK33board> in the ping can you see the IP?
<dragoon123> hmm
<dragoon123> wont ping acutally
<baggar11> dragoon123: try hard setting some DNS servers in your /etc/resolv.conf file
<MeltingK33board> ah
<dragoon123> baggar11: I did that recently and restarted the networkmgr
<dragoon123> same result :/
<MeltingK33board> so you did try setting dns servers recently?
<dragoon123> no
<MeltingK33board> ok, try that
<dragoon123> ?
<dragoon123> do you mean the /etc/resolve.conf?
<MeltingK33board> it sounds like there is no dns for your system... yes resolve.conf
<dragoon123> yes, like I just said I already inputted that
<dragoon123> confused me for a sec heh
<MeltingK33board> gotcha
<FunkyBob> when did it grow the extra 'e'? :P
<baggar11> no, it's resolv.conf
<baggar11> it's in /etc
<dragoon123> i know
<MeltingK33board> hehe...
<baggar11> can you ping IP's outside your subnet?
<dragoon123> yea
<dragoon123> It just wont resolve hosts
<baggar11> try pinging your DNS servers that you manually set in resolv.conf
<dragoon123> works
<dragoon123> 64 bytes from 192.168.1.1: icmp_req=6 ttl=64 time=0.303 ms
<dragoon123> hmm
<baggar11> 192.168.1.1 is your DNS server?
<baggar11> is it broke?
<dragoon123> nope lol, its my router
<dragoon123> Its working fine as i am currently using my laptop with ssh conc to my server
<baggar11> using dhcp or static?
<dragoon123> static
<baggar11> does dhcp work?
<MeltingK33board> why not try useing openDNS in resolv.conf: 208.67.222.22 and 208.67.220.220
<dragoon123> on router yes
<dragoon123> acutally
<dragoon123> lemme try inputting my isp dns
<dragoon123> sec
<baggar11> MeltingK33board: that's kind of what I'm getting at :) if 192.168.1.1 isn't giving out good DNS info...
<MeltingK33board> nope...
<guntbert> MeltingK33board: opendns creates weird results sometimes (for non existing domains and for "inappropriate" ones)
<dragoon123> is there a single cmd for restarting networkmanager w/o using ifdown & ifup?
<MeltingK33board> yes
<MeltingK33board> guntbert: only if you configure your network in their system
<baggar11> dragoon123: service networking stop/start
<MeltingK33board> otherwise it is only a dns server
<guntbert> MeltingK33board: no, I believed that too, but then  I got results for nonexisting domains, and...
<dragoon123> yey
<dragoon123> that did it lol
<MeltingK33board> great
<MeltingK33board> guntbert: interesting... good to know
<i0nic> guntbert: does each server need a key generated to talk to each other? there is 5 servers on the network
<i0nic> guntbert: i have key authentication working for users, but they cannot scp files between servers w/o passwords
<baggar11> dragoon123: was it your ISP DNS or using DHCP?
<guntbert> i0nic: ssh? you can either use the same key on all of them or generate different ones - scp works like ssh (including keys)
<dragoon123> baggar11: I just appended my isp dns to resolv.conf
<MeltingK33board> nice... glad it worked
<i0nic> guntbert: so i need to generate the cert on one server and use it on all?
<i0nic> guntbert sorry i mean key
<guntbert> i0nic: ssh keys are for users, so you generate it at one place (your workstation), copy the public key into all .ssh/atuhorized_keys, add that key to ssh-agent on your workstation (using ssh-add) and call ssh -A .... (to forward agent authenification)
<uvirtbot> New bug: #686805 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/686805
#ubuntu-server 2010-12-08
<uvirtbot> New bug: #686832 in multipath-tools (main) "multipath-tools-boot, root mount failed - Device or resource busy" [Undecided,New] https://launchpad.net/bugs/686832
<uvirtbot> New bug: #686835 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/686835
<[DarkSun]> hello all, i was wondering (i searched, couldnt find much info) if the  kernel package with 10.04lts server comes with "CONFIG_HIGHMEM64G" set, or am i going to need to build a new kernel?
<tonyyarusso> [DarkSun]: There's somewhere in /proc that holds that info I'm pretty sure...
<[DarkSun]> tonyyarusso, i havent installed yet, that starts tomorrow, was just trying to get a check list of things to do
<twb> [DarkSun]: which arch?
<twb> There is no such config option in 10.04 amd64's 2.6.32-26-server
<[DarkSun]> twb: i386
<twb> [DarkSun]: you can check in /boot/config-`uname -r`
<[DarkSun]> twb: thats cuz 64bit dont need it :P
<tonyyarusso> [DarkSun]: It's disabled on my box here.
<tonyyarusso> 4G=y though
<[DarkSun]> tonyyarusso, kk, ty!
<twb> tonyyarusso: -pae or -generic?
<tonyyarusso> -generic
<twb> That's not the server kernel
<tonyyarusso> true, hrm
<[DarkSun]> guess i could try tossing it on a spare box 2night
<[DarkSun]> eh.. or just findout 2morrow lol
<tsbo> If I'm going to put my netatalk afpd databases somewhere "central", is /var/db/netatalk/ a good place?
<qman__> I don't actually have a machine running the 32-bit server kernel
<qman__> one runs the -386, the rest are 64-bit
<qman__> because ubuntu "i386" isn't actually i386, it's i686
<qman__> and as such won't run on my K6
<ScottK> IIRC that's only true for maverick.
<qman__> it's been true since at least hardy
<ScottK> Lucid should run it.
<ScottK> No.
<qman__> hardy -server would not run on it
<ScottK> It was i486 or 586 until recently
<qman__> and the chip is i586
<ScottK> OK.  Maybe I'm getting my amd processors mixed up.
<qman__> but interestingly enough, whichever kernel the install disc uses worked fine
<twb> In https://help.ubuntu.com/10.04/serverguide/C/kerberos-ldap.html
<twb> ...why is it modifying {1}hdb instead of the existing {-1}frontend database?
<twb> I *think* it's because the doc is stale and the latter was the former in 9.10 or so
<uvirtbot> New bug: #344400 in libvirt (main) "libvirtError: internal error unable to start guest" [High,Confirmed] https://launchpad.net/bugs/344400
<uvirtbot> New bug: #687265 in tomcat6 (main) "Sync tomcat6 6.0.28-8 (main) from Debian unstable (main)" [Wishlist,Confirmed] https://launchpad.net/bugs/687265
<disposable> i'm reaching a tipping point(sanitywise). on ubuntu-server-10.04.1 i created md0, md1 and md2 in the installer. i formatted md0 and md1 and left md2 alone for now. after installation i have md0, md1, md2p1, md2p2 and md2p3. if i view md0 or md1 in cfdisk, they appear as free space. md2p1 appears to be what md0 should be, same for md2p2 and md1, etc.. what the hell?
<patdk-lap> are you sure md0, md1, and md2 wheren't done correctly, but instead, just got mixed up between the install and boot, so like md2 is now called md0, and md0 is md2?
<twb> patdk-lap: didn't I already tell you about that in #debian?
<twb> 20:28 <twb> I had that problem on 10.04, and I just gave up and installed 8.04 (both Ubuntu)
<patdk-lap> heh?
<twb> Sorry, I meant disposable
<disposable> twb: you mentioned you had this problem on ubuntu, and i've just tried 10.04.1 and same thing happened
<twb> disposable: 10.04 *is* ubuntu
<disposable> twb: i know. the previous attempt was with sid and my own kernel.
<twb> OK
<disposable> twb, i simply want to use md2 as physical volume for lvm.
<twb> I can dig it
<disposable> twb: is md2p1 an alias for md0?
<twb> No
<twb> It's a fuckup
<twb> mdadm --scan has misdiagnosed your setup as a single array containing multiple partitions
<disposable> twb: http://pastebin.com/GC3vH3NC
<twb> (As opposed to a series of arrays, one per partition.)
<twb> disposable: don't use fdisk unless it's GNU fdisk.
<disposable> twb: it's from util-linux-ng
<twb> Yes, that's the obsolete version
<twb> disposable: anyway, /proc/partitions and /proc/mdstat are more interesting at this juncture.
<twb> I wonder if changing "DEVICES partitions" to "DEVICES /dev/sda1 /dev/sda2 /dev/sda3 /dev/sdb1 /dev/sdb2 /dev/sdb3" in /etc/mdadm/mdadm.conf, issuing a "sudo update-initramfs -u -k all", and a reboot, will fix the problem
<disposable> twb: you will soon find out
<twb> Good man
<twb> Scratch monkeys FTW
<disposable> twb: btw, it seems set up correctly in mdadm.conf http://pastebin.com/DAYudGjm
<twb> disposable: that's expected
<uvirtbot> New bug: #687275 in apache2 (main) "Fix "graceful" action in init script when mod_chroot is enabled" [Undecided,New] https://launchpad.net/bugs/687275
<disposable> twb: mdstat is quite weird. http://pastebin.com/UP1j6Sfa
<twb> Yep, exactly what I thought
<twb> 20:21 <twb> I've had problems where partitioning disks and md RAID1'ing them, will cause the kernel (or mdadm?) to autodetect a single, whole-disk RAID1 array, containing several partitions.
<twb> 20:23 <twb> And it fails to assemble the second and third arrays, because it can only find one node for each (md0p2 instead of /dev/sd[ab]2, etc.)
<twb> ...in your case it has succeded to assemble the degraded array, because apparently that's the Ubuntu default now.
<disposable> you're just adding ot my confusion. is it broken or not?
<twb> It's doing SOMETHING right, but it isn't doing the something you want
<alket> Hi, I cannot connect Ubuntu Server to internet, usually when there was Ubuntu with GNOME it worked perfetcly withou configurin anything, now it doesn't work ?
<alket> in Ubuntu Server 10.10
<twb> alket: maybe it's because you're so impatient.
<jpds> GNOME on a server, nice.
<patdk-lap> jpds, not everyone can read black and white :)
<jpds> patdk-lap: I fear for their lives at the next zebra crossing they encounter.
<disposable> twb: i wanted to try LTS, because debian testing is still getting too many package upgrades and lenny is too old for my hardware. i'm getting fed up with ubuntu though; it's so far been one hall of a ride. mysql-cluster-server broken, megaraid_sas.ko broken, mdraid/lvm setup in installer broken, who knows what else..
<twb> Don't look at me, man, I'm sick of it, too
<disposable> twb: i'm just having a rant
<twb> You want a rant, how about circular dependencies in the flipping init setup
<soren> twb: Degraded mode is the default now?!?
<twb> Or moving where the loopback interface is brought up in a NMU to lucid-updates
<soren> I look away for 10 seconds and... ARRRR!
<twb> soren: AFAIK he didn't ask for it, and he got it
<twb> soren: *I* only did installs using priority=low; dunno what it defaults to
<soren>     - Change mdadm/boot_degraded default in templates file to match the
<soren>       apparently-intended behaviour (i.e. false), and stop overriding
<soren>       debconf preseeding if BOOT_DEGRADED is not already set in the
<soren>       initramfs configuration file.
<soren> So default should be false.
<soren> Good.
<soren> Phew.
<jpds> soren: Don't you use hardware RAID?
<soren> Gawd, no.
<twb> soren: sorry for the freakout
<soren> I spend all this time working on free software, and then I'm supposed to leave the integrity of my data to a bit of firmware that I don't control?
<soren> I don't think so.
<twb> soren: you don't control the firmware on the HDDs themselves :P
<soren> And that's bad enough!
<twb> Or are you still using MFMs?
<jpds> soren: I trust the HP devs.
<soren> I manually carve my data into rocks.
<twb> jpds: you're crazy
<twb> I don't even trust past-twb
<soren> The absolute worst part of trusting such things is if it breaks.
<soren> To have any chance at all of getting your data back, you have to buy /another/ unit.
<soren> A unit, whose predecessor broke.
<twb> You buy another one when you buy the first one
<twb> Otherwise when it breaks, they no longer make those
<soren> Yeah.
<soren> You end up in a loop where you're forced to buy stuff that you /know/ has a history of failing.
<soren> What could possibly be worse than that?
<soren> No, give me software raid any day. If I'm concerned about performance, get a couple of good controllers and split the load across those.
<soren> ..but leave the RAIDing business to stuff that I control.
<soren> On the other hand, with hardware raid, booting in degraded mode might actually make sense. "might" being the operative word.
<Nafallo> soren: just keep a cold spare at all times. or if you're talking about home use, get a drobo or readynas or something.
<twb> IMO if you're concerned about performance, go beat the DBA with a tire iron until he stops writing unnecessarily exponential-order queries
<twb> Î(nâ¿)
<Nafallo> (both of these have data centre business rackmountable options as well, but I believe it when I see it with my own eyes)
<soren> Nafallo: The only thing I'd use the cold spare for is getting my data off of the disks ASAP.
<patdk-lap> heh, I have never seen a business drobo solution
<Nafallo> soren: wait what... the definition of cold spare is to replace your failed part surely :-P
<patdk-lap> unless your talking a smb
<Nafallo> patdk-lap: http://www.drobo.com/products/business-solutions.php
<patdk-lap> cold spare == beer :)
<soren> Nafallo: Why would I rely more on the second one than the first.
<soren> Nafallo: My needing the second one is clear evidence that the product has a history of failure. Not something I want to trust my data with.
<patdk-lap> nafallo, ya, I have seen that, it so doesn't look like a rack mountable solution I would use, normally talking 14 to 24 drive sas
<jpds> soren: Everything fails eventually.
<disposable> twb: i don't think my installation is fixable. md0 and md1 are empty and md2 has been subpartitioned. i could try copying files from md2p1 to formatted md0 and then rewrite mdadm.conf, update initramfs, fix grub and keep an eye on it every time the kernel gets an upgrade, but i wouldn't sleep well.
<soren> jpds: Certainly.
<Nafallo> patdk-lap: sure.
<soren> jpds: The difference is how screwed you are when it happens.
<twb> disposable: did you try forcing DEVICES not to scan whole disks?
<Nafallo> soren: I think you missed my point actually. you should trust it more because it never been used, and it leaves you a window while you get the RMA back on the failed drive.
<disposable> twb: it doesn't matter how it scans them, what matters is that filesystems were put where i didn't want them. md2p1 instead of md0, md2p2 instead of md1 and no LVM on md2
<Nafallo> soren: now, if you don't trust anything that has ever failed, good luck finding ANY media to use ;-)
<soren> Nafallo: Assuming it fails within its RMA period.
<Nafallo> soren: sure. but these are extendable if you feel like paying for the service.
<twb> disposable: wrong
<twb> See this: md2 : active raid1 sdb[1] sda[0]
<twb> That is because it scanned /dev/sda before /dev/sda1
<soren> Nafallo: I don't.
<twb> If you change it from "DEVICSE partitions" (which, counterintuitively, means disks and partitions), that should not happen
<soren> Nafallo: I have a perfectly good RAID implementation in my kernel.
<Nafallo> anyway. I need to travel. bbl.
<soren> Nafallo: Have fun.
<Nafallo> soren: I'm going to have pizza. that's better than fun! :-)
<soren> Pizza Express?
<twb> Fat Pizza!
<twb> http://en.wikipedia.org/wiki/Pizza_(TV_series)
<disposable> twb: ok, i'm giving this a go - "DEVICE /dev/sda /dev/sdb /dev/sda1 /dev/sda2 /dev/sda3 /dev/sdb1 /dev/sdb2 /dev/sdb3"
<Patrickdk> why would you do that?
<twb> Excellent.  Fly, my minion!
<Patrickdk> remove sda and sdb, if you partitioned the drives
<twb> Patrickdk: remove them how?
<Patrickdk> hmm, can't edit it?
<Patrickdk> been awhile since I used mdadm
<twb> It defaults to "DEVICE partitions"
<twb> Which means "everything in /proc/partitions"
<twb> He could probably do it instead by adding devices=/dev/sda1,/dev/sdb1 to ARRAY lines, but I forget the syntax
<disposable> twb: well, it's certainly much nicer now. http://pastebin.com/J16zZNBy
<twb> disposable: ace.  Now just readd the stale nodes into the degraded arrays
<twb> I'm glad I know that's the solution now
<disposable> twb: i'm glad my 16 servers could be used as a testing ground for your hunches. (cssh is great)
<disposable> twb: thanks for your help
<uvirtbot> New bug: #687299 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/687299
<zul> morning
<twb> Good god, is it
<axisys> i am stuck here (10.04 server)
<axisys> fsck from util-linux-ng 2.17.2
<axisys> /dev/mapper/nvidia_eeffhbef1 contains a file system with errors, check forced.
<axisys> it is doing tons of fsck.. (recovery mode)
<axisys> now it stops here
<axisys> /dev/mapper/nvidia_eeffhbef1: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. (i.e., without -a or -p options)
<axisys> mountall: fsck / [472] terminated with status 4
<axisys> mountall: Filesystem has errors: /
<axisys> any idea how to move forward ?
<lau> when are the files in /sys/class/net generated ? at boot time ? when installing a new kernel ... ?
<Wh1teL0tus> I installed a LAMP server but i want to have tomcat apache instead of the apache2.2, the best way to do is is to first remove apache2.2 or ?
<axisys> how do I run fsck manually ? I am not getting a prompt
<lau> I think my question is related to how are the objects added in the driver model tree ?
<axisys> lau: are you asking me ?
<uvirtbot> New bug: #687347 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/687347
<axisys> anyone knows how to run fsck manually.. i am stuck here http://pastebin.com/w4tEj1Qq and getting no prompt
<axisys> may be there is some grub trick that can let me run fsck manually ?
<twb> axisys: mountall 4 means you need a live CD
<axisys> twb: so there is no way to boot using memory and then run fsck on root / ?
<twb> When mountall exit(4)'s, I know of *no* way to get upstart to continue booting.
<axisys> twb: how about i powercycle and then modify grub ?
<twb> I don't think grub will help you; IIRC I tried single-user mode, and that's about the only control you have over upstart from grub
<twb> http://paste.debian.net/101871/ <-- written in anger
<twb> Actually...
<twb> From grub you can get into busybox before upstart starts -- so you should be able to pass "break" from grub to get a recovery shell.
<twb> A crippled one compared to Debian's, but nowhere near as bad as RHEL's ramdisk.
<twb> axisys: a live CD would be easier, but ...
<twb> 1. boot with "break"; 2. at busybox shell, mount rootfs read-only on /root; 3. copy enough of it into /target to run e2fsck; 4. umount /root; 5. run e2fsck out of target.
<twb> You might be able to skip 3-5 if you can run e2fsck on a read-only mounted filesystem.
<axisys> twb: that paste was real angry.. hehe
<SpamapS> mountall definitely seems to have been thrown together and then shunned to a corner
<twb> SpamapS: AFAICT mountall was written because the upstart guys went "oh, hey, it's release time, and we haven't worked out how to deal with filesystems properly yet"
<axisys> twb: i dont have a cd drive.. lol... working to make a usb drive
<axisys> usb image that is
<twb> axisys: http://cdimage.debian.org/cdimage/squeeze_live_beta1/amd64/iso-hybrid
<twb> axisys: grab "rescue" from there, or so.
<twb> "isohybrid" means it works as both a CD and a USB key
<axisys> twb: so I can take one of this iso and place it on usb and it will work ?
<twb> axisys: you just dd the iso onto the key
<axisys> twb: gotcha.. thanks
<twb> curl -o/dev/uba http://.../debian-squeeze-live-beta1-amd64-rescue.iso
<twb> Or dd if=debian-squeeze-live-beta1-amd64-rescue.iso of=/dev/uba
<axisys> twb: thanks
<SpamapS> twb: there are upstart "guys" ? ;)
<twb> Well, I didn't want to blame sjr specifically
<twb> Er, sjr = keybuk
<twb> I hear mbiebl is working on systemd instead now
<twb> (Which has a compelling sales pitch, but I'm... not enthusiastic about letting the pulseaudio guy near pid 1.)
<SpamapS> twb: there's a huge void right now created mostly by systemd's appearance, but also by keybuk's move from Canonical to Google.
<twb> Didn't know he'd moved
<SpamapS> he's announced he's moving
<SpamapS> The date isn't entirely set yet.
<twb> Being an ass: this is why having a distro run by a single organization is a Bad Thing :P
<SpamapS> He won't say whether he's planning to work on Upstart at Google..
<SpamapS> but we're all pretty sure he will. ;)
<twb> SpamapS: he gets a whole 20% "free play" time
<SpamapS> twb: so there's only one good distro that isn't run by a single organization.. and it has serious problems.
<SpamapS> oi.. baby is up.. time to go
<twb> They all have serious problems
<Lars_G> Greetings all. I hope to have more luck here :D
<Lars_G> My first, simple question, are the -server kernels deprecated? I see the package now pulls in a -generic-pae kernel.
<twb> That's by design on i386
<Lars_G> ok
<twb> In general they aren't deprecated, but currently the only difference on that arch is the PAEness
<Lars_G> ok
<Lars_G> The second question is, I've found a LOT of problems upgrading my 8.04 LTS to 10.04 LTS and I wonder if there's a thread or wiki somewhere where people pile up solutions found to troubles... I already have fixed almost everything but one recurring error with postfix and one problem with apache and memory.
<Lars_G> I've been trying on #postfix but if someone already found the upgrade related errors, it'd help a lot
<lamont> what's the specific error?
<twb> Lars_G: have you read the generic migration documentation?
<twb> !8.04->10.04
<twb> Grmph, stupid bot
<Lars_G> lamont: In this specific case: http://pastebin.com/vwuj0n6V
<Lars_G> twb: I saw them before the upgrade, but didn't see a troubleshooting area or didn't notice it :( sorry
<twb> I don't remember what's there
<twb> I'm just triaging
<lamont> Lars_G: interesting.  I have not seen that one before
<twb> https://help.ubuntu.com/community/LucidUpgrades
<Lars_G> thanks twb
<Lars_G> This has been a traumatic upgrade so far :(
<twb> I put it like this: Debian has a policy of releasing "when it's ready".  So by elimination, Ubuntu's release policy can only be "when it's NOT ready" :-)
<Lars_G> hahahaha
<Lars_G> Well yeah, time defined release cycles can tend to produce that
<cap_00> can i use multiple discs for backuppc?? i've already got one backup disc, do i just clone the original /var/lib/backuppc dir over and fill another drive?
<mianosm> full disclosure has a big root escalation issue on it today
<cap_00> i just don't want to try and screw up the backups on the eixsting drive or throw them out of synch
<zul> hggdh: ping two things
<hggdh> zul: yes?
<zul> hggdh: (1) where are the log files for the uec-testing kept and (2) when do you want to discuss sru stuff (preferably tomorrow)
<hggdh> zul: I upload them to...
<hggdh> zul: https://code.edge.launchpad.net/~hggdh2/+junk/uec-qa
<hggdh> zul: and tomorrow it is :-)
<zul> thanks
<zul> ill hunt you down
<guillaume_> hi all
<guillaume_> i am seeking  for a proxy easy to install with auth by username and password with high level filtering and time sensitive filtering
<guillaume_> any  suggestion should help allot
<guillaume_> i have already tried dansguardian + squid but unable to make the auth work so we decide to let that out
<guillaume_> and seek another solution
<guillaume_> google did'n't answer me so here i am
<Deathvalley122> is there a torrent download of lucid 32 and 64bit?
<jpds> Deathvalley122: Yes, it's on http://us.releases.ubuntu.com/10.04/
<Lars_G> Ok I'm back from running all around like a headless chicken
<Lars_G> Two more questions.
<Deathvalley122> thanks jpds
<Lars_G> First any reason you know why 8.04->10.04 upgrade would turn apache2+php+mysql into insatiable memory hogs who starve the whole system?
<Lars_G> And second, is only the upgrade process on 8.04.10.04 borked? if I get a new server I'm waiting for, and install 10.04 from scratch, should it behave better?
<guillaume_> i was never able to make smb apache and any 10.04 server app working on 10.04
<guillaume_> 10.04 seem to got lot of bug
<Lars_G> Ok tell me something.
<Lars_G> if I move this 10.04 LTS to 10.10, will it work better?
<guillaume_> no
 * Lars_G hits his head on a wall
<Lars_G> is there a way to 10.04->8.04 ?
<guillaume_> i have done that las week too
<guillaume_> lol
<guillaume_> been a month seeking answer for 10.04
<guillaume_> if there a way to downgrade i don't know how
<guillaume_> backup your config file then fresh install...
<Lars_G> Ok I give up, while my new server machine arrives I'm setting up another vmware instance on my web server, throwing in 8.04 and migrating all stuff there.
<al> up- and downgrading to random distribution releases still fits the headless chicken metaphor imho
<guillaume_> lmao
<guillaume_> try debian
<guillaume_> a naked debian
<Lars_G> yeah
<al> the time you're wasting on that up/downgrading trips would be better spent analyzing and solving the actual problem root cause
<al> im-h-o
<al> and i reckon if done right it's quicker too
<jeremyA> Lars_G:  I've just upgrade from 8.04.01 to 10.04.01 and am experiencing stability issues
<Lars_G> al: like guillaume_ who has been at it for a month?
<jeremyA> it's possible that there is an issue with upgrade, but I rather doubt it.
<Lars_G> jeremyA: Me too
<jeremyA> my apache+php is not using much memory at all
<elb0w> If I want to install PHP for my apache2 webserver is the proper package php5-mysql?
<al> php5-mysql has nothing to do with apache
<elb0w> or libapache2-mod-php5 rather
<elb0w> yeah my bad
<jeremyA> elb0w:  I have that.
<Lars_G> elb0w: the mod-php5
<jeremyA> yep, libapache2-mod-php5
<elb0w> kk
<elb0w> :)
<al> i stay away from all mod_<language> modules
<al> and i recommend everyone to do the same unless they have a very good reason not to
<jeremyA> Lars_G:  so, is it just memory issues on your 10.04 box, or are you experiencing random crashes/hangs
<Lars_G> jeremyA: I'm experiencing hangs, response delays, and many processes shoot up to a high cpu ussage and then go down
<jeremyA> interesting
<Lars_G> I wonder if I can use an older kernel.
<jeremyA> I've got the first one, but not the other 2
<jeremyA> there are new kernels available, too
<jeremyA> some people report that the 2.6.35 kernels fix issues
<jeremyA> is your server physical or virtual?
<Lars_G> physical
<jeremyA> have you tried booting w/o ACPI?
<Lars_G> and i'm running 2.6.32
<jeremyA> that is, setting "noacpi" as a kernel option in grub.cfg ?
<Lars_G> Is .35 a ppa or a backport?
<jeremyA> (I'm running 2.6.32-26-server myself)
<Lars_G> Nope not yetr
<jeremyA> ppa
<jeremyA> try disabling acpi -- some people report that helps
<jeremyA> it did not help me, but we have different hardware, so...
<Pici> 2.6.35 is the standard kernel in 10.10
<jeremyA> also, have you run memtest86+ against your hardware, Lars_G ?
<jeremyA> Pici:  yep.  but at the mainline kernel repos, you can get a testing 2.6.35 for lucid :)
<Lars_G> Still I have no dmesg errors from the kernel, shouldn't acpi problems cause kernel to error?
<jeremyA> hard to say
<jeremyA> nothing logs to dmesg, /var/log/messages, /var/log/syslog or /var/log/kern.log for me
<jeremyA> I've set up remote syslogging so maybe the next time it goes, it'll send something to my other ubuntu box here
<consumerism> is there a way to specify an identity file for rsync? i need to run it with sudo but i want to use my own key.
<Pici> consumerism: rsync -e "ssh -i '$KEY'"
<Lars_G> jeremyA: Could you share this ppa with me? I'm willing to try a .35 kernel
<consumerism> Pici: thanks
<Lars_G> I'd even try a .37 but I'd have to compile, and on an unstable machine.....
<Pici> consumerism: np
<raubvogel> Odd question: apache2 identifies itself as httpd in the log files, right?
<jozef> Hello can i ask a ubuntu server question here?
<jeremyA> sure, jozef
<twb> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<jeremyA> Lars_G sure, one sec
<jeremyA> http://kernel.ubuntu.com/~kernel-ppa/mainline/
<jozef> I've manual installed a new kernel. im testing a virtual server it had the 2.6.35-22-virtual kernel and i installed the 2.6.35-22-server kernel
<jeremyA> sorry, it's 2.6.34-lucid
<jeremyA> I'm an idiot :/
<jozef> but now if i apt-get dist-upgrade i get an upgrade for 2.6.35-23-virtual
<jozef> but my uname -r is 2.6.35-22-server
<Lars_G> jeremyA: .36 is ok too, thanks
<jozef> i've installed the server kernel like this: apt-get -y install linux-headers-2.6.35-22-server linux-image-2.6.35-22-server
<patdk-wk> that will install an old one
<patdk-wk> virutal is just a meta package, it gives you the -server kernel
<patdk-wk> atleast for x64bit systems
<patdk-wk> for 32bit, it gives you -generic-pae
<patdk-wk> and probably for ec2 (I haven't tested) it will give you the ec2 kernel
<Lars_G> jeremyA: Meh I see, .34
<Lars_G> thanks
<jozef> the virtual package doesnt have quota
<jozef> so i dont think its the same
<patdk-wk> dunno, let me look
<patdk-wk> oh, it is different, it's just the uname id that is the same
<patdk-wk> I guess you mean local fs quota support
<patdk-wk> cause I'm using nfs quota support in -virtual just fine
<jozef> it might :)
<jozef> do does the apt-get dist-upgrade doesnt see any priority differnce?
<jozef> *so does the apt-get dist-upgrade doesnt see any priority difference?
<Lars_G> I give up
<Lars_G> I'm moving my most precious realtime service (based on apache + php +mysql) to another server... by hand
<patdk-wk> hmm, I have many apache2 + php setup in lucid, no issues
<patdk-wk> I haven't moved my mysql to lucid yet though
<Lars_G> patdk-wk: My whole system is kinda mad, postfix fails too
<Bizzeh> hi, im currently trying to set up a generic use internal server with ubuntu, is there anything i can use as a dns demon, that is 1. VERY easy to configure. 2. allows me to configure different reponses for different mac addresses (ie. if i request a domain, i get 1 answer, if the sales team request it, they get 0.0.0.0). 3. lookup request logging against mac address/ip address
<patdk-wk> haven't had issues with postfix, but I just setup postfix, and haven't stressed it yet
<patdk-wk> Lars_G, what kind of vm are using? I'm using esx and vmware workstation without any issues, and on real hardware
<patdk-wk> 12 real servers, and dozens of esx vm's
<jeremyA> Bizzeh:  I know BIND will let you hand back views based on NIC...dunno if it can do based on MAC
<jeremyA> what are you trying to accomplish with the differential DNS results?
<jeremyA> are you trying to block access to certain machines?  because iptables will work better for that.
<Bizzeh> jeremyA: my boss has asked me to look into a filtering software to block access to certain sites for certain machines
<jeremyA> block it at the firewall
<jeremyA> because if you just block DNS lookups, they can use a different DNS server
<jeremyA> are these internal or external sites you're trying to block?
<Bizzeh> they arnt that bright...
<Bizzeh> yeah... what were doing is, we are using a nat router to connect to the internet, but we want to pipe through this server to filter certain traffic
<jeremyA> my nat router is an ubuntu box.
<jeremyA> I do all my filtering there.
<Bizzeh> our nat router will be a cheapo thing given to us by our ISP
<jeremyA> ah.
<jeremyA> I'd set up an internal DNS that doesn't know about any zones you don't want sales to know about .
<jeremyA> then assign that DNS to them via DHCP and no other nameservers
<jeremyA> for people who can go anywhere, use DHCP to give them a nameserver that knows about the world
<jeremyA> or use squid to have all allowed websites and filter traffic for sales through squid
<patdk-wk> it would be easy enough to block dns requests, or to redirect them to your dns server
<patdk-wk> so they can only use your server
<Bizzeh> its not that side im bothered about, its the.. configuring of the dns software its self
<patdk-wk> I use pdns-recursor, so I just add the hosts I don't want people to use to the hosts fine, and tell it to use that to serve, it sends them to a, this site is denied page
<patdk-wk> pdns-recursor, dnsmasq can both do it
<patdk-wk> I haven't used bind for so long, dunno
<Bizzeh> thanks
<Bizzeh> ill have a look at all 3 and take a look at squid
<patdk-wk> squid is a more insane way of doing it
<patdk-wk> and if they use https, it won't be blocked
<jeremyA> if you're only going to let them look at 4-5 sites, go squid :)
<jeremyA> you could block all outgoing traffic from sales, tho
<patdk-wk> ya, the block all except, would be more squid usage :)
<jeremyA> so if it doesn't go through squid, it doesn't go at all
<Bizzeh> i want them to be able to view everything, apart from a few sites. ie. facebook, myspace, tesco, asda, jobsites
<Bizzeh> general crap.. my boss gave me a list of about 15 or so of sites like that
<patdk-wk> heh, jobsites
<patdk-wk> looking for new jobs while working?
<jeremyA> they'll find an anonymizer.
<jeremyA> or they'll find a friend with an ssh tunnel :)
<jeremyA> I'd just tell them they'll be fired if they use those sites, then log traffic
<jeremyA> fire a few of them
<jeremyA> they'll get the point
<Bizzeh> none of them are that bright, all it is, ive been asked to do this, i just need to make it look like its done
<Bizzeh> as long as, by default, they cant view these sites, hes happy
<Bizzeh> and im happy, because he leaves me alone to continue doing nothing
<jeremyA> thing with sales guys is:  pay 'em on commission.
<Bizzeh> we do
<jeremyA> if they're making big money and lots of sales, who CARES what they do?
<jeremyA> and never, ever put a cap on commissions
<cap_00> i'm getting the following error after i try and create a new partition after i run mkfs.ext3 to format
<cap_00> Calling ioctl() to re-read partition table.
<cap_00> WARNING: Re-reading the partition table failed with error 22: Invalid argument.
<cap_00> The kernel still uses the old table. The new table will be used at
<cap_00> the next reboot or after you run partprobe(8) or kpartx(8)
<cap_00> Syncing disks.
<Bizzeh> they do, but, my boss, always wanting more... doesnt get that they do sales because every so often, they have a little break to calm down
<jeremyA> cap_00: did you run partprobe after changing partition table?
 * jeremyA nods
<jeremyA> sounds like a fun guy to work for
<Bizzeh> he thinks, they are wasting time, and can get more sales in, in those odd 5 minutes they use facebook for
<cap_00> didn't want to before i knew what i was doing
<jeremyA> partprobe should be safe, cap_00
<Bizzeh> so, i block it, sales drop... i unblock it, sales come back.. he shuts up and goes away
<jeremyA> hahahaha
<cap_00> i still get ID 7 HPFS/NTFS on the disk in fdisk -l
<jeremyA> oh, you're repurposing an old ntfs partition as ext3 ?
<cap_00> is it possible that i screwed this up? fdisk -l /dev/sdg1 shows ID 7 HPFS/NTFS, but then fdisk /dev/sdg1 p says ID 83 Linux
<cap_00> yes, i got a backup drive that i'm trying to wipe and use for linux server backup
<jeremyA> I don't think you've screwed anything up :)
<jeremyA> try running partprobe /dev/sdg
<cap_00> ok
<jeremyA> then do your fdisk -l /dev/sdg
<cap_00> still ntfs
<jeremyA> can you /msg me all the output from fdsik -l /dev/sdg
<patdk-wk> it's suppost to do that :)
<jeremyA> and then /msg me a copy-n-paste of what you see when you do a p "fdisk /dev/sdg "
<patdk-wk> ntfs makes a partition table basically so you fooled fdisk by pointing it at the wrong place :)
<jeremyA> patdk-wk:  am I missing something?
<cap_00> if i fdisk /dev/sdg if get /dev/sdg1  ID 7 HPFS/NTFS but if i fdisk /dev/sdg1 i get /dev/sdg1p1 IT83 linux
<jeremyA> don't fdisk /dev/sdg1
<jeremyA> fdisk /dev/sdg
<patdk-wk> na, he did sdg1 :)
<jeremyA> I'd delete the old partition, make a new one, and then run partprobe, then format it.
<cap_00> ok, start over
<KaosMcRage> I just upgraded from 8.04 to 10.10 and now I am unable to send mail from the shell prompt using the mail or mailx commands. It shows up as bounced in the mail log on the sending system, but it worked before and the exact same sending procedure works on my other systems on the same network. The only thing I see of interest in the undeliverable message is "Action: failed  Status: 5.0.0  Diagnostic-Code: X-Postfix; mydomain.com" but nothing after t
<patdk-wk> but the way ntfs makes it's fs layout, fdisk didn't realise what you did is invalid
<patdk-wk> cap, never use sdg1 to fdisk, ONLY sdg
<cap_00> ok
<patdk-wk> fdisk /dev/sdg, fdisk -l /dev/sdg
<cap_00> woops.... i did mkfs.ext2 /dev/sdg1 lol...... no wonder it's all wonky
<patdk-wk> that is right
<cap_00> should i just do mkfs.ext3 /dev/sdg?
<patdk-wk> you make fs's on sdg1
<patdk-wk> you make partitions on sdg
<cap_00> ahhhh
<cap_00> still confused
<patdk-wk> heh
<patdk-wk> sdg is just the partition table, where you put crap on your drive
<patdk-wk> sdg1 is the first place to put crap at (ntfs/ext3/...)
<jeremyA> the drive is your kitchen, the partition is a table in your kitchen, the filesystem is a tablecloth
<cap_00> ya, i'm just getting all confused trying to do this on the command line that's all
<jeremyA> /dev/sdg == the drive, /dev/sdg1 == a partition on the drive, mkfs.ext3 /dev/sdg1 puts a filesystem on that partition
<patdk-wk> now if we can add the layers of drbd, raid, lvs, ... :)
<cap_00> i did that for the initial setup, server is on raid 1, fileserver is mounted from raid 10.... lol i just can't remember how to format one little disk
<tarvid> Is there any reason to prefer openssl_0.9.8o-3ubuntu1 over openssl_0.9.8k-7ubuntu8.5
<tarvid> I admit to goping a bit batty reading the changelogs and chasing references
<cap_00> so how do i fix this?
<cap_00> i want to be able to mount sdg1 to a mount point like i do with my other backup disc, not sdg1p1
<patdk-wk> heh?
<patdk-wk> there is no sdg1p1
<patdk-wk> it will be sdg1
<patdk-wk> the only time it would sdg1p1 is if you did something else, like added lvm or raid on sdg1
<patdk-wk> but then, you can name it anything you want also, so who cares :)
<eagles0513875> hey guys
<eagles0513875> whats the default compiler for lucid?
<eagles0513875> thta comes wiht a clean install
<patdk-wk> gcc 4.4
<patdk-wk> gcc 4.4.3 :)
<fluvvell> eagles0513875, gcc base, I don't think is the full item
<KaosMcRage> Anyone here a mail expert? :P
<KaosMcRage> I'm stumped.
<eagles0513875> what im finding odd a clean install of server installs a generic kernel
<eagles0513875> this is a clean install on virtualbox
<eagles0513875> latest version
<eagles0513875> and gcc isnt even installed
<patdk-wk> gcc shouldn't be installed by default
<fluvvell> eagles0513875, I'd normally install build-essential
<eagles0513875> patdk-wk: ok but the server kernel should
<eagles0513875> which its not
<patdk-wk> no
<patdk-wk> apt-get build-dep kernel-source, would :)
<patdk-wk> but the source is just the source
<eagles0513875> patdk-wk: on my server not on vbox i have the kernel version of the kernel installed
<eagles0513875> why is this installing a generic version of the kernel on lucid though
<patdk-wk> kernel version of the kernel?
<cap_00> sorry phone call..... ya i have a sdg1p1.... i don't know what i've done
<eagles0513875> the version that got installed in vbox is the generic kernel patdk-wk
<patdk-wk> -generic is default kernel for 32bit
<eagles0513875> O_o even for ubuntu server
<Deathvalley122> by default for vbox it installs the generic kernel patdk-wk
<patdk-wk> yep
<eagles0513875> Deathvalley122: seems like that is the norm
<patdk-wk> well, dunno about vbox specific, I don't use vbox :)
<eagles0513875> ok
<eagles0513875> is it the norm when using 32bit to use the generic kernel
<Deathvalley122> patdk-wk: is it possible to recompile the kernel it shows the server kernel
<patdk-wk> ya, when I install server, -generic-pae for 32bit, and -server for 64bit
<eagles0513875> interesting
<eagles0513875> im so used to using 64biti never noticed that
<eagles0513875> thanks patdk-wk
<patdk-wk> Deathvalley122, probably, dunno, I really haven't looked or cared
<eagles0513875> Deathvalley122: only other solution is to ask about 64bit ubuntu server in vbox channel
<patdk-wk> you can have 64bit -generic also :)
<patdk-wk> that is what I'm running here on my workstation
<Deathvalley122> some reason it won't run the 64bit ubuntu on vbox it says something like it's not supported and yet I am running a 64bit os
<patdk-wk> oh, vbox thing
<patdk-wk> Deathvalley122, I though that was only supported from the download site, not from the ubuntu packaged version of vbox
<patdk-wk> to get 64bit guest support
<Deathvalley122> I really don't know eagles0513875 got it working on his before O.o why shouldn't mine work?
<eagles0513875> patdk-wk: his desktop is windows
<eagles0513875> Deathvalley122: lets take it to vbox channel
<patdk-wk> dunno :)
<aileronite> hi, I'm having trouble getting maverick server installed via usb card. I tried copying vmlinuz and initrd from a working source, and also mounting the usb as a loop device. but it doesn't work
<RoyK> aileronite: installing from or to usb?
<aileronite> from usb. I also want my destination to be a usb key, but that's irrelevant
<RoyK> perhaps the installer places grub on your installer usb?
<RoyK> what is the device name of the new root?
<aileronite> I used unetbootin to install the iso, so I doubt there's a grub on there
<RoyK> try swapping the usb devices
<RoyK> then try to install again
<cap_00> ok i'm still lost on this partition table thing with fdisk
<aileronite> how about this: can I install ubuntu server on a usb device on a different computer and expect it to work as well on the intended computer?
<RoyK> cap_00: whatup?
<RoyK> aileronite: that should work
<aileronite> ok I'm going to do that instead
<cap_00> how do i get a disk ready to mount it without getting sdg1p1?
<cap_00> just sdg1
<RoyK> p1?
<RoyK> that's solaris naming
<RoyK> sdg is the device, sdg1 is the first partition
<cap_00> i keep messing something up
<RoyK> c0t0d0[sp]0 is solaris naming
<RoyK> cap_00: cat /proc/partitions, and you'll see what devices/partitions linux sees
<cap_00> just showing sdg now
<RoyK> does fdisk see any partitions on that device?
<cap_00> ok
<cap_00> my existing sdh1 is a ID 83 linux partition
<cap_00> how do i setup the same thing on the sdg?
<RoyK> cap_00: fdisk /dev/sdg
<cap_00> yup
<cap_00> ignore he deprecated dos msg?
<RoyK> pastebin that, please
<cap_00> k
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<cap_00> how do i use that?
<RoyK> !pastebinit
<ubottu> pastebinit is the command-line equivalent of !pastebin - Command output, or other text can be redirected to pastebinit, which then reports an URL containing the output - To use pastebinit, install the Â« pastebinit Â» package from a package manager - Simple usage: command | pastebinit -b http://paste.ubuntu.com
<cap_00> !pastebin  sudo fdisk /dev/sdg
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<cap_00> WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
<cap_00>          switch off the mode (command 'c') and change display units to
<RoyK> or just copy/paste whatever text you have onto a pastebin, submit, give us the url
<cap_00>          sectors (command 'u').
<cap_00> nope :(
<RoyK> type c
<cap_00> !pastebin  c
<RoyK> omg
<cap_00> lol i didn't sleep much yesterday
<cap_00> i mean last night
<RoyK> cap_00: the menu tells you to switch it off
<RoyK> the fdisk menu
<RoyK> follow the recommendation there
<RoyK> that is, unless you have valuable data on that drive
<RoyK> if so, well, that's another problem
<cap_00> lol oh
<cap_00> k
<cap_00> there's an extended partition there now
<RoyK> do you have any data on this drive?
<RoyK> if not, just reset the partition table the hard way and start over
<cap_00> nope
<RoyK> dd if=/dev/zero of=/dev/nameofdevice bs=1M count=10
<RoyK> that zeros the start of that device
<RoyK> use with caution
<RoyK> it won't ask you if you know what you're doing in case you type in the wrong device name
<cap_00> permission denied
<RoyK> sudo
<cap_00> omg.... sorry i'm dead tired
<cap_00> k
<RoyK> running fdisk on that one should work better
<cap_00> c again?
<RoyK> fdisk /dev/sdg
<cap_00> i get the same msg
<RoyK> perhaps linux cached it - try to reboot first
<RoyK> that is, linux should only have cached it if there was a mounted fs on the drive
<cap_00> bah.... can't take the server down right now...
<RoyK> you sure you didn't have data on that drive?
<cap_00> sure hope not
<cap_00> there was probably some default partitions on the drive when i got it, it's a new external drive
<RoyK> if so, it may be available until a reboot :Ã¾
<RoyK> if it's an external drive, unplug it and re-plug it
<cap_00> ok
<cap_00> so sdi now...
<RoyK> I once tried to make a boot floppy for old redhat 7 on a laptop after 36 hours of straight work - dd if=boot.img of=/dev/hda <cr> ... that hurt!
<RoyK> what does fdisk have to say about it?
<cap_00> do i have to sign up for pastebin?
<RoyK> no
<cap_00> http://pastebin.com/tMAAzJ2K
<cap_00> firing on 0.1 cylinders....
<RoyK> looking good
<RoyK> you zeroed out the drive, so it doesn't have a partition table
<cap_00> :)
<cap_00> no c or u?
<RoyK> both
<RoyK> then just create a new partition 'n'
<RoyK> as large as you like
<cap_00> extended?
<cap_00> or primary?
<RoyK> there can be four primary partitions
<RoyK> so if you don't need any more than that, just create primaries
<cap_00> p
<RoyK> return -EWRONGWINDOW
<cap_00> lol
<cap_00> ok..... ah.. got it this time
<cap_00> w?
<cap_00> i have no idea how i screwed that up over and over
<cap_00> i have to specify a filesystem type before i can mount?
<RoyK> you have to make a filesystem on the partition
<RoyK> mkfs
<MTecknology> I just realized something.... If you encrypt the home directory of a use.. you can no longer ssh into the system as that user with a shared key
<RoyK> mkfs.ext4 would be the one to use for most
<RoyK> MTecknology: not the first time, noe
<RoyK> s/.$//
<cap_00> mkfs.ext4 /dev/sdi1?
<RoyK> yes
<MTecknology> RoyK: or second if you close the connection first
<RoyK> mhm
<RoyK> makes sense, though
<RoyK> you don't want $HOME/.ssh to be readable if the homedir is encrypted
<MTecknology> ya- it does make sense- I just never thought about it until I couldn't figure out why I couldn't log in with the shared key even though ssh-copy-id worked fine
<RoyK> it's fucking -18ËC here
<cap_00> away the numbers go.... thank for your help
<IdleOne> !language | RoyK
<ubottu> RoyK: Please watch your language and topic to help keep this channel family-friendly, polite, and professional..
<cap_00> 2 here
<RoyK> This is possibly the only non-religious IRC channel on the planet that bitches people for using common language
<cap_00> :S
<RoyK> cap_00: in .ca?
<cap_00> yup
<cap_00> east coast
 * RoyK is going to ReykjavÃ­k tomorrow to thaw up a bit, shop for the holiday, and have a beer or two
<qman__> 26F here, which is... -3C
<RoyK> we've been having down to -22ËC this week
<RoyK> I just don't hope it'll be like last winter - tropospheric winds blocked and most of Europe freezing
<cap_00> there we go...... backup running...
<cap_00> thanks alot, i need to get some sleep now before i fdisk /dev/sda d w
<l3dx> I'm reinstalling ubuntu to my home server, but I'm unsure if I should use server or desktop edition...any reason to use ubuntu-server when I'm planning to use Gnome anyway?
<l3dx> RoyK: skipping OI for now :P
<jeremyA> l3dx:  not really.
<jeremyA> why use gnome on your server?
<l3dx> spotify + boxee
<l3dx> it's connected to my tv
<RoyK> l3dx: really?
<RoyK> l3dx: no reason to use ubuntu server if you need X
<l3dx> disappointed? :)
<RoyK> not really, it's your data :)
<l3dx> it's kind of a temporary solution
<l3dx> will play around a bit with OI and perhaps change my mind later on
 * RoyK is making coasters with old disk platters :D
<l3dx> nice!
<qman__> the generic kernel is actually better for responsiveness of GUI applications
<qman__> so if that's your plan, just go desktop
<stgraber> kirkland, smoser: Thought you guys might be interested by: http://www.stgraber.org/2010/12/08/want-your-own-edubuntu-weblive/
<RoyK> qman__: you can always switch to the server kernel if that is a problem
<billybigrigger> how can i keep an ssh session alive?
<RoyK> billybigrigger: add to .ssh_config:
<RoyK> 	ServerAliveCountMax 100
<RoyK> 	ServerAliveInterval 10
<billybigrigger> i have btlaunchmanycurses running in an ssh session...and i just add my .torrents to my /torrent directory...but i can't keep the session alive...eventually it dies and stops my downloads/seeds
<RoyK> or /etc/ssh/ssh_config
<billybigrigger> RoyK, anyway to just keep btlaunchmanycurses alive? instead of keeping ALL my ssh sessions alive?
<qman__> billybigrigger, use screen
<qman__> if you start all your processes in screen sessions, it won't matter if you get disconnected
<billybigrigger> and screen is able to reconnect to a disconnected session?
<qman__> yes, it wouldn't be very useful otherwise
<qman__> though, for torrents, you should really look into other setups like torrentflux or the web frontend on transmission
<qman__> much easier to manage
<i0nic> how do i list installed packages via aptitude?
<patdk-wk> dunno
<patdk-wk> dpkg --get-selections :)
<i0nic> thanks =)
<qman__> dpkg -l | grep ^ii
<patdk-wk> evil
<axisys_> i am getting mountall status 4 .. so i am trying to boot the server using ubuntu server amd64 iso and i get to pick the usb drive at bios .. but then it goes to blank screen on both console tty0 and ttyS0 .. any idea why?
<axisys_> i tried different usb drive .. and tried alternate iso.. same issue
<axisys_> i gave up on usb..
<axisys_> how do I boot the box using netboot image ?
<zul> SpamapS: where is the git tree for edison as well?
<zul> SpamapS: hold on brb
<intick> h all i'm looking for an ftp server under ubuntu
<intick> please
<elb0w> vsftp
<elb0w> d
<consumerism> i can't connect to ssh-agent to use ssh-add
<consumerism> i have ssh'ed in to an ubuntu server
<intick> tested but not easy to set up, tried also GADMIN (poftp)  errors does not let me start the server
<consumerism> ps aux | grep ssh shows me that ssh-agent is running
<consumerism> but ssh-add says it can't connect
<consumerism> what could i try?
<intick> i'm suprised that it's not that simple to set up an ftp server under ubuntu
<SpamapS> intick: why are you bothering with ftp?
<intick> elb0w: how can i create users and their main folder on vsftpd ?
<intick> SpamapS: want a local FTP server to allow some friend uploading/downloading files
<elb0w> oh look at that
<elb0w> http://www.shanghaiwebhosting.com/ssh-hosting/installing-ftp-vsftpd-service-on-ubuntu-server
<elb0w> one google
<SpamapS> intick: you can give people scp only access with scponly.. might want to check it out. ;)
<intick> SpamapS: very interesting, it works whatever the OS your runing ?
<SpamapS> intick: indeed, it works well with WinSCP
<SpamapS> intick: all it does is limit the commands a user can run to scp
<SpamapS> intick: it also can chroot the user into their home dir so they can't see other users' files.
<intick> elb0w: does not answer to my question, how are the users created and their folders ?
<intick> SpamapS: ok i'm still need a client under windows ?
<elb0w> http://linux-hacks.blogspot.com/2008/09/adding-new-users-to-vsftpd.html
<elb0w> two googles
<intick> ok thx i'll try this, but aint there any GTX interface ?
<intick> *GTK
<SpamapS> intick: for scp? nautilus supports SSH as a file transport.
<intick> from windows system i mean
<SpamapS> Not sure what you're asking at all.
<intick> Can i make people downloading/uploading files from my scponly server ?
<intick> even if they use microsoft OS ?
<patdk-wk> I don't think scp is secure enough for that, sftp is
<resno> intick: you *can* do whatever you want. your question seems have asked though
<resno> patdk-wk: i thought scp was plenty secure
<patdk-wk> I thought scp was just a straight command line interface
<patdk-wk> if user account security is ok, then yes, it should be
<resno> scp is encrypted
<patdk-wk> no, I mean to still keep users from executing things on the server, still
<patdk-wk> so like, no ssh, but only scp file transfers
<patdk-wk> I don't think yo ucan with scp, but you can with sftp
<resno> scp and sftp are both secure file transfer methods.
<resno> you cant issue commands to the server with either of them
<patdk-wk> yes, but we are talking about two totally different *securities*
<intick> i'll try them
<Pici> !info scponly
<ubottu> scponly (source: scponly): Restricts the commands available to scp- and sftp-users. In component universe, is optional. Version 4.8-4.1 (maverick), package size 35 kB, installed size 176 kB
<intick> thx for your help guys !
 * resno looks at Pici 
 * Pici stares at resno 
 * resno plays the staring game with Pici 
 * resno gets creeped out and walks away
<axisys_> i were able to get the dhcp working.. but i am getting this message from client
<axisys_> PXE-T02: Only absolute filenames allowed
<axisys_> what is that mean?
<axisys_> i have this in the correct stanza in the dhcpd.conf file
<axisys_> filename "pxelinux.0";
<axisys_> which is under /var/lib/tftpboot
<axisys_> path was wrong in default..
<intick> not that cool if i need to create a system user with vsftp
<intick> to use ftp service :/
<intick> realy sad the FileZIlla does not exist under linux ....
<intick> SSH solution seems good but wont help me in my case, i realy dont ant to make clients installing any FTP client
<axisys_> i am getting this after i get the IP throught dhcp
<axisys_> http://pastebin.com/N1T4TGA0
<intick> axisys_: cant help much but seems to be a rights problem
<intick> check rights of the folder that contain your image
<intick> axisys_: are you using DRBL ?
<axisys_> intick: i did .. all dirs and 755 and all files are atleast 644
<axisys_> intick: no i have not used it..
<milligan> Does anyone here use geany? Is it possible to load an API documentation so that I can get suggestions for classes etc ?
<intick> axisys_: sry then no idea :/
<intick> milligan: i have tried geany it has autocompletion
<uvirtbot> New bug: #687535 in openssh (main) "upstart loses track of ssh daemon after reload ssh" [Undecided,New] https://launchpad.net/bugs/687535
<milligan> intick, yeah .. but do you know how I can feed it an API, so it autocompletes to the language Im writing, and not build in languages? :)
<tarvid> any wisdom on upgrading lucid openssl to maverick 0.9.8o-1ubuntu4.3
<intick> milligan: didnt use it enaugh ^^ i dnt realy know. i prefere old method Npp++, Scite ect ..
<intick> milligan: take a look at the manual  http://www.geany.org/manual/current/index.html#editor-completions-preferences
<axisys_> ok filename "pxelinux.0" is changed with absolute pathname .. that worked
<axisys_> how do I avoid install.. i just want to boot from network and run fsck
<hallyn_> SpamapS: i'd say bug 687535 is up your alley
<uvirtbot> Launchpad bug 687535 in openssh "upstart loses track of ssh daemon after reload ssh" [Low,Confirmed] https://launchpad.net/bugs/687535
<tarvid> what considerations should one make when attempting a upgrade of selected packages in lucid to maverick?
<guntbert> tarvid: in my humble opinion just one: don't do it :-)
<tarvid> openssl has a number of unpatched CVE vulnerabilities
<guntbert> tarvid: in that case: backports? or a ppa?
<tarvid> backports and proposed are enabled and you still get a version with known vulnerabilities which have been patched in later Ubuntu versions
<sbeattie> tarvid: um, what? which particular CVEs?
<tarvid> CVE-2009-1377 CVE-2009-1378 CVE-2009-1379 CVE-2009-3245 CVE-2009-3555 CVE-2010-0433 CVE-2010-0740 CVE-2010-0742
<uvirtbot> tarvid: The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, aka "DTLS record buffer limitation bug." (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1377)
<uvirtbot> tarvid: Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or (2) have sequence numbers much greater than current sequence numbers, aka "DTLS fragment handling memory leak." (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1378)
<uvirtbot> tarvid: Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS packet, as demonstrated by a packet from a server that uses a crafted server certificate. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1379)
<uvirtbot> tarvid: OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3245)
<uvirtbot> tarvid: The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-m
<uvirtbot> tarvid: The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before 0.9.8n, when Kerberos is enabled but Kerberos configuration files cannot be opened, does not check a certain return value, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via SSL cipher negotiation, as demonstrated by a chroot installation of Dovecot or stunnel without Kerberos configuration files inside the chroot.
<uvirtbot> tarvid: The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number.  NOTE: some of these details are obtained from third party information. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0740)
<uvirtbot> tarvid: The Cryptographic Message Syntax (CMS) implementation in crypto/cms/cms_asn1.c in OpenSSL before 0.9.8o and 1.x before 1.0.0a does not properly handle structures that contain OriginatorInfo, which allows context-dependent attackers to modify invalid memory locations or conduct double-free attacks, and possibly execute arbitrary code, via unspecified vectors. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0742)
 * RoyK kicks uvirtbot 
<tarvid> Apache too
<tarvid> CVE-2010-0425 CVE-2010-1452 CVE-2010-2068
<uvirtbot> tarvid: modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." (http://cve.
<uvirtbot> tarvid: The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1452)
<uvirtbot> tarvid: mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. (http://cve.mitre.org/cgi-bin/cvename.cgi?nam
<RoyK> someone should rewrite that bot
<tarvid> of course CVE-2010-0425 is irrelevant
<uvirtbot> tarvid: modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers." (http://cve.
<tarvid> I didn't know it existed
<sbeattie> tarvid: 2009-1377, 2009-1378, 2009-1379 were fixed in the karmic cycle (pre-lucid); 2009-3245 was fixed in 0.9.8k-7ubuntu8 for lucid, 2009-3555: 0.9.8k-7ubuntu8.1, 2010-0433 doesn't apply as we don't build with kerberos support.
<sbeattie> 2010-0740 and 2010-0742 are marked as not for us, but I'm not sure why.
<tarvid> sbeattie, thanks. securitymetrics is nagging me about openssl and apache2
<sbeattie> tarvid: for apache2, 2010-1452 was fixed in 2.2.14-5ubuntu8.4; 2010-2068 and 2010-0425 affect non-linux only.
<hallyn_> zul: hey, do you know the root cause of bacula '_description' install problems, like in bug 637889 ?
<uvirtbot> Launchpad bug 637889 in bacula "bacula-director-mysql : debconf: Unknown template field '_description'" [Low,New] https://launchpad.net/bugs/637889
<sbeattie> tarvid: FYI, this is a web interface to the tracker that the ubuntu security team uses to track cves: http://people.canonical.com/~ubuntu-security/cve/
<tarvid> sbeattie, I'll go through the change logs and email securitymetrics
<tarvid> http://changelogs.ubuntu.com/changelogs/pool/main/o/openssl/openssl_0.9.8k-7ubuntu8.5/changelog
<tarvid> excellent, that will save time
<tarvid> sbeattie, then 0.9.8k-1 is to be interpreted as newer than 0.9.8k?
<l3dx> do I need a swap partition with 4gb ram?
<sbeattie> tarvid: kind of, yes, it's the first version of 0.9.8k packaged in debian.
<sbeattie> tarvid: ah, the reason we're not affected by 2010-0740 and 2010-0742 is explained in the detailed page for them: for 2010-0742, we don't enable the affected code, and for 2010-0740, it only affected openssl 0.9.8m if shorts are 16bits, which they are on all ubuntu supported platforms.
 * sbeattie just released usn 1029-1 for openssl yesterday, so is, uh, somewhat sensitive to reports of unfixed cves in openssl.
<incognito> can anyone tell me if mysqli is enabled by default in php5 and mysql installation on ubuntu 8.04 server?
<air^> your phpinfo can tell you. :)
<tarvid> sbeattie, thanks for the help. I have reviewed every CVE cited by securitymetrics.com and I am satisfied they have all been addressed. I'll wager both of us would like to be rid of the false positives.
<Spiritus> North VS South. Same people from the beginning and still genetically brothers and sisters. Why argue, boggles my mind.
<Spiritus> Does the US have low cash now and thats why some of its companies are not nice and the politichians even worse ?
<Spiritus> you know all the lawsuits etc
<Spiritus> Recently Sweden and US competed in what we assumed was fair trade on selling and buying fighter jets. Norway seems to have gone behind our backs and so did USA. So instead of or neighbour country Norway (That was once Swedish) bought fighter jets from the US after the US had denied the Swedes to buy more of the radar-systems for said airplanes. This looks really bad ideed.
<Spiritus> So billions of dollars where shipped to Norway instead of Sweden. Norway has all the oil you know.
<Yompa> Spiritus, typing in the right window? ;-)
<Spiritus> So thats why the south? has been angry againt certain members of certain countries all this time (since 2003) i think thats when the new president got elected. So by that i read that amongst the southern people many people have passed away and theres a sorrow time
<Spiritus> Yompa: Trying to sort this thing out... very odd because i like both sides as they are the same peoples.
<Spiritus> Yompa: So the O's and the T's are at it right ?
<Spiritus> Otherwise we may have to fix it.
<Spiritus> Yompa: You remeber the US company gateway that Hakan Lanz lost against and then won a bit, but got nothing for his inventions.
<Spiritus> I think gateway is gone now and theres a new company that has taken its place and stance
<Spiritus> So Swedes invent things and get nothing for it basically.
<sbeattie> Spiritus: we're still wondering what any of this has to do with #ubuntu-server.
<Spiritus> We made windows, but didnt get to invent it further, overtaken because infrastructurally important and or critical. from Sandvik AB.
<Spiritus> sbeattie: Do you feel its information you know and or dont want to hear about instead of noone chatting at all ?
<Spiritus> y/n/ssh ?
<Spiritus> :)
#ubuntu-server 2010-12-09
<Spiritus> Like Obiwan :)
<Spiritus> Pondering Aragorn freeze.
<Spiritus> Yompa: So, what do you do here ? Talk about why servers arent updated and breaches are made ?
<Spiritus> The US military wanted some coding so i did that, but didnt even get a lousy t-shirt in return. Sure it was cool, but come on! I spent 3 days on those changes, day and night wo sleep.
<Spiritus> And all i asked for was a t-shirt to hang on my wall.
<Spiritus> Ooh, i see a lack of empathy.
<Spiritus> Ah, theusgas
<Spiritus> Report: The only sign of intelligent life is called "Yompa" :)
<jeeves_moss> how can I script a way of moving a file from the input directory to an output directory, however, leave a "touched" file with the same file name in the input directory?
<Spiritus> mv PATH/oldfile PATH/newfile |
<Spiritus> mv PATH/oldfile PATH/newfile | echo @1 ... if this -> @$1 or $1 gives the path/filename you can use $2 etc
<Spiritus> Depends on what shell youre scripting it in..
<jeeves_moss> Spiritus, I'm guessing it's bash.  it's the standard one
<Spiritus> #!/bin/bash or #!/bin/sh -> tcsh etc
<jeeves_moss> Spiritus, #!/bin/sh
<Spiritus> Always let the runtime shell know what file its trying to compile. At top of the file give the origin: #!/bin/bash (Newline here)
 * RoyK packs up to thaw up a little in ReykjavÃ­k
<Spiritus> Use bash, the docs arent good for sh
<Spiritus> RoyK: Rockinvik! /greetz
<RoyK> :)
<Spiritus> jeeves_moss: stdout doesnt work well with #sh as with #bash if its for example a forked process in some cases.
<Spiritus> On Gotland we have Rouks! :)
<Spiritus> Im from the mainland though
<Spiritus> Rauks
<Spiritus> qbric ... thats a sucky network trying to keep the truth from the people, aka RealPlayer.
<Spiritus> They also feed us with false information on a daily basis since 2003.
<Spiritus> IE: The Swedish government tv garbage
<Spiritus> 90% of what they show is disecting humans and or blowing them up (NCIS, some murering idiot and some doctor guy with a caine etc etc etc)
<Spiritus> Or that fucking chef thats all about "JallaJalla/YallaYalla" or whatever stress they can put their young under.
<Spiritus> the f-word idiot
<Spiritus> I like Simpsons, Seinfeld, Absolutely Fabulous, SG and fishing programs. I hate opera, mtv and anything stressfull
<Spiritus> -1l
<Spiritus> Why hasnt mtv been cancelled yet ?
<The_Tick> because it generates tons of revenue
<Spiritus> Complete garbage.
<Spiritus> So idiots watch that, really ?
<The_Tick> there's some decent shows on it I suppose
<The_Tick> but it doesn't matter
<The_Tick> if the show can generate viewers
<The_Tick> then the ads go from 40k to like 300k
<The_Tick> for a single 30 second clip
<The_Tick> or even higher
<The_Tick> so if a show has what, 3 or 4 ads
<The_Tick> per break
<The_Tick> and 2-3 breaks
<The_Tick> and gets rerun, what, 30 times a week?
<The_Tick> tons of cash
<The_Tick> you go tell mtv to shut the doors and they'd just laugh at you
<The_Tick> because you don't get it :)
<The_Tick> in the US when the whole late show problem occured with conan and jay leno
<The_Tick> jay went to an earlier time slot
<The_Tick> almost nobody watched it
<Spiritus> I have watched it, couldnt find anything good on it "Oh i got a lipsucktion those balls" :)
<Spiritus> MTV sucks arse!
<Spiritus> I actually have to pay for it wether i want to or not. Thats the really odd part.
<The_Tick> the ads STILL generated 40k per ad
<The_Tick> per showing of the ad
<The_Tick> with almost nobody watching
<Spiritus> 90% of the money i pay for my tv license goes to needy people in the under developed countries. Why cant i just go there with some companies and build them some wells ?
<The_Tick> you pay to watch tv?
<Spiritus> MTV blows
<The_Tick> woah, what?
<The_Tick> you actually pay?
<Spiritus> You do too, tv-license
<The_Tick> that's hilarious
<The_Tick> nope
<The_Tick> there's no licensing in the US
<The_Tick> and I live in the US
<The_Tick> so I do not pay
<Spiritus> Swedes pay billions each year to watch tv we ourselves made.
<Doonz> hey does anyone use byobu here?
<The_Tick> silly swedes
<Spiritus> Then again, we are the richest country on earth right now... i doubt it.
<The_Tick> richest because you pay dumb taxes like that one
<Spiritus> The_Tick: Wanna play with the fjords of doom ? :) /You make me so happyfied :)
<Spiritus> !Entail ^^
<Spiritus> You have entered a database of doom, want to climb out ?
<The_Tick> you hate mtv and yet consider this entertaining?
<Spiritus> !Envicathiem est
<Spiritus> You seem nice
<Spiritus> The_Tick: Isnt chatting with people better then mindnumbing brainlessness ?
<The_Tick> no
<Spiritus> IF you think not, then why are you here ?
<The_Tick> I think there's room for both
<Spiritus> LOL
<The_Tick> but I think bitching about it forever is annoying
<Spiritus> Youre as fun as a sack of old potatoes
<Spiritus> Youre rubber im glue... whatcha gonna do ? :)
<Spiritus> We are fun to the onlooking crowd. Im liking it.
<Spiritus> The_Tick: Dont you think IRC can also be fun, like it was before 2003 ?
<Spiritus> I for one liked that betterwebs
<The_Tick> Spiritus: I think it can't be like it was in 95, no
<Spiritus> The_Tick: Ill settle for 2000, atleadt then crazy manicas didnt roam freely as ops (jokes where ok ans so where discussions). Then Idiots entered by governmet policy and removed all the fun, so we had to have fun with the evils.
<Spiritus> And it was indeed fun.
<Spiritus> So if i see anyone saying !ot again anywhere ill know its a microsoft employee amongst a few other tell tell signs.
<The_Tick> Spiritus: but you're from sweden
<Spiritus> We dont like those ;)
<The_Tick> your opinions on irc do not matter
<Spiritus> Explain ?
<The_Tick> too close to norway
<Spiritus> So then finland is crap as well ?
<Doonz> does anyone know how to add more hard drives to the status line in byobu?
<Spiritus> To you ?
<Spiritus> The_Tick: So Mrs tick :) ... Do you live in US ?
<The_Tick> Doonz: they don't have good docs?
<Doonz> no actually
<The_Tick> bla
<lifeless> Doonz: have you checked out 'man byobu' ?
<The_Tick> any config file?
<Doonz> http://manpages.ubuntu.com/manpages/maverick/en/man1/byobu.1.html
<Doonz> this is what im reading
<Doonz> but what the man pages are saying the config file isnt really lining up
<Spiritus> I miss the US inputs. I talk to my coders by phone instead.
<Doonz> it doesnt really say how to add more disk monitoring in it
<The_Tick> Doonz: what kind of monitoring does it provide anyhow?
<Spiritus> But talking to people on irc tells if people are good or not so i prefer hireing them here granted good test results or very good credentials.
<Doonz> basically on the status line it just shows free space of the drive
<Doonz> 106GB,3%
<Doonz> thats what it shows for my main drive but i have 3 others that i would like to monitor
<Spiritus> df -hP /
<The_Tick> Spiritus: unless you know what the hell he's asking
<The_Tick> which you don't based on that answer
<The_Tick> please be quiet
<kirkland> Doonz: so you want to monitor multiple drives?
<Doonz> Spiritus: yeah trying to avoid typing that
<Doonz> kirkland: yea
<Doonz> i have sd[a-d]
<Spiritus> The_Tick: Yes sir! :) /rotfls
<The_Tick> Doonz: why do you need to know that constantly? :)
<kirkland> Doonz: okay, do this ... "mkdir ~/.byobu/bin"
<Doonz> cause my wife has a habit of filling up the hdd's
<The_Tick> heh
<Doonz> she loves photography
<The_Tick> Doonz: besides this I'd add a cronjob to run every 15 minutes, and if you're at 10% email yourself
<Doonz> but 10Gb of pictures of our vase in the kitchen......
<The_Tick> 10% left
<Doonz> yeah i have that set up now
<Doonz> :)
<kirkland> Doonz: cp /usr/lib/byobu/disk ~/.byobu/bin/17_disk
<kirkland> Doonz: then edit ~/.byobu/bin/17_disk
<kirkland> Doonz: and have it monitor each of your disks
<Doonz> ok let me try
<kirkland> Doonz: that's how you create a "custom" byobu status script
<kirkland> Doonz: you could make that script do whatever you want
<Spiritus> The_Tick: http://en.wikipedia.org/wiki/Brigadier_General .. :)
<Doonz> uuh
<Doonz> hmm
<Doonz> in the original if statment do i just change it to a 2
<Doonz> and then set the mp to where ever that drive is mounted
<Spiritus> The_Tick: By helping to specify and construct the GNU and in coding Linux i think i could possibly know what im doing sir :) .. It means Freedom!
<The_Tick> Doonz: sounds like you'll have to play with it
<Doonz> yeah wish me luck woot
<Doonz> !!!
<Doonz> bbl
<Spiritus> I think freedom can be whiffed. The freedom to know.
<Spiritus> I like this new bounce vpn via wirelsss
<Spiritus> Packets embedded via subnet broadcast PEBCAK's bounced from lands to seas. Its fairly cool.
<Spiritus> Im on wireless atm, but the interchanging HUBs pass the traffic on via SO_LINGER and reconnects under the timeouts. Im loving it
<Spiritus> Has anyone tried headerpassing ?
<Spiritus> portknocking, but thats bound to fail at some point..
<Spiritus> Why... Consider a max amount of knocks=65535 (IANA registered port range) .. Hack the kernel and you have 0-infinite almost.
<Spiritus> Hackers today are so confined
<Spiritus> Same goes for subnetting and adressing. Otherwise youre playing ... on the fields of barley ... :)
<Spiritus> Not to say Barley isnt cool, because it is my friends ;)
<Spiritus> On the fields of barley! ... nananna!
<fluvvell> Spiritus, move it to ubuntu-offtopic please
<Spiritus> fluvvell: Would you say that barley is raw sugar, or stronger then raw sugar sir ?
<Spiritus> Or did you wnt to ask a computer related question ?
<Pici> Spiritus: Could you please try to stay on topic here.  If you want to chat about randomness, there is #ubuntu-offtopic
<Spiritus> char c = 'x';
<Spiritus>     while((c = cin.get()) != '\n' && c != '\0'); ?
<sbeattie> Pici: thank you. I think you were the 4th person to ask Spiritus to respect the channel topic.
<april__> i'm trying to move a bunch of files from one folder to it's parent folder. I tried 'for f in *; do mv /path/to/directory/"$f"; done' and i get the error "mv: missing destination file operand after '/path/to/directory/filename.zip' what am i missing?
<qman__> april__, mv * ../ ought to work
<qman__> and you're missing a source or destination file
<qman__> you only have one file listed after the mv command
<Daethz> That pici seems way gay.
<mike01> has anyone configured honeyd on ubuntu server?  i'm testing it out via 127.0.0.1 - my virtual honeypots respond to pings, but not TCP connections
<i0nic> trying to restart ssh but its not in /etc/init.d/ssh ?
<dragoon123> Hi, I just installed Hibernate and rebooted my server know it is stuck @ the loading screen I tried recovery mode but it's the same. How do I get around this?
<twb> i0nic: in 10.04, /etc/init.d/ssh.conf provides sshd normally, so run "restart ssh".
<twb> Sorry, /etc/init/ssh.conf
<twb> i0nic: the sysvinit /etc/init.d/ssh is provided by disabled by default, because the upstart version can't handle some ssh configurations.
<hansin> i0nic: I am not sure if I am getting this right (twb, correct me if I am wrong), but with many "init scrips" moving from sysvinit to upstart, there are changes happening. And right now some scripts are native upstart style and some still sysvinit. Sounds like SSH uses an upstart script, but supplies the sysvinit (in /etc/init.d/) as backup.
<i0nic> twb ahh thanks
<twb> hansin: openssh-server is unusual
<twb> NORMALLY when an upstart job is provided, a backwards compatibility symlink is placed in /etc/init.d
<i0nic> so im trying to setup a reverse dns between a tablet and my server and I keep getting
<hansin> I'm just sort of figuring this all out, so if what I say is obvious, just ignore. Okay, I think I get it.
<i0nic> ssh_exchange_identification: Connection closed by remote host
<i0nic> ssh_exchange_identification: Connection closed by remote host
<i0nic> ssh_exchange_identification: Connection closed by remote host
<i0nic> ssh_exchange_identification: Connection closed by remote host
<i0nic> ssh_exchange_identification: connection closed by remote host
<i0nic> ouch, sorry for spamming
<i0nic> my keys look to be right.. would this be logged somewhere?
<hansin> Most cases if there is a native upstart script, then /etc/init.d/ just contains a symlink to native upstart script. *But*, because SSH upstart script has limitations, a true native sysvinit script (not a symlink) is also included as well. This is what you are saying, right?
<dragoon123> Anyknow any fast ways of troubleshooting a kernel loading prob?
<Doonz> is there a bandwdith monitoring program for the cli?
<twb> i0nic: ssh access issues are logged in auth.log *on the server side*.
<twb> i0nic: by design, the client is not told WHY it was refused access.
<twb> i0nic: I'm gonna guess that the problem is insecure permissions on ~/.ssh or ~/.ssh/authorized_keys
<hansin> Doonz: I found this link; it might be close to what you are looking for. Both listed packages are in the Ubuntu repos: http://www.surlyjake.com/linux/linux-command-line-bandwidth-monitor/
<twb> Hmm, free -m is reporting
<twb> -/+ buffers/cache:        680       7283
<twb> But nothing in top has mem% above 0.0
<twb> So what's using all that 680MiB?
<Cromulent> hmm what does the mysql_secure_installation command actually do? I forgot to run it and would like to take the hardening steps myself
<The_Tick> http://dev.mysql.com/doc/refman/5.1/en/mysql-secure-installation.html
<The_Tick> http://dev.mysql.com/doc/refman/5.5/en/mysql-secure-installation.html
<The_Tick> and that's just by using google
<Cromulent> ah thanks I assumed that was an ubuntu thing for some reason
<The_Tick> most things are not
<Cromulent> seems I have already done that
<The_Tick> some things are, but bleh
<uvirtbot> New bug: #687681 in postfix (main) "package postfix 2.7.0-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/687681
<kaushal> hi
<kaushal> Can some one please suggest me about which Raid Controller Card is http://pastebin.ubuntu.com/541366/
<garymc> Hi anyone know where my php error logs are stored? Im using PHP5.3
<kaushal> Hi
<kaushal> is there hpacucli available for 10.04 ?
<jpds> kaushal: I believe you have to use the RPMs.
<kaushal> jpds: oh ok
<kaushal> jpds: Thanks
<jpds> alien and all that jazz.
<kaushal> jpds: sure
<kaushal> will update you now
<qman__> garymc, php errors are normally logged through the web server, which for apache would be /var/www/apache2/error.log by default
<qman__> err
<qman__>  /var/log/apache2/error.log
<qman__> not www
<kaushal> jpds: hi again
<kaushal> i get http://pastebin.ubuntu.com/541402/
<kaushal> Please suggest further
<kaushal> jpds: got it now
<kaushal> it worked
<kaushal> fine
<uvirtbot> New bug: #687985 in nut (main) "[FTBFS] package 'nut' (2.4.3-1ubuntu5) failed to build on natty" [Undecided,New] https://launchpad.net/bugs/687985
<uvirtbot> New bug: #687977 in ibmasm-utils (main) "[FTBFS] package 'ibmasm-utils' (3.0-1ubuntu10) failed to build on natty" [Undecided,New] https://launchpad.net/bugs/687977
<uvirtbot> New bug: #687979 in jug (main) "[FTBFS] package 'jug' (2.0.0-1) failed to build on natty" [Undecided,New] https://launchpad.net/bugs/687979
<uvirtbot> New bug: #687983 in librdmacm (main) "[FTBFS] package 'librdmacm' (1.0.10-1) failed to build on natty" [Undecided,New] https://launchpad.net/bugs/687983
<uvirtbot> New bug: #687968 in bacula (main) "[FTBFS] package 'bacula' (5.0.2-2ubuntu1) failed to build on natty" [Undecided,New] https://launchpad.net/bugs/687968
<uvirtbot> New bug: #687971 in eucalyptus-commons-ext (main) "[FTBFS] package 'eucalyptus-commons-ext' (0.5.0-0ubuntu2) failed to build on natty" [Undecided,New] https://launchpad.net/bugs/687971
<uvirtbot> New bug: #687974 in groovy (main) "[FTBFS] package 'groovy' (1.7.0-3ubuntu1) failed to build on natty" [Undecided,New] https://launchpad.net/bugs/687974
<uvirtbot> New bug: #687988 in quagga (main) "[FTBFS] package 'quagga' (0.99.17-2) failed to build on natty" [Undecided,New] https://launchpad.net/bugs/687988
<piquadrat> Hi! I just installed phpmyadmin on maverick, and it pulled in apache as a dependancy. But phpmyadmin works perfectly fine with other http servers like nginx or lighttpd. Is that dependancy really warranted?
<patdk-wk> heh, it depends on mod-php :)
<patdk-wk> that would be the bug I suppose
<ilovegrolsc> my server keeps getting password attack ssh root login
<ilovegrolsc> dozens of different ip's
<patdk-wk> install fail2ban :)
<ilovegrolsc> i have 10 login attemps per second
<binBASH> change ssh port
<ilovegrolsc> how
<ilovegrolsc> at the moment im manually doing iptables -s mofo'sip -j DROP
<patdk-wk> if you install fail2ban it will do the drops itself for you :)
<patdk-wk> no config needed
<ilovegrolsc> oh
<ilovegrolsc> i'll google it thx
<patdk-wk> unless you want to ban more than just craploads of failed ssh logins
<ilovegrolsc> it would be nice if instead of just deny or drop there was like a 'fuckYou+deny' option
<patdk-wk> tarpit :)
<patdk-wk> that would require editing how fail2ban adds rules, and compiled the xtables modules
<Daviey> patdk-lap: Best to raise a bug :)
<Daviey> (re apache with phpmyadmin, via mod-php)
<patdk-wk> daviey, heh, a quick look shows a crapload of packages require mod-php, some even mod-php4
<Daviey> patdk-lap: eeeeeeek
<ilovegrolsc> what does this mean
<ilovegrolsc> Dec  9 08:34:14 vps1098 sshd[9525]: Did not receive identification string from UNKNOWN
<ilovegrolsc> only entry after i blocked the hacker
<ilovegrolsc> in my log
<Daviey> ilovegrolsc: Looks like you were probed.
<Daviey> (it's common)
<ilovegrolsc> yea im not panicking or anything
<ilovegrolsc> actually i dont care if ppl try to login they would never guess my password
<ilovegrolsc> but i care if that 10 attemps per second slow down my server
<ilovegrolsc> use resources
<patdk-wk> I had it overload a t1 line
<ilovegrolsc> must've been alot
<ilovegrolsc> i'll install fail2ban sounds good
<patdk-wk> iptables -L fail2ban-ssh -nv
<jpds> ilovegrolsc: Remove the password and use SSH keys only?
<ilovegrolsc> that sounds good but i dont know how to do it
<patdk-wk> jpds, that still wouldn't help not overload a t1 with invalid requests
<ilovegrolsc> i dont even know how to change the ssh service port
<jpds> patdk-wk: Set up an SSH TARPIT.
<patdk-wk> that is all editing /etc/ssh/sshd_config
<jpds> patdk-wk: A la http://www.outflux.net/blog/archives/2010/11/10/tarpit-iptables-target/
<patdk-wk> jpds, that is what I did, just fail2ban is esay and simple for the detection to manage the tarpit :)
<ilovegrolsc> in 24 hour period i have like 20 different ip's doing 10 logins per second
<ilovegrolsc> most from China
<jpds> ilovegrolsc: Yeah, normal.
<ilovegrolsc> seems simple if i only need edit sshd config
<patdk-wk> ya, as much as changing the port helps and stuff, it's still only security through obscusion
<patdk-wk> main reason I don't bother
<jpds> ilovegrolsc: https://help.ubuntu.com/community/SSH/OpenSSH/Keys
<patdk-wk> keys will make sure pretty much, you aren't brute forced via password
<patdk-wk> but they can still chew up bandwidth
<ilovegrolsc> yea im certain they would never guess my pass
<ilovegrolsc> i'll get fail2ban and stop them from trying
<patdk-wk> or login from a virus infected machine?
<tdn> How do I make a bootable Ubuntu server installer from USB via ssh from another old ubuntu server?
<ilovegrolsc> pki might be wort it if i was assange and the gov wanted into my server ;)
<ilovegrolsc> worth*
<jeremyA> with lucid 2.6.32-26-server on an Athlon64 X2 (AMD-based motherboard), I am experiencing frequent system hangs -- video goes dead, no kbd LEDs work, only hitting the restart button brings the machine back.  This is a server box without X running.  Nothing is logged.  Any tips for troubleshooting?  I have verified that RAM and cpu cooling are good, using memtest86+ and cpuburn.  No SMART errors are reported by the drives.
<jeremyA> I have also tried the 2.6.34 mainline kernel, with little luck.
<jeremyA> it lasted longer before hanging up -- 10 hours, when run with clock_source=hpet, but it still hung up.
<patdk-wk> heh, I find pki logins nice, it's so fast :)
<ScottK> Daviey: Next time you do a mass bug file for FTBFS, you might review the logs first to see if the build failures are actual package problems.
<ilovegrolsc> just wondering what to type in console to download direct2ban
<ScottK> I just checked all your failures that weren't also in http://udd.debian.org/cgi-bin/ubuntu_ftbfs.cgi and a large fraction of them were artifacts of how you did the rebuild.
<Daviey> ScottK: If there is a next time i probably will... this was an experiment.
<ScottK> OK.
<jeremyA> ilovegrolsc:  I use pubkey authentication all over the place
<Daviey> ScottK: Are you interested in being more involved the standard daily triage of the package set?
<jeremyA> it's tons better than password, even for low-security things
<ilovegrolsc> i'm already using it on my server for openvpn
<ScottK> Daviey: Not for "fun" in my free time, no.
<ScottK> I'm more interested in not getting bogus bugs landing in my inbox.
<Daviey> ScottK: Do you find investigating Invalid FTBFS bugs fun?
<Daviey> (seriously)
<ScottK> No.
<ilovegrolsc> with a beer on hand it might be fun
<ScottK> Daviey: No.  I'm seriously annoyed you filed the bugs without even looking at the logs, thus wasting my time.
<Daviey> ScottK: I did look at that log actually, i mean't to pluck it out.
<Daviey> ScottK: However, i don't understand why you wasted time looking at them?
<tdn> How do I make a bootable USB to isntall Ubuntu server?
<ScottK> Daviey: The first one I looked at because it landed in my inbox, was Python related, and we've got a Python transition going on.
<Daviey> ScottK: It would be really useful to know what part of the server you do find fun, it might be better use of the teams time as a whole - and allowing us to help present the stuff you do find fun.
<ScottK> Daviey: The rest I looked at after I saw your email to ubuntu-server and I didn't want new contributors getting discouraged when asked to look into crap bugs.
<patdk-wk> ilovegrolsc, apt-get install fail2ban
<Daviey> ScottK: I really don't want you to waste your time on these, if you feel that it's of no benefit.
<ScottK> I think it would have been a fine effort to involve new people if the bugs had represented actual failures.  IMO an unreasonable fraction of them didn't.
<smoser> hallyn_, https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/687997 is there a bug in qemu-kvm's apport-hooks ? there is no qemu-kvm package version there.
<uvirtbot> Launchpad bug 687997 in qemu-kvm "XP Pro SP2 refuses to initiate graphical install phase" [Undecided,New]
<ScottK> Personally I use lists like http://udd.debian.org/cgi-bin/ubuntu_ftbfs.cgi and http://qa.ubuntuwire.com/ftbfs/ to work on FTBFS and not bugs in general to work on build failures, but I can see there value for others.
<smoser> never mind, hallyn_ i see it.
<hallyn_> smoser: ok
<smoser> its not in the blobs in the summary
<smoser> but in related pacakges
<ilovegrolsc> 0.8.1 is latest version patdk?
<Daviey> ScottK: Initially, i wasn't going to share the results.. but some other members of the team were interested... I nearly sent them to the mailing list... but i had concerns with noise on there.
<patdk-wk> 0.8.4 on lucid
<hallyn_> yeah, 'attach_related_packages'
<Ninjix> anyone have any experience setting up 802.3ad bonding on Dell PowerConnect switches?
<ScottK> My problem isn't with the list or the sharing, just the lack of QA before doing so.
<Daviey> ScottK: Getting an extra 23 bugs in my Inbox, i didn't consider to be a big deal - perhaps i was wrong.
<patdk-wk> ninjix, lots of netgear and cisco :)
<ScottK> Daviey: If they are valid bugs it's not.
<zertyu> hi
<zertyu> is there any script to disable plymouth ?
<Daviey> ScottK: This was purely a first cut.. i don't know if i'll do it again
<Ninjix> patdk-wk: I'm only seeing one interface getting used
<patdk-wk> how did you configure it?
<patdk-wk> dynamic or static? I found dynamic isn't very reliable
<patdk-wk> and you need to configure it on both ends
<Ninjix> patdk-wk: I've setup LACP static
<patdk-wk> on both switchs?
<patdk-wk> or is this switch to computer?
<Ninjix> switch to computer
<patdk-wk> how do you know it's only using one?
<Ninjix> I'm running bmon
<patdk-wk> what is bmon?
<Ninjix> handy interface monitoring tool for console
<patdk-wk> ok, but that isn't a test
<patdk-wk> I assume yo uattempt a file transfer or something while watching bmon?
<consumerism> i have written some utility scripts i want to make available to users on several servers. i've never made a .deb before and the scripts are just a few files in a directory that have historically just been added to $PATH for people to use them. what's the best way to get these more easily packaged/installable?
<Ninjix> for test I'm running bonnie++ against NFS on 10g NAS
<patdk-wk> well, that will only use one interface, how 802.3ad works :)
<patdk-wk> how if you did a bonnie++ against 4 different nfs servers
<patdk-wk> then it should use both
<Ninjix> ahh...
<patdk-wk> 2 is probably enough, but just incase :)
<patdk-wk> it's to solve the whole, tcp packets out of order thing
<patdk-wk> one wire might be longer or slow than the other
<ilovegrolsc> ok installed, in jail.conf i can put my static ip in the ignoreip list? just wanna make sure im not locked out
<patdk-wk> so all ip -> ip traffic uses the same interface
<Ninjix> gotcha
<Ninjix> it's less magical than I had hoped
<patdk-wk> well, it depends what you want
<patdk-wk> to access one very large nfs, kind of useless
<Ninjix> that's how obeys ethernet standards
<patdk-wk> to serve to the internet, very useful :)
<Ninjix> I see different hash methods L2,L3 and L4
<ilovegrolsc> why does it want my email address in the jail.conf patdk?
<ilovegrolsc> am i gonna get an email every time it blocks an ip?
<ilovegrolsc> that would be bad
<patdk-wk> Ninjix, I forget, the hash methods might need to match the other side (the switchs)
<Ninjix> is that negotiated by the kernel driver?
<patdk-wk> ilovegrolsc, it can email you each time it bans someone
<Ninjix> patdk-wk: thanks for the quit explanation. Now I know what to look for in the IEEE docs and have found more information
<Ninjix> now I just need to find better Linux docs covering the output of /proc/net/bonding/bond0
<patdk-wk> heh? it looks pretty straight forward :)
<ilovegrolsc> one last Q about it... i changed ssh-iptables to true, thats all? cuz i also see ssh-tcpwrapper
<ilovegrolsc> and ssh-ipfw
<Ninjix> should the Aggregator ID equal the same integer I've assigned to the LAG on the switch? or is it internal to the server?
<patdk-wk> Ninjix, looks like the hash method doesn't matter much
<patdk-wk> but you would have to change it on the switch to affect your incoming hash method from other stuff to your machine
<patdk-wk> so using the later3+4 hash method would use more than one interface if you mounted the same nfs server more than once
<Ninjix> ahh... so it has more to do with how the switch decides which line throw the packet down
<patdk-wk> but I think packets from nfs to your computer will still only use one interface :)
<Ninjix> that matches my test
<patdk-wk> most switchs don't let you change it
<ilovegrolsc> hmm
<ilovegrolsc> i see fail2ban has added its own chain to iptables
<raubvogel> ilovegrolsc, I thought that is what it always does, so it is easy to find the rules it adds
<ilovegrolsc> its working
<ilovegrolsc> kicking ass and adding iptables rules
<cdubya> is there a package available for spam/virus filtering? I read about the suggestion on wiki and talk about possibly doing something with tasksel or something like that, but has anything come of it?
<raubvogel> cdubya, you mean besides spamassassin and the likes?
<cdubya> yeah
<keyz182> Hi all, I've got a question about vmbuilder. When I run it, once it's finished doing it's thing I get the directory ubuntu-xen as expected, and inside are the filesystems. They seem to have names based on "tmp" followed by a random string. Is there a way to control the names of the files?
<b0gatyr> anyone know of a way to make the terminal window "flash" when the audible bell goes off?
<zertyu> hi
<zertyu> is there any equivalent of rbash ?
<soren> Just use rbash.
<i0nic> anyone running lighttpd/php  ?
<i0nic> I could use a howto on this =)
<zertyu> rbash
<zertyu> i can't understand how it works
<soren> zertyu: Why do you think you need it, then?
<zertyu> ok i try to explain my problem
<zertyu> what i try to do is : i got a user called user1 i want to restrict access on my server to /var/www/sitex only
<zertyu> rbash is the correct one ?
<soren> Depends.
<soren> But probably not.
<zertyu> so what tool i have to use ?
<zertyu> well
<pmatulis> zertyu: what will that user be doing on the server?  based on the path you gave, probably uploading/downloading files.  in that case, consider a sftp chroot
<zertyu> i simply want to allow user1 just only on that folder /var/www/sitex and access to read and write
<pmatulis> zertyu: maybe a ssh chroot then
<zul> JamesPage: the groovy looks good im just trying to reproduce and then ill merge
<JamesPage> zul: OK; ping me if anything is weird....
<zul> JamesPage: i just had to fix the changelog but it looks good anyways
<JamesPage> zul: I should try to remember what release I'm working on :-)
<JamesPage> zul: thanks
<zul> JamesPage: no probs thanks
<hallyn_> smoser: so, just wondering - why is bug 687997 triaged?  you know what it is?
<uvirtbot> Launchpad bug 687997 in qemu-kvm "XP Pro SP2 refuses to initiate graphical install phase" [Medium,Triaged] https://launchpad.net/bugs/687997
<hallyn_> bc, i've not seen that myself with several recent windows installs...
<smoser> hallyn_, i do not know the problem, but i believe there is enough information to reproduce.
<smoser> do you suggest a better state ?
<smoser> there is a kvm command line there also.
 * hallyn_ scratches his head
<hallyn_> I guess I need to go re-read the bug status descriptions
<smoser> hallyn_, i could be mistaken
<smoser> or likely am. what would you have set it to ?
<hallyn_> well, not sure - i guess i'd leave it at New until someone can confirm with the recipe
<hallyn_> thing is, if it's Triaged I assume that means upstream knows about it and has an idea how to fix it
<hallyn_> (or, we have an idea how to fix it)
<hallyn_> which means - I'll ignore it when scanning bug lists
<hallyn_> which is why i need to figure out whether i'm doing that wrong :)
<\sh> ivoks: pingeling...lucid + drbd .. where in father xmas name is drbd module?
<hallyn_> smoser: all right, well i guess i'm misinterpreting.
<hallyn_> sorry :)
<smoser> hallyn_, well, 'New' is definitely not righ.
<smoser> but i dont really know what it should be there. ...
<hallyn_> smoser: no, you were 100% right
<hallyn_> Triaged means precisly that you think there's enough info there that someone can work on it, and it looks like a real bug
<ivoks> \sh: in kernel
<\sh> ivoks: it isn't
<hallyn_> now, i think several of the qemu bugs are dups - i think there is a problem with the i386 emulator
<\sh> http://packages.ubuntu.com/lucid-updates/amd64/linux-image-2.6.32-25-generic/filelist <- look for drbd
<ivoks> 2.6.32?
<ivoks> ah, not in 2.6.32
<\sh> WHOOOT
<ivoks> it got in in 2.6.33
<ivoks> drbd8-source
<\sh> this is not the truth?
<\sh> lucid without drbd?
<\sh> by default i mean
<ivoks> drbd8-source package has dkmsed module
<ivoks> i don't see where is the problem
<\sh> no
<\sh> module-assistent dkmsed the module now
<SpamapS> hallyn_: re bug 687535 from yesterday.. I comented on it a bit.
<\sh> it doesn't do it automagically
<uvirtbot> Launchpad bug 687535 in openssh "upstart loses track of ssh daemon after reload ssh" [High,Confirmed] https://launchpad.net/bugs/687535
<ivoks> \sh: it does, you need linux-headers-server (or -whatever server you use)
<ivoks> \sh: after that, just installing drbd8-source will give you drbd module
<ivoks> which will be compiled on every kernel upgrade
<hallyn_> SpamapS: oh, thanks - i didn't get notes about that, must have forgotten to subsribe
<ivoks> (-whatever kernel you use)
<SpamapS> hallyn_: indeed you did
<raubvogel> How can I quickly check if cron.d is being read? Would the log files show it?
<hallyn_> SpamapS: have i mentioned how happy i am this morning to have found pentadactyl?  :)  i can 'p' and 'y' in firefox again
<\sh> ivoks: why don't we have a dep on the linux headers when I install drbd8-source?
<ivoks> \sh: we do: linux-headers-server | linux-headers-generic | linux-headers
<RFleming> Greetings and salutations
<RFleming> Could someone shed some light on how to calculate how much space a partition will take based on a raw disk's total capacity?
<hallyn_> SpamapS: i agree with the guy - your 'invalid' comment was weird.  did you mean a dup of the other bug?
<al> oh, great
<al> exim is giving away root shells for free
<ivoks> you deserved it
<\sh> ivoks: hmmm....http://paste.ubuntu.com/541505/ <- have a look
<al> http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
<ivoks> for playing with exim :)
<ivoks> \sh: i know, i can't help you; you need to install headers first
<\sh> ivoks: http://paste.ubuntu.com/541507/ <- the headers were already installed
<SpamapS> hallyn_: Ugh, I meant Invalid in Upstart only.
<\sh> that's my problem
<ivoks> you are not looking right \sh
<hallyn_> SpamapS: now that you're leading the upstart community :) what's your expert opinion on his pidfile suggestion?
<ivoks> \sh: you don't have -server headers installed
<\sh> ivoks: right, I'm having a -generic kernel
<SpamapS> hallyn_: the trouble with pidfiles is race conditions
<ivoks> Building for 2.6.32-25-server and 2.6.32-26-server
<ivoks> doesn't look like
<SpamapS> hallyn_: so lets say sshd forks on SIGHUP, then the new process writes its own pid to the pidfile, so upstart sees that and begins tracking the new pid great. But meanwhile, the old parent has exitted, and upstart has gone "uh oh, parent exitted" .. and started a new one, which failed..
<\sh> ivoks: oh crap
<SpamapS> hallyn_: I actually think pidfiles would be fine, but they've been rejected with aggressive hand waving multiple times by keybuk, and I'm sure he has a long winded good reason for it as well.
<zul> SpamapS: not just keybuk as well
<hallyn_> SpamapS: zul: sometimes a hammer doens't work right, but sometimes it's the only thing htat will
<adamzap> hey guys im trying to do an ubuntu server install with only ubuntu-minimal packages, so ubuntu-standard. is there a trick to this? thanks
<\sh> ivoks: gotcha
<zul> hallyn_: hammer is not the right tool in this case...seldgehammer would be better
<adamzap> *no ubuntu-standard
<hallyn_> zul: do you have another suggestion for the sshd case?
<zul> hallyn_: no unfortunately
<hallyn_> zul: so, i marked it low prio, meaning i think it can wait for a design.  SpamapS marked it high priority, in which case i think waitint for the perfect design is irresponsible
<SpamapS> cjwatson: re bug 687535 , I was wondering if you had any thoughts on why we chose to use 'expect fork' instead of sshd -D in openssh's upstart config.
<uvirtbot> Launchpad bug 687535 in openssh "upstart loses track of ssh daemon after reload ssh" [High,Confirmed] https://launchpad.net/bugs/687535
<RFleming> Does anyone know how to calculate the amount of usable disk space after a disk is partitions based on the raw disk size?
<SpamapS> hallyn_: if sshd -D works, then thats the fix until we switch to proc connector / cgroups / whatever.. (and if its either of those, they can't be backported to lucid anyway AFAIK)
<RFleming> IE: I have 20TB of raw space, and want to calculate what the total space is AFTER partitioning.
<hallyn_> RFleming: i usually use df (or df -h)...
<ivoks> hallyn_: usually? :)
<RFleming> hallyn_, that works but I'm trying to calculate it before I purchase the hardware :)
<SpamapS> RFleming: fdisk will tell you how much it was able to use before writing.
<hallyn_> ivoks: other times i write a script to fill up the disk with '.', and then run wc to see how man '.'s there are :)
<SpamapS> RFleming: ahh based on the geometry?
<RFleming> yep
<ivoks> my guess is that he thinks that partitioning reduces disk size
<RFleming> ivoks, partitioning does reduce partition size :)
<hallyn_> really it's the fs metadata that can punish you the most
<ivoks> you do know that manufacturers lie about disk sizes?
<SpamapS> RFleming: should be "damn close to 20TB"
<ivoks> 120 GB isn't really 120GB... it's more like 100
<RFleming> the whole GB/GiB thing
<SpamapS> ivoks: they do not lie. They merely force reading every bit of microscopic fine print on their website and on the box the drive comes in to make sure it means 20*1024*1024*1024*1024 and not 20,000,000,000,000 ;)
<hallyn_> SpamapS: so i'm still trying to figure out why your pidfile scenario makes sense in any case other than pathologically mis-behaving application
<SpamapS> hallyn_: Me too actually
<ivoks> SpamapS: right
<hallyn_> i don't tthink cgroups work
<SpamapS> hallyn_: why not?
<hallyn_> well, then when you log in you'll be in that cgroup too :)
<hallyn_> and really, it doesn't help any more than your pidfile objection - if sshd forksand then crashes, upstart again will just think the child is the running task
<Psi-Jack> chkconfig doesn't work with Ubuntu 10.04.1 really, does it?
<Psi-Jack> Everytime I try to use it with lsb scripts, it just ... throws a bunch of crap and doesn't even do anything.
<hallyn_> SpamapS: now i suppose we can have PAM move you back out of the ssh cgroup, but then if that fails things will get exciting
<RFleming> SpamapS, the reason I ask is I'm creating ~830TB volume.
<hallyn_> can i have an account?
<SpamapS> hallyn_: agreed, following forks is difficult. Letting the process tell you which pid to track is a good idea. I guess the question is, does a pidfile do a good job of that?
<RFleming> sorry, we're not like Exim ;)
<hallyn_> :)
<RFleming> that 830TB is raw.  The partition table is going to be larger than a few gigs :)
<hallyn_> SpamapS: well, the pidfile lets you know if there is a mismatch between what the service said and reality.  which you can flag as pathological, kill, and restart
<hallyn_> now i dunno, maybe we should seriously follow up on the cgroup idea.  though i thought Keybuk hated that
<SpamapS> hallyn_: I believe he does. ;)
<hallyn_> SpamapS: oh, the ohter problem with cgroups:
<hallyn_> SpamapS: they're new and fun enough that ppl are using them in funky ways, and their moutnts setup might interfere with what we want
<hallyn_> though i guess we can just mount an empty cgroup named upstart
<SpamapS> hallyn_: seems systemd uses cgroups
<hallyn_> SpamapS: yeah, though i don't know exactly how
<hallyn_> i'll go take a look i guess
<SpamapS> RFleming: I'd just make sure its 20TiB and not 20 trillion bytes.
<SpamapS> RFleming: the geometry loss should be minimal.
<SpamapS> hallyn_: The way I understand the pidfile argument is simply that we shouldn't trust the daemon ever. I see the point in this, and I think I'd rather patch in --dont-daemonize cmdline options into each daemon than try to get pidfile creation working on all of them.
<uvirtbot> New bug: #327084 in satega "session -> access denied" [Medium,Fix released] https://launchpad.net/bugs/327084
<SpamapS> hallyn_: interestingly enough, many (most?) newer daemons have this built in because there are a lot of people running process trackers like upstart, runit, or daemontools
<cjwatson> SpamapS: I think I was basically just trying to avoid changing too much at once
<cjwatson> SpamapS: and I hadn't audited precisely what -D did
<hallyn_> SpamapS: but i thought just doing -D and ditching expect fork was not suficient?
<SpamapS> cjwatson: given that sshd does this fork->re-exec on SIGHUP, I don't think 'expect fork' will work, unless we can somehow tell upstart to expect fork every time we send SIGHUB
<SpamapS> HUP
<SpamapS> hallyn_: it is
<cjwatson> SpamapS: if you're happy to test it to make sure everything still works, feel free to make that change
<SpamapS> hallyn_: with -D, there's no fork->exec .. it just execs itself again.
<hallyn_> SpamapS: i thought the bug poster had a case where it wasn't, looking
<hallyn_> don't just tell me "it is"  :)
<l3dx> if I have two disks in software raid, do I have to do something in order to detach them and use them separately?
<cjwatson> RFleming: partition table sizes are typically measured in bytes or kilobytes, not gigabytes.  perhaps you're thinking of something else
<hallyn_> SpamapS: oh, i see, he was talking about your suggestion about following the children
<SpamapS> cjwatson: indeed, the sshd man page seems to suggest that -D is intended exactly for this purpose: "-D      When this option is specified, sshd will not detach and does not become a daemon.  This allows easy monitoring of sshd.
<kirkland> smoser: yo
<SpamapS> cjwatson: but its important enough to test thorougly.
<smoser> oy
<cjwatson> SpamapS: I think it's more likely that "monitoring" there refers to a sysadmin running it in a tty for testing purposes, actually
<cjwatson> but sure
<hallyn_> cjwatson: SpamapS: so any objections to taking that route?
<cjwatson> hallyn_: as I said above, none from me provided that somebody else tests it
<cjwatson> (to -D)
<cjwatson> I definitely don't want to use pidfiles wiwth upstart
<RFleming> cjwatson, then I am lost.
<RFleming> I know drive manufacturers report space as XB not XiB, so a 1TB drive is really 0.9313TiB
<RFleming> string 28 of those together and you get 26.077TiB, but after the disk is partitioned, the size is 25.4TiB.  Where did the ~690GiB go?
<cjwatson> RFleming: that's just different units, nothing to do with partitioning.
<cjwatson> er, wait, /me rereads
<cjwatson> yes, it's units.  your disk manufacturer is lying to you more than you think.
<Daviey> jdstrand: If you have a moment, i could really do with talking to you about apparmor :)
<cjwatson> RFleming: 1000 * 1000 * 1000 * 1024 bytes is 0.9313TiB, yes.  However, 1000 * 1000 * 1000 * 1000 bytes is 0.9095TiB.  Multiply that by 28 and you get 25.47TiB.
<RFleming> grr
<RFleming> but then the unit is wrong, because it's not base 2
<RFleming> we're back to base 10
<RFleming> so it's not 25.47TiB but 25.47TB
<jdstrand> Daviey: sure
<cjwatson> RFleming: indeed.
<cjwatson> RFleming: disk manufacturers do indeed typically quote base-10 sizes.
<RFleming> cjwatson, ok, I just plugged in a single 1TB drive.  Windows reports it as 931.39GB
<cjwatson> (this is why for example the Ubuntu installer's partitioner uses base-10 sizes throughout.)
<RFleming> which really is 931.39 GiB
<cjwatson> yes, you won't find the same names used consistently everywhere
<cjwatson> sadly if you really care about the distinction you have to get things to show it to you in bytes
<RFleming> cjwatson, but that brings back the original problem.
<cjwatson> which original problem?
<RFleming> if windows shows a 1TB drive as 931.39 GiB then 28 of those strung together is 25.47 TiB
<RFleming> D'oh!
<RFleming> my math sucks
<resno> if i am looking to just add a drive to a machine, what mount point should i use?
<resno> the drives main purpose is media stroage
<resno> my current storage drive uses /home
<RFleming> cjwatson, so does yours... curious how that happened
<cjwatson> RFleming: hmm?
<RFleming> cjwatson, your numbers all base 10 (909.5 GB * 28 / 1000) does equal 25.46 TB not TiB.  My NEW number of (931.39 GiB * 28 / 1024) gives 25.46 TiB
<RFleming> units suck
<cjwatson> No
<cjwatson> 1TB base-10 == 0.9095TiB base-2; 28TB base-10 == 25.47TiB base-2
<RFleming> 1TB base-10 == 0.93132 TiB base-2
<cjwatson> that is incorrect, sorry
<cjwatson> 1TB (base-10) == 1000 * 1000 * 1000 * 1000.  To convert that to TiB (base-2), divide by (1024 * 1024 * 1024 * 1024)
<cjwatson> $ bc -lq
<cjwatson> 1000 * 1000 * 1000 * 1000 / (1024 * 1024 * 1024 * 1024)
<cjwatson> .90949470177292823791
<cjwatson> the only way your calculation comes out the way you say is if you take 1TB == 1000 * 1000 * 1000KiB, i.e. 1000 * 1000 * 1000 * 1024, which is an odd hybrid unit that probably mainly serves to confus
<cjwatson> *confuse
<SpamapS> look at what you've done to cjwatson .. you've confus'd him
<ilovegrolsc> any1 here able to ssl into a server?
<ilovegrolsc> ssh
<SpamapS> ilovegrolsc: I'd say most of us are able tos sh into a server. ;)
<SpamapS> or to ssh either way ;)
<RFleming> 1TB = 10^12, 1 TiB = 2^40
<cjwatson> Yes.
<cjwatson> $ bc -lq
<cjwatson> 10^12/2^40
<cjwatson> .90949470177292823791
<RFleming> cjwatson, this is nuts.  why does a 1TB drive show up as .93139 GiB then?
<RFleming> your math is sound
<RFleming> but the reporting says otherwise
<patdk-wk> heh, it should report ATLEAST .909gigs
<patdk-wk> well, .909 terrabytes
<cjwatson> RFleming: because units are hopelessly inconsistent
<patdk-wk> drive makes use 1000 units
<cjwatson> find out the size in bytes and don't worry about the "friendly" presentation
<patdk-wk> computers use 1024 units :)
<patdk-wk> now if everything used 500byte sectors :)
<RFleming> .90949470177292823791 TiB = 1000000000000 B
<cjwatson> I have no knowledge of how Windows computes disk sizes
<RFleming> bizzare
<RFleming> I think patdk-wk made a good point, it's at least .909, with some extra thrown in for 1024 units.
<patdk-wk> na
<patdk-wk> it normally depends on the lba mapping
<patdk-wk> the drive might physically have 1.2tb of space
<patdk-wk> but can only map it to the bios as 1.1tb, or 1.0tb depending on settings
<patdk-wk> I dunno exactly how it works these days, I stopped caring at around 4gb drives :)
<RFleming> 1000 * 1000 * 1000 * 1024 will make a nice 1,024,000,000,000 B or .93132 TiB
<patdk-wk> like I can buy two 36gig sas drives, one is 36.7gigs, another is 37.2gigs
<patdk-wk> RFleming, they might of done that, keep simple 4k or 512 sectors
<patdk-wk> but the the firmware limits it to 1000*1000*1000 of them
<zul> SpamapS: ping can you have a look at https://bugs.launchpad.net/ubuntu/+source/php5/+bug/316441 when you are around
<uvirtbot> Launchpad bug 316441 in php5 "PHP session garbage collection" [Low,Confirmed]
<dravekx_> what does it mean when your server says "There is 1 zombie process"
<bluethundr> I am attempting to install sudo-ldap on a couple of machines (10.10 and 10.04LTS).. but I get the same error on each machine
<bluethundr> http://pastebin.ca/2014942
<bluethundr> does anyone know how I may get around this error?
<dravekx_> rofl
<Daviey> SpamapS / kirkland: Do either of you want to action the email to debian re bug #56679.. I see kirkland has been involved so far, but also SpamapS has a WI for that?
<uvirtbot> Launchpad bug 56679 in netcfg "provide a method to use a specified MAC-address as the installation device" [Wishlist,Triaged] https://launchpad.net/bugs/56679
<jdstrand> Daviey: whenever you file that bug, feel free to assign it to me
<SpamapS> Daviey: seeing as Dustin is assigned I'll let him take it. I do think we need to find a way to work w/o that. I have some ideas beyond ARP btw. :)
<kirkland> hmm, well i suppose i can;  i though cjwatson had asked Daviey to do so
<SpamapS> round and round we go! :)
<SpamapS> kirkland: can you confirm for me that cobbler does not have an API?
<Daviey> kirkland: he did... i'll do it... i just noted that both of you were also involved and thought you might want to
<kirkland> SpamapS: https://fedorahosted.org/cobbler/wiki/CobblerApi
<SpamapS> err..
<SpamapS> so..
<Daviey> SpamapS: we did talk about cobbler's API last night.
<SpamapS> Edison has what on Cobbler then?
<Daviey> SpamapS: To me, the edison API looks easier to extend.  That is all...
<SpamapS> hrm
<SpamapS> my NIH avoidance alarm is going off
<SpamapS> Daviey: readint his CobblerApi, it already does everything we want...
<Daviey> SpamapS: I didn't realise there was a py interface to the cobblerapi... i thought it was pure xmlrpc
<SpamapS> either way..
<SpamapS> I'm polishing this proposal with references and examples.. and cobbler is kicking edison's ass
<Daviey> SpamapS: Well the py interface is pretty significant
<tonyyarusso> Anyone know why 'vmstat' consistently gives me incorrect CPU usage numbers?  ie, it always shows the CPU as idle, across multiple platforms I've tried it on.
<Daviey> SpamapS: That seems fair...  I'm certain if Cobbler had the rot fixed, it would be fixed for good.
<SpamapS> Daviey: ... crap.. here we go 'round agian.
<Daviey> rot as in, Debian/Ubuntu host support and packaging
<Daviey> SpamapS: ack :)
<SpamapS> Daviey: I'm writing up what we'd have to do to Edison to make it work..
<SpamapS> Daviey: btw, its not a great django app.. lots of assumptions and hard coded stuff. :-/
<Daviey> SpamapS: It would be nice if Cobbler was fixed either way :)
<SpamapS> Daviey: yeah, see, if we just fix cobbler, then we don't need to do anything else.
<Daviey> SpamapS: and solves the upstream support concern.
<SpamapS> But.. damn we seemed so excited about Edison yesterday. ;)
<SpamapS> Daviey: heard back from them?
<Daviey> SpamapS: I've not chased it today.
<Daviey> jdstrand: raised that bug #688186 .. thanks for your help.
<uvirtbot> Launchpad bug 688186 in isc-dhcp "apparmor profile denying access to /proc/*/net/dev" [Undecided,New] https://launchpad.net/bugs/688186
<Daviey> SpamapS: Do you think we should commit some more time to getting Cobbler into shape?
<RoAkSoAx>  Daviey http://www.threedrunkensysadsonthe.net/2010/07/installing-cobbler-on-ubuntu/
<Daviey> RoAkSoAx: Thanks, aware of that :)
<RoAkSoAx> ok :)
<Daviey> he's the same author as edison fwiw
<RoAkSoAx> oh I didn't know that :) thanks for enlightment
<Daviey> RoAkSoAx: His fork still isn't quite there, but he has some good patches.
<RoAkSoAx> Daviey:  better something than nothing ;)
<Daviey> RoAkSoAx: Are you interested in helping out?
 * Daviey imagines RoAkSoAx pondering.
<RoAkSoAx> Daviey: I would, but first need to get other things done (PowerNap) :). I'm hoping to get it done in the next couple of weeks. After that I can help
<Daviey> groovy
<SpamapS> Daviey: I do actually think we should focus *most* of our effort on cobbler.
<SpamapS> Daviey: for some reason I thought it was being rejected because it was built poorly or something.
<SpamapS> But.. shoot.. whip it into Debian/Ubuntu shape.. and whats not to love?
<Daviey> SpamapS: The main concern we had was the weight, and Deb'/Ubuntu support... and enrichment.
<RoAkSoAx> SpamapS: cobbler has been something it's been wanted in Ubuntu for quite a long time
<SpamapS> Daviey: yeah.. I don't care about the weight.. Deb/Ubuntu support should be doable in a series of bug fixes.. and I think what I see is that it doesn't need enrichment to achieve our goals for deploying UEC
<Daviey> SpamapS: Aye.. i don't have a weighted opinion either way... :)
<kirkland> SpamapS: Daviey: you guys duke it out and let me know what you decide
<Daviey> both /will/ work.
<SpamapS> I just see it as the standard currently for provisioning
<Daviey> kirkland: Fancy throwing your package of cobbler into a ~ubuntu-virt bzr branch ?
<SpamapS> we're going to have to make it work anyway
<kirkland> Daviey: sure
<kirkland> Daviey: one sec
<Daviey> groovy
<SpamapS> Yeah I think I'll take a look
<jdstrand> Daviey: thanks, I should have an upload sometime today
<Daviey> jdstrand: it's not a urgent for me, so don't prioritise it if you have other things.
<kirkland> Daviey: SpamapS: pushing to lp:~ubuntu-virt/cobbler/ubuntu
<Daviey> jdstrand: but rocking, thanks
<Daviey> kirkland: great
<kirkland> Daviey: SpamapS: we could talk to LP about getting cobbler's get autoimported to lp:cobbler
<kirkland> Daviey: as I started from a bzr import of the git tree
<kirkland> Daviey: done.
<Daviey> \o/
<kirkland> Daviey: i've been tracking patches in debian/patches
<SpamapS> bzr: ERROR: Invalid url supplied to transport: "lp:~ubuntu-virt/cobbler/ubuntu": No such project: cobbler
<kirkland> Daviey: nothing big there yet, but at some point, i'd assume we'd have a handful that we'll want to send upstream
<kirkland> SpamapS: Daviey: whoops ...  lp:~ubuntu-virt/+junk/cobbler
<Daviey> kirkland: I have a couple of patches
<SpamapS> Its really hard for me to objectively test.. as the only other machine on my network is my wife's dell mini10.. :P
<Daviey> SpamapS: kvm baby!
<SpamapS> unless.. I could try to use it to install powerpc on my G5
<Daviey> eeek... you are brave
<SpamapS> Daviey: the networking on kvm scares me
<Daviey> SpamapS: fair comment :)...  virtualbox :)
<kirkland> cjwatson: so i have a preseed with "d-i partman-lvm/confirm boolean true"
<kirkland> cjwatson: but I'm being held at that question anyway
<kirkland> cjwatson: any hints?
<kirkland> cjwatson: full preseed at http://pastebin.com/ME2CDpnx
<SpamapS> liboobs ... one of the greatest bazingas ever
<jdstrand> Daviey: well, it is fairly urgent as you can't use dhcpd at all atm :)
<Daviey> jdstrand: true! :)
<Daviey> kirkland: Interesting... just checked my preseed and that worked fine for me yesterday when i deployed natty :/
<kirkland> Daviey: can you pastebin all or some of your preseed, then?
<kirkland> Daviey: or tell me where mine differs?
<i0nic> would you guys say its best practice to generate a gpg keypair on your "master server" and any nodes sending files to this server use its pub key to encrypt?
<Daviey> kirkland: generated by uec-pro' http://pb.daviey.com/2sKc/raw/
<kirkland> Daviey: weird ... nothing related in the diff
<SpamapS> kirkland: impressive build-depends. :-P
<Daviey> kirkland: Although... i did notice that my hosts in /etc/apt/sources.list were not the values i preseeded... so something could be skewed
<kirkland> Daviey: one thing that's strange ... this machine's hard disk was detected as sdb (when it should probably be sda)
<Daviey> (same preseed used on maverick DID give the correct hosts)
<kirkland> Daviey: yeah, i have 3 microscopic fixes to uec-provisioning so far
<kirkland> Daviey: i'm trying to get it back to the point where it "just works" out of the box
<Daviey> kirkland: the itch i have is multi release support :)...  fancy tackling that? :)
<Daviey> kirkland / SpamapS: Also, http://pb.daviey.com/qELJ/raw/ \o/
<kirkland> Daviey: sure, if we go with uec-pro as our backend;  though i'm not going to invest any time in new feature dev if we agree upon some other technology though
<kirkland> Daviey: under active development?
<Daviey> kirkland: "lp:cobbler"
<kirkland> Daviey: ah
<kirkland> Daviey: cool
<kirkland> Daviey: okay, my lvm-confirm issue is worked around by preseeding non-lvm disk partitioning :-P
<kirkland> Daviey: i'll wait to hear back from cjwatson on that one
<Daviey> yeah.. interesting :/
<Daviey> kirkland: on your dell laptop?
<kirkland> Daviey: yup
<bobboau> I've suddenly lost my ability to use SSH into my server I'm not sure when it happened because I usually don't need to get into it, but when I enter my password it just hangs, everything else seems to be working fine
<smt-mobil> since last apt-get upgrade on hardy server php isnt rendered anymore, any ideas?
<dravekx> Anyone know how to enable tracking with phpmyadmin on 10.04LTS? I've done everything it says and it still fails.
<jiboumans> i have the following line in my /etc/apt/sources.list: deb http://us-east-1.ec2.archive.ubuntu.com/ubuntu/ lucid restricted multiverse
<jiboumans> this works just fine. another machine has it in sources.list.d/us-east-1-ec2.archive.ubuntu.com and it appears to be ignored
<jiboumans> what am i missing?
<jiboumans> .. and strace provides the answer; file must end in .list
<SpamapS> jiboumans: how did we ever live without strace?
<jiboumans> SpamapS: i dont know, but ever since i have to deal with Erlang and java, it's been my best friend
<jiboumans> 'i cant read it or dont have the source..w tf is it doing???'
<SpamapS> I don't know if they have it now, but it used to be the most annoying thing about admining *bsd
<jiboumans> dtrace > strace though
<jiboumans> but you can't have it all
<SpamapS> strace named ... wtf.. cmd not found?!
<SpamapS> dtrace is freebsd only isn't it?
<zul> you have run strace as root now dont you?
<SpamapS> zul: you don't have to , but you haev to run strace -p as root (or change a sysctl)
<neopsyche> hi all.. quick question .. regarding squid.
<neopsyche> question.. I noticed youtube recently made some changes to the way their videos are streamed.. making it difficult for 3rd party sites and programs to 'grab' their videos.. im just wondering if this effect's squids ability to cache youtube videos also.. for ISP's ?
<fluvvell> dravekx, what do you mean tracking?
<neopsyche> ?
<psyferre_> hey folks.  I'm running ubuntu karmic with lvm and I'm trying to extend my root partition.  I've added unallocated space in vmware esxi, created a physical volume in the free space, added it to the volume group, and extended the logical volume to take up the free extents.  What I can't seem to figure out is how to get ubuntu to realize the volume is larger.  I'd like to use ext2online, but it appears to not be in the u
<psyferre_> sorry about the wall of text =-/
<h3sp4wn> resize2fs works
<psyferre_> so boot from a desktop edition live cd and run that on the unmounted drive?
<h3sp4wn> Anything will work (I would probably use grml dunno if there is a good ubuntu equivalent)
<h3sp4wn> I take it you made a snapshot first ? (or a decent backup) if its important
<psyferre_> not terribly important, but yes
<steveng> ok i dont know if i should ask this here or not....I'm running ubuntu server 10.10 in a virtualbox vm....all of a sudden when I type ifconfig....my eth0 is not there...any ideas?
<h3sp4wn> why not - ifconfig -a
<Danawar2> Heyaa guys I have a server with apache2 and ftp I want to allow users to upload their websites by ftp and be able to view them via http is there an easy way I can do this?
<h3sp4wn> steveng: Sometimes if you don't use -a then interfaces that are down won't be seen (No easy way for me to test it right this second though)
<steveng> ok adding -a I see an eth2....?
<steveng> no ip address though
<steveng> is there a reason it would get changed from eth0 to eth2?
<gholms> smoser: ping
<psyferre_> h3sp4wn: thanks!  I appreciate it! :)
<h3sp4wn> steveng: Did you change the interface ? (I think udev makes them unique)
<h3sp4wn> steveng: also check the contents of /etc/iftab
<h3sp4wn> (Might not exist)
<h3sp4wn> steveng: Should be able to dhclient eth2
<steveng> i did...in virtualbox....but I changed it back
<h3sp4wn> (Thats if its in the default config)
<h3sp4wn> steveng: Have a look in /etc/udev/rules.d
<steveng> ok if I dhclient eth2 then I get an ip...but I want that set to static....I changed my settings in /etc/network/interfaces
<dravekx> file permissions: If i have 'root' as the owner, and 'bar' as the group, and I make 'steve' part of bar, why cant i access the files with steve? :( Does steve need to be the owner?
<h3sp4wn> group permissions
<dravekx> oh right.
<h3sp4wn> steveng: You cannot just do that with virtualbox
<h3sp4wn> You need another interface type but I dunno what
<dravekx> so 775 not 755.
<h3sp4wn> yep or you can use acl's if you want
<h3sp4wn> steveng: There is annoyances with the other 2 as well (like have to configure routing on the host) or bridged has some other quirks as well
<steveng> eh
<steveng> ill visit the vbox room to get them to help me with that
<steveng> I got the eth2 up and back on static
<steveng> I can access locall now
<h3sp4wn> Is there a way to use a more minimal jeos (replace some stuff in ubuntu-minimal / standard with more minimal alternatives - its annoying it specifies certain packages not virtualks
<patdk-lap> heh, I just have a large script I run, that does a more minimal system after I install the normal system
<patdk-lap> apt-get purge ......
<patdk-lap> mainly like ppp, pppoe, dhcp3-client, ...
<FunnyLookinHat> Anyone here know how I could setup a cron job to be run by the apache2 user?
<remix_tj> FunnyLookinHat: yeah, by setting it on /etc/cron.d/something
<remix_tj> specifying just after the time and just before the command www-data
<i0nic> my server just rebooted randomly, what can i check to see why?
<FunnyLookinHat> remix_tj: cool thanks
<remix_tj> i0nic: sure, take a look to the /var/log/syslog
<FunnyLookinHat> remix_tj: if I am editing cron like this - sudo crontab -e ... that means I'm editing root's cron, right?
<remix_tj> yeah FunnyLookinHat
<FunnyLookinHat> kk
<FunnyLookinHat> Wait - remix_tj  - couldn't I just sudo -u www-data crontab -e ?
<remix_tj> FunnyLookinHat: is not a pretty way but you can,  i think
<FunnyLookinHat> *crosses fingers as date approaches the next minute*
<l3dx> I accidently delted /etc/apache2, how can I "reinstall" apache to get the default folder?
<hallyn_> l3dx: you can apt-get purge apache2; apt-get install;  or you can grab the source (apt-get source apache2) and manually fetch them
<l3dx> hallyn_: I tried
<l3dx> but now I see that it's coming from apache2.2-common :)
<l3dx> guess that will work better
<hallyn_> oops
<hallyn_> that trips me up quite often
<ruben23> hi guys any thought how to create a file server on an ubuntu server on a hosted server-and teh client accessing it is using windwos..? any idea..?
<DevoKun> ruben23: you need to install and configure Samba. You may want to check out TurnKey Linux, based on Ubuntu: http://www.turnkeylinux.org/fileserver
<h3sp4wn> ruben23: You mean the hosted server is not on the same network right ?
<ruben23> its on the vast internet not local conenction.
<h3sp4wn> Openvpn and samba would work quite well
<h3sp4wn> (openvpn has a windows client)
<h3sp4wn> or openvpn and nfs would be ok if you use the windows built in nfs client (or SUA)
<jhansonxi> ruben23: You should not access Samba directly over the Internet - use either SSH or a VPN.
<ruben23>  jhansonxi: the problem is defining one person who can crate folder and give permision for others to access it. im planning SFTP and mapped it directory to windows
<h3sp4wn> ruben23: You need to learn how to use ACL's
<DevoKun> ruben23: I've had success routing SMB connections over stunnel to Windows clients before.
<ruben23> guys its a bit hard.huhuhuhuh
<ruben23> :'(
<DevoKun> It will take a while to put together.
<DevoKun> What specifically are you having problems with?
<bmxer> hi. I'm on a AWS server running ubuntu and i've added the universe sources to sources.list but when i run update it doesn not retrieve list...it might be a network restriction?
<jiboumans> bmxer: universe should be enabled by default. what AMI are you using?
<bmxer> jiboumans, i've just added a prefix domain US and it worked deb http://us.archive.ubuntu.com/ubuntu/ lucid universe
<jiboumans> there's an ubuntu mirror inside ec2 - faster and lower cost. but again, those should all be enabled by default
<bmxer> jiboumans, now i see...just had to change the prefix to aws mirror. thx!
<ruben23> DevoKun: my company weants me to setup a file server on a hosted ubuntu server then, some how creat direcftrey folders with access permissions fo user or define a single person who can do all and create folders and set permision on it. thats all and be mappend on each remote cleint windows users
<twb> FWIW, I use "deb mirror://mirrors.ubuntu.com/mirrors.txt lucid main universe"
<twb> Where mirrors.txt returns geoip-specific mirror list, and apt uses one (unfortunately, always the first).
#ubuntu-server 2010-12-10
<bmxer> i'm trying to setup a jetty server. i've set NO_START=0, but server does not start . Do i forget anything else?
<DevoKun> ruben23: You could use a FUSE equivalent on windows like Dokan: http://dokan-dev.net/en/. But I think h3sp4wn is correct and you will be served well by Samba with OpenVPN or stunnel.
<dravekx> crap. permission problems! :(
<h3sp4wn> ruben23: You could try Alfresco or ifolder (They are pretty heavy on resources though)
<buuo> Anyone running a priv or public cloud?
<twb> !anyone > buuo
<ubottu> buuo, please see my private message
<njbair> I tried changing my dns in /etc/resolv.conf and it was overwritten. How can I change it permanently?
<buuo> well sorry...
<twb> njbair: lots of stuff writes resolv.conf -- particularly pppd and dhclient by default.
<twb> njbair: either tell them not to, or use a wrapper (the resolvconf package?) to instrument it.
<njbair> twb, so I probably have to edit config for dhclient
<twb> Last time I had to do that, it was a pain in the arse to do so
<twb> I advise resolvconf instead
<njbair> Thanks. I'll take a look.
<buuo> i like to know if the ubuntu priv cloud cost anything to use as i meantion i am cloud noob what i am trying to do is setup a cluster/cloud for web hosting but i also would like to run MPI tools
<patdk-lap> ya, it costs you hours of your life spend downloading the iso :)
<patdk-lap> after that, just well, time playing with it
<buuo> patdk-lap i got 200mbit i can dedicat to download the iso from a close ftp so thats not the problem do u mind if i pm u i am in lots of channels and its hard to keep track on all chat
<patdk-lap> heh?
<buuo> bitchx
<twb> buuo: you have a 200mbps line?  Nice.
<h3sp4wn> njbair: You can use as a quick hack - chattr +i
<h3sp4wn> chattr +i /etc/resolv.conf
<njbair> well I was hoping for something permanent.
<h3sp4wn> It is
<twb> h3sp4wn: cool
<njbair> I am able to add them in the appropriate stanza in /etc/network/interfaces, but it puts the DHCP ones first
<h3sp4wn> (better to do it properly but immutable is immutable)
<njbair> h3sp4wn, until my lease expires and the internet breaks
<h3sp4wn> ? why would it break it would fail gracefully
<njbair> h3sp4wn, if my ISP issues a new IP and resolv.conf is immutable, I can't connect.
<h3sp4wn> ? No you can maybe you get a warning that it cannot be edited but dhclient still works
<h3sp4wn> or use prepend domain-name-servers in dhclient.conf
<patdk-lap> njbair, don't use your isp's dns server?
<h3sp4wn> Or get a static ip
<patdk-lap> I just normally edit dhclient to not push out dns servers at all to resolv.conf
<patdk-lap> just comment it out
<njbair> patdk-lap, Earthlink defaults to these annoying nameservers that pull up a yahoo search if the domain name doesn't resolve. I am replacing them with Earthlink's "opt out" nameservers
 * Psi-Jack looks in.
<Psi-Jack> Hmm, I'm trying to see how this is a "server." :p
<patdk-lap> servers use dhcp3-server :)
<Psi-Jack> Yeah. not dhclient. :p
<njbair> Psi-Jack, I'm running ubuntu server on my home gateway
<h3sp4wn> Or use pump
<h3sp4wn> nodns \n noresolvconf
<patdk-lap> psi-jack, a cluster of dynamic load pacemaker machines?
<patdk-lap> pacemaker installs and configures new machine and it joins the pool via dhcp? :)
<Psi-Jack> Yeah, that's my servers. Two servers with conntrackd, shorewall firewall, pacemaker management, so if one goes down the other switches to primary role without any connectivity loss.
<Psi-Jack> Except for that DHCP garbage. :p
<patdk-lap> no no
<patdk-lap> I mean, say you are running 2 webservers
<patdk-lap> but pacemaker detects it can't handle the load
<patdk-lap> so it build and starts 6 more :)
<Psi-Jack> LOL
<patdk-lap> it can do that
<Psi-Jack> Oh, it "builds" 6 more, eh?
<patdk-lap> yep
<patdk-lap> if your using uec or someting
<patdk-lap> dynamic load scaling
<patdk-lap> don't you want to be like amazon too? :)
<Psi-Jack> heh
<patdk-lap> that is going be my next project
<patdk-lap> building that kind of stuff into my esx cluster
<Psi-Jack> So pacemaker is the current skynet, is it? ;)
<h3sp4wn> Alot of sites are inefficient, just waste money for no reason
<patdk-lap> na
<patdk-lap> it only reacts
<patdk-lap> it doesn't predict, yet :)
<Psi-Jack> lol
<patdk-lap> nothing like turning your servers off on low load
<patdk-lap> if only I could find a way to turn off the drive arrays too
<Psi-Jack> heh
<Psi-Jack> Heck, I'm still trying to get Virtualmin stuff to cluster right, but so far I'm verrrry close.
<Psi-Jack> The idea of using lvs-dr is actually helping because then I can configure virtualmin to use the VIP that both will have without arping it, so the apache configurations match out right.
<twb> Can one have CNAMEs such that (say) ldap.example.net resolves two hosts, lulu and lala?
<Psi-Jack> twb: You can do that with A records.
<Psi-Jack> And CNAMES too.
<twb> Cool, I wasn't sure if doing it with CNAMEs was valid
<patdk-lap> not with cnames
<patdk-lap> cnames have to be a 1 to 1 match
<twb> That's what I thought
<patdk-lap> and only a cname is valid to exist, you can't have a cname and a A or osmething
<twb> SRV records seem like a nicer way to advertise the existence of services, but of course that requires the client to believe in them
<patdk-lap> ya, I love srv when they work
<twb> Or where I can listen to SMTP on both my internet links, and just have two MXs
<twb> But for web browsing if I just had two A records for www, and one link went down, the clients would pick the down one half the time :-/
<patdk-lap> hehe :)
<patdk-lap> this is why you go the better route
<patdk-lap> instead of mirroring the site over ip's
<twb> patdk-lap: get an AS and talk BGP?
<patdk-lap> mirror it over bgp :)
<patdk-lap> yep
<twb> Too much effort for the company website of a ten-man company
<patdk-lap> scary, I'm doing it for a 3 person company now
<patdk-lap> well, maybe 3.5 people
<Psi-Jack> Scarey, I'm doing a 1-man company. ;)
<Psi-Jack> Well, will be anyway. heh
<twb> Maybe it's easier in the us or something
<patdk-lap> easier?
<Psi-Jack> My whole 11-server setup at home's being setup to provide highly-available, highly scalable web hosting solutions. ;)
<twb> In .au internet connectivity is pretty retarded
<patdk-lap> oh heh
<patdk-lap> I just love reading about the latest inventions against the internet coming out of the au and uk
<patdk-lap> not that we aren't closely following now
<twb> patdk-lap: and at the same time they say they're gonna roll out FTTH to like 85% of the population
<twb> Not that it will help, because everything is hosted offshore and we'll still be limited by the bandwidth and latency of the undersea and satellite links.
<Psi-Jack> Heh, I just wish I could get virtualmin to work with DNS in dual-view operations. *chuckles*
<twb> Bleh, webmin can FOAD
<Psi-Jack> twb: I have yet to see anything better that's worth a crap.
<twb> That's a comparatively minor issue :P
<Psi-Jack> Heck, with the right setup and customization, you can even use mpm-itk for virtual hosting with it.
<Psi-Jack> Which is a crapload better than fastcgi+suexec
<sacul> any nfs gurus in here want can help me out?  I can download files from the internet faster than I can write them to my local server an that just doesn't seem right
<Psi-Jack> sacul: Guru's do not call themselves gurus, nor admit to being one ever,
<patdk-lap> guru's are jerks
 * patdk-lap points at his jerky self
<sacul> geeks?
<patdk-lap> I get 180MB/s over nfs here, on dual gigabit
<patdk-lap> that is almost maxing out the network
<sacul> patdk-lap: I'm not nearly that fancy.. but over n-wireless I should see better than I am
<patdk-lap> heh?
<Psi-Jack> Wireless?
<patdk-lap> what kind of n?
<Psi-Jack> Are you f'ing kidding me?
<qman__> there's your problem
<patdk-lap> 150? 300? 450? 600?
<qman__> plug a cord in
<patdk-lap> with 150, your looking at a max of 7MB/s
<qman__> wireless is a joke
<sacul> it shouldn't lock at 250MB for 15 minutes.. then resume and do 100MB at a time and repeat... even on wireless
<patdk-lap> sure it should
<patdk-lap> it's called buffering
<qman__> that's exactly the type of problem wireless would cause
<qman__> have you had a look at your link with wireshark?
<qman__> high error rates and retransmissions are what to look for
<sacul> negative
<sacul> installing now though
<qman__> even if you get good signal bars, you can still have bad interference, bad radios, etc
<sacul> SAMBA doesn't lock on me like that though.. is just unbarably slow throughout
<qman__> that's just the difference in the nature of the protocols
<sacul> not to mention my internet downloads cruise along at 2-3MB/sec
<Psi-Jack> patdk-lap: Hey, I got an interesting one for ya, involving shorewall and an LVS director. ;)
<qman__> NFS is designed to be used as a remote filesystem, while samba is more like FTP in purpose
<qman__> file transfers are about the worst thing you can use wireless for
<sacul> so am I going about this wrong if all I want is an efficient way to get this 2gig .avi file from my laptop to my HTPC?
<sacul> both running maverick?
<twb> qman__: time-sensitive data would be worse
<qman__> yes
<Psi-Jack> patdk-lap: Without proxyarping, I'm trying to setup my firewalls to DNAT local LAN traffic to a specific public IP:PORT to my LVS director for my load balanced webservers.
<qman__> a flash drive would be better than wireless
<qman__> I know it's a lot of work, but just plug it in
<qman__> the result will be much, much better
<sacul> qman__: shouldn't need that... X(
<twb> Using nc instead of scp/nfs/cifs would also increase payload throughput
<qman__> wireless is only good for one thing--internet in a jam
<qman__> everything else, it's absolute garbage
<sacul> only on jack behind the tv and its for my XBox XP
<qman__> already got a jack there, just get a switch
<qman__> you can get a 10/100 switch for like $20
<qman__> cheaper than a wireless card
<qman__> and faster, and more reliable
<sacul> mayhaps after christmas D:
<patdk-lap> Psi-Jack, that is easy
<sacul> wifey will love it
<qman__> I know wireless n can theoretically connect at speeds six times higher
<qman__> but throughput never is
<Psi-Jack> patdk-lap: I setup a rule for HTTP(DNAT) lan lan:172.17.100.0 - - - externalIP
<patdk-lap> Psi-Jack, but it's not called dnat then, it's snat :)
<Psi-Jack> Oh?
<patdk-lap> you are hiding the source ip, the lan right? where it's coming from?
<Psi-Jack> patdk-lap: Heh, the 172.17.100.0/1/2
<Psi-Jack> 0 being the lb IP, 1 and 2 being the realservers.
<patdk-lap> I dunno your network, so
<patdk-lap> heh?
<twb> pastebin iptables-save -t nat, rather than trying to translate it into feeble english words
<Psi-Jack> patdk-lap: Basically I want any LAN originating connection hitting externalIP:80 to be forwarded to the LVS director and routed back successfully to the requester.
<patdk-lap> yes, but you are throwing terms around
<Psi-Jack> patdk-lap: I'm in a 172.17.0.0/16 network, and 172.17.100.0 is the LVS director IP.
<patdk-lap> like,I dunno what lan is
<patdk-lap> :)
<Psi-Jack> lan is 172.17.0.0/16
<patdk-lap> heh?
<Psi-Jack> I have two zones. lan and net.
<twb> In apt-cache show, there is a field "Supported: 5y".
<twb> Where does it come from?
<twb> Never mind, it's actually defined in Packages
<digital_chaos> whats that off topic channel i can not find it
<qman__> !ot
<ubottu> #ubuntu is the Ubuntu support channel, for all Ubuntu-related support questions. Please use #ubuntu-offtopic for other topics (though our !guidelines apply there too). Thanks!
<qman__> digital_chaos, ^
<digital_chaos> ^
<digital_chaos> carrots
<digital_chaos> not a good topic
<digital_chaos> i see it
<twb> digital_chaos: caret â  carrot
<sacul> i can't claim i understand why.. but I plugged the htpc into the wall and all problems are solved.. qman__ you're the man...  still locked up but the sending laptop is still wireless though so I'm blaming it at the moment... and it didn't slow until 1.7GB of 2GB were xfered.. much better
<qman__> yeah, you'll probably have to remount your NFS
<sacul> qman__: i thing nautilus may have done that for me because it took about a minute to open it up at first...
<sacul> s/thing/think
<qman__> ah
<twb> This works: grep-aptavail -ns Package,Supported -F Provides x-display-manager | fmt | tr -s '\n'
<twb> But this doesn't: grep-status -ns Package -F Supported 5y
<twb> How can I generate a list of all packages that are installed and do not receive five years of support?
<fluvvell> twb, best to start with a list from the bare bones server?
<patdk-lap> twb, odd, my apt-cache show, doesn't have any supported line for any packages
<patdk-lap> ah, it does for lucid, but not hardy
<twb> fluvvell: the information is encoded in the apt database
<twb> But it's not copied to the dpkg database
<fluvvell> twb, thats quite interesting.  The general impression I had was that if it was included in ubuntu-server, it would be covered for 5 years.
<fluvvell> I love hanging out here, there is always so much to learn
<twb> fluvvell: basically, no
<twb> Ultimately I want to write a vrms-like cron job that will remind me when *individual installed packages* are EOLd by Canonical
<twb> Because while LTS is supported for five years, if you have e.g. gdm installed on your LTS server, that is EOLed after three years.
<ilovegrolsc> my vps hosting provider won't reply to my support ticket about broken iptables
<ilovegrolsc> been a week
<ilovegrolsc> keep sending emails
<ilovegrolsc> could they be ignoring me?
<fluvvell> twb, and the 5 years status cat be shown up by querying -eg apt-cache search ? I'd note that gdm is not part of the server install, - not stating I know what I'm talking about - just observation.
<fluvvell> no, not search
<fluvvell> hmm, not showpkg either
<Pici> fluvvell: If you're interested in writing a script to do it, the python-debian package/module can parse the feilds of Packages files.  I don't know if theres a way to do it with apt-cache itself.
<twb> fluvvell: that depends how you define "the" server install.
<fluvvell> Pici, I'm dreaming to think I'd even have the time :)  I was interested to find out that the EOL info was available, I never know that.
<twb> I suspect the rough-and-ready definition as it related to EOL windows is "the packages in the pool of the server install CD"
<twb> ...even though *I* don't use CDs :-/
<fluvvell> twb, quite. There are a number of choices that mean a 10.04 server could look different
<fluvvell> twb, that was my line of thinking yes.
<tonyyarusso> twb: Shouldn't be too hard, since that info is already in the package descriptions.
<twb> tonyyarusso: 14:17 <twb> But it's not copied to the dpkg database
<tonyyarusso> twb: Presumably you'd have to do a dpkg -l to get a list, ad then for each item do like apt-cache show gdm | grep Supported | head -1 | sed 's/Supported:\ \([0-9]\)y/\1/'
<tonyyarusso> Bonus:  Doesn't require non-standard packages like dctrl-tools.
<twb> tonyyarusso: yes, except using dctrl-tool instead of NIHing it
<tonyyarusso> twb: Well, you already learned that doesn't work, so *neenerneener* :)
<twb> tonyyarusso: you'd also need to narrow it to match the correct version
<tonyyarusso> true
<twb> e.g. if you're running postfix from maverick on a lucid host, it's not correct to report that it has 5y support.
<tonyyarusso> well, wait, would you?
<tonyyarusso> ...
<tonyyarusso> If you're running postfix from maverick on a lucid host you're ALREADY NOT SUPPORTED, making this a moot point.
<twb> Or to put it differently, it should warn you that the version YOU HAVE is EOLd
<tonyyarusso> For that all you need to do is grep the sources for anything non-lucid, and if results are non-zero tell you you're screwed :P
<twb> *EOLd or unsupported
<twb> tonyyarusso: it shouldn't just say "you're screwed"
<twb> http://paste.debian.net/102021/
<twb> I want a report like that, except s/non-free/EOLd or unsupported/
<twb> Then you put it in cron.monthly
<twb> grep-status -ns Package,Version -P . | while read package && read version && read _; do grep-aptavail -s Package,Supported -XP $package -and -XF Version $version -and -F Supported --lt 5y ; done
<twb> ...except that of course if the package is installed out-of-band, it won't be in the apt Packages list at all
<twb> I guess you could || the grep-aptavail, since it returns non-zero if there are no matches
<twb> You can't use --lt, though, because "dpkg --compare-versions 6mo lt 5y" is false.
<twb> Pity Canonical didn't use an ISO 8601 period profile
<twb> Even better would've been just putting the RFC 3339 or epoch time at which the package will be EOLd.
<MeltingK33board> I have a question
<MeltingK33board> where is the poppler package
<MeltingK33board> i see the source on launchpad
<MeltingK33board> but not the package
<MeltingK33board> I am trying to use pdf2xml
<MeltingK33board> and it says...
<MeltingK33board> just a sec
<MeltingK33board> No package 'poppler' found
<tonyyarusso> twb: Hacky, but behaves as I expected: http://paste.debian.net/102022/
<MeltingK33board> sudo apt-get install poppler
<MeltingK33board> [sudo] password for isaac:
<MeltingK33board> Reading package lists... Done
<MeltingK33board> Building dependency tree
<MeltingK33board> Reading state information... Done
<MeltingK33board> E: Couldn't find package poppler
<tonyyarusso> twb: But yes, putting useful data in the dpkg database would certainly be nicer in the long run.
<MeltingK33board> so "poppler" isn't in the repos... is there another package name?
 * tonyyarusso proceeds to be amazed how much stuff he has installed from universe
<tonyyarusso> MeltingK33board: what is it again?
<MeltingK33board> poppler
<tonyyarusso> What's it *do*
<MeltingK33board> i am trying to install pdf2xml
<MeltingK33board> and it requires poppler, which is a pdf library
<tonyyarusso> I'm guessing libpoppler5
<MeltingK33board> i found it... libpoppler-dev
<tonyyarusso> err, it requires a -dev package?
<MeltingK33board> that is the first package name i found that was actually in the repos
<MeltingK33board> it would be nice if it wasn't dev
<MeltingK33board> but libpoppler doesn't work
<MeltingK33board> i am still looking
<tonyyarusso> MeltingK33board: Did you try libpoppler5?
<MeltingK33board> ok your libpoppler5 works... now let me try to build the pdf2xml
<twb> tonyyarusso: Supported can contain "6mo" as well, I think
<twb> tonyyarusso: I can't remember where I saw it though
<MeltingK33board> ahh
<MeltingK33board> ok
<tonyyarusso> twb: Yeah, I hadn't begun to address the non-LTS cases.
<twb> tonyyarusso: packages can also have no Supported field at all (e.g. all of universe).  Your script seems to only be looking at gdm.
<tonyyarusso> twb: also, 6mo, or 18mo?  Why would anything be 6mo?
<tonyyarusso> bah, that line still
<twb> tonyyarusso: I think I saw it for something like kubuntu desktop packages
<tonyyarusso> twb: Just delete the gdm part - it's right around that.
<tonyyarusso> twb: My script handles unsupported (universe) packages.
<tonyyarusso> See the grep count line.
<twb> Oh, yeah.
<twb> You could just use grep -q
<tonyyarusso> -q?  Never used that.
<twb> It's a GNUism
<tonyyarusso> ah
<MeltingK33board> ok libpoppler5 didn't work
<twb> So it -c, I think
<tonyyarusso> err, man page says -q is "quiet", ie no output.  Looking at exit code or something I take it?
<twb> Right.
<tonyyarusso> gotcha
<tonyyarusso> meh, this way is marginally more readable.  Maybe.
<twb> stream | if grep -q pattern ; then echo found; else echo not found; fi
<twb> tonyyarusso: you also ignore partially-installed packages :-)
<tonyyarusso> twb: Nobody said it was done ;)
<tonyyarusso> Proof of concept man, c'mo!
<tonyyarusso> err, c'mon
<twb> Granted
 * tonyyarusso puts that away for tonight, but may well actually use it on a server or two
<twb> dpkg --get-selections would work for you, since you're ignoring the version
<twb> dpkg-query -W -f '${Package} ${Version}\n'
<ScottK> twb: There's nothing that's just supported for 6 months.
<twb> ScottK: was there, once?
<twb> If not maybe I just misremember
<ScottK> Not since at least Dapper (when I arrived)
<ScottK> You may be misremembering that Hardy was LTS for Ubuntu, but not for Kubuntu (regular 18 months though)
<twb> So it would've said "18mo" in the support field (if there was one)?
<twb> http://paste.debian.net/102023/ <-- my latest effort
<ScottK> twb: Yes.
<twb> OK.  The important datum being that my script must anticipate "mo" as well as "y" in fields.
<Psi-Jack> Anyone here do proxy arping? I'm trying to figure out how to determine /if/ a proxy arp is active or not for a pacemaker ra, and best I got so far is to check /proc/net/arp, but just looking at that I can't determine for absolute certainty that it's a proxyarp.
<Psi-Jack> arp -an doesn't always show it until the second attempt, which makes things even more annoying. heh
<twb> Oh wow, that's a class A cock-up
<twb> lsb_release -r >&-
<twb> What are all possible values for the Supported field?
<twb> 5y, 3y, 18mo, and not present -- anything else?
<twb> tonyyarusso: http://paste.debian.net/102024/
<twb> You'll need to remove release_date=2008-04-01         # testing
<twb> If you can get it to match on $version without using grep-dctrl, I'm willing to consider it
<ruben23> hi guys.
<uvirtbot> New bug: #688464 in krb5 (main) "Wrong default path for kpropd.acl in kpropd man page" [Undecided,New] https://launchpad.net/bugs/688464
<uvirtbot> New bug: #688469 in samba (main) "windows machines cannot open session when disconnected" [Undecided,New] https://launchpad.net/bugs/688469
<cnus8n> Hi, I have an i7 980x (hexacore) installed with ubuntu 10.04, with the 2.6.28-15-server #52-Ubuntu SMP  kernel. When I check my /proc/cpuinfo, I can see only 8 CPUs. Was expecting to see 12. Anybody got any clue about it?
<twb> cnus8n: sounds you were misinformed
<cnus8n> twb, meaning?
<twb> Hmm, Wikipedia corroborates you.
<cnus8n> twb, misinformed about what?
<twb> About how many cores it had
<twb> cnus8n: pastebin /proc/cpuinfo
<cnus8n> twb, http://pastebin.com/TgvbDa6g
<cnus8n> also check out http://ark.intel.com/Product.aspx?id=47932
<cnus8n> it is 6 cores, 12 threads
<twb> Yeah, I can't explain that
<twb> I assume you're running an amd64 kernel?
<cnus8n> does the stock kernel with Ubuntu have some restrictions on the number of CPUs ?
<twb> Not that I know of, but 8-way is the most I've ever had
<cnus8n> is there a way to increase that number? or some repository having kernel which supports?
<twb> Given an SSL key or certificate in PEM format, how does on decode it (e.g. to extract the cn)?
<twb> cnus8n: I mean: 8-way is the most I've ever had PHYSICALLYU
<twb> Hm, this works for the cert: openssl x509 -in foo.pem -text -noout
<twb> !do-release-upgrade
<twb> Grmph
<twb> Grr!  do-release-UPGRADE decided to install grub-pc.
<twb> "The following Linux command line was extracted from /etc/default/grub or the `kopt' parameter in GRUB Legacy's menu.lst."
<twb> ...no, no it wasn't.  grub wasn't installed -- this is an LXC container, you silly grub
<Jeeves_> kees: You are one of the Ubuntu security gurus, right?
<twb> Jeeves_: he is.
<twb> Jeeves_: try -hardened
<Jeeves_> Exim is suffering a remote-root-exploit
<patdk-lap> evil
<Jeeves_> http://www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
<twb> FWIW, default-mta is postfix on Ubuntu
<twb> I heard it also only affects exim4's that don't chuid, and Debian's exim4 does by default
<Jeeves_> Doesn't any mailer that does local delivery chuid?
<Jeeves_> uh, that's not very clear
<Jeeves_> let's lunch first
<twb> I'm just relaying what a LUG denizen told me
<twb> Oh crazy, do-release-upgrade runs itself in a :zombie'd screen in maverick
<twb> Interesting error after maverick->natty: http://paste.debian.net/102037/
<patdk-lap> hehe :)
<patdk-lap> I don't have that error, but I haven't upgraded my natty python yet
<twb> (I just created a 10.04 container and tried to lucid->maverick, maverick->natty using d-r-u)
<twb> Just to see what would happen
<twb> procps failed in the former d-r-u because I had dpkg-divert'd its upstart job, but the postinst ASSUMED 'restart procps' would succeed
<twb> Is it just me, or does "aptitude safe-upgrade" actually behave like "aptitude full-upgrade" on Ubuntu?
<twb> http://paste.debian.net/102038/
<twb> apt-get upgrade appears to be a safe-upgrade
<lucascastro> I have problem when install ubuntu server x86_64bits using raid level=0 on machine.
<twb> lucascastro: do you really want RAID0?  That makes your system LESS reliable.
<lucascastro> isn't raid0 is mirroring ?
<jpds> lucascastro: No, that's 1.
<lucascastro> yeah... raid level=1, I'm sorry.
<twb> lucascastro: continue.
<lucascastro> and so, when the system is going to boot the grub don't find the disks with them uuid's and gets in initframe.
<lucascastro> that on lucid.
<twb> lucascastro: does /proc/partitions refer to a /dev/mdNp1 ?
<lucascastro> I've install the grub, /dev/sda /dev/sdb
<twb> lucascastro: please answer the damn question
<twb> lucascastro: actually, never mind -- just read this: http://paste.debian.net/102040/
<uvirtbot> New bug: #688522 in eucalyptus (main) "[FTBFS] Eucalyptus doesn't build on maverick, with -security pocket enabled " [Undecided,New] https://launchpad.net/bugs/688522
<Jeeves_> twb: I don't understand your remark about chuid
<twb> Jeeves_: never mind, it was probably spurious
<Jeeves_> If i understand it correctly, all exim's are able to chuid, because they need to deliver email as ...
<twb> That is a convincing argument
<lucascastro> I put  "/boot" on a raid.
<lucascastro> I already made that much times and never had no problem,  does someone think it could be that the problem?
<twb> lucascastro: plonk.
<lucascastro> twb: what does it mean?
<twb> lucascastro: it means I'm ignoring you because you can't take orders.
<cocoa117> anyone here use scheduleworld.com sync their PIM data? Are they/he/she shutting down for good?
<lucascastro> that's a bug, https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/525425!
<uvirtbot> Launchpad bug 525425 in grub2 "lucid server/alternate, software raid 1 will not install correctly; unbootable after failed grub install (dup-of: 527401)" [High,Confirmed]
<uvirtbot> Launchpad bug 527401 in partman-base "grub-installer fails to install on a raid1 array" [High,Fix released]
<twb> cocoa117: that doesn't resolve.
<cocoa117> twb, u talking about DNS server doesn't give IP address right?
<cocoa117> twb, r u suggesting this is DNS provider issue not the issue for scheduleworld.com?
<twb> cocoa117: correct; there is no A record for that domain name.
<twb> Actually, based on the behaviour I'm seeing, it would seem the NS server(s) for that domain are offline, or blocking my domain queries.
<cocoa117> twb, i guess it's not just our domain, my home and work dns can't resolve it
<twb> cocoa117: on that basis, I wouldn't go with that vendor
<cocoa117> twb, enn, well already paid one year subscription fee, and was fine for 5 months till now, :(
<cocoa117> twb, by the way, what command did u use to get A record info? dig -t mx schedulworld.com
<twb> cocoa117: maybe you should call the vendor and ask WTF happened
<twb> cocoa117: getent hosts, and dig.
<lucascastro> twb: I didn't take that orders 'cause the computers was turned off.
<twb> cocoa117: obviously -t mx returns the MX, not the A.
<cocoa117> twb, got it, thanx
<uvirtbot> New bug: #688541 in mysql-5.1 (main) "race condition on shutdown (leads to corrupted fs)" [Undecided,New] https://launchpad.net/bugs/688541
<Danawar2> Heyaa ubuntu server how can i stop a user writing 1gb files to the tmp folder?
<twb> Danawar2: mount -t tmpfs none /tmp -o size=8m
<Danawar2> What does that do?
<twb> Makes /tmp an slice of pagable memory, capped at eight megabytes.
<Danawar2> okk
<Danawar2> ill rephrase is there any way i can limit the amount of data a user has on my server?
<twb> Yes, user quotas.
<Danawar2> okk thanks
<twb> install the quota package, mount the filesystems in question with -oquota, and reboot to trigger the initial quota state generation (which will take O(n) time - hours for a 1TB filesystem).
<twb> Finally, use edquota or so to assign a soft or hard limit to the user in question.
<uvirtbot> New bug: #688574 in openssh (main) "ssh-import-id should support writing to other files" [Undecided,New] https://launchpad.net/bugs/688574
<pmatulis> geez, when is vmbuilder going to support raw devices?
<jpds> pmatulis: [Freenode] [!] There is no such nick geez
<pmatulis> jpds: oh boy, you're on your game this friday
<twb> Obviously Jesus has too many nicks
<pmatulis> nicks and scratches?
<JFo> booo hiss :)
<zul> pmatulis: patches accepted ;)
<pmatulis> oh boy!
<pmatulis> doesn't he have some branches?  crown of thorns?
<consumerism> is there any way to add authorized ssh keys for root other than to put them in /root/.ssh/authorized_keys?
<consumerism> like an include of some arbitrary path?
<consumerism> or a global authorized_keys file?
<pmatulis> consumerism: edit root's config file i would say but why don't you like the default?
<consumerism> pmatulis: this is a cloud machine from a static image and rather than write a script to throw all the keys i need into that file i'd like to keep them elsewhere and just include or link them somehow
<pmatulis> consumerism: i don't understand.  read AuthorizedKeysFile in sshd_config man page
<consumerism> pmatulis: so i can only define where the authorized_keys file lives for all users, i can't specify a unique one for root for example?
<consumerism> pmatulis: the server i'm working on boots in amazon's cloud from a pre-built image, in other words i need to script all configuration that's not part of the image. rather than writing the public keys i need directly to /root/.ssh/authorized_keys via script, i'd like to just include them so when i add a key i don't have to edit the script. i could keep them in a separate file and just cat that
<consumerism> >> authorized_keys but i was wondering if there's another way
<twb> User root
<twb>   ThingyFile %h/.ssh/authorized_keys.gotcha
<twb> ...in sshd_config?
<twb> Match User root, rather
<twb> The sshd_config and ssh_config manpages should make it fairly obvious how to massage that to correctness
<consumerism> ah
<consumerism> twb: thanks
<twb> np
<twb> Note that ssh-copy-id won't realize
<consumerism> i don't use that
<consumerism> another question, although ps aux | grep ssh shows me that ssh-agent is running, when i run ssh-add it says it can't connect to my authentication agent. how can i troubleshoot this?
<twb> Turn off agent forwarding and use -oProxyCommand instead
<twb> e.g. Host foo.example.net \n\t ProxyCommand ssh example.net -W %h:%p
<twb> Er, s/foo/*/, so it's a wildcard
<robbiew> Daviey: what's the current situation of bug 600174?
<uvirtbot> Launchpad bug 600174 in axis2c "axis2c fails to build from source on maverick/i386" [High,Confirmed] https://launchpad.net/bugs/600174
<consumerism> twb, not sure i follow, i'm trying to add my identity file to my current session so i don't have to keep entering the passphrase when i use my key
<twb> consumerism: oh, right.
<Daviey> robbiew: still exists, i spent a few hours trying to look at it.  doko is aware of it, and i think he may get to it eventually... is that right doko?
<Daviey> robbiew: FWIW, it's quite a PITA that one.
<twb> consumerism: are you using Screen?
<robbiew> Daviey: sure...I'm not pushing...just need status for weekly release meeting ;)
<twb> Your environment needs entries like this:
<twb> SSH_AUTH_SOCK=/tmp/ssh-HYfvfR1489/agent.1489; export SSH_AUTH_SOCK;
<twb> SSH_AGENT_PID=1496; export SSH_AGENT_PID;
<doko> Daviey: somehow
<doko>     - S6638712: Inference with wildcard types causes selection of
<doko>       inapplicable method.
<doko>     - S6650759: Inference of formal type parameter (unused in formal
<doko>       parameters) is not performed.
<Daviey> doko: Yeah.. i was looking at them two patches
<consumerism> twb: i'm using tmux, but the problem is still present outside of tmux or screen
<doko> please could you ping upstream about this too? I'm preparing a build without these
<twb> consumerism: if your tmux session persists across X invocations, you'll lose conection to the agent
<Daviey> doko: Would it be better if your build without those is tested first?
<twb> consumerism: because the X teardown code stops the one you know about, and then next X setup creates a new one.
<consumerism> twb: not using X, it's a headless server
<consumerism> printenv doesn't show me those env vars, how are they supposed to be set?
<twb> OK, then you need to start the agent by hand, in a sufficiently magic way that detaching, logging out, logging in, and retaching doesn't give you a new one
<twb> For that, I use twb-agents(1twb) in my .bash_profile: http://code.haskell.org/~twb/Preferences/.bin/twb-agents http://code.haskell.org/~twb/Preferences/.bash_profile
<twb> As that code says, it's based on Gentoo keychain(1), which is also available in Ubuntu.
<ttx> Daviey: task force governance model drafted at https://wiki.ubuntu.com/ServerTeam/TaskForces -- not sure we need more, feel free to edit it
<doko> Daviey: ohh, the axis2c one? no, currently not looking at it
<zul> kim0: ping i uploaded your bacula fix i just modified the changelog a bit thanks for the patch though
<kim0> zul: cool :)
<kim0> zul: can I see what was needed to be modified
<Daviey> ttx: Awesome!  I'll have a good read and digest it this evening... Currently swapping between tasks \o/
<zul> kim0: sure check launchpad :)
<Daviey> doko: Are you able to look at the axis2c one this cycle?
<ttx> Daviey: sure no hurry. Mostly a rehash of the spec.
<Daviey> doko: RE, Java - confirming it fails in maverick with natty openjvm
<doko> Daviey: I should have test packages ready in about 30min
<Daviey> doko: Great... if they arrive ~30 mins from now, i'll test them straight away... otherwise i need to go afk.
<Daviey> doko: Is it a PPA ?
<doko> Daviey: no, local build
<doko> Daviey: I'll leave these at http://people.canonical.com/~doko/tmp/
<Daviey> doko: be good if you run apt-ftparchive or similar on them :)
<doko> wget 1 2 3 4 should work too =)
 * Daviey pah's
<Daviey> :)
<l3dx> when I run "crontab -e" as a user, where is it stored?
<DevoKun> l3dx: usually /var/spool/cron/crontabs
<l3dx> ok. thanks
<doko> Daviey: files are there
<uvirtbot> New bug: #688458 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 [modified: usr/share/bind9/bind9-default.md5sum] failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/688458
<Daviey> doko: great
<RichardRaseley> Hello all, I have an urgent issue that I would really appreciate someone helping me with. I had to move a Ubuntu VM that was running under VMWare Player to a Hyper-V server (not my choice, long story). When booting into the VM I am greeted by a "BusyBox" command line.
<Daviey> doko: Ahhh! my chroot is amd64 :)
<RichardRaseley> I think it is because VMWare uses SCSI emulation by default whereas Hyper-V requires IDE emulation.
<RichardRaseley> Any suggestions as to what I might be able to do to resolve this?
<doko> Daviey: build eu here locally
<RichardRaseley> It would be greatly appreciated!
<Daviey> doko: creating an i386 chroot now
<h3sp4wn> RichardRaseley: Have you converted the disk
<h3sp4wn> RichardRaseley: (VMDK to VHD)
<RichardRaseley> h3sp4wn: Yes, I have.
<RichardRaseley> Converted and associated with the VM.
<h3sp4wn> RichardRaseley: Updated the initrd ?
<RichardRaseley> I can hit grub, change the boot to use "vga=771", but then I just get the BusyBox
<RichardRaseley> I am not sure how I would do that.
<RichardRaseley> Could you help me a bit on that item?
<h3sp4wn> Trying to think about how to do it
<RichardRaseley> Thank you, I appreciate your help. I am in a bit of a bind here. This would make my day. =D
<doko> Daviey: build for me
<h3sp4wn> (Its easy from a running system problem is likely the right modules for the disk are not in the initramfs (initrd)
<Daviey> doko: Oh, great!
<Daviey> doko: Are those two patches crucial?
<Danawar2> Hey ubuntu server if some one makes a copy of /etc/passwd is it possible for them to decrypt the passwords?
<Daviey> Danawar2: not on ubuntu, they would need /etc/shadow :)
<remix_tj> no
<RichardRaseley> That makes sense. I think the VMWare uses SCSI virtualization whereas Hyper-V uses IDE - I think that is the root cause of my issue.
<remix_tj> because in /etc/passwd there are not :-D
<h3sp4wn> Danawar2: They need /etc/shadow  depends how much they want them
<Danawar2> if they got /etc/shadow
<remix_tj> Danawar2: take a look to the crypt() function
<h3sp4wn> If the NSA wants them I guess they can get them
<remix_tj> Danawar2: on /etc/shadow there is not password crypted, there is a string crypted using your password
<Danawar2> its just my friend thats got shadow
<Danawar2> and passwd
<remix_tj> so your password is secure because if they break DES encryption they get not crypt key but only decrypted text
<Danawar2> ook
<Danawar2> phew ;D
<doko> Daviey: looking ... http://bugs.sun.com/view_bug.do?bug_id=6638712 http://bugs.sun.com/view_bug.do?bug_id=6650759
<remix_tj> Danawar2: if your friend got your shadow it means that he were root, and this is more preoccupant than the things he theft
<Danawar2> ohh deer
<Danawar2> lol ;D
<Danawar2> im sure he wont do any thing melicious ;D
<Danawar2> well i hope not any way hehe
<Danawar2> is there any way for him to wipe his .bash_history?
<h3sp4wn> yeah - rm
<Danawar2> without route?
<Danawar2> root*ha
<h3sp4wn> he can edit it with whatever - vi
<Danawar2> ookiess is this information saved any were else where he wouldnt be able to edit it?
<h3sp4wn> Not by default afaik
<Danawar2> Are there any good programs that will log user activity?
<h3sp4wn> selinux
<jpds> Danawar2: auditd.
<Danawar2> Is that already in stalled on all versions of ubuntu or just server or none atall?
<jpds> None at all.
<Danawar2> okies
<Danawar2> Thanks for all your help guys I got a lot of research to do :D
<h3sp4wn> Danawar2: You could checksum all your binaries and libs to see if any have changed
<jpds> aide works well for that.
<Danawar2> Thanks#
<kirkland> SpamapS: around yet?
<h3sp4wn> Has anyone seen any blueprints for a smaller Jeos (For me Jeos is far too much OS - vps far too much wastage even with just ubuntu-minimal)
<SpamapS> kirkland: just sat down. g'morning.
<kirkland> SpamapS: 'mornin'
<SpamapS> h3sp4wn: uh, why?
<kirkland> SpamapS: you said you had to make some changes to cobbler to get the web interface up and running ... have you pushed those changes anywhere?
<SpamapS> kirkland: lp:~clint-fewbar/+junk/cobbler-packaging-enhancements
<SpamapS> kirkland: with that one, you still have to edit /etc/cobbler/modules.conf and change the authentication module.. but once you do that, you can start cobblerd and login.
<SpamapS> kirkland: you know, it would be cool to add openid auth. I bet it would be easy too.
<SpamapS> kirkland: though I imagine cobblers won't be on the public internet, so its probably moot. ;)
<kirkland> SpamapS: sweet;  would you link that branch to the blueprint?
<kirkland> SpamapS: that would be kinda neat, actually
<SpamapS> kirkland: and agreed on it being FYI.. since we're basically just doing what we decided to do at UDS. :)
<h3sp4wn> SpamapS: No point in wasting memory (I need as much as I can for the db and my application)
<kirkland> SpamapS: yessir -- it's more of a "followup" since UDS
<SpamapS> h3sp4wn: having files on the disk does not waste "memory"
<patdk-wk> it does if you keep indexing your filesystem, and using up inode cache :)
 * patdk-wk spanks himself
<h3sp4wn> SpamapS: True alot of those things you cannot replace easily without removing ubuntu-minimal
 * SpamapS wishes there were an easy way to pretend his 22" monitor was 2 monitors so windows would automatically split down the middle.
<SpamapS> patdk-wk: agreed.. what were we thinking with slocate? ;)
<h3sp4wn> SpamapS: Braindead to have 2 of everything installed just for the sake of it as well (App runs less well with double the RAM than it ran on Netbsd)
<SpamapS> h3sp4wn: two of everything?? not sure I follow you there.
<patdk-wk> is there a point of needing ubuntu-minimal? I uninstall it from most of my systems
<SpamapS> h3sp4wn: and have you profiled it to see what is running poorly?
<h3sp4wn> SpamapS: To a point profiling adds even more overhead
<patdk-wk> what is it your doing that us using up all your ram?
<SpamapS> patdk-wk: it uses up 30k.. why would you bother?
<patdk-wk> I know when I install ubuntu-server it used 24megs of ram, after boot
<SpamapS> h3sp4wn: to a point, without measurement, we have nothing.
<patdk-wk> SpamapS, no, I don't, it's the other stuff I uninstall, removed the ubuntu-minimal dependence
<patdk-wk> and I only remove them for alittle bit more comfort :) not cause of wasted disk space
 * SpamapS boots his lucid minimal to see how much RAM it is using..
<SpamapS> hah I love that it boots to getty in 2s .. :-P
<patdk-wk> my lucid minimal lvs-dr is using 89megs
 * patdk-wk blames pacemaker :)
<patdk-wk> and ldirector
<SpamapS> 31M on my lucid amd64 minimal
<kirkland> Daviey: yo
<kirkland> Daviey: where are your cobbler fixes?
<SpamapS> but 3.5M of that is bash
<kirkland> Daviey: pushed anywhere yet?
<patdk-wk> SpamapS, console or ssh login?
<SpamapS> and 1M is ps auxw O r running
<SpamapS> patdk-wk: console
<patdk-wk> I think I removed useless consoles to lower mine some
<patdk-wk> but it was at 24megs, a few kernels ago, might of went up
<SpamapS> patdk-wk: that seems a bit excessive.. ;)
<patdk-wk> hard to tell with bgp using 400megs
<SpamapS> nice
<RoAkSoAx> kirkland: btw I still don';t have permission to submit a branch to lp:~powernap :(
<RoAkSoAx> (or I'm not a member)
<kirkland> RoAkSoAx: adding you now ...
<RoAkSoAx> kirkland: awesome, thanks!! ;)
<kirkland> RoAkSoAx: done
<RoAkSoAx> kirkland: thank you!
<SpamapS> kirkland: so, I have to think that one thing that will help with the upstreaming is if we start working directly on Cobbler's git repository rather than do everything in LP
<kirkland> SpamapS: um, Daviey set up an auto import
<kirkland> SpamapS: i guess i don't understand what you mean ...
<kirkland> SpamapS: bzr branch lp:cobbler
<SpamapS> kirkland: yeah.. I don't know how useful that will be for pushing changes back.
<kirkland> SpamapS: that's the latest git within a few minutes
<kirkland> SpamapS: in bzr format :-)
<zul> SpamapS: bzr-git plugin
<kirkland> SpamapS: note that i packaged it directly from a git snapshot
<SpamapS> I'm saying, we're going to be off in our little lp+bzr bubble until we decide to drop a bunch of patches on them...
<kirkland> SpamapS: and we'd probably continue that for the next few months while we're actively developing it
<kirkland> SpamapS: right;  so i've been collecting those in debian/patches for now
<kirkland> SpamapS: i think we trickle those over to them as they logically make sense
<orion__> hello
<kirkland> SpamapS: ie, once we have a batch that works well for us, and solve some particular problem(s)
<kirkland> SpamapS: i mean, i agree we'll need to work straight from source repository for the next few weeks/months
<kirkland> SpamapS: and we'll clearly need to make changes to the code
<kirkland> SpamapS: and we'll clearly need to send those back upstream
<kirkland> SpamapS: and we'll need to keep track of those changes
<kirkland> SpamapS: do you think we can do this better than tracking them in debian/patches/* ?
<SpamapS> kirkland: I suppose the exchange format of git is more or less patches, so it probably doesn't matter too much.
<kirkland> SpamapS: right;  so we *could* hack them directly into a branch (be it bzr or git)
<kirkland> SpamapS: which is what I did with eucalyptus for >1 year
<kirkland> SpamapS: but as soon as Daviey took over eucalyptus from me, he moved all of our changes out of the branch and into a quilt set of debian/patches/* to make it easier for him to send upstream
<SpamapS> kirkland: I'm just mindful of making sure we make it as pleasant and easy for cobbler to take our patches as possible.
<kirkland> SpamapS: shall we ask cobbler-devel how they'd like to see the changes?
<SpamapS> kirkland: I was thinking thats the next step actually.
<kirkland> SpamapS: okay, i'm in #cobbler-devel talking to them now
<SpamapS> I'd also be interested in hearing when their next release is coming.
<kirkland> SpamapS: they had a request from a user back in June about supporting Ubuntu better
<kirkland> SpamapS: https://fedorahosted.org/pipermail/cobbler/2010-June/005717.html
<kirkland> SpamapS: and said that they'd love to, but would need someone to package/maintain it
<SpamapS> kirkland: btw, remember our conversation about lsb-release?
<kirkland> SpamapS: yes, my memory does in fact go back >1 day :-)
<SpamapS> kirkland: /etc/lsb-release ... easier to parse that than wait on execing python to parse it. ;)
<kirkland> SpamapS: heh, yeah, that's the file I was looking for!
<uvirtbot> New bug: #688670 in clamav (main) "ClamAV update produces worrying warning message" [Undecided,New] https://launchpad.net/bugs/688670
<ffr76> hi
<Daviey> kirkland: the fixes i have aren't pushed anywhere as yet..
<Daviey> it's a job for Monday, methinks. :)
<kirkland> Daviey: okey
<Slyboots> Hmm..
<Slyboots> Does anyone know if something like "Adblock" exists in proxy form for Ubutnu?
<h3sp4wn> Slyboots: prixoxy ?
<Slyboots> Hmm
<Slyboots> not sure; the thing that really hacks me off is those videso embedded in Flash videos
<Slyboots> I dont give a feck about hotmail and "Glee!" Stop advertising them at me! lol
<dschuett> anyone ever have a problem with ubuntu server recognizing when your isp changes your dynamic ip address?
<kpettit> is there any good repositories or howto's for asterisk and ubuntu?  I'd love to get freepbx going but it seems to have issues.
<kpettit> I'd like to find a repo that had a newer version of asterisk and maybe freepbx or 2600hz web interface.
<tonyyarusso> dschuett: "recognizing" for what purpose?
<Slyboots> Still cant find a good solution to addfiltering..
<Slyboots> Most seem to use blacklists to just leave huge gaping blocks of "PAge cant be displayed" where the ads used to be :P
<RoyK> Slyboots: using a proxy to do adblocking?
<Slyboots> RoyK: Trying to; Rigth now Im using Adblock but moving to Chrome
<Slyboots> Was was thinking why not get the linux server to do thsi for me.. Doesnt seem to be quite as simple as that though
<RoyK> it should be quite easy
<RoyK> add a redirect to a 1x1 pixel transparent image for what you block
<Slyboots> .. how the heck do I do that lol
<Slyboots> I just installed Squid and overwhelmed by the multi-thousant line config file
<RoyK> Slyboots: most of it is comments/documentation
<Slyboots> Idealy I want to block those freaking annoying "video" adds tehy place at teh start of flash videos
<Slyboots> Like in YouTube; or that guy with the glasses
<Slyboots> Christ are they annoying
<Slyboots> So I should use something like.. SquidGuard?
<Danawar2> (21:13:21) Danawar2: Hey guys how do i make selinux log all a users commands?
<osmosis> is there anymore info on why qcow2 files fail with 10.04 LTS ?
<genii-around> Danawar2: You could try something like make their default shell something like: script -a /var/log/theirlogifile -c /bin/bash                           or so
<Danawar2> how would i go about doing that? :O
<Messanger> world leaders setting you all up right now to get microchipped by RFID microchips with identity/healthcare/credit information into their new world order why they are folding the economy , their solution to the problem they are causing is the RFID microchip  http://www.scribd.com/doc/44997148/The-Mark-of-the-Beast    Romans 10:13 all who call upon the name of the Lord shall be saved.
<h3sp4wn> Anyone know where I can get an upto date (or at least with working syncml) version of opensync for lucid
<genii-around> Danawar2: The manpage for chsh (CHange SHell) might help you there. You'd still have to manually make the logfiles and have them owned by whatever user is supposed to be able to write there , etc
<Doonz> anyone recommend a good vps host in the usa
<osmosis> how do I setup qcow2: Make cache=writethrough default ?  Im suppose to "pass" it somehow?
<h3sp4wn> Doonz: http://www.xenvz.co.uk/ (they are pretty good they have usa servers also) get xen not openvz
<LinuxAdmin> hi guys, I'm getting troubles configuring vsftpd
<LinuxAdmin> I can start it without ssl, but when I start it with ssl it doesn't run
<h3sp4wn> Have you generated / installed a cert
<LinuxAdmin> no
<LinuxAdmin> I using /etc/ssl/certs/ssl-cert-snakeoil.pem
<kim0> zul: I fixed https://bugs.launchpad.net/ubuntu/+source/ibmasm-utils/+bug/687977 .. are you the one to contact as well?
<uvirtbot> Launchpad bug 687977 in ibmasm-utils "[FTBFS] package 'ibmasm-utils' (3.0-1ubuntu10) failed to build on natty" [Medium,Confirmed]
<LinuxAdmin> shouldn't be enough?
<h3sp4wn> Don't know I use sftp
<h3sp4wn> I would just read the docs and try generating another key
<LinuxAdmin> ok thanks anyway, anyone else can help?
<LinuxAdmin> I'll try generate another key
<DevoKun> LinuxAdmin: did you generate that SSL cert yourself?
<Slyboots> Right; I've got Squid going with some adblocking rules
<Slyboots> But it still makes where the ad *used* to be render and appear as a "Forbidden" which looks like shit
<Slyboots> Anyone know any way to do some clever html rewriting to hide the ad totally
<the_eye_> IBM eServer xSeries 346 reboots with 10.04 in random times, any idea why ?
<DevoKun> LinuxAdmin: are you using the default Ubuntu vsftpd package and config file?
<uvirtbot> New bug: #688773 in euca2ools (main) "euca2ools give 'SignatureDoesNotMatch' error" [Undecided,New] https://launchpad.net/bugs/688773
<LinuxAdmin> DevoKun, yes
<osmosis> this bug says the patch has been commited, but how can I tell when it is actually in the package from the repos?  https://bugs.launchpad.net/ubuntu/lucid/+source/libvirt/+bug/668042
<uvirtbot> Launchpad bug 668042 in libvirt "If Libvirtd is restarted, libvirt drops active domains lose network interface info." [Low,Fix committed]
<DevoKun> LinuxAdmin: Does vsftpd start if you use the default certificate?: rsa_cert_file=/etc/ssl/private/vsftpd.pem
<soren> zul: How close are you to fixing openvswitch
<soren> ?
<LinuxAdmin> DevoKun, if I start it with ssl enabled, I can't
<LinuxAdmin> DevoKun, if I try to start it manually (/usr/sbin/vsftpd /etc/vsftpd.conf) I get this error: "500 OOPS: SSL: cannot load RSA private key"
<zul> soren: it should be fied
<the_eye_> IBM eServer xSeries 346 reboots with 10.04 in random times, any idea why ? On reboots log says overheat but server is in airconditioned reoom at 16 C
<zul> fixed even
<LinuxAdmin> DevoKun, I think I have to build a new private key, or define a private key with  rsa_private_key_file parameter
<soren> zul: Since when?
<soren> Like today?
<zul> 3 days ago
<soren> zul: It's not.
<soren> openvswitch-datapath-dkms_1.1.0~pre2-5ubuntu6_all.deb (7.8 MiB)
<zul> fuck...ill look at it when i get back
<soren> I have patch that fixes that and at least one other problem.
<soren> I just didn't want to step on your toes.
<zul> soren: can you send me the patch and ill look at it this weekend
<soren> ...or I could just upload it?
<soren> It's not like I'd break it more :)
<zul> that works too
<soren> zul: Done.
<genii-around> Interesting. sudo telinit 0   doesn't work. But sudo su      then telinit 0 .. does
<guntbert> genii-around: generally use sudo -i instead of sudo su (not that it matters in *this* case :-))
<genii-around> guntbert: I actually did try that first, which also did not work
<guntbert> genii-around: starnge, what happened?
<guntbert> *strange
<genii-around> guntbert: Just returned back to prompt, etc
<genii-around> guntbert: I'm running natty for a cctv box. I think init is choking on shutting zoneminder down ( or something with bttv driver or so)
<guntbert> genii-around: ah, that might be the case, so its no use my trying it on a default maverick :-)
<compufreak> Anyway to internally redirect requests like exmaple.org:80 to port 8080. It would only redirect a specific host name
<penguin42> is anyone using iscsi targets and if so happen to know which ones are regarded as intended to be stable on ubuntu-server; iscsitarget seems to have stopped working on Natty and while I've filed a bug I wonder if the intention is to move to something else
<h3sp4wn> penguin42: Is there anything else ? (I know of nics with built in iscsi but no other free software impliementation)
<penguin42> h3sp4wn: Oh Ubuntu has a free iscsi client that works well, and a number of iscsi targets that work to varying degrees at varying time
<h3sp4wn> penguin42: What as an not part of openiscsi ?
<penguin42> h3sp4wn: Well there is openiscsi, iscsitarget and tgt at least
<h3sp4wn> penguin42: interesting (I see the problem) are they all in main as well
<h3sp4wn> (I have only used iscsi under and solaris so far)
<penguin42> hmm good question, I'd have to check
<h3sp4wn> *windows* and solaris
<penguin42> h3sp4wn: I've had lucid and maverick setup with a little test pair of VMs, one iscsi booting off the other
<nertil> hello friends im writing from ubuntu server 10.04
<nertil> i think i have some problems with my hard disk hdd
<nertil> how can i check it?
<nertil> or clean it and fix it?
<penguin42> nertil: What type of problems?
<nertil> well when my ubuntu server says 2 hours or more
<nertil> and i try to type command
<nertil> dont take commands
<nertil> i cant shutdown or restart  neither
<nertil> just with force shutdown
<nertil> right now its ok
<penguin42> any errors on dmesg?
<nertil> what is dmesg
<nertil> ?
<penguin42> dmesg prints out the current set of kernel messages (since bootish)
<nertil> nope
<penguin42> things like hard drive errors normally end up in there
<nertil> well i didnt check it
<nertil> because i control it oer remote
<nertil> with putty
<nertil> bcz i dont have monitor or keyboard for my server
<penguin42> so run dmesg from putty
<nertil> just that?
<nertil> dmesg
<penguin42> yep
<nertil> any other idea how to scan my hardisk for errors
<nertil> ?
<penguin42> I'd use smartctl -a
<nertil> thx
<Yompa> Question: I know Windows got file name character restrictions, more than Linux, but what characters would make a Samba server reject a file copy from a Windows? I remember I have seen a rejection myself once, I had to rename the file on windows first.
<h3sp4wn> Yompa: remember by default windows is not case sensitive
<fluvvell> Yompa, windows allows ? in a filename, *nux has issues with ? as its a wildcard
<fluvvell> IIRC, & is a problem too
<penguin42> Unix is perfectly happy to have & and ? in filename
<penguin42> as long as you are careful with the way you write the command
<fluvvell> penguin42, yeah its using a shell to work with it that it gives grief
<h3sp4wn> touch \&
<penguin42> the / and NIL characters are the only things you can't have and things called . and ..
<Fidelix> Hey guys. I'm in the need of a tool that list files and directories with sizes in KBs, MBs and GBs. I already tried various combinations of "du" with no success...
<Yompa> h3sp4wn, fluvvell, thanks. Will experiment some and examine. I set up a samba for a friend and he ran into this day one. I'm sure it's not permissions since he managed to copy 1/2 of his files to it. I will have to visit him and examine the file names.
<h3sp4wn> Yompa: There might be a way with mount options to make it better but you would need to be using a seperate partition for samba stuff
<JanC> Fidelix: ls -lh
<Fidelix> JanC, this only list files, not folder sizes.
<h3sp4wn> try tree
<JanC> it lists folder sizes too
<h3sp4wn> read the manpage
<JanC> of course not the combined size of files in the folder
<Fidelix> h3sp4wn, all folders are 4k of size. I have some gbs of photos in these folders. How does it list folder sizes?
<h3sp4wn> or find (tree will probably be easiest)
<h3sp4wn> find directories and exec du -sh etc
<Fidelix> Well, i used du -h * --summarize and all went fine. Thanks and good bye!
#ubuntu-server 2010-12-11
<JanC> not all folders are 4k in size, folders with a lot of files in them might be (a lot) larger
<lolufail> hi!
<lolufail> forgot there's a special channel for _server ;)
<lolufail> on 10.04, my dm_crypt randomly crashes when writing ~300-700GB large files, need to reboot the machine... any idea? should I try maverick kernel? here's the trace: http://www.abload.de/img/captureoby2.png
<Patrickdk> hmm, I have no single files that large
<Patrickdk> but I have a 6tb drive that is dm_crypt, and it's happy with 20gig files
<Patrickdk> but that really should go to the kernel channel :)
<DjKiDD> http://pastebin.com/HQzf9fxk
<DjKiDD> Whats this error mean?
<DjKiDD> permissions problem?
<Datz> DjKiDD: run as root?
<adrianrally> I have a public static IP and a subnet routed behind it. I configurate it on ubuntu server and I have internet on my PC, but the server gives me the IP address of the linux not the one I picked up from the subnet. What to do ? http://img573.imageshack.us/img573/1244/capturewn.jpg
<uvirtbot> New bug: #688922 in samba (main) "package samba 2:3.4.0-3ubuntu5.7 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/688922
<cap_00> just wondering which virtual server deployment is best, kvm vmware, openvz? other?
<cap_00> i've been having some issues with kvm, and it seems to be less universal cause it requires vt on the processor, so i guess it's less universal..
<gorkhaan> Hey. Does anybody know a web frontend for apt-get? :)
<Nafallo> gorkhaan: landscape
<gorkhaan> well ty... but I prefer a free solution.
<Ken> Dire need to assistance. After receiving so much network traffic, my headless server stops responding to ping/ssh/ftp.. everything. Ubuntu Server Maverick 10.10. I'm using it to back up some 200GB of files over FTP on local network but this isn't the first time this happens - it seems to lose connection quite often. Any tips to help remedy it?
<DevoKun> What kind of network card?
<Ken> Hm, One second.
<Ken> PCI.. uh..
<Ken> Oh. For the first time i've plugged a monitor into the headless server before starting it and it's not responding to anything via keyboard.
<DevoKun> What kind of keyboard?
<Ken> PS/2 keyboard. Screen went blank somewhere along the way and the keyboard didn't do anything. Restarting it now to check the network card details. this is new, though
<Ken> 00:12.0 Ethernet controller: VIA Technologies, Inc. VT6102 [Rhine-II] (rev 78) - that's my network card
<DevoKun> Ethernet is onboard? Or a PCI card?
<Ken> It's onboard.
<Ken> Maybe it isn't to do with the network activity after all - maybe it's just general activity. Sometimes the server sits on for a few days and I don't access it much bar to upload a small text file or the like. Other times it'll just stop responding.
<Ken> Wait, sorry. I'm pretty useless. I used "lspci" to view the network card. That means it's PCI, right?
<DevoKun> No neccesarily
<DevoKun> lspci shows the pci bus
<DevoKun> onboard cards can be hooked through the pci bus
<Ken> Aah. Of course. In that case i'll go with my answer of "onboard" i've had the tower open before and it doesn't slot into a PCI slot.
<penguin42> what does lspci | grep -i ethernet    say ?
<penguin42> oh, you had it above, the Via
<Ken> Yeah, that's the one.
<penguin42> Ken: So you have a keyboard/monitor on it
<DevoKun> And you say it's locking up randomly?
<Ken> penguin42: I do now, yes. Normally I ssh.
<penguin42> ken: When it stops responding what is shown on the monitor?
<Ken> DevoKun: It is. I can't seem to find any pattern to be honest. It's usually during heavy network traffic, either locally or ftp access via a dyndns name
<Ken> penguin42: I've never had it connected in time to see. I'll try and trigger a lock up, though. It was connected prior to the most recent (a few minutes ago) but the screen was blank and it didn't respond to keyboard.
<jpds> You're backing up 200G over FTP? Tried rsync?
<penguin42> Ken: Does it come back or does it stay dead?
<Ken> It stayed dead.
<penguin42> Ken: Anything in dmesg / /var/log/messages or the like?
<Ken> I'll check now
<Ken> dmesg is just showing me information from the reset I just carried out. How can I view a longer log?
<Ken> Sorry for the really newbie questions. Troubleshooting a server is well beyond what i'm used to. I've got it reasonably well set up but I'm not even sure where to start with this.
<penguin42>  /var/log/messages and /var/log/kern.log
<penguin42> however, if it died in an odd way then they won't make it to ther
<Ken> It's giving an error for my wireless card, which I don't ever actually use.
<penguin42> meh
<Ken> May or may not be of use:
<Ken> [    9.467313] ACPI: resource vt596_smbus [io  0x5000-0x5007] conflicts with ACPI region SM06 [??? 0x00005006 flags 0x36]
<Ken> [    9.467319] ACPI: If an ACPI driver is available for this device, you should use it instead of the native driver
<Ken> That's on boot though
<penguin42> wouldn't worry too much about that one
<Ken> I'm seeing if I can make it do the same again. I'm transferring some large files over
<Ken> This is part of the problem. The only pattern I seem to find is it's after a period of heavy activity. Time makes no difference. As i've said, it can happily sit on for days, barely used, with no issues.
<Ken> Other times It'll be on for no more than a few minutes whilst I'm doing a lot of heavy traffic file transfers and it stops responding to ssh, ping, etc. Resetting manually is the option i've used.
<DevoKun> Ken: this sounds like bad hardware to me. You should try running memtest86 on the machine to see what happens.
<Ken> Memtest using a Live CD, right?
<DevoKun> yes
<Ken> I did have a hard drive die. It was years old though and it's since been replaced. The change of hard drive hasn't made a difference though - this happened before and after the replacement.
<Ken> Thanks, DevoKun and Penguin42. I really appreciate you taking the time to help me.
<Ken> Hmm. 2GB file just transferred without a problem.
<Ken> I'll send another few larger files then run memtest.
<DevoKun> Ken: If the machine survives memtest86 without crashing, then you can run some other hardware testing tools like cpuburn or smartctl (part of smartmontools). However, if you suspect the problem may be with your Linux installation, then download and boot from the "System Rescue CD" project liveCD: http://www.sysresccd.org/Main_Page you can startup the network then copy files on mass to see what happens.
<Ken> DevoKun: Brilliant. That should really narrow it down. I've already switched out my router to see if that made a difference (I wanted to change my router anyway because my provider-branded one doesn't allow Wake On LAN), so I can rule that out as a possible problem.
<Ken> Another question, somewhat unrelated to servers. Fastest protocol for transferring files over local network? I'm assuming FTP?
<DevoKun> Fastest?
<Ken> Yeah. To transfer from my laptop to my server. Two wired connections and ftp?
<Ken> In terms of transfer speeds that is.
<DevoKun> Actually, there is some data out there to suggest that Samba-to-Samba (smb) connections are the fastest. However, I always use, and recommend, rsync over ssh or scp.
<DevoKun> You should train yourself not to use FTP.
<Ken> I've been following an rsync  tutorial to have incremental, automated backups
<DevoKun> It's a bad habbit ;)
<Ken> Haha. I'll heed that advice.
<DevoKun> rsync is dead simple. Create a cron job that does: rsync -avz -e 'ssh' <local-source-dir> <user>@<remote-server>:<remote-dest-dir>
<adrianrally> What to do if dnsmsq is using the same port as named ?
<DevoKun> something like: 0,15,30,45 * * * * /usr/bin/rsync -avz -e 'ssh' /home/ken ken@192.168.0.5:.
<RoyK> DevoKun: -e ssh is implicit since five years ago or so
<DevoKun> Old habbit
<Ken2> I followed a tutorial and made a bash file, then i'm going to link it to cron.
<Ken2> "rsync -e ssh -varuzP /media/DATA/College/ <server>:/home/kenneth/backup/College/"
<Ken2> Ooh, I just got an error although nothing bad has happened to my network connection
<Ken2> Segfault in miniserve.pl - that's webmin as far as I know
<Ken2> Okay, woah
<Ken2> I think we have success.
<Ken2> I see an error on the server screen. It's talking abut er... kthread+0x74/0x80 and bdi+start_fn
<Ken2> I'll have to do a reboot and then i'll try to dig that out of the dmesg log if anyone can advise me how I might go about it.
<penguin42> Ken2: Can you get a full copy of the whole error?
<Slyboots> Hmm.
<Slyboots> Is it possibel to have Squid to act as a transprent proxy with oly one network card
<RoyK> Ken2: -r is part of -a
<Ken2> penguin42: I'll give it a go. I used watch "dmesg | tail" on my server and it all appeared on the monitor. I'll have to reboot then i'll try to ssh and view the dmesg log fully to get a copy of it unless you have a better suggestion
<DevoKun> adrianrally: you probably don't need both DNSmsq and named running at the same time. If you are trying to use just DNSmsq, then stop and disable named.
<penguin42> Ken2: If you can't get it any other way then try a picture!
<Ken2> penguin42: Haha, good idea.
<Ken2> Is it possible webmin is causing the issue? It showed a segfault with miniserv.pl which, as far as i know, is what webmin runs on.
<Ken2> Then a lot of scroll happened (rebooting to find it)
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<adrianrally> DevoKun. The thing is like this. I use my saver as a webserver. I have domains parked on it.
<adrianrally> I use bind9 for that.
<nRy> hello, are there any Ubuntu Server admins for hire out there?
<nRy> I have a project I need an ubuntu server OS expert right away to help me set up a custom config by Monday
<nRy> VirtualBox is already setup on my server but I need to build some VM's and and then configure some special software that has full documentation and tech supper. However I need an expert with Ubuntu Server OS to make sure it is all running optimally. I must place this server into a client's location on Monday.
<adrianrally> DevoKun: This is my problem: http://img529.imageshack.us/img529/9469/captureqf.jpg
<Ken2> Okay, the first error I saw:
<Ken2> [   38.155224] miniserv.pl[1519]: segfault at 19 ip 080cdcb3 sp bfefc100 error 4 in perl[8048000+12d000]
<DevoKun> adrianrally: looking now
<Ken2> It doesn't give me much else aside from that. I'll try to dig out the rest from somewhere and use pastebin.
<adrianrally> That's my server's ip addres. I should have an ip from the subnet(62.231*).
<Ken2> Does /var/log/kern.log be over written every time I reboot? If so, can I find older logs?
<Ken2> Ah. Scroll bad was limited in my terminal.
<adrianrally> iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
<adrianrally> If I put this rule... I get the server's ip address. If not, I can resolve dns but no incoming traffic. What am I missing here ?
<adrianrally> If I ping the gateway, it's ok. If I ping the PC from the server... no ping.
<Ken2> Alright, having trouble locating the previous log when I crashed. It's showing mostly reboot information and nothing before it. I am getting a segfault from miniserv.pl though
<DevoKun> adrianrally: you need to be able to forward packets to the aliased subnets, so the masquerading rule is required.
<adrianrally> Yes but it makes my subnet work as a intranet.
<adrianrally> The subnet is routed behind the public ip address.
<adrianrally> 62.231.69.58 should be my public ip address.
<penguin42> Ken2: It's possible, but the bdi+ blah error is a kernel oops, and that looks like the real issue
<DevoKun> adrianrally: do you have multiple ethernet ports in the machine?
<adrianrally> Yes.
<adrianrally> But I use only one.
<DevoKun> Is this your firewall?
<adrianrally> No.
<Ken2> penguin42: Ah. And the kernel problem could either be hardware or an install issue? I'm trying to run another large transfer to encourage another crash
<DevoKun> adrianrally: You're connecting your webserver directly to the Internet?
<penguin42> Ken2: Either hardware or a bug
<adrianrally> Yes.
<Ken2> penguin42: Okay. Praying for a bug then.
<adrianrally> DevoKun: On eth0 it's the public IP address the ISP gave me.
<penguin42> Ken2: You could try changing the font used on the terminal to give a better chance of it all fitting on
<Ken2> I've changed the scrollback to "unlimited" right now. I'm sshing and hoping it'll capture it all
<penguin42> Ken2: OK, is the ssh surviving the problem?
<Ken2> Not usually.
<DevoKun> adrianrally: You're getting (eth0)86.122.123.155 as your public IP because that's the interface that traffic is being routed out on. Traffic may come in on (eth0:0)62.231.69.57, but it will go out eth0 because that's how you have your routing setup.
<Ken2> I'm just an optimist. How do the logs work? If I can access the log from before I had to reboot, I should be able to find the line that show the issue.
<penguin42> Ken2: It depends on the failure, if the kernel got upset it might not make it to the file
<Ken2> Oh. Hmm.
<Ken2> Running "dmesg /var/sys/log" shows only what has happened since boot, not since the previous boot.
<adrianrally> DevonKun: So how do I send traffic from eth0 trough eth0:0 to my pc?
<DevoKun> adrianrally: I recommend you install a firewall between the Internet and your webservers. pfSense (http://www.pfsense.org/) is a good option for this scenerio. Web based interface, quick and easy to configure. Then you can setup 1-to-1 NAT to server based on IP.
<DevoKun> Why are you using two subnets?
<DevoKun> You should really only need 1 in a hosted environment.
<adrianrally> 62.231.69.56/29 is behind 86.122.123.155
<adrianrally> I had what I wanted but the harddrive exploded last night.
<adrianrally> I didn't even changed the config on my PC. It's like you saw it in the screenshot. It's something with iptables I think.
<DevoKun> adrianrally: So your ISP told you to use 86.122.123.155 as an IP and to use 86.122.123.129 as a router.
<DevoKun> adrianrally: Where did 62.231.69.56 come from?
<adrianrally> My ISP told me to put on eth0 86.122.123.155, and on eth0:0 62.231.69.57. Then on my PC 62.231.69.58, 62.231.69.59 on the wifi router, 62.231.69.60 on mom's laptop.
<Ken2> Ah ha.
<Ken2> http://pastebin.ubuntu.com/542312/
<penguin42> is that it? There is normally a lot more after that
<adrianrally> They don't offer support for linux.... they said to me to make internet connection sharing.
<adrianrally> Just That!
<Ken2> I'm viewing it in Nano and that's all I can see.
<Ken2> Line 3, [cut here], is pretty much where the problem happened.
<penguin42> Ken2: My bet is there is a lot more on the console
<Slyboots> silly Q' how to you comment out multiable lines in a configuration file
<Ken2> penguin42: What's the best way for me to view it on the console? It might be really obvious but I couldn't see it. Can you use dmesg with a parameter to have huge scroll back?
<Slyboots> Right now Im just adding # to every line; surly there is a beter way
<penguin42> Ken2: are you getting it after reboot?
<adrianrally> This is killing me DevoKun....
<Ken2> Yes. I opened it in Nano and it's shown me all of the kern.log since 4 dec.
<Ken2> When I open it using "dmesg" it just shows since reboot.
<adrianrally> DevoKun: Might be bind9 screwing up something ?
<penguin42> Ken2: It would be better to get the whole message as it dies on the console
<DevoKun> adrianrally: no. this is not a DNS issue. your problem is with IP routing.
<Ken2> I'm trying to make it crash again. My monitor resolution is quite bad though so i'll be stuck with typing it out if it doesn't go into a log.
<DevoKun> adrianrally:  62.231.69.56 can not be "behind" 86.122.123.155 because it is a *very* different network.
<adrianrally> It's a 8 IP subnet behind that ip address.
<adrianrally> That's what they said and it worked till now.
<penguin42> Ken2: Look at bug 670117
<uvirtbot> Launchpad bug 670117 in linux "After some io activity kernel bug in dmesg, then server freezes (pings still working)" [Undecided,New] https://launchpad.net/bugs/670117
<penguin42> Ken2: He has a similar inode.c:2099 but you see he has a lot more info after it?
<Ken2> penguin42: Yes. That's pretty much exactly what mine looked like
<penguin42> Ken2: Well the text of the backtrace is important
<Ken2> It appeared on my screen but isn't in the log.
<nRy> any server admins for hire in here????
<DevoKun> adrianrally: see, if you wanted 192.168.0.10/24 routed through 192.168.0.1/24, that would be do-able. If you wanted 192.168.100.10 routed through 192.168.0.1, you could change the netmask to /16 and no problems. To route 10.10.100.10 through 192.168.0.1 you would need to setup your routing so machines new how to get to and from that IP.
<Ken2> Well, it's not in kern.log anyway. Is there anywhere else it might be?
<penguin42> Ken2: I doubt it, have you got a digi camera?
<adrianrally> DevoKun I wanted more IPs. And that's what they gave me.
<Ken2> penguin42: Embarrassingly, not at the moment.
<DevoKun> adrianrally: OK, so they probably gave you a separate gateway for that subnet also?
<Ken2> Now i'm just getting a lot of segfaults from python/miniserv.pl. Any suggestions as to what else I could use since Webmin isn't supported (If you don't have any off the top of your head i'll go google)
<adrianrally> Let me translate your the mail.
<Ken2> Hmm, okay.  I just sent 5GB of files over the network to the server and nothing happened.
<penguin42> Ken2: If your getting seg faults all over then I really do suggest the memtest86 run
<Ken2> I shall do that right now.
<Ken2> Maybe  I should get a new hobby.
<adrianrally> DevoKun: This is the email from the ISP(RDS): "We've routed 62.231.69.56/29 behind 86.122.123.155. The subnet can be configured on the local interface of the server if eth0 is from RDS(this is the ISP) and eth1 the local network. For example ifconfig eth1:0 62.231.69.57 netmask 255.255.255.248. And you can use on the local network, directly connected into eth1, addresses from 62.231.69.58
<adrianrally> to 62.231.69.62(with netmask 255.255.255.248 and gateway 62.231.69.57). Or you can add aliases for example: ifconfig eth1:1 62.231.69.58 netmask 255.255.255.248"
<adrianrally> But. I know I didn't used another network card. I've put 86.122.123.155 on eth0, 62.231.69.57 on eth0:0 and the other ones I used them as aliass or on other equippments.
<DevoKun> adrianrally: Sure. You need to setup a route for the 62.231.69.62 IP.
<DevoKun> adrianrally: Aliases are fine, but they still need routes.
<adrianrally> How do I do that DevonKun ?
<DevoKun> adrianrally: add the gateway they gave you (62.231.69.57) to your config file for the eth0:0 interface
<Slyboots> Hmm..
<Slyboots> Having a odd issue trying to push a proxy-configuration file over DHCP3
<Slyboots> DCHP3 crashes with /etc/dhcp3/dhcpd.conf line 43: unknown option dhcp.custom-proxy-server
<Slyboots> Cant find the correct syntax though for that option
<adrianrally> Done that. Now ?
<DevoKun> adrianrally: restart the network
<DevoKun> adrianrally: if you type "route -n" you should see a route for both networks
<adrianrally> It died.
<DevoKun> adrianrally: your machine locked up?
<adrianrally> The internet crashed.
<DevoKun> adrianrally: what are the contents of "route -n" ?
<DevoKun> adrianrally: what are the contents of "ifconfig -a" ?
<adrianrally> http://pastebin.ubuntu.com/542320/
<DevoKun> adrianrally: you have two default gateways. See the "0.0.0.0             ww.xx.yy.zz" lines?
<DevoKun> adrianrally: you can have two default gateways, but the metrics need to be adjusted.
<DevoKun> adrianrally: Ideally, you need to have routes (top 2 lines of route -n) with only 1 default gateway.
<adrianrally> Right... soo.. what do I have to do to achive that ?
<adrianrally> 0.0.0.0         62.231.69.57    0.0.0.0         UG    100    0        0 eth0
<adrianrally> This line appeard when you put me to type the gateway for eth0:0
<adrianrally> After I restarted.
<Ken> Memtest is running. I'm going for a sandwich. Anyone want one?
<DevoKun> Ken: good luck
<Ken> Thanks, DevoKun. I appreciate the help both you and Penguin offered me. I'll be back shortly no doubt with more tedious question for you both. I guess it's a curse being so knowledgeable, huh?
<RoyK> adrianrally: you have two default gateways - that's bound to confuse the ip stack
<adrianrally> So what do I have to do now ?
<adrianrally> Wait a moment.
<adrianrally> DevoKun: http://pastebin.ubuntu.com/542327/
<Doonz> Is it possible to have 2 dhcp assigned ip's on 1 wan port?
<RoyK> adrianrally: why on earth do you have two ip addresses on different IP networks on the same NIC?
<RoyK> Doonz: the dhcp server will only assigne a single ip to a mac address unless the developer was drunk
<adrianrally> Because the first one is the publick one, the second is the gateway for the subnet...
<adrianrally> Or smth like that.
<Doonz> RoyK: is it possible to use mac spoofing on the one interface
<Ken> Ah, Mem-test has found two errors so far.
<RoyK> Doonz: obviously, yes
<adrianrally> The last routes -n looks very logic to me: http://pastebin.ubuntu.com/542327/
<Doonz> RoyK: can you point me to docs on how to do that
<RoyK> Doonz: you'll need to script that up - basic config can't do it
<Doonz> k
<Doonz> thank you
<RoyK> mac spoofing is simple, though, ifconfig eth0 hw ether x:x:X:x:xx:X:X:X
<RoyK> something
<adrianrally> My ip address is the same on my PC and my server(86.122.123.155). I need to have 62.231.69.58 on my PC. http://img529.imageshack.us/img529/9469/captureqf.jpg
<RoyK> adrianrally: you're using the _same_ IP on the PC and server?
 * RoyK sends adrianrally into google to read up on IPv4 and general network basics
<adrianrally> RoyK: Yes. It's something wrong with the server. Look at the screen shot http://img529.imageshack.us/img529/9469/captureqf.jpg
<Slyboots> this is increadably fustrating
<Slyboots> has anyone got a Proxy-config push working with dhcpd3?
<Slyboots> I;ve got the file scripted but it doesnt seem to be getting pushed out to clients via dhcp3d
<RoyK> adrianrally: something is wrong with the config and perhaps your understanding of networking
<adrianrally> RoyK... do where do I get started?
<RoyK> http://tinyurl.com/22sxxfs
<adrianrally> I don't get it. What's wrong ?
<air^> your understanding of it all. :)
<air^> Seems to me you just use the server as gateway.
<air^> That's why the servers IP is shown in your browsers "whatsmyip"
<adrianrally> A few hours ago it was working. I was getting on my PC 62.231.69.58 aka the IP i wanted.
<adrianrally> Something happened... and I don't know why.
<adrianrally> And what.
<air^> adrianrally: but what's wrong?
<air^> adrianrally: our screenshot shows your ip on the pc, exactly the one you say you want.
<air^> +y
<Slyboots> Think Im just about to give up on this haha
<adrianrally> air^ I don't need the server's public IP. I want my private one.
<air^> so don't route the traffic through your server.
<adrianrally> I followed this tutorial in the first place: http://www.ubuntugeek.com/sharing-internet-connection-in-ubuntu.html
<adrianrally> And at some point it worked.. but I did something wrong.
<Ken> penguin42: In case you were curious, memtest has turned up two errors. This might be what's causing my server to stop responding.
<penguin42> Ken: Ah right, go get that fixed and life should be a lot better
<Ken> penguin42: Memtest is still running. I'll use their site to see if I can figure out how to fix it when it's done.
<penguin42> Ken: Are you running over clocked or normal?
<Ken> penguin42:  I'm not sure. i'm going to assume normal. I just selected it from the grub2 boot menu.
<penguin42> Ken: No, I mean your hardware, is it normal or have you done anything odd with it?
<Ken> penguin42: Ah, sorry. No, it's normal for the most part. It's a really old system. The newest thing is the hard drive. One is ID, the other is SATA connected via a PCI SATA card.
<air^> RoyK: any idea what he tried to achieve? :)
<penguin42> Ken: Make sure your cooling etc is OK but chances are it's probably just a dead DIMM
<RoyK> air^: not really, although I think he was in desperate need for basic network knowledge
<Ken> penguin42: It's cool enough right now. I have a spare RAM module about somewhere so, if I can figure out which is dead, I'll try switching it out.
<air^> RoyK: seems so. the guide was about sharing internet... that is.. exactly what he had done  (server acted as gateway) :D
<RoyK> Ken: clean the contact areas both on the DIMMs and their sockets - on old systems, those often corrode
<Ken> RoyK: I will do. Thank you
<RoyK> Ken: use isopropanol or something
<air^> completely unrelated but a tricky thing about bad memory that I recently had.
 * Ken puts down the bottle of vodka again, "Ah, okay."
<RoyK> it'll work with vodka as  well :)
<air^> installed os x server on an old power mac g5. it failed on "bad media".
<air^> tried everything, still failed, tested the harddrives and install media in another g5. worked nicely.
<air^> put the drives back, g5 worked nice, run updates, update failed on bad media and fscked the system :O
<air^> turned out the memory was bad. seems it corrupted something in uncompressing stage.
<air^> never seen anything like it, pretty fun though when everything started working with other memory :)
<Ken> Fun? Hmm. I gus this is all a learning experience but i'm not sure i'd rush in and say "fun"
<Ken> I mean it's not hard for me or anything. Penguin, RoyK and DevoKun are pretty much holding my hand through it
<penguin42> Ken: Working with broken hardware really takes the fun out of it
<penguin42> Ken: You just never know when you're going to walk into a bear trap
<Ken> penguin42: I do enjoy the whole thing though. I have this old tower that i've turned into a server. It's running apache with joomla, webmin, I've set it to Wake on LAN, has samba (although I never use it), FTP, SSH, runs a headless virtual machine that I can rdesktop into, uses dyndns so I can connect through a host name. I was in the process of setting it up, between my laptop and the server, for rsync backups.
<Ken> I've learnt pretty much all of it from scratch using the internet.
<Ken> Not that impressive compared to some setups i'm sure but i'm gradually learning more and more. Next port of call, if I get it working, will be to set up VPN
 * Slyboots is far from having fun
 * Slyboots is just about loosing his mind over it :P
<RoyK> this is rather nice http://pastebin.com/7gtaGRwc
<Ken> I'd offer some help, slyboots but i'm afraid i'll well out of my depth dabbling with servers. I'm not bad at helping in the desktop channel but this is where i'm completely lost.
<Ken> Woah, is that a machine you have, RoyK?
<Slyboots> Its more DNS/DHCP issues
<RoyK> Ken: yes, I have two of those :Ã¾
<Ken> RoyK: I can't possibly imagine ever needing that much space.
<Ken> Royk: Impressive, though.
<RoyK> disk-based backup will require lots over the years
<RoyK> and we _do_ have a lot of data
<Ken> I guess that makes sense. I'm just a home user with paltry needs.
<Ken> I have no need for a server at all anyway but I figured I had an old tower sitting around doing nothing so I might as well do *something* with it
<RoyK> I'll be installing a 6TB home server for my brother for christmas :)
<air^> :)
<Ken> I figure I'm not doing bad. I have 1.5TB but only because I happened across a terrabyte that was pretty cheap and figured "why not?"
<Ken> I'm having more success with this tub of haagen-dazs than with the server right now though.
<RoyK> btw, terra = earth, tera = 10^12
<Ken> I was being hippy (I definitely didn't just make a typo because I was stuffing a spoonful of ice cream into by gob)
<Amgine> What is the best way to get php5 --enable-pcntl? I tried the instructions at http://ubuntuforums.org/showthread.php?t=549953, but make test fails 100%.
<Ken> Okay, memtest is still running and it's got four errors now. Any suggestions as to how I might work out which DIMM these might be on?
<RoyK> Ken: unplug one dimm, run memtest...
<RoyK> or unplug all but one
<Ken> RoyK: Ah, of course. Thank you.
<Ken> On another note. I'm using Webmin which isn't really supported by Ubuntu. Any suggestions as to what else I might use?
<RoyK> Amgine: if that flag isn't compiled into the php5 that comes with ubuntu, apt-get source php5, add it, and build a new package
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<Ken> Isn't that the truth.
<Ken> Segfaults all over the place.
<Amgine> RoyK: compile the full php5?
<RoyK> Amgine: yeah, doesn't take too long on most hardware
<Amgine> <looks dubiously at mb 1,1> I'll give it a shot...
<Amgine> configure: error: xml2-config not found. Please check your libxml2 installation. <grumble>
<RoyK> Amgine: apt-get source php5, unpack the tar.gz, patch it with the patch, edit debian/rules and add that flag
<RoyK> run dpkg-buildpackage
<RoyK> done
<RoyK> Amgine: if you compile it manually, it won't install in the ubuntu standard place - better make a package
<optikalmouse> anyone else using Webmin?
<Ken> optikalmouse: I am.
<RoyK> !ebox
<ubottu> ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<Ken> !zentyal
<Ken> Silly bot.
<Ken> eBox has been renamed so if you're googling it, you'll need to search for that
<RoyK> to everyone using a web-based admin tool like webmin or ebox or whatever - please don't! it doesn't take very much to learn how to administer a server using the commandline, and it'll be faster over time, way faster, and better, and ...
<optikalmouse> Ken: is it slow for you? I see two perl scripts being run in the cronjob
<optikalmouse> every 5min.
<optikalmouse> and i noticed that the comp that I'm sshing into that runs webmin slows down every few min...
<Slyboots> RoyK: I would love.. LOVE to have a webmin interface for squid proxying lol
<Slyboots> Im about to *snap* here :P
<Ken> optikalmouse: I see the same thing, Optikal. It is very, very slow sometimes.
<Ken> Slyboots: Er, I think there is a squid proxy webmin interface..
<RoyK> Slyboots: why? squid config is simple :)
<Amgine> RoyK: There's rather a large number of unmet dependencies; should they be installed via apt-get?
<Ken> RoyK: Also, I try to use SSH where I can.
<Slyboots> Oh I got Squid and DansGuardian going
<RoyK> Amgine: I guess you'll need a bunch of -dev packagages
<Slyboots> I can-not; NOT; for ANY reason; get WPAD Proxy-config pushing working
<Slyboots> At all
<Amgine> Yep.
<Ken> RoyK: But i freely admit that jumping into a nice GUI is sometimes better, even for tiny things like viewing disk usage, etc.
<Slyboots> Its setup; from everything I can see it *should* be working
<RoyK> Ken: I have Icinga alarming me if disks fill up
<optikalmouse> Ken: how much do things slow down for you?
<Ken> RoyK: I might just have to look into that too.
<RoyK> Ken: also, ssh'ing into a server and typing df -h isn't very much work :)
<Ken> optikalmouse: Well, it's usable most of the time. It's a bit laggy but nothing too bad.
<Ken> optikalmouse: Having said that, for most things I try to use SSH.
<Ken> RoyK: But it doesn't have pretty colours.
 * RoyK hands Ken a bucket of yellow paint
<Ken> I work for a non-profit organisation and we have a split site. In the coming months I hope to verse myself well enough so I can set us up with a proper server system so we can share files over VPN and.. y'know, stuff.
<optikalmouse> Ken: does it slow down while you're using ssh?
<Ken> optikalmouse: No, I guess not. I mean my server is crashing but I think that's unrelated. SSH doesn't ever be so slow that I can't use it unless I'm doing a huge amount of file transfers over ftp.
<Slyboots> Aye; I need a break
 * Ken hands slyboots a beer and a tub of ice cream.
<Ken> Slyboots: It's my solution when things aren't going well.
<optikalmouse> hmm ok
<Ken> optikalmouse: I'm getting a lot of segfaults from miniserv.pl recently though, which, as far as I know, is the "server" that webmin runs on.
<optikalmouse> the sysadmin for the server was thinking that rsync slowed down the server
<Ken> optikalmouse: I'm going to try the eBox platform since it's better supported.
<optikalmouse> but I can clearly see webmin's perl scripts running every few min :/
<optikalmouse> hm
<Ken> optikalmouse: Yeah, when I was trying to find the problems to my server, perl scripts were running every few minutes like you said. I don't know if that was doing any harm (e.g. slowing things down) but they seemed to be firing very frequently.
<optikalmouse> I checked `top` when one of them ran
<optikalmouse> and it hit the cpu for 2-4%
<optikalmouse> and the memory for 2-5% I think
<Slyboots> Ken: Much appericate :D
<Slyboots> A beer would be good right now actually
<Ken> Maybe if the module using those perl scripts could be isolated then you might find that it doesn't hang so much? My server only ever has me accessing it and it's sitting with about 1GB of RAM (which we've newly discovered, some of it is bad) but it's never slowed as badly as you've experienced.
<optikalmouse> yeah I don't know
 * Ken hands Slyboots a bud.
<Ken> Slyboots: I don't even drink that often so one beer will result in me on my back, so if my typing becomes incomprehensible feel free to get an op to kick me if I'm not responding to a polite request to shut up and leave.
<Slyboots> lol
<optikalmouse> holy crap
<optikalmouse> I ran free -m and apparently the server has 192mb of ram free :|
<Ken> optikalmouse: Discovered what's causing the problem?
<optikalmouse> wtf is using up all that mem? :|
<Ken> optikalmouse: Is there a GUI installed or anything? I installed lubuntu a while back and forgot, and it was starting on boot. Of course, I was SSHing since it was headless and had no idea.
<optikalmouse> hmm aybe
<optikalmouse> how do I check which packages are installed using apt-cache?
<Ken> One option: dpkg --get-selections
<RoyK> optikalmouse: pastebin free output (without -m)
<optikalmouse> ...
<optikalmouse> I figured out the problem.
<RoyK> -.-. --.-
<optikalmouse> clam av is running.
<optikalmouse> it's using a few hundred meg of ram
<optikalmouse> the rest of the ram eaters are apache and php5.
<RoyK> how much memory is there in the box?
<optikalmouse> 2gb
<optikalmouse> but there's only 189mb free.
 * RoyK has a new and rather nice 1U pizzabox at work with 2x12 core Opterons and 64GB memory.....
<RoyK> optikalmouse: including buffers?
<optikalmouse>              total       used       free     shared    buffers     cached
<optikalmouse> Mem:          2987       1265       1722          0         63        663
<optikalmouse> -/+ buffers/cache:        538       2449
<optikalmouse> Swap:         2863          0       2863
<optikalmouse>  
<air^> 2x12 :O nice,
<RoyK> !pastebin
<optikalmouse> erm wrong machine XD
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<air^> and i was happy to get some new 2x6core xeons last week.
<optikalmouse> Mem: 2018, 1828, 189, 0, 174, 660
<RoyK> optikalmouse: you have 2449MB free after the buffers are removed
<optikalmouse> ahh ok
<optikalmouse> ...wait what? what do the buffers mean? :P
<RoyK> buffer/cache is just the OS spending memory on caching blockdevices
<RoyK> it's released when it's needed elsewhere
<optikalmouse> ok, so when it says 189 free and but then 1024 in the -/+ buffers/cache, it really means it has 1024 mb free?
<RoyK> erm - it says 1722 free
<RoyK> from where did you get that number?
<optikalmouse> other server, I pasted the wrong one ;/
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<RoyK> the right one
<optikalmouse> RoyK: http://paste.ubuntu.com/542379/
<RoyK> 1GB free
<RoyK> and buffers/cache eating about 800 megs
<RoyK> which is good
<RoyK> if they hadn't, your system would have to read everything from disk, which is slow
<optikalmouse> hmm ok
<optikalmouse> I guess then the periodic slowdowns are mostly due to those perl scripts in the cronjob. there's like 10+ instances of apache running :/
<RoyK> apache prefork will pre-start some processes and fork out new ones when needed, and keep them running, or sleeping, to avoid having to restart them on new requests
<LinuxAdmin> I guys, I'm getting troubles configuring vsftpd with ssl
<LinuxAdmin> I can start the server without ssl, can login to it, everything works
<LinuxAdmin> but when I enable SSL I cannot start server
<LinuxAdmin> "netstat -rn" returns no LISTEN service
<LinuxAdmin> if I start the service directly "/usr/sbin/vsftpd /etc/vsftpd.conf" I get the error "500 OOPS: SSL: cannot load RSA certificate"
<LinuxAdmin> I had read a lot of manuals but all the configurations are the same
<LinuxAdmin> I can't see where am I getting wrong
<LinuxAdmin> can someone help?
<Ken> LinuxAdmin: I wish I could. If you hang about there seems to be a few very knowledgeable folk here who are very helpful.
<LinuxAdmin> ok
<LinuxAdmin> I'll try some other hour, perhaps I will be lucky
<seppy003> hey, why is ubuntu server not answering on wlan0, when eth0 is on
<LinuxAdmin> seppy003, eth0 is your ethernet interface, wlan0 is your wireless interface, one is not related with the other
<LinuxAdmin> have you checked if your kernel has driver support to your wireless card?
<LinuxAdmin> run "iwconfig" and check that wlan0 is listed
<Andrewx> What's the real difference between ubuntu and ubuntu server excluding ubuntu server's lack of a desktop pre-installed?
<seppy003> LinuxAdmin: yeah, wlan0 is working proberly if eth0 is down, but when eth0 is up i'm unable to connect to it (neither ssh nor ping)
<LinuxAdmin> you cannot connect the two interfaces to the same network
<LinuxAdmin> you could have problems seppy003
<LinuxAdmin> your machine will be confused about witch interface should use
<seppy003> LinuxAdmin: that could be true :D
<LinuxAdmin> that *is* true
<LinuxAdmin> it happens to me when I forget to disable wireless at work
<LinuxAdmin> at my office I've got gigabit network, so I prefer ethernet connection
<LinuxAdmin> when I forget to disable wireless sometimes I've got problems
<LinuxAdmin> seppy003, just check if both are working (not at the same time), if they are, everything is fine
<seppy003> LinuxAdmin: they're working now
<seppy003> thanks
<LinuxAdmin> u'r welcome ;)
<seppy003> next problem: i want to bridge eth0 via wlan0 so, that i can access via wlan to my device connected to eth0
<seppy003> using brctl i got the message can't add wlan0 to bridge br0: Operation not supported
<LinuxAdmin> seppy003, I've got this (http://paste.ubuntu.com/542390/) on my /etc/network/interfaces file
<LinuxAdmin> it's a bridge example
<LinuxAdmin> seppy003, in this case I'm using br1 to make a bridge to my KVM virtual machines, adapt it as you want
<nertil> how to zip a folder?
<nertil> in ubuntu server
<DevoKun> nertil: from command line or GUI ?
<nertil> command line
<nertil> its server
<DevoKun> to create a zip file: zip -9 -r dir.zip <directory>
<loganlhp> Someone flooded my server with that loic app and now no matter what I do i cannot get it to get back online, even after a restart, any suggestions?
<DevoKun> to create a tarred and gzip compressed file: tar zcf dir.tar.gz <directory>
<DevoKun> tar.gz is common in the Unix world. But you may want to use .zip if you're sending to a Windows user.
<LinuxAdmin> loganlhp, does your server has public ip address?
<nertil> done
<nertil> thanks
<loganlhp> yes. I was using no-ip to make it dynamic though as it is a home web server
<LinuxAdmin> can you ping your server from local network?
<seppy003> LinuxAdmin: changed subnet of eth0, but now i can not ping e.g. google.com
<LinuxAdmin> seppy003, can you ping your default gateway?
<seppy003> LinuxAdmin: yeah
<LinuxAdmin> so, you cannot resolve, it's dns problem
<seppy003> LinuxAdmin: "PING www.l.google.com (74.125.43.99) 56(84) bytes of data.
<seppy003> "
<LinuxAdmin> seppy003, what do you have on your /etc/resolv.conf?
<seppy003> LinuxAdmin: "nameserver 192.168.0.70" (dnsmasq server)
<nertil> i have configuret my server with wlan
<nertil> it rox bro
<nertil> it rox
<LinuxAdmin> seppy003, what does "nslookup www.google.com" returns?
<loganlhp> LinuxAdmin: no, just tried, no reply from the ping, and i cant browse anything that apache is hosting even on my local network. ssh isnt working either
<seppy003> LinuxAdmin: quite a few addresses of the domain e.g. 74.125.43.105, 106, 104, 103
<LinuxAdmin> seppy003, use pastbin to past  "dig @192.168.0.70 www.google.com" result
<uvirtbot> New bug: #689018 in spamassassin (main) "package spamassassin 3.3.1-1 failed to install/upgrade:" [Undecided,New] https://launchpad.net/bugs/689018
<LinuxAdmin> loganlhp, have you got access to a shell on that server?
<loganlhp> yes
<seppy003> LinuxAdmin: http://pastebin.com/JtnNwtjP
<LinuxAdmin> <loganlhp>, have tested ping default gateway, local ip addresses, etc?
<loganlhp> yea.
<LinuxAdmin> seppy003, it seams to resolve correctly, it should ping. Try to ping other public host, by IP and by name
<LinuxAdmin> loganlhp, try to ping your default gateway
<seppy003> LinuxAdmin: it looks like that eth0 is the used interface, instead of wlan0
<loganlhp> from the server or anywhere on the network
<LinuxAdmin> loganlhp, from the server
<LinuxAdmin> seppy003, pastbin your /etc/network/interfaces
<seppy003> LinuxAdmin: http://pastebin.com/iAxHuAZ0
<seppy003> LinuxAdmin: just a few minutes away
<loganlhp> LinuxAdmin: ping default gateway, everything went good, 0% loss
<seppy003> LinuxAdmin: back again
<LinuxAdmin> loganlhp, try ping 72.14.235.104
<LinuxAdmin> seppy003, pastbin the result of "netstat -rn"
<loganlhp> LinuxAdmin: all good..I'm starting to think its something on apache's end?
<seppy003> LinuxAdmin: http://pastebin.com/DnT6vYkL
<LinuxAdmin> loganlhp, I think it's dns problem, try to ping www.google.com
<loganlhp> however using w3m and browsing to http://localhost/ on the server shows me my webpages, but trying to access them on any other computer on my lan gets me nothing
<loganlhp> LinuxAdmin: pinging of google went ok.
<LinuxAdmin> seppy003, delete gateway line of eth0 interface on /etc/network/interfaces. You cannot have two default gateways.
<seppy003> LinuxAdmin: working now, thanks
<LinuxAdmin> loganlhp, you have access to internet and everything is ok with dns. I can't understand what is your problem. Can you describe better
<LinuxAdmin> seppy003, u'r welcome
<loganlhp> LinuxAdmin: essentially, I cannot access my server from outside of it, not even on my lan. that includes any webpages, ssh, pings and so on.
<LinuxAdmin> loganlhp, have you access to another linux box inside your lan?
<seppy003> bye
<Doonz> im experiencing something weird. Ive got a ssh session through putty to my server. the server is running byobu. When im attached to the byobu sessions everything works then out of the blue the screen stops responding. I dont get disconnected but i have to close putty and re login and the reattach to the session. Any ideas whats causing it? Oh and when the screen *freezes* i can still type and the terminal gets the signla but the disp
<Psi-Jack> Doonz: But the disp....... cut off.
<Doonz> Oh and when the screen *freezes* i can still type and the terminal gets the        Bilge signla but the display of it doesnt show any change
<Doonz> its really strange
<Doonz> and im just not sure what to do. my google fu is coming up empty
<DevoKun> Doonz: that's odd. What happens if you use straight-up screen or no byobu/screen at all ?
<StrangeCharm> why are there so many connections in /var/log/syslog to postfix?
<uvirtbot> New bug: #689089 in clamav (main) "Clamav fails to start because of unspecified LogFile" [Undecided,New] https://launchpad.net/bugs/689089
<uvirtbot> New bug: #689091 in samba (main) "Make smbshare smaller more many packags" [Undecided,New] https://launchpad.net/bugs/689091
<suigeneris> hello
<suigeneris> I have postfix and installed, and put my new user is /etc/aliases and ran newaliases. however they can't receive emails
<jeeves_moss> I"m trying to set up SugarCRM, and I'm getting " SASL LOGIN authentication failed: Invalid authentication mechanism" when I try to send e-mail from the CRM, ideas?
<Frenk> Hi, I updated mysql and as I see this was a big mistake
<Frenk> Now i cant run mysql and get the error  ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
<Frenk> Can I downgrade it? I have some databases I am afraid to loose =(
<DevoKun> What version were you previously running?
<DevoKun> What version are you running now?
<Frenk> 5.1.49 for now and I cant recall what the previous was (
<DevoKun> What is being reported when you try to start mysqld? check /var/log/mysql.err and /var/log/mysql.log
<DevoKun> also check /var/log/mysql/error.log
<Frenk> the last entrys in log/mysql/error.log are before the update I mysql.err and log doesnt exist
<DevoKun> What happens when you try to restart mysql?
<Frenk> mh strange ... after restart it seems to work oO
<DevoKun> At least it's working now
<Frenk> when i restarted it 2 hours ago he told me error = magic
<Frenk> thanks!
<DevoKun> Probably something weird resulting from the upgrade. Glad it worked out.
<Frenk> Another question - I have a i7-920 quadcore but clamscan is eating up 100% on all cpu with nice -15 is it normal?
<Patrickdk> nice won't make it use less cpu
<Patrickdk> using 100% cpu, no matter what speed your cpu is, is normal
#ubuntu-server 2010-12-12
<KurtKraut> Patrickdk, depending on the job this software is doing. Changing nice wouldn't change the CPU percentage a process is using. It will only make this process being more interrupted by other processes that may run faster.
<KurtKraut> Patrickdk, if this software is using 100% CPU for hours without concrete result or output (check the logs), there is probably a bug making it loop forever.
<Patrickdk> KurtKraut, yep, and why me?
<KurtKraut> Patrickdk, sorry, I look at glance and though Frenk question was yours.
<Patrickdk> he said clamscan, so it's probably busy scanning his drive :)
<KurtKraut> Frenk, the messages above I sent to Patrickdk were in fact directed to you. Please read.
<Frenk> already did - the mail server started a scan but i never started htop before during the scan and was wondering why all 8 cpu are 100%
<Frenk> i hope the scan is working, at least he was last time =)
<KurtKraut> Frenk, if you're worried, try to find some evidence that the job is being done (example: looking for logs)
<Frenk> KurtKraut - any suggestions which log? the clamav logs are clear - except the database update
<Frenk> I justlisted all open files and claI I seems to work
<Frenk> clam seems to work*
<ZacLnxNewb> Hello friends, :3
<uvirtbot> New bug: #689115 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3ubuntu0.4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/689115
<e_t_> I am setting up an Ubuntu server for a school lab environment. I need to configure an email server, but it will be limited to the lab environment. What software would be easiest to configure for this project?
<Frenk> iredmail is good
<Frenk> out of the box email server
<e_t_> Is that in the repos?
<Frenk> depends
<Frenk> read http://code.google.com/p/iredmail/wiki/Installation_on_Ubuntu
<Frenk> My server is going crazy - I cant send a message via smtp when Amavisd-new is turned on. Thunderbird is giving DATA: Server configuration problem when amavisd turned on
<Frenk> and sends messages when its turned off. Any ideas?
<pmatulis> Frenk: did it *ever* work properly?
<Frenk> jep
<Frenk> worked properly for the last 2 weeks
<pmatulis> Frenk: strange
<pmatulis> Frenk: any updates to amavisd-new?
<Frenk> maybe =( I did an update without thinking much about it.
<Frenk> sa-compile: not compiling; 'spamassassin --lint' check failed - mh maybe this is the troublemaker =/
<Frenk> nope...
<Frenk> 1984DA0050: reject: END-OF-MESSAGE from p4FC0B685.dip.t-dialin.net[79.192.182.133]: 451 4.3.5 Server configuration problem proto=ESMTP helo=<[192.168.2.167]>
<Frenk> mh i have no ideas
<Frenk> i think ive found the problem: amavisd-milter: Unable to bind to port /var/spool/postfix/var/run/amavisd-milter/amavisd-milter.sock: Address already in use
<Frenk> and amavisd-milter: Unable to create listening socket on conn /var/spool/postfix/var/run/amavisd-milter/amavisd-milter.sock
<Frenk> but how can i solve that?
<uvirtbot> New bug: #689150 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: ãµããã­ã»ã¹ installed post-installation script ã¯ã¨ã©ã¼çµäºã¹ãã¼ã¿ã¹ 1 ãè¿ãã¾ãã" [Undecided,New] https://launchpad.net/bugs/689150
<uvirtbot> New bug: #689152 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/689152
<Datz> humm
<Wicked> hello all. im wondering if ill be able to use pci passthrough with xen on a 10.04 server? the ubuntu community page for xen seems to indicate that it may not be able too.
<The_Tick> I'm trying to ssh to a machine as a nonroot user
<The_Tick> when I do it says that the Connection closed by
<The_Tick> and then has the ip
<The_Tick> root@ works
<Wicked> check the sshd config file. its prob limiting to users
<Wicked> but limiting to root is kinda assbackwards
<qman__> make sure the user can log on locally
<The_Tick> it's something with the user
<The_Tick> made a test user and that worked ifne
<april__> i had my file server set with static ip, i brought it to my school for a lan party (was running a local CS:source gungame server) and to make it easy I set it to dhcp, now when I brought it back to my house, I can ssh using putty, i can sftp with my ftp program, however my shared drives are not visable. the only thing i changed was /etc/network/interfaces from 'iface eth0 inet static'
<april__> with address, netmask and gateway, to 'iface eth0 inet dhcp' and back again
<april__>  i had my server set with static ip, i brought it somewhere and changed it to dynamic, then I brought it home, set the /etc/network/interfaces back to how it was with static, and now my samba shares aren't shown. I can still ssh to it and sftp, but it doesn't show up in network :/ any suggestions?
<suigeneris> hi
<suigeneris> I have postfix and dovecot-imapd installed, and put my new user is /etc/aliases and ran newaliases. however they can't receive emails
<Drama> Hey, my 64 bit server is missing  libmysqlclient15 and Ive installed it from deb but still got the error /usr/share/artica-postfix/bin/artica-ldap: error while loading shared libraries: libmysqlclient.so.15: cannot open shared object file: No such file or directory
<LinuxAdmin> Hi guys, still trying to solve vsftpd problem for a few days
<LinuxAdmin> I can start vsftpd without ssl support, but when I enable ssl I get this error: 500 OOPS: SSL: cannot load RSA certificate
<LinuxAdmin> I already checked ssl certificate path inside /etc/vsftpd.conf, everything is ok
<LinuxAdmin> can someone help?
<LinuxAdmin> anyone with vsftpd knowledge?
<LinuxAdmin> can't start vsftpd with ssl enabled
<uvirtbot> New bug: #689249 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/689249
<uvirtbot> New bug: #689248 in bind9 (main) "package bind9 1:9.7.0.dfsg.P1-1ubuntu0.1 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/689248
<uvirtbot> New bug: #689266 in clamav (main) "package clamav-milter 0.96.3 dfsg-2ubuntu1.0.10.04.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/689266
<uvirtbot> New bug: #689280 in openssh (main) "sftp Tainted: P   2.6.35-23-generic #41-Ubuntu" [Undecided,New] https://launchpad.net/bugs/689280
<Aison> I setup my ubuntu server with kerberos
<Aison> and it works ;)
<Aison> but now how do I have to configure my clients, so the user get a ticket at login?
<echoprinter> what is the command to find out the version apache on your server?
<echoprinter> httpd -v was my first guess but i'm wrong.
<failover> apache2 -V
<echoprinter> failover: Thanks you!
<laga83> hola
<laga83> como estan?
<echoprinter> I need another file for my default vhost at /etc/apache2/sites-available/default what's the best way to get another one?
<uvirtbot> New bug: #689327 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: ãµããã­ã»ã¹ installed post-installation script ã¯ã¨ã©ã¼çµäºã¹ãã¼ã¿ã¹ 1 ãè¿ãã¾ãã" [Undecided,New] https://launchpad.net/bugs/689327
<uvirtbot> New bug: #689343 in ntp (main) "ntpdate has no /etc/default/ntpdate reference" [Undecided,New] https://launchpad.net/bugs/689343
<LinuxAdmin> hi guys, once again, trying to get help with vsftpd
<LinuxAdmin> I can start vsftp without ssl, but when I enable ssl I get this error: 500 OOPS: SSL: cannot load RSA certificate
<LinuxAdmin> I checked vsftpd.conf file, path to certificate is correct and I already created a new certificate and private key
<LinuxAdmin> any ideias?
<nertil> why ubuntu server doesnt boot himself a command i setup in /etc/rc.local
<nertil> i did chown
<nertil> i did chmod
<soren> Any particular reason you ended up not uploading nova?
<nertil> why ubuntu server doesnt boot himself a command i setup in /etc/rc.local
<soren> zul: Err.. That was meant for you.
<soren> zul: 19:40 < soren> Any particular reason you ended up not uploading nova?
<zul> soren: because of the traceback when running nvoa-scheduler
<soren> zul: bug no?
<zul> 688193
<soren> bug  688193
<uvirtbot> Launchpad bug 688193 in nova "Running nova-scheduler results in a traceback." [Undecided,New] https://launchpad.net/bugs/688193
<soren> zul: That's not a bug.
<zul> soren: how come?
<soren> zul: If you don't have any nova-compute instances running, that's what's going to happen.
<zul> soren: ah ok...
<nertil> why ubuntu server doesnt boot himself a command i setup in /etc/rc.local
<soren> If it's a bug, it's nothing new.
<zul> heh ok...first thing on monday ill do an upload then
<soren> zul: cool
<tdn> How do I make my CPU frequency scale down from command line?
<bluethundr> I am attempting to install sudo-ldap on ubuntu desktop 10.10 but it is failing
<bluethundr> http://pastebin.ca/2017644
<bluethundr> the senior SA i work with showed me a way to work around this by setting an environment variable that forced it to install, but I forget what that is
<bluethundr> does anyone recall the fix for this issue?
<fluvvell> bluethundr, did you work it out yourself yet?
<bluethundr> fluvvell, nope not yet
<bluethundr> tried apt-get --force-yes install sudo-ldap
<bluethundr> nada
<fluvvell> well the basic problem is that without a root password set, at least for temporary measures, you run the risk of locking yourself out. Have you set one yet?
<bluethundr> yes I have set the root password
<bluethundr> quite used to ubuntu these days as I admin a number of ubuntu servers at work..
<bluethundr> but this one thing escapes me
<fluvvell> and the same error message comes up?
<bluethundr> yes same exact error
<bluethundr> I remember setting an environment variable at work that the senior showed me but I'll be damned if I can remember what that was
<fluvvell> The error message suggests you have not set a root password! Maybe you should log out, log in as root and try the aptitude install sudo-ldap ?
<bluethundr> that was how we got around it
<bluethundr> ok cool
<bluethundr> I'll give that a shot
<bluethundr> thanks
<fluvvell> it will then at least test if your password is working :)
<bluethundr> fixed!! thanks
<the_eye_> 2.6.32-26-server random reboots, any idea ?
<fluvvell> the_eye, any hardware or overheating issues?
<the_eye_> its in aircontitioned room at 16oC
<detrix42> hi, I have a script that needs to be run during boot up. A ddns start script. with ubuntu moving away from the init.d/rcX.d/ where do I put this script???
<qman__> detrix42, since I assume it requires the network to be up, you could put it in /etc/network/if-up.d/
<qman__> or, you could create an upstart script for it
<detrix42> hmmm
<qman__> however, I had my afraid.org ddns script in /etc/dhcp3/dhclient-exit-hooks.d/
<qman__> that way each time I got a new IP it would update immediately
<detrix42> There seems to be an upstart scrip. where do I put it.  it suggests /etc/rc.d/init.d/ is that corrrect for upstart?
<qman__> no
<qman__> /etc/init/
<the_eye_> <detrix42> better use cron
<fluvvell> the_eye, look for syslog entries just before the crash
 * fluvvell is out of office for a while
<qman__> the_eye_, also look for anything in /var/crash/
<qman__> if there is nothing, it's probably hardware failure
<qman__> or, if /var/crash doesn't exist you don't have that feature installed
<the_eye_> /var/crash its empty
<qman__> then, if there's no log of someone rebooting the server, it's most likely hardware
<qman__> have you tried booting to the previous kernel to see if the problem persists?
<the_eye_> I try many kernels, all the same
<the_eye_> I check memory with memtest, hdds are fine, 2 psu and ups
<stiv2k> hello
<stiv2k> I installed and enabled mod_python on my apache2 stack however when I go to the test.py script in my browser, it wants to download the file (like its a text/plain)
<tonyyarusso> stiv2k: You have to add a handler for it as well.
<tonyyarusso> stiv2k: In your <Directory> block, put something like AddHandler cgi-script .py
<tonyyarusso> or was that with the other thing...hrm
<tonyyarusso> shoot, that's with fast-cgi
<stiv2k> tonyyarusso: I did
<tonyyarusso> stiv2k: It's something similar anyway.  I don't remember the specifics, but you have to tell it to use the module somewhere's - the documentation should be on the mod_python site.
<stiv2k> here's what I have
<stiv2k>                 AddHandler mod_python .py
<stiv2k>                 PythonHandler mod_python.publisher
<stiv2k>                 PythonDebug On
<stiv2k> oh shit
<stiv2k> it just worked
<tonyyarusso> ha
<stiv2k> hmmm
<stiv2k> internet fail!!
<Ubuntu_server-vi> hi, anyone using 10.04 on a vmware environment?
<Ubuntu_server-vi> I'm using the F4 installer option for a minimal virtual system
<Ubuntu_server-vi> but on boot, I see it is loading a generic-pae kernel instead of the expected -virtual o -server at least
<Ubuntu_server-vi> this is 10.04 server i386 on both vSphere 4.1 and vmware player
<Ubuntu_server-vi> clean install BTW
<MTERRON> anyone here?
<JanC> there is no 32-bit -server kernel
<MTERRON> and -virtual?
<MTERRON> aptitude seems to think there is and it is installed
<uvirtbot> New bug: #689454 in apache2 (main) "No upstart script for apache2" [Undecided,New] https://launchpad.net/bugs/689454
<JanC> there is a 32-bit -virtual kernel
<MTERRON> That's what i thought, but it is not using it.
<MTERRON> i   linux-image-virtual             - Linux kernel image for virtual machines
<JanC> it lacks a lot of drivers, not sure if it's optimized for and/or tested on vmware
<JanC> you can try to see if it boots...
<MTERRON> OK JanC, I must've misundesrtood the installation manual then
<MTERRON> thanks a lot for your help
<JanC> MTERRON: I'm not sure why it isn't installed by default BTW, just guessing
<MTERRON> according to the manual, selecting F4 -> Install a minimal virtual machine should install with the -virtual kernel, which it's supposed to be optimized for the most deployed hypervisors (ie vmware)
<MTERRON> JeOS is a specialized installation of Ubuntu Server Edition with a tuned kernel that contains only the base elements needed to run within a virtualized environment.  Ubuntu JeOS has been tuned to take advantage of key performance technologies in the latest virtualization products from VMware
<MTERRON> I guess it wasn't tested :S
<JanC> hm, I wonder if that's still true, maybe tomorrow somebody from the server team can answer you about that
<MTERRON> yea, maybe it's deprecated but still in the installer
<JanC> I think it's still Sunday afternoon or Sunday night for most of them...   ;)
<MTERRON> I'll ask again tomorrow, it's not big deal
<JanC> well, or maybe some bugs were discovered with some virtualization software
<MTERRON> just an unexpected behaviour
<JanC> MTERRON: yeah, either the installer or the documentation needs fixing
<MTERRON> thankfully i was preparing a lab, if i were in front of a customer it wouldn't be funny
<JanC> well, the -generic-pae kernel is the recommended kernel for 32-bit servers AFAIK, so it could be worse  ;)
<MTERRON> sure, just counterintuitive (does that word exist?)
#ubuntu-server 2011-12-05
<twb> Urk, someone forgot to switch etckeeper to git on this box
<twb> No --color either :-/
<twb> Fortunately I have colordiff(1) on another box...
<Veovis_Muaddib> I'm PuTTYing in to my server to create a few symbolic links to keep my television organized.  I made them all before realizing that bash shows them red.  My television directory is ~/Videos/Television/All/ and I'd like to have  ~/Videos/Television/Airing/ and ~/Videos/Television/Ended/, to start with.  But inside of the All directory, " $ ln -s Burn\ Notice/ ../Airing/ " Doesn't seem to work.  ls ../Airing shows the link but
<Veovis_Muaddib> it is red, and SMB shares don't see the link.  Permissions are fine for all subdirectories of ~/Videos/, these would be the first symbolic links in ~/Videos/, and ~/Videos/ is not a symbolic link itself.  Suggestions?
<twb> Veovis_Muaddib: you can't link to ~; link destinations don't expand ~
<twb> Veovis_Muaddib: the red is because it's a broken link
<twb> Veovis_Muaddib: you need to link to /home/muaddib/Videos instead of ~/Videos, for example
<Veovis_Muaddib> twb: The exact command is $ ln -s SHOW/ ../Airing
<Veovis_Muaddib> No Tilde involved
<twb> You're probably still making broken links; try doing the ln from within SHOW
<Veovis_Muaddib> veovis@Lambert:~/Videos/Television$ ln -s Burn\ Notice/ ../Airing/
<Veovis_Muaddib> That's what I've been using
<Veovis_Muaddib> Sorry, forgot the Airing after Television
<Veovis_Muaddib> All I mean
<Veovis_Muaddib> veovis@Lambert:~/Videos/Television/All$ ln -s Burn\ Notice/ ../Airing/
<qman__> do an ls -l, it'll tell you exactly where the links are pointing
<twb> Good idea
<Veovis_Muaddib> Burn Notice -> Burn Notice/  As though it ignored the ../ when choosing where to point
<Veovis_Muaddib> Okay, let me try up a directory
<qman__> do it from the Airing directory
<Veovis_Muaddib> Did that just as it was recommended.  It works.  Never had to do that before, any idea why now?
<qman__> I don't know exactly why, and I don't recall it behaving this way for me in the bast
<qman__> past*
<Veovis_Muaddib> And thanks for the ls -l, didn't know that one
<qman__> but it's taking your first argument literally, instead of relatively
<Veovis_Muaddib> Yeah, that's pretty odd
<Veovis_Muaddib> Thanks though, that worked
<twb> Veovis_Muaddib: uh, you realize "ln -s foo bar" will create a link "bar -> foo" NOT a link "foo -> bar" ?
<twb> I think either you're getting the args the wrong way round or forgetting that the link destination is relative to the link, not relative to pwd
<Veovis_Muaddib> Yeah, probably, I'm pretty tired today.  :P  I bet that's it
<Veovis_Muaddib> One of those two
<idlemind324> I'm looking for recommendations for what I should use for file sharing on an all Linux network. SSH (SFTP/SCP) or NFS v4
<twb> idlemind324: do you trust your network?
<idlemind324> twb: i'd say this is a trusted network. it is attached to the Internet but it's behind an IPTables firewall box so I could control any traffic that might try and sneak out
<twb> SFTP and kerberized NFSv4 would both be OK, but unkerberized NFSv4 shouldn't be run over an untrusted network.
<idlemind324> ahh. kerberized nfsv4 ... i need to learn about the changes w/nfsv4
<twb> All network filesystems have locking problems, so you're no worse off there.  SFTP is *really* easy to deploy, but if you intend to be shoving e.g. videos over it, NFS would be a better bet.
<twb> The pathological case for NFS is untarring a tarball of lots of very small files, or e.g. a Maildir mailbox.
<twb> unkerberized NFSv4 is slightly more painful than NFS3; kerberos is a major PITA
<twb> For a trusted network where throughput is key I would probably use NFSv3 -- unless you had to also support non-Unix systems
<qman__> for cross-platform support samba is generally the easiest and a pretty good compromise
<twb> Yeah
<qman__> in ideal conditions you can achieve 80MB/s over gigabit with it
<twb> Although FWIW I just told my users "I'm not putting up with machine accounts or giving samba a root binddn, so you bitches can all just use SFTP and bloody well like it"
<qman__> I use all three of the aforementioned on my LAN
<twb> :-)
<qman__> well, NFSv3
<twb> I also said "I am *not* supporting >1 network filesystem"
<twb> Well, technically I did cordon off part of the LAN and designate it "server only" and I run NFSv3 over that.
<twb> Because otherwise how do you get the authorized_keys files distributed to allow SFTP? ;-)
<qman__> I just don't have enough systems to justify the work setting up centralized authentication
<qman__> or users, for that matter
<patdk-lap> hmm, I dunno how people run unkerberized nfs4, it's not just completely useless
<twb> patdk-lap: well, I got to the point where it *looked* like it should work
<twb> The SMB2 protocol sounds pretty interesting, but it's no use to me until linux has a client and samba has a server
<patdk-lap> well, nfs4 is only useful when using kerberos
<patdk-lap> and I haven't gotten it to work yet, so I'm still not sure of the limitations
<patdk-lap> so till I have more time for testing, I still have to use nfs3
<twb> How so?
<patdk-lap> making uid/usernames match up across nfs4 is a pain in the ass, and requires kerberos
<twb> I mean on paper NFSv4, even unkerberized, sounds better than NFSv3
<twb> Hum
<patdk-lap> why? unkerberised nfs4 removes all usernames and uses a nobodynfs user
<patdk-lap> that completely destroys any cross user permissions and usability
<twb> Because it's connection-oriented.  But I didn't know that ^^
<patdk-lap> nfs4 uses usernames cross everything, requireing kerberos auth to verify
<twb> Fair enough, then
<patdk-lap> then it requires uid's to be in sync also, cause they didn't think the username though totally :)
<patdk-lap> it's just so painless for me to sync uid, and just mount nfs3
<twb> Of course NFSv3 also provides zero protections permission-wise, unless you can guarantee users can't get root on any existing box, nor bring in a box on which they have root...
<patdk-lap> well, bringing in a box, is easy
<twb> Not in a prison :P
<patdk-lap> can't bring a box into a locked room :)
<patdk-lap> as for root, that is what monitoring is for
<patdk-lap> but ya, nfs4 attempts to fix the *root* issue, while not really fixing it at all, and breaking all other things
<patdk-lap> so far I have spent a week playing with nfs4, without any real success
<patdk-lap> but I also have solaris in that mix, and found out linux nfs4 and solaris nfs4 don't like eah other at all
<twb> oh ow
<twb> good luck with THAT
<patdk-lap> isn't mainly that solaris kerberos isn't compatable with linux kerberos mit
<patdk-lap> and solaris kerberos is default to a much higher security level
<patdk-lap> and that was about where I said, this has taken too long, time to stop playing and work on other things
<linocisco> how to configure openfire to use through VSAT link with high latency ?
<twb> Haha, he wanted to run an XMPP server over a satellite link
<EvilResistance> lool
<SpamapS> anybody want to try pounding on this website? curious to see how much punishment it can take...
<SpamapS> http://ec2-50-16-128-14.compute-1.amazonaws.com/
<Corey> SpamapS: Urm... that sounds a bit sketchy. :-)
<SpamapS> Haha
<SpamapS> I swear I won't pwn you w/ XSS
<SpamapS> :)
<SpamapS> What would be the point? I can already PWN you w/ SRU's ;)
<SpamapS> ./config-defaults.php:$databasetabletype  =   'myISAM';	   // Storage engine mysql should use when creating survey results tables and token tables (if mysql is used). Default is myISAM.
<SpamapS> *sigh*
<SpamapS> a "modern" app that still uses that waste of space myisam. :-/
<onre> myisam is painful
<SpamapS> its seriously useless
<onre> agreed
<SpamapS> at least in 5.5, InnoDB is the default
<jamespage> morning all
<xranby> jamespage: morning
<jamespage> morning xranby
<jamespage> apologies but I have not found time to try that new kernel out yet
<lynxman> morning o/
<jamespage> morning lynxman
<lynxman> jamespage: morning sir :)
<koolhead11> hi all
<auston> hi, i have 2 NICs installed on server act as a firewall. eth0 is connected to router and eth1 is on LAN. Both using ip forwarding between the 2 NICs. How to block all incoming traffic from internet?
<auston> Using iptables, i have tried only can block the server itself but client connect to it still can access internet.
<lynxman> auston: if you want to block clients you need to add a FORWARDING rule
<lynxman> auston: since the traffic through your bastion host is forwarded to the clients, the input, output will only affect the host itself
<auston> what is the best command or method to use for filtering the forwarding rule?
<lynxman> auston: I'd recommend you have a look at the firewall guide https://help.ubuntu.com/11.10/serverguide/C/firewall.html
<auston> i have no idea why when I enable ufw, after restarted, ufw become inactive.
<koolhead11> smoser: around
<auston> thanks. lynxman. I'll try out the FORWARDING rule.\
<lynxman> koolhead11: way too early!
<lynxman> auston: best of lucks :) it's in default iptables like INPUT and OUTPUT there's FORWARD too
<koolhead11> lynxman: ooh okey. :P
<auston> I got it :)
<Ursinha> good morning :)
<vAx1> hello
<vAx1> need some help with syslog-ng 3.3.1 (compiled for my 10.04 LTS)
<vAx1> someone?
<soren> vAx1: Noone can help you if you don't ask a question.
<patdk-lap> vax1, works fine here
<vAx1> hey, that was just tu knock ;)
<vAx1> to
<soren> Don't.
<vAx1> so... my problem
<soren> It's a waste of time.
<vAx1> syslog-ng works fine after upgrading my conf
<vAx1> but, when I stop it, the subprocess (lanched by the program() destination)
<vAx1> dont stop
<vAx1> I change the option tu start syslog withous the "supervising"
<vAx1> so, just in background... and it's the same
<vAx1> still have my 2 process (perl) running
<vAx1> here is my problÃ¨m :D
<vAx1> Ah, the question....
<vAx1> Does someone has syslog-ng 3.3.x installed a server? Same problem ?
<lynxman> dannf: ping
<lynxman> er sorry
<lynxman> Daviey: ping
<lynxman> Ursinha: Bom dia soleiado
<Daviey> lynxman:
<pmatulis> vAx1: what can syslog-ng do that rsyslog cannot?
<vAx1> pmatulis: have a compatible configuration
<vAx1> :D
<vAx1> here, we have about 200-300 servers ;)
<vAx1> and some are named loghosts, relaylogs ...
<vAx1> you dont want to see the configuration files
<Exopaladin> Better than us, we scp/mail the logs around all over the place including some hacky reverse ssh tunnels to get around firewalls
<vAx1> nice!
<Exopaladin> It's truly horrible
<uvirtbot> New bug: #900267 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/900267
<Alan> maybe somebody can help me here - not sure if i'm reading these errors and/or the output of smartctl properly
<Alan> firstly, grep "read error" /var/log/syslog gives me http://paste2.org/p/1809521 just before a disk drops out of my raid5
<Alan> secondly, smartctl -a is telling me 3 pending sectors and 80 reallocated sectors
<Alan> does this look like a drive which has run out of spare sectors and needs to be RMA'd? the other 3 drives show 0 for both statistics
<Alan> and all 4 drives are the same make/model
<Alan> i'm running a raid recheck again to see if it barfs on the same sectors again...
<Alan> http://paste2.org/p/1809527 <-- the results from SMART self-test
<_ruben> Alan: i'd suggest running the vendor's healthcheck tool on it, it'll tell if you should rma it or that there's else wrong with the system
<Alan> _ruben: I swear samsung's healthcheck tool is rigged...
<Alan> I have another 2 samsung drives of varying ages showing similar symptoms in other machines, and every damned time the samsung tool is like "eh, no problem here"
<Alan> but it's the same section of the drive, again and again, that has the problem :|
<Alan> and doesn't depend on SATA cable or SATA controller
<slakcphil> good morning, has anyone had usb 3.0 stop working after this last slew of updates?(10.04 LTS)
<slakcphil> not recognized with fdisk -l and dmesg gives errors about not adressing in port 1
<slakcphil> 2TB external usb with rocketfish 3.0 pcix card
<pmatulis> vAx1: 'compatible configuration'?
<Alan> _ruben: given that the healthcheck tool hasn't said my disk is dead, what options do i have for further troubleshooting the problem?
<vAx1> I can estimate an average of configuration lines number to 1000 per server
<vAx1> and about 200 serveur in production
<_ruben> Alan: the SMART errors might be enough to warrant a RMA, might wanna contact samsung about it. dunno what their rma policy is
<_ruben> or your vendor, they might be more/less flexible
<Alan> unfortunately i bought from 4 vendors at the same time (to source from different batches), so i wouldn't know which vendor :(
<_ruben> they probably won't know either, so pick the vendor you have the most confidence in, or contact several/all ;)
<Alan> haha :P
<Alan> I did wonder about doing that :p
<Alan> that being said, last time i tried to get a RMA from a vendor they said "eh, we'd just have to then RMA it to the manufacturer anyway, so you'd be waiting twice as long"
<_ruben> atleast you wouldn't have to deal with the packaging hell, i know WD for instance has *very* strict packaging rules before even accepting a rma
<_ruben> assuming the vendor is local
<Alan> nope, internet vendor
 * Alan waits for the "fail event" emails....
<Alan> crap... S2H7JD1B216417
<Alan> oops
<Alan> http://www.samsunghddvalue.com/webrma/closed.html
<Alan> the engrish, it burns
<zul> sgood morning
<_ruben> Alan: this might also mean that seagate's tools might work on samsung drives ;)
<Alan> "Samsung warranty was handled within the UK and Seagate warranty you have to send your drive back to Holland"
<Alan> yet more fail
<Alan> _ruben: it also means RMA is completely in limbo at the moment...
<Alan> _ruben: samsung's tools are atrociously difficult to use, given that no machine in existance now has a floppy drive...
<zul> good morning
<_ruben> Alan: that's what floppy-emulating-usb-sticks are for! ;)
<Alan> yeah, never got that to work with the samsung tools either
<_ruben> or even cdrom, if it wouldn't require write access ;)
<ninjix> zul: morning
<Alan> I curretly have a CD with the tools on that works, somehow
<Alan> and only then after i turned off soemthing in the bios...
<_ruben> nice
<_ruben> i've been using western digitals for quite some time now, their tools is actualy semi-decent (on windows at least, not sure if they support any other OSs)
<Alan> that's actually a big deal for me... at least the samsung tools will work without installing windows
<Alan> since my server doesn't run windows, i'm not going to install windows just to test some drives
<hallyn> Daviey: feel like chopping off etherboot's head today?
<Daviey> hallyn: hell yes
<zul> hmmm?
<hallyn> great, you still have the package source handy?
<_ruben> Alan: my servers don't run windows either, tho i do have some windows boxes available for that kinda stuff :)
<Daviey> hallyn: no, but i'm looking :)
<Daviey> hmm, it's not a branch
<Alan> _ruben: yeah, it'd be a pain to move a drive between machines but i guess i could do it if i had to
<Alan> thing is... isn't this what SMART is supposed to be fore?
<Alan> *for
<hallyn> Daviey: http://people.canonical.com/~serge/kill-etherboot/etherboot_5.4.5.dsc
<_ruben> Alan: in theory: yes, but i never really managed to get smart to give me actually useful/reliable/etc info, tho that might just be me :)
<_ruben> Alan: I'd just order a replacement drive anyway, wait for the limbo to pass, then ask samsung/seagate how to get eligable for rma .. when it comes back from rma, use it as cold spare :)
<_ruben> (or replace the new disk with the rma, and use the "new" one as spare)
<Alan> _ruben: order a replacement drive at about 2.5x the price it should be :|
<_ruben> Alan: how so?
<Alan> _ruben: because thailand?
<Alan> don't know about the rest of the world, but hard drive prices are still inflated by about 150% here
<Alan> i.e. 2TB drives are Â£150 instead of the Â£60 they were
<_ruben> not following prices that closely, but didn't notice incredible increases either
<koolhead11> smoser: around
<_ruben> lets see what a 2tb drive goes for around here
<patdk-wk> heh? the 2tb drive  Iwas going be getting, was $120, topped at $340, and now $280
<_ruben> heh .. my "favorite" vendor actually has a note regarding thailand on the website .. prices and delivery times can't be guaranteed currently
<patdk-wk> I need to turn on a 40 drive system before feb, so just waiting as long as I can
<_ruben> samsung f4 2tb for 156 euros .. but not in stock...
<Daviey> hallyn: I'm being a plum, but can you remind me why we are not doing this via ipxe?
<patdk-wk> seems like half the laptop drvies are still normal priced
<_ruben> patdk-wk: what kinda chassis for those drives btw?
<koolhead11> hello Daviey :)
<patdk-wk> probably a supermicro
<Daviey> hey koolhead11
<_ruben> patdk-wk: ah ok, been looking at that 88/72 drive chassis the other day .. looks kinda sweet :)
<_ruben> (the 417 series)
<patdk-wk> yep
<_ruben> the extra costs for sff over lff is less than the costs of an extra chassis when going lff .. nice scaling option
<hallyn> Daviey: say what?  we are doing it via ipxe?
<soren> Daviey: The version of etherboot is way ahead of that of ipxe, so to do this from ipxe alone (and provide an upgrade path), ipxe would either need an epoch bump or the kvm-pxe binary would need to be built with another version than the rest of the binaries from the same source package.
<patdk-wk> ruben, that depends on how much space you need
<hallyn> oh i c
<patdk-wk> the price of 600gig sff vs 2tb lff
<hallyn> misunderstood q
<soren> hallyn: Or maybe I did :)
<soren> We'll see once Daviey responds. :)
<_ruben> patdk-wk: we were comparing 1tb sff with 1tb lff
<patdk-wk> laptop sff?
<Daviey> soren: ahhh yes!
<_ruben> patdk-wk: we no longer using 5.25" disks, so lff is 3.5" and sff is 2.5" in our books :) .. and sata, as it's for backups and other just-storage tasks
<patdk-wk> I wouldn'
<patdk-wk> t be using laptop 2.5" in a storage system
<smoser> koolhead11, here.
<patdk-wk> a real 2.5" drive, sure
<koolhead11> smoser: i followed the guide https://help.ubuntu.com/community/UEC/Images#Ubuntu_Cloud_Guest_images_on_Local_Hypervisor_Natty_onward
<koolhead11> and customized the image by adding the proxy information
<koolhead11> now am not able to get instance in running state. :(
<koolhead11> its stuck at "Pending"
<koolhead11> even euca-get-console-output not helping me much :(
<smoser> well, get-console-ouptut will only show after it starts running.
<smoser> do you hvae access to the hosts?
<koolhead11> smoser: http://paste.ubuntu.com/760481/  this is how i made it
<koolhead11> am not able to ping the host
<smoser> host
<smoser> not guest
<koolhead11> smoser: yes i have
<ninjix> smoser: do you at least see the kvm process running?
<koolhead11> ninjix: nopes
<smoser> koolhead11, you will need to look in /var/log/libvirt
<smoser> but your pastebin is missing some stuff.
<strat-o-caster> I tried apt-get upgrade and it says bind9 is held back.  If I just do apt-get install bind9, will that blow away all my current live configurations? I am doing this from remote so I'm a bit nervous...
<smoser> or maybe not. i didn't realiez you were doin gvnc to it.
<smoser> so... thats fine, i' prefer you did everything in the user-data, as its then reproducible, but ok.
<uvirtbot> New bug: #899970 in glance (main) "Glance missing dependency: python-routes python-eventlet python-sqlalchemy python-migrate" [High,Fix released] https://launchpad.net/bugs/899970
<ninjix> koolhead11: I'm jumping in late here. You trying this in EC2 or private cloud?
<koolhead11> ninjix: private cloud
<koolhead11> smoser: there is no log created for the running instance :(
<ninjix> no log makes me think that the host node is failing to find a resource
<smoser> i dont think you should have to remove 70-persistent-net-.rules as kvm network devices should be ignored. if they're not i want to know.
<smoser> https://bugs.launchpad.net/ubuntu/+source/udev/+bug/341006
<uvirtbot> Launchpad bug 341006 in udev "ease cloning of virtual images by disabling mac address rules" [Wishlist,Fix released]
<smoser> koolhead11, look in the logs for that instance id
<smoser> or if you are not getting that far, you're going to have to look at openstack.
<smoser> logs
<ninjix> koolhead11: this a euca or openstack based private cloud?
<koolhead11> ninjix: openstack
<koolhead11> smoser:  /var/lib/nova/instances/ even it does not show id for that instance
<ninjix> but you see a "pending" right?
<smoser> grep the logs for it.
<ninjix> you see anything in /var/log/libvirt/qemu ?
<koolhead11> ninjix: notthing even there :(0
<hallyn> cmagina: ppetraki: any plans to look into the multipath-tools FTBFS?
<koolhead11> smoser: ninjix  the only information i modified to the cloud image was assding
<koolhead11> apt.cong file in /etc/apt
<koolhead11> and providing it with proxy server infoemation
<koolhead11> beacuse my whole infra is behind proxy
<ninjix> this the first guest you've tried to bring up on the stack?
<koolhead11> ninjix: i already have other instances running
<koolhead11> my custom build images
<koolhead11> and i can do ssh and stuff
<ppetraki> hallyn, what's FTBFS?
<smoser> fails to build from source
<smoser> koolhead11, i'll try to reproduce here, but i have access only to a diablo level openstack to test it on.
<koolhead11> smoser: yes that will be fine :)
<ppetraki> hallyn, oh, that's news to me, sure.
<koolhead11> smoser: my nova and running instance both are using same proxy address
<hallyn> ppetraki: https://launchpad.net/ubuntu/+source/multipath-tools/0.4.9-2ubuntu1/+build/2965923
<koolhead11> smoser: you want me to put it as questions at launchpad with cloud-init section?
<koolhead11> with alld etails
<koolhead11> *details
<smoser> koolhead11, this is not cloud-init related.
<smoser> the instance will get to "running" before cloud-init has the opportunity to screw up.
<koolhead11> smoser: ok.
<smoser> :)
<koolhead11> ooh :P
<strat-o-caster> I tried apt-get upgrade and it says bind9 is held back.  If I just do apt-get install bind9, will that blow away all my current live configurations?
<smoser> koolhead11, did you find any evidence of that instance-id on a node ?
<smoser> do you have multiple nodes ?
<Daviey> RoAkSoAx: can you drive bug 898268?
<uvirtbot> Launchpad bug 898268 in suds "[MIR] suds" [Undecided,Incomplete] https://launchpad.net/bugs/898268
<RoAkSoAx> Daviey: sure, will put it in my TODO
<Daviey> RoAkSoAx: fence-agents pulled it in btw
<smoser> koolhead11, did you try the same image unmodified ?
<zul> Daviey: do you want me to handle the keystone MIR
<RoAkSoAx> Daviey: uhmmm... I guess debian maintainer added that since the latest fence-agents is pretty much a resync
<smoser> ie, you're poinging to "/current". have you tried using something with /release ? just for a constant. (current link moves twice weekly)
<RoAkSoAx> Daviey: ah never mind just remmebered that It hit main this cycle :)
<Daviey> zul: sounds great
<Daviey> zul: looks like an rdepends issue
<Daviey> RoAkSoAx: nah, i think fence-agents was promoted; which has exposed it
<RoAkSoAx> Daviey: yeah
<koolhead11> smoser: let me do that again but AFAF i tried that as well
<RoAkSoAx> Daviey: i though I was promoted last cycle, but I just remember that I filed the MIR to get it promoted this cycle
<Daviey> ah cool
 * RoAkSoAx just uploaded new redhat-cluster... gfs2-utils next
<koolhead11> smoser: yes it was running well before i modified it, i could see the logs as well via euca-get-console command
<uvirtbot> New bug: #900344 in nagios3 (main) "Nagios outdated -- even on oeiric ..." [Undecided,New] https://launchpad.net/bugs/900344
<alex88> hi guys, sometimes my server is really slow because of a process "fuser -s ./sess_io............" which uses all cpu, plus i see sometimes cannot allocate memory and too many open files error...what can it be?
<zul> RoAkSoAx: hey did you see the email about "debian development" environment on the cobler ml
<RoAkSoAx> zul: yeah! I was planning to reply to them to basically say that I build packages and then test instead of building from their branch
<zul> RoAkSoAx: ok
<RoAkSoAx> zul: any ideas? I was gonna point them to us in case they need further help
<RoAkSoAx> zul: i think we should just request them to be co-maintainers
<zul> RoAkSoAx: nah i was thinking of anything
<zul> RoAkSoAx: sure
<RoAkSoAx> zul: cool
<zul> RoAkSoAx: yeah i just have gotten to it, will do so in a minute (stuck in SRU purgatory)
<RoAkSoAx> heh ok
<hallyn> stgraber: jjohansen: fyi, finally started https://wiki.ubuntu.com/LxcSecurity
<stgraber> cool
<kpettit> can linux using samba or something else be a active directory server?  Have a crappy Win2003 server I'd love to get rid of, but the computers on the network login via active directory.
<zul> kpettit: yes it can
<zul> check google there is alot of docs
<SpamapS> kpettit: http://wiki.samba.org/index.php/Samba4
<SpamapS> Still alpha unfortunately
<kpettit> that's what I was wondering.  I know samba can be a relay but last I checked it culdn't be a PDC
<kpettit> thanks.
<SpamapS> http://www.samba.org/samba/news/developers/ms-patch.html
<SpamapS> Nice
<SpamapS> MS patching samba
<zul> no no we arent a monoploy ;)
<kpettit> that's pretty cool.
<dkn> hmmm why does my server keep asking me for a password when i've disabled passwords for the account and i'm using RSA keys?
<kpettit> does your RSA key use a password?
<dkn> ah.... i don't think so
<kpettit> You might want to check, if your RSA key has a password then you still need to enter that password when loggin in.
<dkn> lol
<kpettit> ssh-keygen asks for a password when you generate the keys.  You have to leave it blank if you want to do passwordless
<dkn> ya.. i thought i did... i guess i'll just generate a new one and try again..
<SpamapS> dkn: why not use a password?
<dkn> SpamapS, backuppc needs to run automated
<stgraber> hallyn: looks good, did you see any news for the shutdown/reboot patch?
<hallyn> stgraber: yes, daniel has been pushing it over the weekend - 3 versions :)
<hallyn> (oleg has been reviewing)
<dkn> i've got a vm with a disk running backuppc as a server, and the main filesystem as the client, then filesystem runs it's own backuppc server for two removable disks
<dkn> i can have backuppc login be both a client and server can't i?
<SpamapS> dkn: passwordless keys are fine for automation.. but make sure you understand the risks. :)
<stgraber> hallyn: ah, that's very good news
<dkn> oh i know :)
<hallyn> strgraber: I should probably do a manual test so I can chime in and keep the thread going...
<stgraber> hallyn: hopefully we can get the kernel team to cherry pick once accepted (assuming it won't make it for 3.2)
<hallyn> what do we bribe smb with?
<smb> Beers work usually...
<dkn> hmmmm it's still asking me for a password when i try testing by ssh in for the backuppc user
<smb> But the earlier the better for special consideration
<hallyn> smb: great, i hear it's cheap in budapest  :)
<smb> hallyn, Even more compared to US prices
<adam_g> RoAkSoAx: ping
<RoAkSoAx> adam_g: pong
<RoAkSoAx> adam_g: what's up
<uvirtbot> New bug: #900378 in nova (main) "lxc guest fails to start with a kernel traceback" [Undecided,New] https://launchpad.net/bugs/900378
<adam_g> RoAkSoAx: would you mind targeting precise for bug #893352 and marking fixed released, if thats the case? looks like it is, but wasn't sure with the merge into resource-agents. just checked again and it looks okay in cluster-agents 1:1.0.4-0ubuntu2
<uvirtbot> Launchpad bug 893352 in cluster-agents "mysql ocf script broken in 1:1.0.3-2ubuntu1 (lucid)" [Medium,In progress] https://launchpad.net/bugs/893352
<RoAkSoAx> adam_g: ok, i'll take a look
<adam_g> RoAkSoAx: sweet, thanks
<hallyn> Daviey: whoa!  i thought the kvm-ipxe package got pushed?  but i don't see that version of ipxe in the publishing history
<hallyn> can't do the etherboot push until kvm-ipxe is in archive
<Daviey> hallyn: thanks for the heads up
<hallyn> Daviey: but so i'm confused, i thought you uploaded htat on friday?
<Daviey> hallyn: on a call right now, will confirm after
<hallyn> kthx
<x404x> I changed workgroup in the /etc/smb.conf file but still it uses wrong group after restart , what to do ?
<xranby> x404x: can you post the config some place?
<xranby> preferably using paste.ubuntu.com
<zul> adam_g: fyi quantum and horizon has been packaged as well
<hallyn> ahs3: i rolled the libnl fix as well into http://people.canonical.com/~serge/netcf-0.1.9-2.debdiff
<hallyn> builds for me on sid
<smoser> well, koolhead11 not here, but http://paste.ubuntu.com/760635/ "worked for me"
<Guest35318> how to make nano select all text ?
<uvirtbot> New bug: #900391 in samba (main) "IE9 on Windows 7 cannot download files to samba 3.5.11 share" [Undecided,New] https://launchpad.net/bugs/900391
<blkperl> Guest35318: i don't think you can..
<blkperl> Guest35318: http://superuser.com/questions/196425/how-do-i-select-all-text-from-a-file-with-nano
<uvirtbot> New bug: #900394 in samba (main) "GNATs doesn't support GNATSWEB queries" [Undecided,New] https://launchpad.net/bugs/900394
<Guest35318> http://paste.ubuntu.com/760674/
<Ursinha> Daviey: how busy are you right now?
<Daviey> Ursinha: in a call
<F-3000> Hello! What term is used, when a single data (ie a file) is written simultaneously on two harddrives?
<kpettit> mirroring?
<F-3000> kpettit: Ay, thanks.
<cloudgeek> how to setup a python or django hosting on ubuntu
<kpettit> Raid 1 might be what your looking for as well.  Raid 1 is hard drive mirroring
<kpettit> cloudgeek, I like to use pip.  pip is like a cli python package manager.   "pip install django"
<x404x> anyone look at my smb.conf file ? why does it not change workgroup ? hhttp://paste.ubuntu.com/760674/
<cloudgeek> kpeyyit:i know that :)  but i looking it config with django , for student project ,that from one server system we can hosting for our projects
<kpettit> cloudgeek, sorry didn't understand that.  Can you rephrase?
<kpettit> i use django on cloud servers alot.  Most give me ubuntu to start with, then from there I install pip then django and other python stuff I need.
<tash> need some samba help, anyone in here worked with it enough to speak on it knowledgeably?
<ahs3> hallyn: thx.  i'll take a look here in a bit.
<kpettit> tash, go ahead and ask.  If somebody can help they will.
<tash> kpettit: k
<cloudgeek> kpettit:hey we need a hosting for our student project we can't efford the price , so looking setup out own for our projects o we can use for out projects
<tash> Have several windows users using a program called autocad to make drawings, they then save them to the samba share so others in the office can view them and edit them.  However, the files seem to be getting added with 744 permissions for some reason.
<tash> I'd like them to be defaulted to 775
<kpettit> cloudgeek, so you want to create a service on your own hardware so you can host student django projects?
<tash> I thought create mask = 0775 in smb.conf would be my friend, but not so sure that is the case b/c create mask 0755 was already set, and like I said, the files are defaulting to 744
<dkn> /var/lib/backuppc is the home directly and the server directory for the backuppc user on the filesystem.... aha got it now..
<cloudgeek> kpettit:yep ,for our use only ! any guide or tutorial
<patdk-wk> tash, create mask is a restriction
<patdk-wk> you need force create mode, to ADD missing permissions
<kpettit> cloudgeek, I can't think of a app that does that off hand.  I think it depends a bit on how you want the students to be able to add new projects.  I'd probally give the students ubuntu logins and have apache look in there users directory for the .wsgi file.
<tash> patdk-wk: so, would force create mode = 0775 do what I am asking then?  And, also for directories, force directory mode = 0775 ?
<patdk-wk> probably
<kpettit> tash.  If your not that familiar with samba I'd use SWAT which is samba's web admin tool.  It can show you ever option and has a nice help next to each option so you can see what it does.
<cloudgeek> kpettit:thanks , i try to implement , if fails i ask gaian for help
<tash> kpettit: thanks for the tips
<kpettit> cloudgeek,  ok.  Also remember if students don't need the website to be permanent they can use django's built in webserver.
<kpettit> tash, no problem.
<cloudgeek> kpettit they need as staic for 4 month till the project
<kpettit> cloudgeek, then I'd go the approach of hardcoding apache to look for wsgi file in students home directory.  That way the students have there own private dev area.
<cloudgeek> kpettit:okay any step by step tutorial for that
<kpettit> cloudgeek, do you know django or how to get python apps running in apache?
<cloudgeek> kpettit: i try it with mod wsgi
<kpettit> If your new to it.  You can look at this:  https://docs.djangoproject.com/en/dev/howto/deployment/modwsgi/   In ubuntu you need to make sure wsgi is installed
<cloudgeek> most of our work on ubuntu desktop now we switch server
<kpettit> Ah got ya.  To install wsgi in ubuntu "apt-get install libapache2-mod-wsgi"  then from there you can follow instructions on that link I sent
<kpettit> there is also a django channel on this server that has lots of good people if you get more specific questions on it.
<cloudgeek> thanks all for help need to sleep exam on tomorrow
<kpettit> no problem.  Have fun
<cloudgeek> kpettit::)
<zul> SpamapS: im probably going to upload the SRU on thursday
<lynxman> Daviey: ping
<ipl31> Hello, I am noticing when I stop and start LXCs on 11.10 server that is seems to pause the networking on Host OS
<uvirtbot> New bug: #615545 in cloud-init (main) "Instances launched in a VPC cannot access ec2.archive.ubuntu.com" [Undecided,Confirmed] https://launchpad.net/bugs/615545
<SpamapS> zul: please make *one* bug for tracking the SRU, instead of 40 ;)
<zul> SpamapS: you sure? :)
<zul> SpamapS: include the changelog, debdiff, etc, etc?
<SpamapS> zul: you can leave the bugs in the changelog
<SpamapS> zul: just open a bug task for the overall process
<zul> SpamapS: thanks
<uvirtbot> New bug: #900447 in krb5 (main) "Man 5 page for kdc.conf does not mention acceptable encryption types" [Undecided,New] https://launchpad.net/bugs/900447
<adam_g> SpamapS: is precise a valid release for lp:charm/$rel/$pkg branches?
<SpamapS> adam_g: since you asked, I'll create the precise series... tho your push will probably be alone in it. ;)
<SpamapS> adam_g: should work now. :-D
<adam_g> SpamapS: ah, it wont be alone for long, im sure. thanks
<SpamapS> adam_g: I hope to have a simple way to copy oneiric -> precise when the time comes.
<smoser> jamespage, i just pushed to https://code.launchpad.net/~ubuntu-server-ec2-testing-dev/+junk/ec2-automated-tests/
<jamespage> smoser: looks good - thanks for letting me know!
<dob_> Hi, i have some special question. How can i add a [OK] at the end of every line i echo?
<smoser> myecho() { echo "$@" "[OK]"; }
<smoser> myecho "hi mom"
<smoser> { echo hi mom; echo bye mom; } | sed 's,$, [OK]'
<smoser> { echo hi mom; echo bye mom; } | sed 's,$, [OK],'
<smoser> echo -n "hi mom"
<smoser> echo "[OK]"
<smoser> echo -n "bye mom"
<smoser> echo "[OK]"
<dob_> smoser: is it also possible to right append the [OK]. So that it's like at starting up linux?
<smoser> i believe if you want to do that you should look in /lib/lsb/init-functions
<smoser> at log_daemon_msg, log_progress_msg, log_end_msg
<dob_> smoser: thank u. I will have a look
<uvirtbot> New bug: #900496 in dovecot (main) "dovecot-core installation fails because "start" is used from PATH" [Undecided,New] https://launchpad.net/bugs/900496
<hggdh> hallyn: kvm is failing to start all my VMs with 'permission denied' on the disk image. No apparmour errors reported
<hggdh> hallyn: any suggestion on how to debug?
<hallyn> hggdh: afk atm, but check /var/lib/libvirt/ and try kvm by hand
<hallyn> sorry meant log not lib :)
<hggdh> k
<uvirtbot> New bug: #900510 in apr (main) "apr armhf build hangs in the test suite on the buildd" [High,Fix released] https://launchpad.net/bugs/900510
<mtaylor> hey guys!
<mtaylor> 14:22 <vishy> mtaylor: in openvz channel they are commenting that they think ubuntu doesn't support it anymore
<mtaylor> anybody know anything about that? and/or what i'd need to do to support openvz on an ubuntu server?
<zul> mtaylor: patches accepted ;)
<SpamapS> mtaylor: openVZ is a massive host kernel patch that AFAIK has been rejected upstream
<mtaylor> SpamapS: awesome. I learn new things every day
<SpamapS> mtaylor: its sort of the reason we're backing LXC.. lighter weight patch that is upstream for good.
<SpamapS> history repeats itself w/ KVM vs. Xen all over again. ;)
<hallyn> yeah incidentally, zul - i'm implicitly leaving libvirt-xen bugs for you.  poke me if that's wrong.
<xiris> Hey guys, please ignore my english but ... someone can help-me to execute one .sh when i create a user?
<RoAkSoAx> zul: are we still importing daily checkouts from cobbler?
<zul> RoAkSoAx: no
<zul> hallyn: oh
#ubuntu-server 2011-12-06
<luis__> algun canal de server en espaÃ±ol
<twb> !es
<ubottu> En la mayorÃ­a de canales de Ubuntu se habla sÃ³lo en inglÃ©s. Si busca ayuda en espaÃ±ol o charlar entra en el canal #ubuntu-es. Escribe "/join #ubuntu-es" (sin comillas) y dale a enter.
<twb> siento, solo #ubuntu-es, no hay #ubuntu-server-es
<twb> OK WTF.  So someone "helpfully" renamed the printer's DHCP name.  So I stop cups, go into printers.conf and change the ipp://gibberish URL to ipp://mfd, and start cups
<twb> lpstat -t says cups can't connect to "gibberish" since <time of initial outage>
<twb> What, cups, are you too stupid to even try connecting to printers when you first start?!  Graah!
<twb> Solved by stopping cups again and deleting from its "config" file some state variables that ought to be in /var/ somewhere.
<twb> Incidentally, cancel(1) is a STUPIDLY AMBIGUOUS name to be reserved for printing
<uvirtbot> New bug: #900558 in open-vm-tools (multiverse) "open-vm-dkms 2011.07.19-450511-0ubuntu2: open-vm-tools kernel module failed to build (dup-of: 900555)" [Undecided,New] https://launchpad.net/bugs/900558
<uvirtbot> New bug: #900553 in keystone (universe) "Any user can manage the keystone database via keystone-manage" [Undecided,New] https://launchpad.net/bugs/900553
<jehoshua02> Hey guys, any troubleshooting tips for an "unable to read font" error? Here's my research so far: https://gist.github.com/1436020#file_rubyforge_install_faq.md
<twb> jehoshua02: error from what?
<twb> Oh, redmine
<jehoshua02> "unable to read font" is an ambiguous message. Gives no indication of why.
<twb> Looks like libmagick is having trouble reading a specific pfb
<twb> Maybe libmagick can't speak pfb in the first place?
<twb> You need to find libmagick people and ask them about this line: Magick::ImageMagickError (unable to read font `/opt/redmine/common/share/ghostscript/fonts/n019003l.pfb' @ annotate.c/RenderFreetype/1043: `(null)'):
 * jehoshua02 Hmm... libmagick people... where are you?
<twb> Probably there is a channel like #imagemagick
<Resistance> anyone here willing to review my HOW-TO posts on my blog for setting up nginx on Ubuntu?  I only need general input, i've got my nginx contacts reviewing the content for accuracy.  https://blog.trekweb.org/categories/ubuntu/nginx/  <-- if you'd be so kind :)
<twb> php5 isn't nginx
<Resistance> twb:  true, but the tutorial specifically goes into configuring nginx to work with php5
<Resistance> (for the nginx people, basically, since i work with their support channel here on freenode)
<Resistance> ignoring relevancy, the question is content and understandability :P
<Resistance> (you'd be surprised how many people try to set up nginx to use fastcgi, which doesnt work at all :/)
<Resistance> s/at all/at all without some PHP handler, and the preferred one for Debian based systems is php5-fpm/
<user> good morning!
<user> i have the following problem: after upgrade from natty to oneiric cron sends me the following mail:
<user> PHP Warning:  PHP Startup: Unable to load dynamic library '/usr/lib/php5/20090626+lfs/sqlite.so' - /usr/lib/php5/20090626+lfs/sqlite.so: cannot open shared object file: No such file or directory in Unknown on line 0
<user> i think its because libsqlite.so is missing from php5-sqlite. in oneiric it only contains libsqlite3.so
<SpamapS> user: sqlite is deprecated
<SpamapS> user: you should be using sqlite3
<SpamapS> Resistance: /var/fpm is not FHS compliant...
<Resistance> SpamapS:  then provide a suggestion
<Resistance> or a replacement
<SpamapS> Resistance: /var/lib/php5-fpm would be more appropriate
<Resistance> for the socket?
<SpamapS> Resistance: or /srv/www
<SpamapS> actually for a socket
<SpamapS> /var/run/php5-fpm
<Resistance> i'll fix that now
<Resistance> SpamapS:  i assume /var/run/php5-fpm doesn't exist by default...?
<Resistance> or does it?
<SpamapS> doesn't it usually listen there already?
<Resistance> nope, by default it uses a TCP listener last time i checked
 * Resistance will triple-check
<SpamapS> ahh
 * SpamapS uses php5-fpm but does not change the defaults. :)
<Resistance> :P
<user> yes i know that, but package roundcube depends on sqlite afaik
<user> roundcube is now disfunctional after the upgrade
<Resistance> the nginx people actually prefer the use of sockets over TCP
<Resistance> unless the PHP stuff is off-site :P
<Resistance> SpamapS:  i assume php5-fpm would be the socket's name?
<SpamapS> user: maybe fix roundcube then. ;)
<SpamapS> Resistance: php5-fpm.sock would be more obvious...
<Resistance> that's what i was considering using in the thing
<Resistance> rather than just php5-fpm in /var/run
<SpamapS> Resistance: if it has a pid file too.. then /var/run/php5-fpm/php5-fpm.sock might even be better
<SpamapS> then you can put the pid file in /var/run/php5-fpm/php5-fpm.pid
<SpamapS> Resistance: maybe submit a bug report suggesting that php5-fpm listen on a standard socket too.
<Resistance> :P
<Resistance> SpamapS:  meh, cba to file a bug just now
<Resistance> SpamapS:  on another note, i'm not even sure ***WHERE*** the pid is stored
<Resistance> since i leave the pid stuff at its default
<SpamapS> PIDFILE=/var/run/php5-fpm.pid
<Resistance> is that the default?
<SpamapS> yes
<Resistance> then i'm just going to leave that :P
<Resistance> the nginx+php5-fpm post should be updated now
<Resistance> SpamapS:  i assume i'd file it against the source package?
<SpamapS> Resistance: https://launchpad.net/ubuntu/+source/php5/+filebug
<Resistance> that's what i thought, thanks
 * Resistance knows those links well, since he's trying to backport php 5.3.8 to natty/oneiric within a PPA :P
<Resistance> SpamapS:  bug #900620 if you're interested in tracking it
<uvirtbot> Launchpad bug 900620 in php5 "Possible Bug: php5-fpm does not listen on a socket by default" [Undecided,New] https://launchpad.net/bugs/900620
<Resistance> SpamapS:  other than those inconsistencies, which i have attempted to fix, any other suggestions on the blog posts?
<uvirtbot> New bug: #900620 in php5 (main) "Possible Bug: php5-fpm does not listen on a socket by default" [Undecided,New] https://launchpad.net/bugs/900620
<Resistance> lool
<twb> SpamapS: probably /run by now
<SpamapS> twb: Until 12.04 is out, I suggest people use /var/run so their instructions work on 10.04
<SpamapS> *packages* must start using /run
<SpamapS> Resistance: one stupid niggle.. not a real problem. You shouldn't show PHP code examples with the worthless PHP close tag  ?> ... just causes problems
<twb> 11.10 didn't have /run ?
<SpamapS> twb: 11.10 has /run
<SpamapS> its the first release to have /run
<twb> k
<Resistance> SpamapS: bleh, you're impossible to please :P
<SpamapS> Resistance: I'm quite happy, the post looks great. Its just bad form. ;)
<Resistance> SpamapS:  what would you recommend i put in place of that code?  (btw, I usually code in strict PHP, including all closing tags :P)
<SpamapS> Resistance: just delete the third line
<Resistance> ok
<SpamapS> <? phpinfo();
<Resistance> *reloads the connection*
<SpamapS> actually <?php phpinfo();
<SpamapS> who needs 2 lines right?
<twb> strict php is no php :P
<Resistance> :P
<Resistance> SpamapS:  better?
<SpamapS> Resistance: purty
<Resistance> :P
<Resistance> okay, well i'm headed to bed
<Resistance> i've got to be up at 06:45 and its almost 02:00
<aarcane> So I'm curious about running Ubuntu Server in a virtual environment.  I have a setup that would lend itsself well to either using disk images or to using exposed filesystems.  Both are equally simple to configure and deploy.  The question, for my environment, is which is better performant ?  has anyone done a side-by-side comparison ?
<auston> Hi, I have my server running 2 NICs with forwarding function but trying to configure firewall using iptables from chain FORWARD but failed. When I use DROP command, the client is not able to connect to internet even exception was made for port 80.
<auston> If I excluded the DROP from the FORWARD, the client is able to access the internet.
<dckirba> hello all, how are you doing?
<dckirba> Does anyone have a moment to spare? Need help configuring jabber2d on the local office server
<ikonia> what's up ?
<lynxman> morning o/
<koolhead11> hi all
<lynxman> hey koolhead11 o/
<koolhead11> hello lynxman :)
<uvirtbot> New bug: #900662 in etckeeper (main) "Please merge etckeeper 0.57 (main) from Debian testing (main) " [Undecided,New] https://launchpad.net/bugs/900662
<matti> Guys.
<matti> Is there a way to force installer to swap order of drives / contollers it will "install" -- so to speak?
 * matti is trying to find something...
<Myrtti> matti: what do you mean by swapping the order?
<matti> Myrtti: I want my sdb -> sda, as my 3Ware should be my boot contoller :)
<matti> Myrtti: To be honest, this is puzzling me. As grub is failing to install from the installer on my 60 TB array that is using GPT partition table on sda.
<matti> Myrtti: Which is not a boot contoller anyway.
<matti> Myrtti: It seems that despite the setting in BIOS and ROM load-order set, kernel and/or installer loads drivers in an alphabetical order.
<Myrtti> right, well I was going to suggest changing the settings in BIOS but oh well
<Myrtti> you're ahead of me already
<matti> :)
<matti> Trying to automate this is a pure nightmare.
<Ursinha> gooooood morning
<Daviey> matti: Hmm, you can make sdb the install disk?
<Daviey> isn't that enough?
<Daviey> If you depend on sda always being sda, you are probably doing it wrong :)
<ersi> Wouldn't GUID's be the preferred way here?
<matti> Daviey: I don't care.
<matti> Daviey: But try to convince grub-installer from the installer to install itself correctly on GPT.
<matti> Daviey: If you do that, then I will kiss you.
<matti> Daviey: :)
<matti> Daviey: Oh, and fix Debian 6 for me along the way, as it has the same problems (no surprise here).
<matti> ;]
<matti> Meh ;)
<Daviey> matti: Hmm, I don't have much experience with GPT TBH.. But i thought that was all resolved in Oneiric?
<Daviey> Are you using Lucid?
<ikonia> I've still hit a few issues with gpt on 11.10
<ikonia> it's much much better, but not %100
<matti> Daviey: 10.04
<matti> Daviey: Ubuntu 10.04 and Debian 6 -- either/or ;]
<notlistening> Hi all, I have a 3G USB modem that I want to use with 11.10. It has dual mass storage and modem capabilities. When I use it on the desktop these are both available however on server only the scsi storage is accessible can anyone make some suggestions of what i need to do to get the ttyUSB interface to register?
<notlistening> I have manually load usbserial and option modules and installed usb_modeswitch
<notlistening> there seems to be little to no documentation on this :|
<notlistening> I solved the problem, you must delay the usb-storage module from loading :P
 * koolhead11 is sleepy
<koolhead11> smoser: aroun?
<koolhead11> d
<lool> zul: Hey, there's an issue with squid3/squid: the squid source package is still in Ubuntu but fails to upload because the squid3 source package provides a "squid" binary package with a higher version
<lool> zul: In Debian, there's the squid binary package from the squid source package and the squid3 binary package from the squid3 source package, do they plan to drop squid 2 eventually?
<lool> zul: I don't think we can upload squid 2 in Ubuntu anymore because of this, so we'd rather remove and blacklist it from Debian imports, unless we can think of a way that the sources and binaries would be mostly similar between Debian and Ubuntu
<zul> lool: thats fine with me
<lool> zul: Ok
<zul> lool: since squid3 is in main
<RodrigoJimmy> Greetings my friends! I'd like to personalize the boot and installer process of ubuntu server. Change boot menu options, set default idiom, set default partition schema, and so on. What's the best way? Changing iso contents em regererate ISO by mkisofs or genisofs? or change debian-cd and debian-installer packages to do this? Or neither?
<uvirtbot> New bug: #900741 in squid (universe) "Remove and blacklist squid" [Undecided,New] https://launchpad.net/bugs/900741
<caribou> quick question : is vmbuilder still actively supported ?
<smoser> koolhead11, here now.
<smoser> well, koolhead11 http://paste.ubuntu.com/760635/ "worked for me"
<koolhead11> smoser: you had time to test it sir?
 * koolhead11 checks
<koolhead11> smoser: let me give it a try :)
<smoser> koolhead11, i suspect it wont work for you, but if it does, then you should see what is different in the 2 paths that you had success versus failure with.
<smoser> there may be a bug in openstack using your image due to something else
<smoser> but your issue there is with openstack, not really resolvable in a guest.
<koolhead11> smoser: :( hmm
<koolhead11> it means am not able to run my modified cloud image in openstack.
<koolhead11> let me give one more try!! :P
<Daviey> *sigh*, LP is Read Only.
<zul> wohoo...party party time
<soren> It's been pretty screwed for a while.
<soren> librarian has been giving me 503's for at least half an hour.
<smoser> koolhead11, well, give the above a try, as it worke dfor me.
<smoser> soren, launchpad works fine for me. you must have not been nice to it.
<koolhead11> zul: sirr!! :P
<soren> smoser: lies
<Daviey> soren: I think i saw that your account was special cased for a badride()
<soren> :(
<zul> soren: maybe its trying to tell you something
<soren> zul: When have I been known to listen to anything?
<zul> soren: heh
<pmatulis> was showing my 4yr-old son my green Openstack t-shirt, he repeated "opensnack".  good name change?
<caribou> Re: my vmbuilder question, I'm able to reproduce this bug https://bugs.launchpad.net/ubuntu/+source/vm-builder/+bug/531599
<uvirtbot> Launchpad bug 531599 in vm-builder "device mappings for partitions not removed after build using --raw, leading to filesystem corruption" [Undecided,Confirmed]
<caribou> which generates FS corruption
 * Daviey forks pmatulis open snack.. *yum*
<pmatulis> he he
<caribou> pmatulis: how about openbar?
<pmatulis> caribou: :)
<koolhead11> open beer
<patdk-wk> is openbar covered by gpl?
<koolhead11> zul: i need that keystone pkg to gain some confidence and get back to openstack voyage!! :D
<zul> https://launchpad.net/~zulcss/+archive/openstack-sru-updates
<zul> koolhead11: ^^^
<koolhead11> zul: " oneiric main  "  /o.0\
<mboeru> hello
<mboeru> can anyone help me with some problems regarding kickseed partman RAID creation?
<mboeru> so no one? :(
<koolhead11> lynxman: around?
<koolhead11> what was that thing 4 automatic deployment of instances on virtualbox
<Daviey> smoser: Have you tried cobbler-devenv recently, and more so - against cobbler/
<Daviey> ?
<Daviey> err, against juju
<smoser> Daviey, no. its on the list of things to do.
<smoser> related question
<smoser> hallyn,
<hallyn> smoser: hold on, quick reboot, audio troubles while trying to do a call
<smoser> we were considering juju deploy of openstack on desktop. where juju would use the local [lxc] provider. and we'd install openstack. assuming you could get that to work, then i'd think you'd want lxc as the libvirt-type for openstack.
<smoser> sorry, had typed that and didn't want to lose it. i'll replay if you ask nicely.
<smoser> will there be issues in openstack nova running in an lxc container providing an lxc instances ?
<mboeru> can anyone help me with some problems regarding kickstart / preseed partman RAID creation on ubuntu 10.04.3 ?
<hallyn> smoser: hm, there might be due to NFS in particular
<smoser> i'm' almost insulted.
<smoser> why would i use nfs ?
<hallyn> well nfs was a proxy for any in-kernel network filesystem
<smoser> oh... ok. yeah, the guests could potentially use nfs.
<smoser> i'm not heartbroken if that is broken.
<hallyn> should work then
<smoser> hm...
<smoser> i'm thinking of tother tings that might get in the way
<smoser> the nova-compute lxc isntance is going to attempt to do routing via ip tables
<smoser> and multiple compute nodes [containers] woudlb e wanting to use the same ports.
<lynxman> koolhead11: hey :)
<lynxman> koolhead11: vagrant!
<hallyn> iptables are per container
<hallyn> smoser: so if the nova-compute instance will always look like the 'parent' of the things it fires off it might work
<hallyn> smoser: but you might want to use a container without its own netns
<smoser> hallyn, the nova-compute will use libvirt to launch instances
<hallyn> smoser: using virsh to what it calls localhost?
<smoser> yes, probably.
<smoser> well, not virsh
<smoser> python-libvirt
<hallyn> well then it might be fine - hte iptables rules it creates will affect the default libvirt network it creates, used by its lxc clients...  *should* work
<hallyn> be cool to see
<smoser> ok. then one other question
<smoser> i sohlud be able to do this with kvm as the nova-launched guests also
<smoser> right?
<hallyn> yes, so long as you give the nova-compute container access to /dev/kvm
<Daviey> Ursinha: Are you chairing?
<Ursinha> again?
<Ursinha> Daviey: I guess smoser was volunteered
<Ursinha> :P
<Daviey> Ursinha: i'm looking at the agenda, which has you next :)
<smoser> did you do last week Ursinha ?
<Ursinha> smoser: yes
<smoser> if you did, then i will reluctantly do this.
<smoser> suck
<Ursinha> lol
<Ursinha> I can chair again
<SpamapS> Ursinha: if you forget to update the list, you have to chair again. ;)
<hallyn> i think this is called hazing
<SpamapS> smoser: the agenda is empty, so.. should go quickly. :)
<smoser> k.
<smoser> here we go
<smoser> #start-meeting Ubuntu Server Team Meeting
<smoser> #startmeeting Ubuntu Server Team Meeting
<smoser> ugh.
<lynxman> smoser: wrong channel
<RoAkSoAx> lol
<lynxman> smoser: points smoser to #ubuntu-meeting
<Ursinha> smoser: http://paste.ubuntu.com/761745/
<marshall> hey ubuntu-server
<marshall> I notice that byobu is installed on oneiric server by default. it looks sort of useful, but it seems to mess things up when I do `clear` or cmd+k (clear shortcut). Has anybody else had this issue?
<kpettit> is there a simple DNS server that is somehting like a etc/hosts file.  Trying to do local home network dns and don't really want to mess with BIND for something simple like that
<uvirtbot> New bug: #893134 in swift (main) "swauth required for auth in diablo" [Undecided,Fix released] https://launchpad.net/bugs/893134
<smoser> kirkland, ^ see marshall
<kirkland> marshall: what kind of things mess up when you do clear?
<kirkland> marshall: i do "clear" all the time
<broder> hey guys - i can't stick around atm, but if anyone here is affiliated with openstack, could you see if your keystone packaging should have a vcs-bzr tag on it or something? i saw lp:~gandelman-a/ubuntu/precise/keystone/900553 in the sponsorship queue, and it seemed like maybe it should be going against lp:~openstack-ubuntu-packagers/keystone/ubuntu or something
<smoser> adam_g, zul ^
<smoser> broder is probably correct
<zul> broder: will have a look
<marshall> kirkland: sometimes it puts the cursor somewhere weird on the screen, and the top line of byobu sometimes disappears. I dunno, it's kind of flickery after a `clear`.
<adam_g> zul: what is the workflow for packaging updates? update the ~openstack-ubuntu-packagers/$foo branch first, then propose a merge into ubuntu from there, or the other way? it seems like its different for each subproject
<zul> adam_g: propose against ~ubuntu-server-dev/<project>/essex and then propose against ~openstack-ubuntu-packagers/<project>/ubuntu
<adam_g> zul: i thought ~ubuntu-server-dev was stable/oneiric/backport branch?
<SpamapS> Fixes have to hit precise before they'll be allowed into oneiric
<zul> nope its for essex as well, ill write something up
<SpamapS> So it akes sense that you'd do essex first
<adam_g> zul: i dont follow
<zul> adam_g: for oneirc/stable diablo there is packaging branches called lp:~ubuntu-server-dev/<project>/diablo
<zul> for precise its lp:~ubuntu-server-dev/<project>/essex
<zul> or am i on crack
<adam_g> zul: ok
<zul> adam_g: ill sync up the branches today
<adam_g> cool
<rbasak> Daviey: OK, SRU for cobbler csrf?
<Daviey> rbasak: Yes, so it's exactly the same, except - the pocket is oneiric-security
<Daviey> And only the ~ubuntu-security team can sponsor it.
<Daviey> They also prefer a richer changelog message, one moment
<rbasak> Daviey: and I'll focus only on this one vulnerability? There were a few others too IIRC, but not sure if I can bundle multiple fixes into one SRU?
<rbasak> (or if the others are even justified to be SRU'd)
<Daviey> rbasak: https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation
<Daviey> rbasak: probably best to speak to the security team, but depending on confidence, you can double up
<rbasak> OK, thanks
<koolhead11> zul: keystone failed to install, let me pastebin
<koolhead11> zul: http://paste.ubuntu.com/761806/
<Ursinha> Daviey: hello :)
<zul> koolhead11: cool thanks ill take a look
<allowoverride> koolhead11: looks like you need to execute as sudo
<Daviey> hey Ursinha
<allowoverride> perms denied on /keystone.log
<Ursinha> Daviey: I'd like to have your feedback about this diagram: http://ubuntuone.com/5OxEIhPUuxdAfVS5N4YO44
<koolhead11> allowoverride: i am using with sudo :D
<Daviey> looking
<Ursinha> Daviey: can you tell me if I'm missing something that server team would be doing?
<Ursinha> thanks :)
 * koolhead11 leaves 4 home. laters
<Daviey> ttfn koolhead11
<Daviey> Ursinha: what is this based on, and who follows it so far?
<Daviey> (who authored it?)
<Ursinha> Daviey: I did
<Ursinha> Daviey: this is what I could infer by how launchpad behaves today plus the triage guide
<Ursinha> server triage guide
<Daviey> Ursinha: right, but where is the bot? :)
<Ursinha> Daviey: the one that marks bugs as confirmed?
<Ursinha> when a bug has a duplicate launchpad marks the bugtask as confirmed
<Ursinha> afaik
<Daviey> ahh
<Daviey> Sorry, i thought it was something more exciting :)
<Ursinha> I'll clarify that :)
<Ursinha> lol
<Ursinha> sorry
<Daviey> Ursinha: I think it is pretty complete, but also idealistic :)
<Ursinha> so, let me know how it works today or what would be a less idealistic approach, please :)
<Ursinha> Daviey: I have the .dia file, want it?
<Daviey> Ursinha: I wish i had a plotter, so i could print it out and put it on my bedroom wall :)
<Daviey> Ursinha: I think you have it covered, but let me think about it?
<Ursinha> Daviey: I drew it in an A3 sheet :) than converted to dia :P
<Ursinha> Daviey: yes, can I ping you later about that?
<Daviey> cool
<hsmod> anyone know how i can load megaraid_sas driver when i pxe boot a livecd?
<hsmod> (on either natty or maverick)
<jandrusk> For Juju you need to have an Amazon EC2 account and storage setup, right?
<jandrusk> Nevermind. Already found it on CharmSchool.
<hsmod> anyone know how i can load megaraid_sas driver when i pxe boot a livecd?
<hallyn> jjohansen: should 'rw' apparmor rights to a file that is a unix socket suffice for bind?
<jjohansen> hallyn: yes
<hallyn> jjohansen: thanks. (then i'm flummoxed :)
<jjohansen> hallyn: what is happening?
<mboeru> can anyone help me with a preseed problem, I'm trying to provision a server with 2 500G hdds and software RAID, but can't figure it out
<hallyn> i'm testing tunnelled migration - my patch works in lucid and precise, but in maverick i'm getting:
<hallyn> ind(unix:/var/run/libvirt/qemu/qemu.tunnelmigrate.dest.cdboot): Permission denied
<jjohansen> hallyn: hrmm, are there any log messages?
<hallyn> "/var/run/libvirt/**/*.tunnelmigrate.dest.cdboot" rw is in the *.files
<hallyn> jjohansen: that msg is in the libvirt log
<jjohansen> hallyn: anything in dmesg?
<hallyn> nope
<hallyn> flummoxed
<jjohansen> hrmm
<hallyn> this is going to be the slowest sru i've ever had.  2 days so far, not halfway done
<jjohansen> hallyn: stick audit in front of the apparmor rule.
<jjohansen>   audit /var/run/libvirt/**/*.tunnelmigrate.dest.cdboot" rw
<jjohansen> apparmor will log every time it sees a file matching that, whether its allowing it or not
<jjohansen> that should help narrow down whether apparmor thinks its seeing it
<hallyn> jjohansen: ok - that rule gets generated on each migration on the fly, so i need to rebuild  real quick
<jjohansen> hallyn: if you know where the profile file is, you can edit it by hand and reload it with
<jjohansen>   sudo apparmor_parser -r <file>
<hallyn> jjohansen: i can't bc it gets recreated when i retry migration
<hallyn> jjohansen: hm, still nothing in dmesg!  maybe the libvirt apparmor security driver code is screwy
<jjohansen> hallyn: maybe, jdstrand would have a better handle on that part than me
<jdstrand> hallyn: for testing, you can edit /etc/apparmor.d/libvirt/libvirt-<uuid>
<hallyn> jdstrand: but that gets overwritten when i do virsh migrate again
<jdstrand> hallyn: it is created on first run of the vm, but is persitent thereafter (it is the .files file that is updated every time)
<jdstrand> hmm
<jdstrand> migrate-- I guess that makes sense cause it is supposed to be a 'new' vm
<hallyn> and yeah, the .xml doesn't actually stick around (nothing in virsh list --all) so i can't restart it even if i thought htat would still try to access that pipe
<jdstrand> hallyn: you can also disable the apparmor driver in /etc/libvirt/qemu.conf by setting 'security_driver = "none"' and restarting libvirt
<hallyn> I don't know, I"m at a loss.  maybe i messed up something else
<hallyn> still get that failure!
<jdstrand> hallyn: you can also edit /etc/apparmor.d/abstractions/libvirt-qemu on the host getting denials. that applies to all vms
<jdstrand> hallyn: if you want to make sure you have disabled the apparmor driver, examine the output of 'virsh capabilities' and/or 'virsh dominfo <vm>'
<hallyn> what should virsh capabilities tell me?
<hallyn> (/proc/`pidof libvirtd`/attr/current still says enforcing)
<jdstrand> in the <host> section if a security driver is enabled, you should see:
<jdstrand>     <secmodel>
<jdstrand>       <model>apparmor</model>
<jdstrand>       <doi>0</doi>
<jdstrand>     </secmodel>
<jdstrand> hallyn: that is because the you didn't unload the profile for libvirtd
<jdstrand> hallyn: but you don't need to
<jdstrand> (unless there is a bug, which there was one at one time)
<zul> hallyn: have you seen this? "libvirtError: internal error cannot create rule since ebtables tool is missing."
<hallyn> jdstrand: ah, i see. yeah, it's turned off now.  and i still get that denial
<jdstrand> hallyn: wait, what? you get an apparmor denial with the driver disabled?
<hallyn> zul: i haven't.  on precise?
<hallyn> jdstrand: yyyyyp
<zul> hallyn: yep
<hallyn> put a u in there
<jdstrand> hallyn: well, is the machine still running? libvirt won't unconfine a vm
<jdstrand> hallyn: it just won't start a vm confined
<hallyn> zul: ebtables should be moved from recommends to depends?
<hallyn> jdstrand: the vm is running on host1.  host2 is where i try to migrate it to, and it has unconvined libvirt now
<zul> hallyn: it seems other people are having the same issue: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/684088
<uvirtbot> Launchpad bug 684088 in libvirt "libvirt should detect the presence of tools at use-time rather than at start-time" [Low,Triaged]
<jdstrand> hallyn: on host1, what is the output of 'aa-status'?
<hallyn> zul: patch welcome for that :)
<jdstrand> hallyn: err, host2
<zul> hallyn: yeah yeah :)
<hallyn> jdstrand: it shows libvirtd profile and process in enforce mode
<jdstrand> hallyn: can you paste the output?
<hallyn> zul: you agree ebtables should be depends?
<zul> hallyn: yeah but i already have ebtables installed
<hallyn> jdstrand: http://pastebin.com/K5MuHYvK
<hallyn> zul: restart libvirt-bin :)  making it depends will prevent it in the future.  i'm not writing a patch to do check-at-use!
<jdstrand> hallyn: can you paste the output of virsh capabilities n host2?
<hallyn> http://pastebin.com/baf2mkzM
<jdstrand> that pastebin is annoying with its captchas :P
<jdstrand> hmm
<hallyn> jdstrand: as i said to jjohansen, this works fine on lucid and precise, it's only failing on maverick.
<hallyn> making me wonderer whether my setup is bad
<jdstrand> hallyn: can you try to do a migrate after doing this on host2: sudo apaprmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
<hallyn> (that or it's a temp regression in the code)
<zul> hallyn: restarted it and still get the same problem
<jdstrand> hallyn: I typoed that command
<hallyn> zul: that's a problem
<zul> hallyn: yeah lemme try something first
<hallyn> jdstrand: i think it's an nfs issue, actually.  i think the log msg is bogus, and it's actually dying trying to chown the disk img
<hallyn> cause
<hallyn> -rw-r--r-- 1 4294967294 4294967294 1073741824 2011-12-06 17:58 cdboot.img
<hallyn> doesn't look right
<jdstrand> huh
<jdstrand> libvirt's error reporting sometimes stinks
<jdstrand> hallyn: this is the type of thing I was talking about when I recommended VIRT_WARN last week
<hallyn> i put VIRT_WARN in that patch.  that patch isn't in mav
<jdstrand> hallyn: no, I know that
<hallyn> ok :)
<jdstrand> hallyn: I am saying this is precisely the *type* of thing that happens
<hallyn> sigh, yeah.
<hallyn> so i wonder if this is a bug in maverick's nfs
<hallyn> uid/gid isn't *supposed* to come through as -1 is it?
<hallyn> trying a rebuild with VIR_WARN at that line
<hallyn> i shouldve said only lucid sru for this...  who is gonna do this on maverick?
<Shaboom> try mozilla firefox on linux, preferably linux , and linux ubuntu if possible for best results: http://baby.cn.yahoo.com/pic/
 * patdk-wk is scared
<hallyn> zul: is that a pretty safe normal assumption?  that i can do a fix only for lucid and oneiric, bc noone will move from lucid to maverick or natty for servers right now?
<patdk-wk> no sane person :)
<zul> hallyn: i think so
<hallyn> phew
<zul> i think most people would be waiting for the next LTS
 * patdk-wk is waiting for 12.04.2
<patdk-wk> normally by then I have had enough time to test and start moving :)
<zul> hallyn: with the libvirt ebtables im horribly out of date...ill try it again after the update is finish
<hallyn> ok
<SpamapS> koolhead17: whenever you are ready we can chat about bug 875262
<uvirtbot> Launchpad bug 875262 in php5 "PHP Startup: Unable to load dynamic library '/usr/lib/php5/20090626+lfs/sqlite.so'" [High,Confirmed] https://launchpad.net/bugs/875262
<koolhead17> SpamapS: in 20 mins :)
<incorrect> are there other authentication systems i can use with windows that don't involve me setting up samba?
<SpamapS> incorrect: at one time, I know stock kerberos 5 + ldap worked .. but not very well.. with windows XP and 2000
<incorrect> or an easy way to get samba doing domain log ins
<uvirtbot> New bug: #900889 in apache2 (main) "Php5 Application Segmentation Fault After Upgrade from 9.04 to 10.04, 10.10. or 11.10" [Undecided,New] https://launchpad.net/bugs/900889
<zul> hallyn: false alarm
<hallyn> phew
<zul> sorry to work up your blood pressure
<adam_g> zul: https://code.launchpad.net/~gandelman-a/ubuntu/precise/keystone/lp900553/+merge/84663
<adam_g> zul: should i also send proposals with the changes that were merged directly into the nova and glance ubuntu packages this week, or do you want to do that?
<zul> adam_g: no ill take care of it
<adam_g> k
 * lukstr waves
<lukstr> I have a fun kerberos question
<lukstr> after running sudo auth-client-config -a -p kerberos_example I can't log in at all. In a guest session I can get tickets just fine but anything PAM seems extremely unhappy
<zul> hallyn: nope was still able to reproduce it
<lukstr> is there any _proper_ way to setup kerberos with PAM for 11.10?
<hallyn> jdstrand: hm, i don't think i'll try maverick again, but on oneiric i observe that 'mount -o nfsvers=3' works better (than using v4, the default).  now i can chown, as can libvirtd
<jdstrand> interesting. so it is the DAC driver
<jdstrand> they are always fiddling with nfs for the selinux bits
<hallyn> pain
<hallyn> worked fine under precise though with v4
<jdstrand> weird
<hallyn> zul: can you open a bug or post pastebin with reproduction instructions?
<jdstrand> yeah, I wouldn't worry about maverick-- it is eol in 4 months
<jdstrand> natty is... *shrug*. seems too late for it too
<hallyn> lukstr: not something i've worked with, sorry.
<hallyn> jdstrand: i just might weep for joy
<jdstrand> heh
<hallyn> finally done with that
<hallyn> now just a little qemu one to do :)
<jdstrand> :)
<hallyn> ooh!  qemu-kvm-1.0 has been tagged
<jdstrand> hallyn: iirc, they fiddled a bit with usb2 for that. that would be awesome, but I don't know how far along it is
<hallyn> they already had with the 0.15 in precise, and i think that's to blame for the uhcd/ehci not being there
<hallyn> haven't gone and asked on #qemu yet though
<jdstrand> hallyn: interesting-- I didn't know it was fully working
<hallyn> oh i dont' knwo that it is
<zul> hallyn: i just added more info to the bug that was open
<hallyn> zul: sounds like openstack should depend on ebtables :)
<zul> hallyn: right but i have ebtables installed thats the point
<hallyn> zul: unless you're saying you've stopped and started libvirt-bin, that bug is unlikely to get addressed (upstream bug is being ignored).  Why not avoid it altogether?
<zul> erm..
<hallyn> eh, maybe i'm wrong, and it has been addressed upstream
<hallyn> zul: you know i'm not trying to be difficult :)
<zul> hallyn: sure i heard that one before
<zul> :)
<hallyn> while : ; do euca-describe-instances  | awk '{ print $2 }' | grep "^i-" | xargs euca-terminate-instances; done isn't getting me very far
<Faint> Hi, I know this is #ubuntu-server, but nothing I say is sent in #httpd, so I am asking here because I am running Ubuntu Server 11. Any help would be appreciated. I am having a problem where when I start Apache, it stays up for a minute then turns off. I have the only two lines it gives me in apache's error.log right here:
<Faint> http://pastebin.com/vX201fQ6
<Daviey> hallyn: http://pb.daviey.com/euca/ is smoser's
<hallyn> Daviey: that hurts the eyes :)
<smoser> http://paste.ubuntu.com/762099/ is my current
<Cant_Winn> Hello everyone
<Faint> So does anyone know what the problem is with my Apache? I have searched all over only to find answers that don't work
<Cant_Winn> I have a small question; Has any one here ever setup, or tried setting up iFolder on Ubuntu 10.04 LTS server?
<Daviey> hallyn: more than, http://pb.daviey.com/KfaI/
<Daviey> ?
<hallyn> Daviey: i find that easier to read
<Daviey> golly, it's crap :)
<RoyK> Faint: I'd try starting the apache process in the foreground
<RoyK> fahadsadah: is this 11.10 or 11.04?
<fahadsadah> RoyK: It's 9.45 here
<RoyK> fahadsadah: sorry, that was meant for faint, who just left :P
<fahadsadah> Don't worry, I'm just screwing with you :p
<Cant_Winn> Anyone attempted iFolder before?
<Daviey> RoAkSoAx: What do you think about, NUT integration in Cobbler (replace fence-agents) ?
<soren> smoser: Does cloud-init get ged anything when provisioning new machines with orchestra?
<soren> smoser: *get fed
<RoAkSoAx> Daviey: didn't I send you the response to you?
<RoAkSoAx> Daviey: i think it should not be a replacement, but rather a support
<RoAkSoAx> Daviey: give me a sec to explain to you the idea that I discussed with arnaud about it
<Daviey> RoAkSoAx: If you are on the case, great :)
<Daviey> RoAkSoAx: But i thought the WI listed as 'replace' would interest you
<RoAkSoAx> Daviey: basically, I told Arnaud that I don't think we should replace but rather, make NUT as an option. i.e. Right now the cobbler server needs access to any power device in order to be able to manage them. If cobbler does not have direct access (like in our lab), but if we do have it to a NUT server, then it would be cool if cobbler can just tell the NUT server "power on outlet for machine XYZ, that I don't have direct access to"
<RoAkSoAx> but the NUT server does
<smoser> soren, yes.
<smoser> but not much of importance other than in juju i think
<smoser> RoAkSoAx, would konw also
<ellipsis_> Hey, I've got a really low spec computer I was thinking of turning into a server. However it has no harddrive. Can I boot ubuntu server edition from a usb stick and will it lag/use up all the ram? (all I need to do is host a little php, but I can't seem to find any good free hosts)
<smoser> ellipsis_, you can probably manage to do that, yes.
<smoser> it will jsut have slow IO from the usb disk.
<adam_g> Daviey: just filed #900977, will sort out in a few
<soren> smoser: How does it work?
<RoAkSoAx> soren: basically, juju passes a ks_arg to cobbler with the user-data for cloud init in base64. Then, we have a python function that is imported by cheetah via the kickstart templating feature that recieves that BASE64 User Data from the cobbler ks_arg/variable, and creates a late_command that decodes the base64 and execute the code creating the user-data file
<ellipsis_> smoser, Thanks, but I mean my server has like 500mb of ram. Can I fit the OS into ram without it constantly needing to use swap?
<soren> RoAkSoAx: Ok, so the user-data equivalent is passed embedded in the preseed file?
<RoAkSoAx> soren: yes
<soren> RoAkSoAx: Lovely, thanks.
<allowoverride> whats the command to list ops in irc room?
<allowoverride> thanks
#ubuntu-server 2011-12-07
<crass> I'm having strange module dependency issues with apache2
<crass> I'm using aptititude and when trying to install the apache2-mpm-worker it tells me that that breaks things
<crass> hmm, mod_php can not use mpm-worker?
<Patrickdk> crass, it can, if ALL php modules you use are thread safe (unlikely)
<Patrickdk> the best way to run php is via fastcgi
<twb> Pity php doesn't have a built-in simple HTTPD that you can just stick behind varnish or nginx
<jandrusk> Anyone know what the mysql username/password is for the juju charm for MySql?
<twb> fcgi is just so fugly, protocol-wise
<Patrickdk> heh
<Patrickdk> I just use lighttpd, with like 3-5 php servers
<twb> And it's nearly impossible to debug, whereas with a simple httpd built into each app, if something goes wrong you can test it by talking directly to the app, eliminating the possibility that the reverse proxy is causing the problem
<Patrickdk> heh? I find it easy to debug the fastcgi stream
<twb> Patrickdk: when I looked the tools for doing that were crap, at least compared to e.g. curl -v
<ipl31> I have been noticing on 11.10 server when I stop and start LXCs that network connectivity drops
<ipl31> anyone have any ideas on where to start looking for the cause?
<twb> Oh, and running fcgi over the wire between two hosts on an untrusted network is basically a no-go, so if you follow the sysadmin policy of "never trust anybody, ever", you are obliged to put an fcgi-capable (i.e. heavyweight) proxy on the web app's VM, even though you already have a reverse proxy between it and the real world
<twb> OK, rant over
<Patrickdk> heh?
<Patrickdk> how is that more insecure than running http over the wire?
<Patrickdk> and isn't that why they create ipsec?
<twb> Patrickdk: if running php-fcgid you can basically ask it to execute anything
<Patrickdk> ipsec with http/... is much much less resource demanding than https
<twb> Patrickdk: like say rm -rf /
<Patrickdk> heh?
<twb> Patrickdk: admittedly I didn't actually try to do it
<Patrickdk> since when does php run shell commands?
<Patrickdk> and I dunno what php-fcgid is, normally you run php-cgi
<twb> Patrickdk: same thing, different distros call it different names
<Patrickdk> it only runs php files, that are within it's path you define
<Patrickdk> but it's the same as running it any other way
<twb> Maybe I'm misremembering or misunderstood it
<Patrickdk> just as insecure or secure as cgi, or mod_php
<Patrickdk> well, it might have been a bug
<Patrickdk> but bugs are bugs, not design
<twb> I would've been looking at the protocol description, not the source
<Patrickdk> then the same would be true of any fastcgi program
<twb> Right
<twb> I wasn't meaning to single out php cgi specifically
<Patrickdk> fastcgi doesnt state anything
<Patrickdk> it's all relative
<Patrickdk> sure you can pass rm -rf / over fastcgi no problem
<Patrickdk> but what the other end does iwth that, is the issue, it should drop it as an invalid request
<Patrickdk> same would be true of any protocol
<twb> Maybe I just didn't believe php was smart enough to do that
<raubvogel> Can I configure where nfs logs at? ubuntu 11.10 if that matters
<Patrickdk> nfs logs?
<Patrickdk> nfs client? or nfs server?
<twb> raubvogel: nfs doesn't log very much by default
<twb> raubvogel: your best bet is probably wireshark, although if you describe the problem I might give better advice
<raubvogel> twb: I cranked up (-vvv) logging
<raubvogel> Trying to nfs mount from, well, a windows box
 * Patrickdk is having a horrible nfs lock issue
<raubvogel> share has no security whatsoever
<Patrickdk> I think it's a 2.6.18 kernel issue though
<Patrickdk> all shares have security
<Patrickdk> sec=sys,no_root_squash,rw
<Patrickdk> should disable most of it
<twb> raubvogel: -vvv where?
<twb> NFSv3 has no security whatsoever against the root user of any IP that's allowed in /etc/exports
<raubvogel> Patrickdk: trying that
<raubvogel> twb: In /etc/default/nfs-common:RPCGSSDOPTS="-vvv -rrr" and /etc/default/nfs-kernel-server:RPCSVCGSSDOPTS="-vvv -rrr"
<raubvogel>  
<twb> raubvogel: uh, so you're using NFSv4?
<Patrickdk> heh? gss is encryption stuff
<twb> GSS isn't used for NFSv3
<raubvogel> Setup can do nfsv4 and kerberos
<twb> What is "setup"
<Patrickdk> you configured linux side to do kerberos and installed keys and a kdc server?
<raubvogel> Yep
<raubvogel> But
<raubvogel> how can I set this up to do nfsv3?
<raubvogel> without kerberos?
<twb> Well, NFSv3 is much easier
<raubvogel> and then work my way up?
<Patrickdk> nfs4 is a major pain
<raubvogel> Well, right now I want to eliminate variables; this is a test
<Patrickdk> all users must exist on both sides
<twb> Basically install nfs-kernel-server, add an entry to /etc/exports, run exportfs -rav.  Then on the client, install nfs-common, and run mount fs:/srv/foo /srv/foo
<twb> Patrickdk: he should be able to mount at least, without making UIDs match
<twb> Oh, sorry, you mean "users must exist... " for NFSv4
<Patrickdk> depending on the security setting
<Patrickdk> that is set on both sides
<raubvogel> Ok, so how do I set this for nfsv3
<twb> raubvogel: do you trust the network you're on?  If not, I recommend NFSv3.
<twb> Er...
<twb> raubvogel: do you trust the network you're on?  If you do, I recommend NFSv3.
<raubvogel> Right now this is a test in a test network
<raubvogel> which is why I want to start with v3 and security disabled
<twb> v3 doesn't have a -osec= option in the first place
<twb> Also for your initial test, strongly recommend test with a linux client
<raubvogel> It works fine with linux and OSX
<twb> Ah, OK
<raubvogel> I am trying to figure out the windows side
<raubvogel> Which is why I was looking for a log
<raubvogel> I mean, if the windows client claims authorization error there better be a related message in the server
<raubvogel> Test share is being exported, according to exportfs -v in server, as <world>(rw,wdelay,no_root_squash,no_subtree_check,sec=sys,rw,no_root_squash,no_all_squash)
<twb> OK
<raubvogel> Interesting it mentioned no_root_squash twice
<twb> IIRC there are a couple of places to turn NFS server logging on, one at modprobe, the other is in /proc/sys/
<twb> 24. Linux at http://stromberg.dnsalias.org/~strombrg/NFS-troubleshooting-2.html
<twb> Working out if it's using NFSv3 or v4 will be very helpful
<raubvogel> twb: the windows client can do both
<raubvogel> it is an argument (/3, /4, etc)
<raubvogel> AFAIK the nfs server is exporting 3 and 4
<twb> Then explicitly tell windows to use 3 to begin with, since 3 is easier
<raubvogel> That is what I have been doing
<twb> OK.  I would be useful if you had summarized everything you've already done up-front, rather than me having to ask.
<raubvogel> twb: will do
<twb> afk meeting
<raubvogel> K
<raubvogel> twb: It seems the problem is in the nfs client program I am using (hummingbird's). Using the Microsoft's, I have no problem mounting the insecure share.
<raubvogel> Time to contact their support
<crass> is there a pachage for php fastcgi? or is it already compiled in?
<aarcane_> So I'm curious about running Ubuntu Server in a virtual environment.  I have a setup that would lend itsself well to either using disk images or to using exposed filesystems.  Both are equally simple to configure and deploy.  The question, for my environment, is which is better performant ?  has anyone done a side-by-side comparison ?
<SpamapS> aarcane_: you mean qcow2 vs. say, lvm volumes?
<aarcane_> I mean qcow2 vs. say, mkdir.
<SpamapS> mkdir?
<SpamapS> your VM needs a block device
<SpamapS> unless I missed something, kvm doesn't have anything like vmware's host filesystem drivers
<aarcane_> I thought kvm could run in an environment similar to a chroot.
<SpamapS> I don't know of anybody doing that.. but it may be possible, I've never tried it
<twb>  The hg driver is pretty crap anyway
<twb> You could use NFS to export a chroot to the qemu VM as its root filesystem :-)
<aarcane_> so does ubuntu/kvm at least support running a partitionless device ?
<twb> aarcane_: yes but it's fiddly to set up
<twb> file /srv/kvm/twb.img ==> /srv/kvm/twb.img: BTRFS Filesystem (label "twb", sectorsize 4096, nodesize 4096, leafsize 4096)
<twb> That's a partitionless KVM disk image of a btrfs root filesystem, using extlinux as the bootloader
<aarcane_> nice.
<twb> Actually come to think of it, if you are doing a normal server install CD inside the VM, it's quite easy -- all you need to do is switch to vt2 and do a "mke2fs /dev/vda", and then the interactive partitioner will allow you to create the real filesystem on vda instead of forcing you to make a vda1
<aarcane_> twb, is there an easily accessible howto to do that ?
<twb> After that you just need to set up the bootloader -- with grub I have no idea, with extlinux it's just the normal extlinux way except you don't need to copy mbr.bin to the MBR
<aarcane_> erm, I meant to send that one line up.  What about using ubuntu-virtualmachine-builder ?
<twb> I know nothing of that
<SpamapS> live-builder, I think, is the one you want
<SpamapS> live-build I mean
<twb> live-build / live-helper is oriented mostly towards read-only (+cow) images
<twb> I'm not sure they're ideal for "I want a normal VM"
<twb> You could likely *abuse* them for that purpose :-)
<SpamapS> I believe thats what is used to build the Ubuntu cloud images
<twb> SpamapS: that's because cloud images *are* read-only
<twb> Part of the point of the cloud stuff is that state lives in the db only and the VMs just have ephemeral state or so
<SpamapS> well they are mounted r/w ;)
<twb> SpamapS: well, ICBW
<twb> I assumed they were mounted ro and then aufs'd with a tmpfs cow
<twb> So to an inattentive root user sshing in, they look r/w but the changes are lost when you reprovision the VM on another node
<SpamapS> Nope
<SpamapS> they're laid down on top of a block device
<twb> interesting
<SpamapS> and altered in predictable ways
<SpamapS> such as putting authorized SSH keys in /home/ubuntu/.ssh/authorized_keys
<SpamapS> actually
<SpamapS> I think that may be done by cloud-init now that I type it.. hrm
<SpamapS> <-- also CBW ;)
<twb> This cloud stuff is a fad, like www
<SpamapS> yeah it'll never catch on
<twb> Or touchscreen computers.  I mean there is *zero* tactile feedback
<twb> And when you hit people with a tablet it will just shatter, unlike a model M
<SpamapS> so yeah, cloud-init is the thing that installs the ssh key in /home/ubuntu/.ssh :)
<SpamapS> the filesystem is literally just thrown onto the block device
<twb> And when you boot the VM does /proc/mounts say it's doing anything fancy like aufs?
<SpamapS> no
<SpamapS> its a xen instance
<SpamapS> root=/dev/xvda1
<twb> not /proc/cmdlinux
<twb> Gah
<twb> not /proc/cmdline
<twb> If it's live-init the magic happens in the ramdisk
<twb> I guess I don't really care, though
<SpamapS> yeah I may have said the wrong tool.. live-build is just in my head
<twb> live-build is basically a wrapper around debootstrap, mkisofs, syslinux and a few other things.
<SpamapS> yeah, so that may not be right
<SpamapS> could be vmbuilder
<SpamapS> which is basically a wrapper around debootstrap, mkfs, etc.
<twb> live-boot and live-init or so, are related tools that allow you to boot off ro media and union it with a cow, which is usually a tmpfs or a rw block device, and to turn off some services that you don't care about on live media (e.g. screen saver)
<twb> Most common use case is to use all three to make a custom live USB key or CD
<twb> Under ubuntu the latter two are still basically one big icky blob that is casper, at least as at 10.04
<yaboo> when I do apt-get instead of typing y every time, how do I automated it
<yaboo> trying to make a install script
<qman__> yaboo, use the -y option
<qman__> apt-get update && apt-get dist-upgrade -y
<yaboo> qman__, thanks
<Saturn2888> Hello all, I was curious to know if anyone had his or her own PPA or knew anyone that supported a PPA with close to the latest kernel for supporting BTRFS. I want to experiment around with it in a VM, but am making sure I get something as new as I can. I was looking at https://help.ubuntu.com/community/Kernel/Compile but wanted to make sure I wasn't missing anything first.
<SpamapS> Saturn2888: precise has a very recent kernel, you could just test precise
<Saturn2888> Which one?
<Saturn2888> http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.2-rc4-oneiric/ <- I just went there and ran those. Lost the console but SSH works thankfully. If I could use a more-stable build I 'd probably prefer that when I move this to production (still for hobby fun) in a few months.
<SpamapS> Saturn2888: more stable would be the regular precise kernel
<Saturn2888> I mean, how do I acquire that? Is there a PPA?
<SpamapS> Saturn2888: you either update to precise alpha1, or build the kernel for oneiric
<Saturn2888> Btrfs v0.19 it says
<Saturn2888> oh sorry.
<Saturn2888> I meant is there a link with more information? I've never heard of precise.
<SpamapS> Saturn2888: actually, 3.2rc4 *is* the current kernel in precise ;)
<Saturn2888> Oh great!
<Saturn2888> Is precise another distro or something?
<SpamapS> Saturn2888: precise == the current dev release of Ubuntu
<SpamapS> oneiric == 11.10
<Saturn2888> Oh cool. How would I find a download of it?
<SpamapS> precise == 12.04 (presumably.. if we release on time ;)
<Saturn2888> Wow!
<Saturn2888> So it's already on the newest kernel. That's neat
<SpamapS> http://cdimage.ubuntu.com/releases/precise/
<SpamapS> Saturn2888: you can also do-release-upgrade -d
<Saturn2888> Then I can use this instead of a botched 11.10 and would be fine. Great!
<SpamapS> Well its still alpha. :)
<Saturn2888> Better than a not-working 11.10. Plus this is a VM I setup to test btrfs. My goal is to build a machine off of this once I have the proper knowledge and know-how to do so.
<Saturn2888> by rc4, you mean 3.2rc4?
<SpamapS> Yes
<Saturn2888> Great!
<Saturn2888> I'll be finish up this upgrade then.
<Saturn2888> finishing up*
<Saturn2888> SpamapS: Thank you so much! Seems to have done a few kernel upgrades, but now it's at the rc4 one. Neat. That saved me a lot of time
<yaboo> getting a error when I log in wy60 unknown terminal type
<yaboo> do I need a /etc/termcap to tell me there is a wy60 terminal type
<twb> yaboo: are you really on a Wyse 60 terminal?
<yaboo> two yes I need to unfortunately
<yaboo> legacy app
<twb> terminfo entries are in the ncurses-base package
<twb> I do not know about termcap.
<twb> Also it's "twb" not "two".
<yaboo> two thanks terminfo
<yaboo> xchat spellchecker twb
<twb> Unfortunately ncurses-base does not defined a wy60 terminfo entry AFAICT
<yaboo> twb makes sense seems /lib/terminfo or /usr/share/terminfo under w has no wy60, guess need to find how to install one there
<twb> You probably need to write one
<twb> Otherwise it might be there under a different name
<twb> I can see a wy30
<twb> Hmm, I can see a wy60 in the source code
<twb> apt-get source ncurses-base, see misc/terminfo.src
<yaboo> twb seems ncurses-term has wy60  definitions installed
<twb> Ah, I'm sorry, it's ncurses-term
<twb> Sorry, bad memory on my part
<yaboo> rebooted box see if it works now
<twb> ncurses-base is the one that defines only commonly-used entries like linux, screen, xter
<yaboo> ok
<twb> Anyone familiar with unattended-upgrades?  If I set an email address in apt.conf, u-a will email information to that address (via mail(1)).  If I *don't* set that variable, where does that information go?  Is it thrown away?
<twb> I'm hoping the info goes to stderr, in which case cron will catch it and email it to me via sendmail(8), so I can avoid installing mail(1).  (Not because I hate mail, but because more packages = more bad.)
<twb> Unfortunately short of faking some security updates, this is fiddly to test, so hopefully someone has already studied the python source and can just tell me.
<twb> Nobody knows, huh.  Guess I'll RTFS
<yaboo> two got it working, in the end it was a permission issue on the app to allow it to run
<twb> The u-u source seems to indicate that it throws the mail away.
<twb> What a pain that it needs mail(1) when sendmail(1) is almost identical and already installed.
<twb> http://paste.debian.net/148422/ I'd patch it if I had fewer hosts
<SpamapS> twb: is it really that big of a deal to install mail?
<SpamapS> ignoring that sendmail is, IMO, the right way to do it, I see no reason to get hung up over such a tiny program.
<allowoverride> yawns
<twb> SpamapS: (Not because I hate mail, but because more packages = more bad.)
<twb> thin end of the wedge and all that
<SpamapS> twb: if only every person with an awesome idea like that submitted it as a patch.. ;)
<twb> Because it's short and catches non-u-u upgrades, I'm going to put this in as a later .daily job:
<twb> diff -U999 /var/backups/dpkg.status.0 <(zcat /var/backups/dpkg.status.1.gz ) | egrep '^.Version|^.Package' | grep -3 '^[+-]'
<twb> (more or less)
<twb> SpamapS: http://paste.debian.net/148425/
<SpamapS> twb: cool!
<SpamapS> twb: you have just replaced update-manager with a very short shell script ;)
<twb> y/w
<twb> Is it possible to set ChrootDirectory on a per-key basis in ~/.authorized_keys ?
<twb> Accordig to the source code (auth-options.c), no
<allowoverride> im ou
<allowoverride> out
<koolhead11> hi all
<user> hi to all!
<user> i have a question regarding byobu status bar
<user> what does the field <number># mean?
<user> it sits left op the uptime field
<twb> Probably the screen session number or something
<user> ah i found it in the manpage finally. its the total number of logged in users
<user> through sshd
<user> i have another problem! fail2ban refuses to ban. my system is ubuntu 10.10 has someone noticed this?
<user> is it a known problem?
<user> ubuntu 11.10 sorry
<user> im using shorewall firewall
<user> fail2ban configured to use iptables-multip backend. (the default)
 * blkperl was playing with fail2bain the other day
<blkperl> although on freebsd not ubunut
<jamespage> morning all
<lynxman> morning o/
<koolhead11> morning jamespage lynxman :D
<potetpro2k> hello
<potetpro2k> I have Ubuntu-server 10.04 LTS with a 3TB disk, the disk has alot of IOWAIT, does anyone know why this is?
<ersi> Are you running a lot of applications that are heavily I/O bound?
<potetpro2k> no, when i don't transfer the cpu and io is at 0, ~100%idle
<potetpro2k> when i transfer via scp to the fileserver, top give me a 50%idle 50%iowait for about 2-3 seconds every 15-20 sec
<potetpro2k> i also have the 3tb disk running over LVM
<potetpro2k> so the transfer holdts every 15-20 sec for 2-6 sec
<ersi> Is it an 'ECO SMART ULTRA LOW POWER MAGIC' disk?
<ersi> Sounds like it's spinning down it's platters like, all the time
<potetpro2k> 2 sec, gonna check
<potetpro2k> think it's a western digital caviar 3tb disk
<Daviey> rbasak: Hey, have you been able to look at https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-arm-service-orchestration ?
<Daviey> rbasak: We need to determine if, "Binary image deployment with PXE on ARM: TODO" - is still a requirement
<potetpro2k> is there a known problem with 3TB western digital HDD on LVM on Ubuntu 10.40 LTS??
<RoyK> potetpro2k: the only one I can think of is 4k sectors
<zul> Daviey: that sounds like fun
<RoyK> but then again, that shouldn't be too much of a problem
<potetpro2k> ok, strange i have lots of IOwait when reading or writing, but my other disks are fine :S
<RoyK> potetpro2k: IIRC that drive lies about its sector size being 512 while it's really 4k. if your partitions aren't sector-aligned to the _real_ size, the drive may need two i/o operations for each requested operation
<RoyK> potetpro2k: what's the drive model?
<RoyK> smartctl -i should show that
<potetpro2k> 2 sec
<potetpro2k> Device Model:     WDC WD30EZRX-00MMMB0
<potetpro2k> my 3gb disk got Timing buffered disk reads:    2 MB in  3.78 seconds = 542.41 kB/sec with hdparm -t
<potetpro2k> an other question, now i am accessing my disk via an LVM setup, when i only have 1 disk in 1 VG and 1 LV alone, does that slow down the disk's performence?
<smb> Daviey, I prepared a debdiff for precise for bug #894713. Just not sure how the sponsoring is supposed to work. Some prefer a linked bzr branch... And you just happened to be last one touching it before. :)
<uvirtbot> Launchpad bug 894713 in xen-common "xend init script should modprobe xen_gntdev" [Medium,In progress] https://launchpad.net/bugs/894713
<Daviey> smb: debdiff or a branch works for me.
<Daviey> smb: point it my way, and i'll look it over right away :)
<smb> Daviey, It is attached to the bug report for review. :)
<RoyK> potetpro2k: http://www.wdc.com/wdproducts/library/SpecSheet/ENG/2879-701229.pdf <-- it's an "advanced format" drive, meaning it's "user sector size" is 512 bytes, but internal sector size is 4k
<Daviey> smb: nice complete changelog, one question - should Debian be doing the same thing?
<RoyK> potetpro2k: google for lvm and advanced format
<RoyK> dunno if there are known problems with it, but it wouldn't surprise me :P
<RoyK> fscking drive manufacturers shouldn't program their drives to lie about sector sizes......
<potetpro2k> RoyK cat /sys/block/sda/queue/logical_block_size  gives me 512  so it's formated as it should have been, and the disk "takes care" of the rest? :S
<smb> Daviey, Not sure. It could be they just have all of this built-in into their kernels... So they won't have that problem
<RoyK> potetpro2k: if you performa a single read of two sectors that spans two physical sectors on the drive, that'll be two i/o operations on the drive
<rbasak> Daviey: what's the reason you ask?
<RoyK> potetpro2k: the _logical_ block size doesn't matter much performance-wise
<rbasak> Daviey: I only added it because you mentioned it I think
<Daviey> rbasak: Yeah, i did - but i wanted to confirm that the arm team think binary 'firmware' style images are still required.
<Daviey> rbasak: Things are moving quite fast in this area of things, and want to make sure that arm is part of that picture.
<ersi> "partitioning a new disk the alignment of the disk has to be so that partitions start in a sector which is a multiple of 8" <- LVM with advanced format, 4k sector disks
<ersi> apparently, that seems to be the only concern - could be wrong about that though
<RoyK> ersi: sounds right
<RoyK> ersi: except if lvm has some hidden headers somewhere...
<ersi> ah yeah
<rbasak> Daviey: so will we be supporting firmware-style or installer-style installers for arm server, what does arm desktop do, and who will make the decision?
<rbasak> (ignoring pxe for the moment)
<potetpro2k> RoyK ersi thanks so far :)
<Daviey> rbasak: installer is already supported, firmware-style is not yet.
<Daviey> rbasak: The arm team, probably NCommander, needs to be involved in that discussion.
<rbasak> who decided that we needed firmware-style and why?
<Daviey> (I don't think he was present in the UDS session)
<Daviey> rbasak: Currently the arm team tend to favour that model it seems, perhaps ogra_ has thoughts.
 * ogra_ looks up
<ogra_> rbasak, what do you mean by firmware-style ?
<rbasak> ogra_: AIUI, an image that gets dd'd and then the machine booted
<rbasak> Daviey: ^^?
<rbasak> ogra_: (rather than the installer running debootstrap)
<ogra_> rbasak, well, that totally depends on the HW
<ogra_> if syou can only install to the device you also boot from, the preinstalled approach is best
<ogra_> also using live or alternate is extremely slow, an install can easily take 2h or more ... preinstalled takes in max 10min to resize the rootfs and then drops you into ubiquity afterwards to set up the system
<ogra_> for other HW setups we might consider other ways to install as long as we can manage them wrt QA (i guess you will understand why having images that take 2h to install arent actually QAable during a milestone freeze)
<rbasak> so we currently have both setups supported in oneiric?
<rbasak> (depending on what hw it is?)
<ogra_> define both :)
<ogra_> there are about ten different image types you can build
<ogra_> we currently build preinstalled and netinstall
<ogra_> netinstall is plain d-i as you know it from the alternate CD
<ogra_> preinstalled is like a live oem image
<rbasak> OK so what's the plan for server?
 * rbasak suspects this may be blocked on hardware again
<ogra_> no particular plan until we actually know how the hardware works
<ogra_> yeah, well guessed ;)
<ogra_> we need to know how it boots, and what the options for installation are
<jhobbs> we're planning on doing netinstall's with our hardware
<ogra_> netinst is already there and wont go away
<ogra_> for all server installs we have
<zul> lynxman: happy bday
<ogra_> the question is if we will also offer preinstalled, or if alternate would nmake sense etc
<ogra_> but that totally depends on the HW and how you boot it ... and how you can install on it
<ogra_> which is something we only can figure out with the HW in our hands
<rbasak> OK, so for cobbler/juju for precise, would it be sufficient to limit ourselves to netinstall only, given that we don't have hardware yet and we're past feature freeze? So shall I drop that work item? Daviey?
<ogra_> past feature freeze ?
<rbasak> sorry feature definition freeze
<ogra_> keep it, we might get HW ... and arm is a bit special in the freeze regard for certain bits
<ogra_> for precise that is
<ogra_> i.e. if we can make sure everything works, kernel and bootlaoder support could possibly enter precise in a point release under certain circumstances
<Daviey> rbasak: We've already committed to it pre FDF :)
<ogra_> that said, if you focus on netinstall thats indeed the safe bet
<ogra_> we wont drop it and it will likely even support arches we add later
<Daviey> ogra_: right, Trying to work out if our provisioning solution should force d-i installer method, or if we need to add support for the binary image method
<Daviey> Would rather not SRU a feature like this for the LTS :)
<ogra_> our QA tools depend on netinst so beyond the ac100 image (which uses an android based boot mechanism) all arches we have are supported in netinst
<ogra_> Daviey, not my decision
<ogra_> we did that for server in the past a few times
<rbasak> Daviey: so if we were to add support for the binary image method, would be it be sufficient to just have that working on a panda to consider the feature essentially complete?
<ogra_> i agree that it gives an odd feeling though
<ogra_> and LTS for arm isnt decided yet
<ogra_> we might not be LTS at all (also decided on a higher level)
<Daviey> right.
<rbasak> we have to worry about breaking cobbler on !arm thoug
<rbasak> h
<Daviey> rbasak: I'd say so..
<Daviey> rbasak: If it's not a painful amount of work, perhaps we shoudl JFDI.
<rbasak> Daviey: sure, no objection there
<Daviey> rbasak: I was sure i remembered reading that cobbler could already do somethign similar, but lost the reference.
<rbasak> Daviey: as I slowly start seeing the whole picture it doesn't seem as awkward to me. it's just hard seeing the picture without hardware
<rbasak> Daviey: could be koan related?
<Daviey> rbasak: Well, arm does need to have a seperate workflow to the rest of things.
<Daviey> rbasak: it /could/ but i'm not such a fan of koan.
<Daviey> rbasak: something you might find of interest is pxe-kexec, performs a similar function to koan. :)
<Daviey> ogra_: thanks for your input btw
<ogra_> np
<ogra_> feel free to pick my brain at any time :)
<Daviey> ogra_: BRAINZ!
<ogra_> :)
<ersi> Mmmmh.. brains..
<rbasak> ogra_: indeed, thank you, you've been really helpful
<potetpro2k> RoyK ersi  parted printed Sector size (logical/physical): 512B/4096B
<potetpro2k> is this how it's suppose to look like?
<potetpro2k> or is it suppose to be 4096/4096?
<ersi> potetpro2k: doesn't matter as far as I've read, what seems to matter is how your partitions are aligned - as in where they start
<ersi> potetpro2k: I'm no expert on the matter, and I have no idea if LVM throws in extra data anywhere to make the alignment wonky.. the best post I've found was: http://justimho.blogspot.com/2011/09/struggling-with-advanced-format-during.html
<potetpro2k> ok, does it matter if i use parted or fdisk to format?
<ersi> shouldn't matter, they're both disk utilities
<ersi> maybe it matters if you use GPT's.. I know one of them doesn't support that
<potetpro2k> ammagawd, this is driving my nuts :P gonna move my files off the disk and try to repartition and reformat, thanks for the help :)
<ersi> good luck :)
<kfullert> hi - trying to upgrade Ubuntu Server 10.10 to 11.04 (and then 11.10) using the instructions at https://help.ubuntu.com/community/NattyUpgrades - after saying yes to start SSH on 1022 (as it's over a SSH connection) I get a fatal error - main.log pasted at http://pastebin.com/v1WLCTL3
<kfullert> screenlog.0 is at http://pastebin.com/Bqi9V2JF - there wasn't a /var/log/dist-upgrade/apt.log created
<koolhead11> So /var/lib/nova/instance/instance-id/console.ring  gives the log of running instace log --> ring
<Sander^work> Do anyonce have experience with how to add another mysql server to phpmyadmin here?
<funkyHat> Sander^work: try #ubuntu-server
<funkyHat> Wait that is this channel
<funkyHat> Please ignore me â¢(
<RoyK> Sander^work: I guess #phpmyadmin or perhaps #mysql might be better
 * RoyK prefers to use the commandline to administer servers...
<Sander^work> I do too.. Just that my customer's dont.
<koolhead11> Sander^work: did you check server guide by any chance/mistake?
<koolhead11> if you have not please check it am sure they have a chapter on mysql/phpmyadin too
 * koolhead11 wonders what magic smoser` does in the cloud image that it shows console output and works well and files once i modify stuff in it :)
<smoser`> koolhead11, you'd need to list what modifications you're making
<koolhead11> smoser`: only 2 modification adding proxy server info and removing the sudo rm -rf /etc/udev/rules.d/70-persistent-net.rules
<koolhead11> and yes removed the ssh-keys from the user-data custom fie
<koolhead11> *file
<koolhead11> on vnc viewer it boots well and can see log too
<tgardner> jamespage, is there a better way then editing /var/lib/cobbler/config/repos.d/*.json to change the mirror ? its also a bit tedious to go through the cobbler web interface.
<koolhead11> tgardner: i am guessing there must be a profile associated and you can edit that profile with the info
<koolhead11> or if your system/profile uses a presseed you can manully edit that to i suppose
<hggdh> hallyn: found the issue; indeed the libvirt fix you submitted yesterday did not do the trick
<hallyn> what is the issue?
<hggdh> hallyn: dynamic_ownership, and user and group (it seems) does not work anymore
<hggdh> hallyn: I will open a bug, but if d_o=0 you get access denied
<hggdh> if d_o=1, and user and group are set to root, you get access denied
<hallyn> you're sure you're not on nfsv4?  :)
<hggdh> heh. I am. I have NFS, any version... all my FS are local
<hallyn> ok thanks hggdh.  i'l lneed a libvirt update anyway to handle qemu-kvm 1.0 version #
<hggdh> s/have/hate/
<hallyn> maybe i'll try merging the debian experimental version
<hallyn> that makes more sense :)
<hggdh> hallyn: of course, this d_o=1 completely screws with my setup... now I will have to have root running a cronjob to clean up the mess libvirt leaves on permissions
<hallyn> hggdh: ?  I must be misreading, bc it sounds like you're saying you don' twant it anyway
<hggdh> hallyn: oh, no, I really do not want to be forced to have ISOs owned by libvirt:kvm
<hggdh> this is a heavy-handed solution to a non-existing problem
<ttx> jamespage: yo! Does your python-jenkins support Launchpad SSO as a login ?
<jamespage> ttx: ermm - no
<jamespage> that would be a nice feature tho
<ttx> jamespage: indeed. I could then use it as part of my release scripts
<jamespage> tgardner: not sure about that
<jamespage> ttx: leave it with me; it really depends on whether the SSO stuff is exposed on the remote API - I'll take a look
<ttx> jamespage: I gather you don't use Launchpad SSO on your own jenkins instances ?
<hallyn> hggdh: and in oneiric that works?
<jamespage> ttx: not yet
<tgardner> jamespage, it doesn't seem to be a global setting anywhere.
<ttx> jamespage: ok, keep me posted
<jamespage> ttx: we will prob use it on the public instance
<hggdh> hallyn: yes. Actually, last week it was working on Precise
<jamespage> but most 'work' happens in private instances
<hallyn> hggdh: uh, that sounds like spurious (unrelated to libvirt-bin) then.  (I was about to suggest that commit b1643dc15c5de886fefe56ad18608d65f1325a2c might be responsible, but now i'm dubious)
<jamespage> tgardner: if you specify the proxy in the preseed to be the orchestra server it should hook up with the squid server which is part of ubuntu-orchestra-provisioning
<hallyn> ok thanks i'll wait for the bug :)
<jamespage> tgardner, are you using your own preseeds?
<tgardner> jamespage, nope, just vanilla stuff.
 * jamespage scratches his head
<jamespage> the default preseeds should do that
<tgardner> jamespage, well, its working OK, but I wanted to point at my local mirror for faster access. squid will pull at least one copy of the package from archive.ubuntu.com, right ?
<hggdh> argh! now apport refuses to open the libvirt problem because libglib2.0 needs to be updated...
<jamespage> tgardner: ah - I see
<jamespage> RoAkSoAx, ^^  - is there a nice easy way to switch the default archive location in orchestra/cobbler?
<RoAkSoAx> tgardner: you mean the archive that squid uses?
<jibel> hggdh, save the report, edit it, remove the lines 'unreportable reason' and resubmit
<tgardner> RoAkSoAx, taht, and the archive that the PXE booters are given
<tgardner> perhaps the squid archive is sufficient
<tgardner> given the proxy
<RoAkSoAx> tgardner: you should make the modification in: /var/lib/cobbler/snippets/orchestra_proxy (given that you are using orchestra.seed or juju.seed)
<RoAkSoAx> orchestra.preseed or juju.preseed
<tgardner> RoAkSoAx, then re-run 'cobbler sync' ?
<RoAkSoAx> tgardner: nope, not need
<RoAkSoAx> tgardner: that only applies to the preseed file so everytime, from that change on, you try to PXE boot something, it will use that change
<tgardner> RoAkSoAx, cool, I'll give that a try. thanks
<RoAkSoAx> tgardner: welcome ;) let me know if you run into any other blockers/ I'll be happy to help
<koolhead11> smoser: euca-run-instances ami-00000025 --user-data-file=user-data   will this work with newer cloud-init ?
<zul> SpamapS: ping
<hazmat> kees, ping
<lynxman> RoAkSoAx: ping
<RoAkSoAx> lynxman: pon
<RoAkSoAx> lynxman: pong
<hallyn> oh.  drat.
<SpamapS> zul: pong, sup?
<zul> SpamapS: so when i do the SRU tomorrow, ill just open up a bug and then ping ya so you can let it go into proposed?
<hallyn> ok, looking for advice.  in the past, libvirt shipped /etc/libvirt/qemu/networks/autostart/defaults.xml symlink as part of package
<hallyn> so if users removed it, it alwasy got reenabled on upgrade
<hallyn> bug 372001 was for that, and my fix was to not ship the file with package, and only install the symlink by hand on an initial install
<uvirtbot> Launchpad bug 372001 in libvirt "default network autostart symlink recreated" [Low,Fix released] https://launchpad.net/bugs/372001
<hallyn> problem is, if you upgrade from an older libvirt, the symlink gets removed bc it's part of the old package, and it doesn't get reinstalled bc it's not an initial install
<SpamapS> zul: Right
<hallyn> the only way i can think of to fix that is to always install it if upgrading from any current version.  That means it can't be SRU'd.  Can anyone think of another idea?
<hallyn> SpamapS: zul: soren: ^
<hallyn> (if not, i'll withdraw the sru and fix precise version only...)
<zul> hallyn: users get pissed if you disable something and then the packaging re-enables it
<hallyn> zul: well, yes :)
<hallyn> zul: but I assume we are NOT ok with having an SRU upgrade, for the first time ever, not set up everyeone's default net as autostart?
<zul> yeah not ok
<hallyn> but i can't think of a clean way to fix it.  I mean, I could do bunches of version checks in each release, but that's fragile
<SpamapS> hallyn: it shouldn't have been re-enabled on upgrade.. confflies are supposed to stay dead.
<hallyn> SpamapS: but it has always done it in the past.  do we want an sru to change that?
<SpamapS> No
<hallyn> If that's ok, then terrific.
<hallyn> SpamapS: drop your j'accuse - i didn't make the original decision :)
<SpamapS> hallyn: I have to run the family out the door.. and then get on a call.. but IMO its a conffile.. so it should be respected as such.
<hallyn> i agree, just trying to think how to fix it in sru's the best way
<hallyn> tty when you get back, thanks
<hallyn> well, maybe i'll just go ahead and hardcode in checks against current libvirt version for each release.  yuck.
<soren> hallyn: You can check from preinst whether the symlink is alraedy there.
<soren> hallyn: If it is, recreate it in postinst (store a tempfile somewhere to keep track).
<hallyn> soren: oh, excellent.  Where should i keep the tempfile?  (I assume there's a normal place)
<soren> hallyn: ...and only create it if it was there to begin with or if it's not an upgrade.
<soren> hallyn: I'd stick it in /etc/libvirt/qemu/networks/autostart/
<soren> hallyn: Clearly named as a temp file.
 * soren has to run
<hallyn> soren: thanks.
<kees> hazmat: pong :) sup?
<smoser> adam_g, https://code.launchpad.net/~gandelman-a/glance/899970/+merge/84511
<smoser> if you're going to wrap lines for depends, you should use 'wrap-and-sort' unless you have some reason not to
<hazmat> hi kees i saw you had some juju issues, and wanted to try and reach out understand them so we can solve them.. one thing that wasn't clear from your blog post was what version of juju you where running?
<kirkland> hallyn: have you tested ecryptfs inside of lxc?  does it work as expected?
<kees> hazmat: hi, cool. I was using what was in oneiric, since it wasn't clear how to bring up anything else for a sane AMI.
<hallyn> kirkland: i don't recall it if i have
<kirkland> hallyn: would you mind giving it a shot?
<kees> hazmat: you want me to join #juju?
<hazmat> kees, that would be great
<kirkland> hallyn: fwiw, there is a bug about ecryptfs not working inside of openvz: https://bugs.launchpad.net/ecryptfs/+bug/826996
<uvirtbot> Launchpad bug 826996 in ecryptfs "does not work inside openvz container" [Wishlist,Won't fix]
<hallyn> kirkland: sure, but not utnil i fix my libvirt snafu
<kirkland> hallyn: which doesn't necessarily surprise me, but I'd hope it would work inside of lxc pretty well
<hallyn> kirkland: i'm guessing that they didn't already have ecryptfs kernel module loaded, and openvz container wasn't allowed to modprobe
<hallyn> it's not an ecryptfs OR openvz bug
<hallyn> (in that case)
<kirkland> hallyn: ah, yeah, perhaps.  would you mind adding comments to that effect at your convenience?
<hallyn> soren: my proposed fix is at http://people.canonical.com/~serge/libvirt-autostart.debdiff, if you get a minute.  (I'll upload after some testing)
<hallyn> kirkland: i'll test in a n lxc container when i get a chance and then comment
<hallyn> oh, hm, patch needs a tweak
<smoser> utlemming, please review https://code.launchpad.net/~ubuntu-on-ec2/ubuntu-on-ec2/ec2-publishing-scripts.hvm-ephemeral/+merge/84805
 * utlemming reviews
<smoser> zul, https://bugs.launchpad.net/nova/+bug/855030
<uvirtbot> Launchpad bug 855030 in nova "Encountering sporadic AMQPChannelException" [Critical,Fix committed]
<smoser> "this is fixed in precise"
<smoser> but you did not mark fix-released.
<hallyn> jdstrand: have you run qa-regression-test test-qemu on a host (not in a vm) and lived to tell about it?
<smoser> by design ?
<zul> smoser: no just fat fingers
<jdstrand> hallyn: not for a while. I use nested virtualization typically (and qrt definitely warns about using at your own risk :)
<hallyn> yeah - well the host *is* a throwaway test machine, but i'm wondering just how bad the tests are :)
<jdstrand> hallyn: they shouldn't be *too* bad since they run as non-root. you should use 'make-test-tarball' rather than running in the tree
<hallyn> ok, i *think* i have all the libvirt upgrade cases covered now....  <crossing fingers>
<jdstrand> hallyn: for extra fun, run as a different user
<hallyn> ok, will try, thx
<jdstrand> (it doesn't need X, so su'ing to that user from a terminal should be ok
<jdstrand> )
<hallyn> but should be in kvm group?
<hallyn> btw, you have an amd box, or you find nested kvm now works on intel?
<utlemming> smoser: it looks good...except, why not register the four ephemeral stores to cover the cc2.4xlarge?
<utlemming> er, cc2.8xlarge
<jdstrand> hallyn: the other user should be in kvm if you want to test that. as for nested, it is nested qemu, not nested kvm
<hallyn> oh
<hallyn> how odd.  debuild -S didn't sign my .changes
<smoser> utlemming, only in keeping with what we've done before..
<smoser> i find the existance of 'block-device-mapping' entries in the metadata service annoying when they're wrong
<smoser> currently they're only wrong for t1.micro instances and that was something we could not have foreseen.
<utlemming> yeah, I see the problem here
<smoser> obviously there could be hvm instance types that would have no ephemeral in the future, though.
<smoser> t1.micro hvm
<utlemming> part of me is thinking that the meta-data should only present valid devices
 * utlemming shutters
<utlemming> s/shutters/shudders/
<smoser> yeah, they should present the *actual* block device mapping in the MD
<smoser> or at least the mapping that was there on initial start.
<hallyn> hggdh: oh!  so you can't report the bug?  I was wodnreing why i wasn't seeing it in the new queue
<utlemming> this seems worthy of a feature request to Amazon -- there is no reason to present an invalid device mapping via meta-data
<utlemming> smoser: merged
<smoser> if they fixed that, then i'd register 4 ephemeral devices with every ebs type
<hggdh> hallyn: I am going to report manually, and add in whatever you ask for later
<hallyn> hggdh: ok, thanks.  So I guess this is unrelated to the qemu one i just saw you posted  :)
<hggdh> hallyn: indeed it is unrelated. My only problem to report the dynamic ownership is LP timing out continuously for me
<hallyn> hggdh: a dput of 80k took me 2 minutes.  i think there is a problem
<hggdh> yes, I think so also
<smoser> i noticed a slow upload yesterday.
<smoser> er.. this morning.
<N3> I'm trying to install RAID6 w/ ubuntu 11 and grub fails
<N3> I would do lilo, but there is no option
<zul> soren: ping are you running precise yet/
<RoAkSoAx> adam_g: have you testing upgrading from oneiric -> precise of an orchestra server?
<RoAkSoAx> s/testing/tested
<hggdh> hallyn: bug 901333
<uvirtbot> Launchpad bug 901333 in libvirt "Precise: dynamic_ownership=0 causes complete failure to start a domain" [Undecided,New] https://launchpad.net/bugs/901333
<dannf> hallyn: i can't seem to bzr branch lp:ubuntu/natty/libvirt - any idea what's up w/ that?
<dannf> bzr: ERROR: Revision {james.westby@ubuntu.com-20110318080232-bskde7dqc2icfixv} not present in "Graph(StackedParentsProvider(bzrlib.repository._LazyListJoin(([CachingParentsProvider(None)], []))))".
<hallyn> dannf: the udd trees for libvirt and qemu are b0rked
<hallyn> hggdh: thanks
<dannf> hallyn: how do we go about unb0rking them?
<hallyn> dannf: i don't know.  last i knew it wasn't possible without some fundamental fixes to lp/bzr.  i don't know if those have been fixed and maybe now something just needs to get cleaned up somewhere... #bzr or #launchpad or #ubuntu-devel are probably the places to ask
<hallyn> i'd love it if it got fixed
<dannf> hallyn: ok
<zul> ok now im getting annoyed
<zul> hallyn: the ebtables/libvirt stuff is causing me greif
<zul> it only seems to happen when im running nwfilter
<zul> i can give you an xml that has the problem
<hallyn> ok
<zul> hallyn: http://paste.ubuntu.com/762980/
<hallyn> zul: i'm hopefully uploading qemu-kvm 1.0 this afternoon.  Is there ANY reason not to change ebtables to a depend?
<zul> hallyn: i have no reason
<hallyn> zul: will it work around your problem?  (i can't seem to use your filterref exceprt on oneiric)
<zul> well no because i have ebtables installed and it just cant find it
<zul> im starting to get frazzled
<hallyn> zul: ah!
<hallyn> i bet we need to specify --with-ebtables-path to configure.
<RoAkSoAx> Daviey: btw.. the chain.c32 trick doesn't seem to work with KVM instances. It does download the file, shows the grub menu, but stays there
<hallyn> zul: could you try a 'strace -f -o/tmp/outout -p `pidof libvirtd`' and then retry the cmd that fails?
<zul> hallyn: sure
<hallyn> jdstrand: qa-regression-test will need an update to call qemu-system-i386 instead of qemu
<jdstrand> hallyn: for all releases or just precise?
<hallyn> jdstrand: just precise, but it's safe to do for all releases
<hallyn> that is, qemu is goign away, but qemu-system-i386 was always a symlink to qemu
 * jdstrand nods
<hallyn> yay!  all tests pass
<hallyn> jdstrand: cool, long as you don't object i'll do a qrt merge proposal :)
<jdstrand> hallyn: I think we might want to do a release specific change. eg in both _check_vm_is_running() and _start_vm(): if emulater == "qemu" and self.lsb_release['Release'] >= 12.04: emulator = "qemu-system-i386"
<hallyn> jdstrand: why?
<jdstrand> hallyn: otherwise, we aren't testing the same thing we did before
<jdstrand> better would be to flip that and default to qemu-system-i386, then use "qemu" iv < 12.04
<jdstrand> that expresses what we are trying to achieve slightly better I think
<hallyn> it just seems like complicating (making more fragile) the test logic has its own cost
<hallyn> but, if you prefer...
<adam_g> win 1
<hallyn> ok i will
<N3> wow, how amazing, the debain installer just installed grub automatically to my RAID6 system, why can't ubuntu 11 do this?
<zul> hallyn: http://people.canonical.com/~chucks/output
<hallyn> zul: feh, one of the other threads must have tried the exec
<zul> hallyn: eyah
<adam_g> smoser: regarding glance 'sort-and-wrap', fair enough. shall i also sort the other depends sections of debian/control since tehy are not currently sorted?
<adam_g> RoAkSoAx: i haven't been reguarly testing, but i have done it in a couple of weeks. perhaps we can automate that testing per upload?
<zul> hallyn: hmm...interesting: http://paste.ubuntu.com/763012/
<RoAkSoAx> adam_g: the thing is thta I just did an upgrade, and the changes for squid3 weren't done automatically so I had to ln -sf the new config
<adam_g> RoAkSoAx: hm, packaged config files get overwritten on upgrades unless otherwise specified, no?
<hallyn> zul: yeah! ebtables on precise gives me a segfault
<zul> hallyn: hold on
<RoAkSoAx> adam_g: right, but we are doing all thru postinst
<RoAkSoAx> adam_g: anyways, just keep an eye on it when you do an upgrade from oneiric->precise to see if in precise the squid changes are actually made, or any other postinst change
<zul> hallyn: yeah ebtables is broken
<adam_g> RoAkSoAx: i believe ive upgraded the santol orchestra server since squid3 without issue but ill give it a shot later on ec2
<zul> hallyn: https://bugs.launchpad.net/ubuntu/+source/ebtables/+bug/899315
<uvirtbot> Launchpad bug 899315 in ebtables "ebtables crashed with SIGSEGV in ebt_initialize_entry()" [Medium,Incomplete]
<RoAkSoAx> adam_g: cool! btw i just uploaded the changes for chain.c32 and the auto selection of installation disk
<zul> hallyn: thanks for the help! :)
<hallyn> zul: np :)
<adam_g> RoAkSoAx: nice. i sent a merge proposal late yesterday wit a fix for the ISO upgrades deleting custom profiles, with hopes that you and smoser would be able to review. but it was picked up by a patch pilot and merged before anyone looked at it AFAICS.
<adam_g> https://code.launchpad.net/~gandelman-a/ubuntu/precise/cobbler/lp900977/+merge/84698
<Corey> Is there a semi-sane way to update the certificates in Lucid?  The cert in question works in Debian Squeeze.
<BjornWarmedal> I've just been given access to an ubuntu server (through ssh only, no access to hardware) and I'd like to get to know the system. I'm used to the *nix environment and the command line, but what's the best way to get to know the system, its processes and configurations?
<Corey> BjornWarmedal: What are you trying to figure out?
<Jim44491> anyone in here compiled a kernel for ubuntu ?
<Corey> Jim44491: Yes.
<Corey> BjornWarmedal: netstat can show you what's listening on what port, ps can show you what processes are running... I'd start there.
<Jim44491> i have ubuntu 11.04 and i want to compile kernel version 3 for it
<Corey> iptables will show you what the firewall looks like. :-)
<Jim44491> any problems ?
<BjornWarmedal> Corey: users, processes... netstat and ps are probably a good start, yeah :)
<Corey> BjornWarmedal: Take a look through /home and /etc/passwd, reconcile those.
<BjornWarmedal> Corey: the server belongs to a club and I've offered myself to learn how to administrate their systems
<Corey> BjornWarmedal: ...without knowing what you're doing? :-)
<BjornWarmedal> Corey: I'm not responsible for anything until I've learned ;) it just gets faster to learn if I don't have to wait around for someone to have time to teach me
<Corey> BjornWarmedal: "Learning on someone else's system" is always a poor decision, really.
<BjornWarmedal> Corey: the server I've got access to is a test system, so no harm in hacking around :)
<BjornWarmedal> Corey: until I've got a chance to set up my own server it's my best shot :)
<raubvogel> Corey: nothing makes you learn faster than learning on the job during a crisis with people screaming behind you
<BjornWarmedal> raubvogel: been there, done that... our only expert had a week off, I was new and somehow inherited the title...
<BjornWarmedal> raubvogel: and yes, I learned lots
<BjornWarmedal> :)
<raubvogel> I had one with a server whose OS somehow was put together with 3 different releases
<raubvogel> It was mail+nfs+everything
<raubvogel> and it crashed
<raubvogel> no docs
<raubvogel> even no root pwd
<raubvogel> had to rebuild array in one week and save data
<raubvogel> Loads of fun
<zul> mdeslaur: ping this is bad isnt it? http://paste.ubuntu.com/763031/
<raubvogel> zul: sounds like apparmor doing its thing
<raubvogel> Find out what virt-aa-helper is and whether it needs to do what it tried to
<smoser> zul, can you review/merge https://code.launchpad.net/~smoser/glance/merge-from-ubuntu/+merge/77190
<smoser> i'd think we would want to keep that glance/ubuntu branch as close to ubuntu as reasonably possible.
<jdstrand> zul: those aren't necessarily fatal. what are those files?
<zul> jdstrand: those are images feched from glance to create the ec2 instances
<zul> smoser: of course
<jdstrand> zul: sounds like we would want to adjust /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper for those paths
<zul> jdstrand: thats what i was thinking should it be added to the libvirt packaging as well?
<zul> or should i start creating an apparmor rule for nova?
<jdstrand> somthing as simple as '/var/lib/nova/instances/_base/* r,' would probably be enough
<jdstrand> zul: that file is provided by libvirt and so it should happen there.
<zul> k
<zul> smoser: done
<smoser> zul, i thought you mad console output work for lxc
<smoser> no?
<zul> oneiric?
<zul> yes
<zul> precise
<zul> no
<smoser> so it was in diablo proper?
<smoser> zul, bug 853602 has a patch attached
<uvirtbot> Launchpad bug 853602 in nova "get_console_output for 'lxc' libvirt type would throw an error " [Medium,Confirmed] https://launchpad.net/bugs/853602
<zul> smoser: that will just give you /dev/pts/9 or whatever when you run that command
<smoser> oh?
<zul> yeah
<zul> anyways back later
<soren> zul: not on my primary workstation, no, if that's what you mean.
<smoser> zul, it seems to work for me.
<smoser> zul, this applied to current-ish nova "works for me"
<smoser> http://paste.ubuntu.com/763072/
<smoser> withought that vcpus check, nova does not re-start
<th0mz> hi, i'm looking forward to migrate a vsphere HA cluster to Ubuntu Server and opensource hypervisor. Is KVM the best solution ? (long term project (3-6month before i start), just looking for a few  docs to start my reading). any idea please ?
<smoser> woot! cirros worked on devstack lxc.
<caution> I want to set up a mail server so I can send email from my domain name using a mail client like Thunderbird. It won't accept incoming messages to my domain. What type of mail server is this and what software should I use?
<RoyK> !dovecot
<ubottu> IMAP and POP are protocols for fetching email. The officially-supported server in Ubuntu is Dovecot (packages "dovecot-imapd" for IMAP, and "dovecot-pop3d" for POP) - See also !MailServer for information on the SMTP protocol
<RoyK> caution: postfix as the MTA and dovecot for mail storage is generally a "preferred" choice
<RoyK> !mailserver
<ubottu> Ubuntu supports the Simple Mail Transfer Protocol (SMTP) and provides mail server software of many kinds. You can install a basic email handling configuration with the "Mail server" task during installation, or with the "tasksel" command. See also https://help.ubuntu.com/community/MailServer and https://help.ubuntu.com/10.04/serverguide/C/email-services.html
<caution> I won't be storing mail though
<caution> will I?
<RoyK> if you want to receive mail, you need to store it somewhere unless you're going to process it automatically
<RoyK> oh
<RoyK> no incoming
<caution> I don't want to receive mail apart from outgoing mail from my mail client
<RoyK> :)
<RoyK> ok
<RoyK> then all you need is something like postfix
<RoyK> and just allow relay from internal IP addresses
<RoyK> and, typically, set it to relay outgoing mail to your ISP's MTA
<caution> there's no ISP mTA
<RoyK> it'll try to do mail routing according to DNS if you don't set a smart relay host
<caution> ok good
<caution> also it's not an internal IP address
<caution> so it needs auth
<RoyK> well, just don't open up relay for everything
<RoyK> either setup authentication or a small set of IPs from which to relay mail
<caution> thanks
<RoyK> if you setup an open relay, it takes like max a few hours until half the spambots on the net are trying to mail through it
<caution> yeah, I'd even be worried allowing an IP range
<RoyK> authentication is rather safe, though
<caution> what's a good command line tool to test postfix?
<RoyK> caution: what do you mean?
<RoyK> caution: telnet yourhost 25 ?
<caution> a command line smtp client I guess
<RoyK> telnet
<caution> no
<RoyK> just telnet into port 25 and chat smtp to it :P
<caution> takes too long
<guntbert> caution: its the only way to really test smtp
<RoyK> would have taken shorter time than you have spent asking for help here :Ã¾
<caution> nope
<RoyK> nope what?
<caution> smtp-cli sounds good
 * RoyK gives up and finds something useful to do
<raubvogel> Anyone doing syncrepl proxy in ldap?
<adam_g> win 2
<RoAkSoAx> adam_g: your branch in cobbler differs from the latest upload
<RoAkSoAx> adam_g: and your branch seems to have been merged already into lp:ubuntu/precise/cobbler when it shouldn't have
<demolition> Is there a IPv6 problem known with the latest LTS?
<demolition> It gets a IPv6 route, but only a fe80 IPv6 address
<demolition> (a fe80 route and a (2001::::) route), where the latest is the global IPv6
<demolition> Other systems pickup an address without a hitch
 * RoyK doesn't have ipv6 :(
<demolition> Note that my network has native (global) IPv6 support
<SpamapS> demolition: IIRC, lucid has been made to work with IPv6, but focus on IPv6 in Ubuntu only really started last cycle
<demolition> SpamapS: Is there some documentation on making IPv6 work with Ubuntu Lucid?
<demolition> It is a strong secured JEOS.
<hallyn> hggdh: was trying to reply to the bug report but can't get to lp.  Can you try dynamic_ownership with quotes around the user/group, i.e. user="root"\ngroup="root"?  it works for me...
<hggdh> hallyn: will try now
<SpamapS> demolition: I'm not much of an IPv6 expert.. so its hard for me to comment intelligently.
<SpamapS> demolition: I'm certain it can work... but there may be bugs that have been fixed in later releases.
<demolition> What tools and services are the most important for IPv6 networks?
<demolition> aka ifupdown
<demolition> If I can get a list with that tools, I mind building the latest versions from source
<demolition> Don't want to use a non-LTS for production use
<SpamapS> ifupdown is probably the most important yes..
<SpamapS> demolition: man interfaces should help
<hggdh> hallyn: bloody thing now works
<Skunk> is there a Ubuntu One (client?) for ubuntu-server?
<hallyn> hggdh: woot
<hggdh> darn!
<adam_g> RoAkSoAx: as i said, i proposed that merge later yesterday with hopes of you and/or scott reviewing, but it was picked up by patch pilot and merged
<RoAkSoAx> adam_g: yeah i saw that. I'll fix that now
<caution> do the commands in /etc/rc.local get run more than once each boot?
<adam_g> RoAkSoAx: thats the second time thats happened with that branch, btw
<RoAkSoAx> adam_g: i wonder why the branch reviewer doesn't check that the upload failed... or maybe, they don't even upload and that's why they never realize :)
<pedja_> Anybody has suggestion on Certificate Authority software to use on Ubuntu/Debian to replace NewPKI?
<offdutypirate> pedja_, managing a private CA?  Would tinyCA work for you?
<pedja_> tiny CA is ok but I was thinkin of something that would  (semi) automaticalu publish CRL or act as OCSP
<pedja_> I was thinking of using OpenCA which has no ubuntu package
<pedja_> I wonder what people usually use for CA management?
<SpamapS> I don't think most people do CA management. :)
<SpamapS> chain certs are pretty cheap
<offdutypirate> pedja_, I'd agree with SpamapS
<SpamapS> wtf.. openca has an Ubuntu *RPM*
<SpamapS> with 285 downloads.. heh
<pedja_> It's just that I tend to use certs a lot (for example entire lab for wireless access and for vpn clients)
<RoyK> demolition: have you tried setting a static ip?
<pedja_> SpamapS, yes that's odd, and also I am reluctant to create CA infrastructure on software that is not guaranteed to survive OS upgrade
<pedja_> so I would rather user something packaged
<SpamapS> hah, nothing is guaranteed to survive os upgrade. :)
<hallyn> Ursinha: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase  the untouched bugs link seems to point to a bogus list right now... ?
<Skunk> bios?
<SpamapS> pedja_: looks like it should be relatively simple to package
<SpamapS> pedja_: autotools.. apache license..
<pedja_> SpamapS,  once I have upgraded proxy machine with  nobody  practically noticing :), I just love apt-get.  I'll try openCA,  to see if it can be actualy used on Ubuntu since it has RPMs
<SpamapS> pedja_: its got a source tarball
<SpamapS> pedja_: I'd be willing to bet that just doing 'dh_make' in that dir will produce a working package.. though you may need to add an init script/upstart job
<RoyK> ubuntu rpm... I wonder what those guys are smoking...
<SpamapS> Probably a running joke there
<pedja_> seems like nice software; I'll give it a try
<SpamapS> like, if somebody emails them asking how to make it work, they send him to [ insert awful video url ]
<demolition> RoyK: Are you around?
<RoyK> demolition: yeah
<RoyK> a bit longer...
<demolition> I have tried setting up a static one
<blkperl> adam_g: precise is no longer installing....
<RoyK> demolition: did it work?
<demolition> no
<demolition> moment, I am going to reproduce
<RoyK> wierd... I'm currently logged into a box with that running just fine
<RoyK> machine is running 10.04.3
<Skunk> I see ubuntuone-client, but it looks like it wants to install all of x11 .. is there a CLI version?  Is libubuntuone1.0-cil in the right direction?
<RoyK> demolition: I'll be leaving now, but afaics the magick done on that box is adding http://paste.ubuntu.com/763204/ to /etc/network/interfaces - good luck...
<demolition> wait
<demolition> it is done
<demolition> the trick was to use ipv6-addr, gateway, netmask, not ipv6-addr, netmask, gateway in order in interfaces
<caution> how do I add a command to startup that behaves in the same way as if I had run it myself in a terminal?
<andol> caution: wrap it within a bash script which sources /etc/profile as well as ~/.profile?
<caution> and then add it where, rc.local?
<andol> caution: Well, if you want it to run as a specific user it might be easier to put it in that users crontab, specifcing the "time" @reboot
<Nafallo> andol: +1
<RoyK> demolition: if you get the route ok, why would you need the gateway_
<RoyK> ?
<robos> hello: anyone know why this is happening when i run mount -a? mount.nfs: mount to NFS server '192.168.2.1:/mnt/disk2' failed: RPC Error: Program not registered
<RoyK> robos: is the portmapper running?
<robos> portmap
<robos> yes, it's running
<Cant_Winn> hey ppl, I am trying to install an iFolder server on 10.04LTS and it keeps giving me an error when I try to set it up... think anyone here might have an idea? http://pastebin.com/RGxdRxJd
<Cant_Winn> ..dang
<Ursinha> hallyn: will look
<hallyn> thx (i'll be leaving soon)
<utlemming> smoser: are you around?
<JokesOnYou77> Hi all.  I'm running a remote server for downloading large files and torrents, and after setting up the transmission Web UI and starting a large download I've lost the ability to connect to the server.  This has happened before with the connection restored once the download was complete.  What I want to know is if this was because of bandwidth or RAM
<JokesOnYou77> Or something else...
<uvirtbot> New bug: #901482 in lxc (main) "lxc should nest under init's cgroup" [Medium,Triaged] https://launchpad.net/bugs/901482
#ubuntu-server 2011-12-08
<smoser> utlemming, here now.
<josePhoenix> Hello all
<josePhoenix> I just updated apport (which I assume is part of the default set of packages?) and the service was unable to start afterwards. Should I be worried?
<josePhoenix> Hmm. It looks like it's disabled now, but then shouldn't it not try to start the service at all? >.>
<SpamapS> josePhoenix: can you explain why you think it wsa unable to start?
<josePhoenix> SpamapS: I just did apt-get upgrade and saw the following lines in the output:
<josePhoenix> "Setting up apport (1.23-0ubuntu4) ..." "start: Job failed to start" "invoke-rc.d: initscript apport, action "start" failed.""
<josePhoenix> When I tried 'service apport start', I got "start: Job failed to start"
<nonsenso> josePhoenix: anything useful in syslog?
<josePhoenix> It looks like exactly this bug from April in terms of errors. https://bugs.launchpad.net/ubuntu/+source/apport/+bug/767498
<uvirtbot> Launchpad bug 767498 in apport "package apport 1.20.1-0ubuntu3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Critical,Fix released]
<SpamapS> josePhoenix: so, do you have the fixed version?
<josePhoenix> Yup, 1.23-0ubuntu4
<josePhoenix> I'm going to try purging and reinstalling the package
<josePhoenix> Nope, still failed.
<josePhoenix> Hm. The latest version of the package seems to be installing a script broken in the same way described on that launchpad bug
<josePhoenix> I removed /etc/init/apport.conf to be sure and reinstalled.
<zul> smoser: it does
<zul> ?
 * zul is boggled
<smoser> seems to work, yes.
<blkperl> so precise is trolling me, it installs on virtual machines but not on a dell precision 380
<chrislabeard_> What is the best web panel nowadays ?
<blkperl> web panel?
<chrislabeard_> yeah for LAMP
<chrislabeard_> or to manage a lamp server
<blkperl> http://en.wikipedia.org/wiki/Comparison_of_web_hosting_control_panels
<Resistance> how can i tell apt-get/aptitude to *not* upgrade a package using a backports PPA?
<SpamapS> Resistance: pinning
<Resistance> SpamapS:  how do i pin the php5-* packages then?
 * Resistance backported php from oneiric to natty, but doesnt want to update php on this particular server *unless* the update comes from the main repos (i.e. not the ppa)
<Resistance> other software exists in the ppa which needs to remain installed, so removing the PPA isnt an option
<SpamapS> http://jaqque.sbih.org/kplug/apt-pinning.html  is pretty good
<SpamapS> Resistance: basically you would list it in /etc/apt/preferences
<SpamapS> Resistance: man apt_preferences
<Resistance> thanks
<Resistance> will aptitude honor the pin as well?
 * Resistance uses aptitude over apt-get
<SpamapS> Resistance: I don't, so I don't know.
<qman__> I think a better solution in your case would be to install the package, then remove the PPA
<qman__> if you don't want any updates from that PPA, it'll just keep your version because it's newer
<Resistance> well since its my own PPA of backports...
<Resistance> broder said use one PPA for staging, another for deployment
<qman__> if you pin it it won't update at all, which works, but you then have to manually update again later
<Resistance> (which would of course eliminate this issue altogether)
<Resistance> s/said/recommended to/
<qman__> also a good plan
<Resistance> well this way i dont flood the deployment ppa with failed builds xD
<Parand> I'm having trouble getting ubuntu-vm-builder to create a guest i can access. Is this the right place to ask for help?
<koolhead11> hi all
<koolhead11> lynxman: around
<jamespage> good morning
<lynxman> morning o/
<RGUYASD> hail !
<RGUYASD> what do i need for " make xconfig " to work ?
<RGUYASD> guys
<ersi> AFAIK you need Qt installed
<ersi> A good question is why you're doing graphical installation on a server
<RGUYASD> yeah how do i get it ?
<RGUYASD> i'm using ubuntu
<RGUYASD> Unable to find the QT4 tool qmake. Trying to use QT3
<ersi> apt-get install qt4-qmake perhaps
<RGUYASD> i'm using ubuntu desktop not server but nobody bothered to answer my question in there
<ersi> Great goign
<ersi> I'll go back to fiddling with our servers now
<RGUYASD> ok thanks for the help
<kaushal> Hi
<kaushal> I am referring to https://help.ubuntu.com/community/KVM/Managing
<kaushal> I get "No console available for domain"
<kaushal> Any clue please
<kaushal> apologies
<kaushal> How do i get into VM in linux KVM
<kaushal> basically how do i get into the vm to edit network physical IP
<alex88> hi guys, actually libtiff-dev requires libjpeg6 but i wanted to installad libjpeg8 instead, how can i force the dipendence, maybe just set libjpeg6 as installed and install libjpeg8c from source
<caribou> I have a question for the Ubuntu virtualization team :-)
<caribou> or any member of that team
<drt24> caribou: in general ask the question rather than asking to asks (I am not a member of that team though)
<caribou> drt24: I don't want to sound rude, but the last time I asked, it just got lost in the flow of the conversation
<caribou> I'm dealing with a bug on vmbuilder that I'm able to reproduce
<caribou> I 'heard' rumors that vmbuilder was being phased out
<caribou> I wanted to check that before pushing the bug further
<drt24> caribou: yes that tends to happen, sorry.
<caribou> drt24: oh, don't worry I do miss a lot of stuff too
<caribou> depends on the activity in the room
<soren> caribou: Noone's actively maintaining VMBuilder, no. It gets the odd bug fix, but that's it.
<caribou> soren: ah, ok.
<caribou> soren: the bug I'm working on involves file system corruption when using -raw devices
<caribou> soren: I'll see if I can identify the portion of code involved
<soren> hallyn: The changelog says: "Fix default network autostart symlink disappearing on upgrade", but it's really quite the opposite. It re-appears even if you've removed it.
<caribou> soren: what is the alternative to vmbuilder these days ?
<soren> caribou: IIRC, http://live.debian.net/
<caribou> soren: thanks I'll give it a look
<soren> hallyn: Or am I confused?
<soren> hallyn: HAving the link reappear used to be the problem. Did that get fixed and now you're trying to fix a new problem that appeared?
<hallyn> soren: historically, if you removed the symlink it would always reappear, bc the symlink shipped as a file part of the pkg
<soren> hallyn: Right.
<soren> hallyn: I thought that was what you were fixing, but I gather that has been addressed earlier?
<hallyn> then i thought i fixed it, but i did it wrong, so that it disappeared for anyone upgrading from old version
<soren> I see, ok.
<hallyn> iow, it maintained the link if it exists,
<hallyn> but as part of the upgrade, the file went away, so it never existed at postinst time
<soren> Right.
<jason00> hello
<hallyn> so for anyone who upgrades now from oneiric to precise, it should do the right thing.
<jason00> should my system not re-generate the NICs if I delete 70-persistent-net.rules and reboot?
<soren> hallyn: When did this change land? (the one that solved the link constantly reappearling)
<soren> jason00: yes
<soren> jason00: Oh, wait.
<soren> jason00: No.
<jason00> are you sure? I was... literally... positive it would.
<jason00> did I whoopsie? :(
<soren> jason00: Sorry, yes :)
<jason00> IM CONFUSED
<soren> jason00: No, I was just confused. I got the numbers mixed up.
<jason00> :P
<hallyn> soren: i'm at the wrong laptop right now to check the changelog.  it was very recently though
<hallyn> i think last friday
<soren> hallyn: In precise?
<soren> hallyn: Or somewhere else as well?
<hallyn> yes - i'm SRUing it eventually
<soren> hallyn: Ok, let me think this through. My input yesterday was based on my (wrong) assumption that it was the originial problem you were adressing.
<jason00> soren: I deleted the 70-persistent-net.rules file and rebooted hoping it would regenerate. It regenerated my onboard NIC, but not my PCI NIC. I did however just run sudo ifconfig eth0 up and I see it again...
<hallyn> but so far only in precise
<jason00> I wonder if I reboot now that it's up if it'll repopulate its entry in the 70 persistent file?
<hallyn> soren: why, are you having trouble with the new package?
<soren> hallyn: Haven't tried it. It's just a slightly different problem, so I want to make sure my suggestions were sound.
<soren> hallyn: I hadn't realised you had already uploaded it, so I was reviewing the debdiff.
<hallyn> oh, i see
<hallyn> if you're upgrading from an old version, it'll detect that symlink is htere (or not), and recreate it when pkg deleted it;  if from newer version (i.e. henceforth) it'll just let it keep existing
<hallyn> (and if upgrading from one of the last few, broken, versions, it recreates it)
<soren> hallyn: Instead of enumerating all the broken versions, you should use dpkg --compare-versions.
<soren> Well, not "broken", but ykwim.
<hallyn> thanks, that sounds nicer
<alex88> hi guys, how can i reinstall a package with apt-get?
<hallyn> i'll look it up and change it - though i was sort of hoping it would be reasonable toremove that bit after awhile :)
<hallyn> apt-get install --reinstall pkg
<soren> hallyn: Actually, you can fold that into the first conditional ("if -z $2")
<soren> hallyn: So you'd replace "if -z $2" with..
<jason00> wow. I'm super confused.
<jason00> my other NIc entry is still not in 70 persistent net rules :(
<jason00> can I just copy the first and swap the eth # and mac addr?
<soren> jason00: Sure.
<hallyn> soren: yeah, sounds good.  (yesterday i just wanted to keep things split to think things through clearly :)
<jason00> I'm baffled as to why its not coming back. maybe I need to delete the entire file now that I have the interface up.
<jason00> har har har
<jason00> that may be it...
<soren> hallyn: Sure, and that's fine. Feel free to keep it that way, if it helps you grok it going forward.
<soren> hallyn: As for when we can drop it: The first upload to precise+1.
<soren> hallyn: You can make a comment to that effect in the file itself.
<hallyn> soren: and why exactly is that?  there's a rationale spelled out somewhere?
<soren> hallyn: Working on it :)
<hallyn> :)
<soren> hallyn: We support upgrades from LTS to LTS.
<soren> hallyn: ...and we support upgades from the release immediately preceding the LTS to the LTS.
<soren> hallyn: ..and we sort of support upgrade from anywhere in the dev cycle to the final release.
<soren> hallyn: This problem only existed during the precise dev cycle.
<ogra_> "sort of"
<soren> hallyn: Do you disagree?
<soren> hallyn: So the only situation where you cuold reasonably see this is when you're upgrading from mid-cycle precise to final precise.
<soren> hallyn: Hence, the first upload to precise+1 doesn't need to worry about it.
<hallyn> soren: meaning that before upgrading to the LTS, you're supposed to do a dist-upgrade first?
<hallyn> if that is the case (as i recall reading) then that (removing it at first p+1 upload) does make sense
<soren> hallyn: Yes.
<jason00> hmm, whats the command for rebooting dhcp service? I thought it was sudo service dhcp3 stop/start etc
<patdk-wk> dhcp3-server
<jason00> unrecognized service
<patdk-wk> maybe your using dnsmasq?
<jason00> no idea?
<jason00> Its a pretty vanilla install
<patdk-wk> hpow should I know\
<patdk-wk> you mean the dhcp client?
<jason00> I'm setting this up as a server. I didn't do anything other than install ubuntu and fog + ltsp, which both use dhcp
<jason00> I'm just not sure I can get them to play nice on the same box with 2 NICs
<zul> good morning
<hallyn> soren: now the q is only whether I can remember that reasoning in a few months :)  (i'll write it down to add as comment to the src on next upload)
<hallyn> soren: thanks
<soren> ogra_: Do you disagree?
<soren> ogra_: On the "sort of"?
<ogra_> soren, well, no, but the sort of actually means that we dont really care in some cases for dev -> final updates
<ogra_> (which we actually often dont do, often it is just release noted in the milestone wheer we fixed it)
<soren> ogra_: Yeah. I would consider the bug valid..
<soren> ogra_: ...but probably not worry a whole lot about fixing it.
<ogra_> yeah
<soren> ogra_: hence "sort of" :)
<jason00> seems as if 70 persistent net rules is being a brat
<soren> It depends on teh bug, really.
<jason00> only finds 1 of the devices, or 3, but only 2 exist
<jason00> it wont find just two
<ogra_> just release note it for alpha2 :)
<hallyn> ogra_: which are you talking about right now?  my libvirt snafu, or something else?
<ogra_> nothing specific ... just the statement that we support in-dev-release upgrades
<ogra_> or dev to final
<ogra_> we often dont, even though we try to
<ogra_> and just release note the issue
<hallyn> ok
<jason00> sweet
<jason00> now its not re-generating 70 persistent net rules
<jason00> nice
<pmatulis> jason00: you erased the file?
<jason00> yes
<pmatulis> jason00: it used to be re-generated on older releases, what are you running?
<jason00> 11.10. it regenerated fine about 2 or 3 times. I kept deleting it because each time it populated, it populated the wrong mac addresses. It was rather baffling. Now all of the sudden, it wont regenerate.
<jason00> to make things worse, I hit "shut down" instead of restart accidentally. once I hit the power button to turn my server back on, it wouldnt turn on.
<jason00> really?
<pmatulis> jason00: hm, i wouldn't expect it to re-gen on 11.10, maybe that funct. was restored
<jason00> if it doesnt regenerate, what other option is there pmatulis ?
<pmatulis> jason00: copy from another system?
<jason00> lol
<jason00> thats really the answer?
<jason00> hello we removed functionality so plz install another instance to copy it over
<pmatulis> jason00: dunno if that's the only answer
<soren> jason00: What do you mean "the wrong mac address2?
<soren> s/2/"/
<pmatulis> jason00: you don't have network so hard to use apt
<jason00> soren: the one time I booted up, it populated 3 network cards. 2 of them were incorrect in terms of their mac address.
<jason00> the 3rd one was fine
<soren> jason00: How are they "incorrect"?
<jason00> I just want the system to, A, power on since it wont turn on all of the sudden, and B, put in the 2 proper NICs I want to use in the system
<jason00> their mac address
<jason00> is completely incorrect
<soren> jason00: Did it just make up random macs?
<jason00> what?
<jason00> no
<jason00> er
<jason00> yeah
<jason00> I thought you asked if I made them up
<soren> What are these NIC's?
<soren> Make/model?
<jason00> I'd tell ya if my system didnt shut off and not turn back on...
<jason00> one is atheros...
<jason00> the other I'm not sure. a 3com of some sort.
<soren> Do you have the macs?
<soren> Can I see them, please?
<jason00> I'd tell ya if my system didnt shut off and not turn back on...
<jason00> it didnt match what ifconfig was reporting
<jason00> omg it lives.
<soren> jason00: It'll pass.
<jason00> k, back up and running. still no persistent file.
<jason00> :)
<uvirtbot> New bug: #901710 in nova (main) "[SRU] Meta SRU for openstack updates" [Undecided,New] https://launchpad.net/bugs/901710
<smoser> RoAkSoAx,
<smoser> so i insatlled obbler on oneiric (orchestra-server)
<smoser> turned on a system that pxe booted from it.
<smoser> i supposed i would get the option to "cobbler-enlist"
<RoAkSoAx> smoser: nope
<RoAkSoAx> smoser:
<RoAkSoAx> smoser: the cobbler-enlist feature is not on a mini iso
<smoser> so how would i cobbler-enlist?
<smoser> the menu i spoke of is the pxe menu
<smoser> (not the iso menu)
<RoAkSoAx> smoser: plug in your ubuntu server iso and there would be a menu to cobbler enlist (this is before having a system in cobbler)
<RoAkSoAx> smoser: well cobbler-enlist is the ISO menu
<RoAkSoAx> smoser: in precise we will have a pxe menu with cobbler enlist
<smoser> ah. ok.
<smoser> thanks.
<zul> SpamapS: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/901710
<uvirtbot> Launchpad bug 901710 in nova "[SRU] Meta SRU for openstack updates" [Undecided,New]
<smoser> RoAkSoAx, ping again
<RoAkSoAx> smoser: shoot
<smoser> what would be the easiest way for me to pulug in a "run this script in-target" late command.
<smoser> it seems  like a general snippit for that would be nice.
<RoAkSoAx> smoser: yeah I think a snippet would be best too
<RoAkSoAx> smoser: but use a ksarg variable to fill the command for that snippet
<semiosis> anyone here using OpenJDK 7 on Oneiric?  after installing on a new machine, of the 41 executables installed by java, 13 point to Java6 (including the 'java' command) and 28 point to Java7 (including the 'javac' command)... https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/901758
<uvirtbot> Launchpad bug 901758 in openjdk-7 "Mixed Java command versions after installing openjdk-7-jdk" [Undecided,New]
<zul> smoser: http://paste.ubuntu.com/763912/
<zul> ^^^ review please :)
<uvirtbot> zul: Error: "^^" is not a valid command.
<smoser> suo sucks
<smoser> su
<SpamapS> zul: ok thanks
<smoser> the only comment i have is that you might as well do:
<smoser> +exec su -s /bin/sh -c "exec glance-registry" glance
<smoser> as otherwise, i think you have:
<smoser>  su waiting for sh, sh waiting for glance-registry
<smoser> this will change that to
<smoser>  su waiting for glance-registry
<zul> smoser: k thanks
<smoser> but test
<smoser> :)
<rbasak> RoAkSoAx: ping
<rbasak> RoAkSoAx: https://github.com/cobbler/cobbler/issues/8 - will this affect precise? I get the impression this was a regression with the csrf protection, looking at it in case oneiric-security causes a regression
<rbasak> I can't figure out how to reproduce it from the instructions given
<RoAkSoAx> rbasak: I just tested it on precise's cobbler and it doesn't seem to be affected
<rbasak> RoAkSoAx: OK, thanks. I'll go ahead with the backport without the fix
<RoAkSoAx> rbasak: but the bug report is for cobbler 2.3.1-1 while in precise we currently have cobbler-2.2.2
<ogra_> smoser, Daviey, https://lists.ubuntu.com/archives/ubuntu-users/2011-December/255178.html ... is there any place i could point that guy from the ubuntu-users ML to ?
<rbasak> RoAkSoAx: please could you review lp:~racb/ubuntu/oneiric/cobbler/security_201112 - it's a bundle of all the security updates for oneiric, including the csrf bug
 * zul lunches
<smoser> is this openstack, ogra_ ? there is a large amount of missing information there.
<RoAkSoAx> rbasak: will addd it to my todo for today ;)
<rbasak> thanks :)
<ogra_> smoser, thats why i ask here, do you guys have an EC2 support ML or some such ?
<ogra_> seems unlikely that he will get the right info (or be asked for the right logs etc) on the ubuntu-users ML
<smoser> i dont think that is ec2
<smoser> but there is an ubuntu-cloud mailing list
<smoser> which would be more relevant.
<ogra_> thanks, i'll point him there
<smoser> thanks ogra_
<jamespage> is it possible to configure multiple network interfaces through preseeding?
<koolhead17> hi all
<tash> hi, trying install Ubuntu server 10.04 on a system that already had a version of Red Hat installed with LVM. During install, it cannot partition the drive b/c an LVM exists. It says I have to remove that first.  I don't know how, can someone help?
<blkperl> tash: i think you want vgremove and pvremove
<tash> can I run that from the installer though? Or do I have to boot to the hard disk?
<blkperl> if the installer has a shell and lvm commands yes
<hallyn> drat.  i've managed to make sudo not setuid-root.
<hallyn> yay, found an open root shell
<smoser> RoAkSoAx, http://pad.daviey.com/smoser-cobbler-late-command is what i came up with.
<smoser> looks reasonably usable. other than needing to add a snppiit file.
<tash> blkperl: do you know which to use first? vgremove pvremove
<tash> that order?
<zul> smoser: you might want to change the password while you are there as well
<patdk-wk> vgchange first :)
<patdk-wk> to deactivate it
<tash> patdk-wk: vgchange <drive> or just vgchange?
<patdk-wk> vgchange -a n volgroup
<patdk-wk> basically, unmount it first, before you mess with it :)
<tash> this would be easier if I was not remote ... I don't have a way of connecting remotely and have to walk someone through it
<tash> so, to find the volgroup, will 'mount' tell me that?
<tash> hmm, vgdisplay may do the trick to show me that, no?
<marut> vgdisplay
<marut> vgs
<marut> vgscan
<marut> etc
<robo_> what is the expected behavior if i bring up a network interface using an IP address already in use?
<robo_> i did that by accident last night and i don't see anything in the error log and it let me do it
<RoAkSoAx> smoser: cool, I'll look inot it further.. though I also wanna separate the late command template into a common place to be re-used
<RoAkSoAx> instead of manually adding it to each .py file we create
<smoser> that makes sense.
<smoser> which woudl then make *that* thing able to use python dirctly.
<RoAkSoAx> indeed
<smoser> i also thought of having just by default running scripts in run-parts order from /var/lib/cobbler/late_command.d
<smoser> or something
<smoser> early_command.d would also be possible
<RoAkSoAx> yeah that'd also be like a good idea
<smoser> then all i have to do is put stuff in that directory rather than modifying
<RoAkSoAx> smoser: yeah
<zul> RoAkSoAx: have you thought of moving redhat snippets and ubuntu snippets in their own directories?
<RoAkSoAx> zul: what I was thinking is just to be: ubuntu_abc_xyz, ubuntu_123_456 and so on
<RoAkSoAx> zul: but organizing into files sounds like a good idea
<RoAkSoAx> err into directories*
<RoAkSoAx> zul: so snippets/ubuntu/orchestra/ too then
<smoser> RoAkSoAx, i thought i read that there is some provision for using distro specifcik kickstart scripts...
<smoser> something..
<RoAkSoAx> smoser: https://fedorahosted.org/cobbler/wiki/KickstartSnippets
<RoAkSoAx> /var/lib/cobbler/snippets/per_distro/$snippet_name/$distro_name
<RoAkSoAx> under "Advance Snippets"
<smoser> utlemming, https://bugs.launchpad.net/ubuntu/+bug/901826
<uvirtbot> Launchpad bug 901826 in ubuntu "cloud image tarballs have -generic kernel" [High,Confirmed]
<smoser> RoAkSoAx, right. thats what i read.
 * utlemming looks
<incorrect> is there another kernel i should use for kvm other than -server?
<smoser> incorrect, you *can* use -virtual
<smoser> but it may not have everything you want.
<smoser> its just smaller, less modules and drivers
<incorrect> just wondered if there was one that would be better suited
<utlemming> smoser: I'll have a code review shortly for you on that
<utlemming> smoser: that's a one line fix
<orudie> how can I update phpmyadmin if i installed it with apt-get ?
<pmatulis> orudie: what version do you have now and what release of 'buntu are you using?
<ajmitch> SpamapS: fwiw, I've got a php 5.4.0 rc2 package in progress, waiting on the PPA buildds to tell me how it goes. I based it off the beta2 package in experimental
<RoyK> orudie: uninstall phpmyadmin and reinstall it from source - see #phpmyadmin for details :Ã¾
<utlemming> smoser: fix submitted for merge approval
<utlemming> https://code.launchpad.net/~utlemming/vmbuilder/automated-ec2-builds.901826/+merge/85018
<hallyn> ahs3: have you had a chance to look at the netcf updates?
<ahs3> hallyn: sigh.  not yet :(.  day job has been getting in the way.  do you have deadline you want to meet?
<hallyn> ahs3: not particularly, it just occurred to me as i was considering doing the MIR.  Though I do think the libnl switch will make the difference in debian's libvirt being able to link against it.
<hallyn> to be clear: ic an't upload to it myself, right?
<ahs3> hallyn: ah, good to know.  no, you need to be a DM or DD so that you're in the keyring.
<ahs3> i'm hoping to get to it tomorrow...but none of this week has gone as planned :)
<hallyn> ahs3: i know how it goes :)   thanks much
<ahs3> hallyn: np.  sorry for the delays
<hallyn> Daviey: played with netcf on new precise install, working fine.
<raubvogel> Anyone doing syncrepl proxy in ldap?
<baffle> raubvogel: Syncrepl proxy? We use olcSyncProvConfig ..
<baffle> raubvogel: syncprov I mean.
<raubvogel> baffle: I want to do this: http://www.openldap.org/doc/admin24/replication.html#Syncrepl%20Proxy and am not getting the ldap proxy part of the show
<raubvogel> Reason is I want the master/provider to push the data to the replicas since master is behind nat
<kaje1> I'm getting an error trying to start a VM on my Ubuntu 10.04 server. "Error starting domain: could not remove profile for 'libvirt-672b346a-65d4-41be-96f9-a83ef556efb2'"
<kaje1> I think it started after a recent upgrade to some libvirt packages...
<kaje1> Anyone else experiencing this?
<kaje1> Any suggestions?
<tash> sighs, I lost my notes on partitioning a drive for ext4 manually
<tash> fdisk?
<baffle> raubvogel: Oh, that's not like our setup.
<baffle> raubvogel: I think we do master master master replication. :)
<raubvogel> baffle: what I had before was a garden-variety delta syncrepl. And It made sense to me. But I have not wrapped my mind int he syncreply proxy thingie.
<smoser> RoAkSoAx, have you ever seen this?
<smoser> i did a precise install from cobbler/orhestra
<smoser> it got through, disabled netboot, and then it boots, i see a flicker of the selection screen, then "press a key to reboot"
<smoser> as if its not falling back to the disk
<smoser> if i select the disk to boot from rather than network, all is well (ie, the disk *does* boot fine).
<hallyn> ahs3: Daviey: http://paste.ubuntu.com/764276/  libvirt hookup to netcf was as trivial as you'd hope
<ahs3> hallyn: very sweet.  well done :)
<hallyn> ahs3: had to make sure that would work before doing the MIR :)
<hallyn> cause otherwise wouldn't i feel the fool
<ahs3> sheesh.  details, man
<hallyn> ahs3: say, now, if i ITP another package, does it ever happen that people jsut happen by willing to sponsor it, or does one always need to basically ping someone directly?
<baffle> hallyn: Oh, netcf + libvirt in Ubuntu? Been waiting for that for a while. :)
<hallyn> baffle: good to hear :)  but netcf won't be built into libvirt until it's in main
<ahs3> hallyn: it can always go in the mentors queue.  someone may get interested and sponsor it, or you may get impatient and poke someone
<hallyn> ahs3: ok, thx.  i'l lworry about that after MIRs
<RoAkSoAx> smoser: hardware or VM?
<RoAkSoAx> smoser: is this with latest cobbler?
<RoAkSoAx> smoser: if it is a VM, it might be becaus eof the recent change to the PXE file. so in /var/lib/tftpboot/pxelinux.cfg/01-<mac-address> change KERNEL chain.c32 to LOCALBOOT -1
<kaushal> is there a step by step guide to configure syslog-ng on Ubuntu Server 10.04 and point all clients to this Syslog-Ng server ?
<jmedina> kaushal: why dont you follow the official documentation form syslog-ng?
 * jmedina prefers rsyslog
<kaushal> jmedina: ok
<kaushal> How is rsyslog advantages over syslog
<jmedina> syslog is not maintained....
<jmedina> rsyslog is the new default syslog daemon in  ubuntu...
<kaushal> ok
<jmedina> let me give you the link to a canonical document about centralized syslog setup
<kaushal> how do i configure client to rsyslog ?
<jmedina> http://www.canonical.com/about-canonical/resources/white-papers/centralised-logging-rsyslog
<jmedina> and the comparison: http://rsyslog.com/doc/rsyslog_ng_comparison.html
<jmedina> http://rgerhards.blogspot.com/2007/08/why-does-world-need-another-syslogd.html
<jmedina> I use rsyslog as client and server, on the client side I use MySQL as log store, and then I use LogAnalyzer for search and analisis
<jmedina> right now Im generating some reports for a customer
<jmedina> LogAnalyzer it is a web interface, and it is free
<jmedina> I mean on the server side..
<kaushal> ok
<kaushal> jmedina: Thanks a lot
<jmedina> you are welcome :)
<hazmat> kees, out of curiosity which ec2 region where you using juju in?
<jmedina> I hope I can publish my document before this year :)
#ubuntu-server 2011-12-09
<kees> hazmat: us-west-1
<hazmat> kees, thanks
<kees> np
<airtonix> sigh, i had this problem long ago enough (and on such an iregular basis) that i forgot how to deal with it, but : https://forums.aws.amazon.com/message.jspa?messageID=257984
<airtonix> SSH_AUTH_SOCK= <normal ssh connection command here>
<zul> SpamapS: fyi https://lists.launchpad.net/openstack/msg06033.html
<SpamapS> zul: yeah very cool. :)
<SpamapS> zul: but does it blend?
<zul> SpamapS: no it dices
<airtonix> http://ap-southeast-1.ec2.archive.ubuntu.com/ubuntu/ seems to be missing
<airtonix> i'm having a hard time searching google for a list of ec2 hosted offical ubuntu repos
<airtonix> nvm it's up again
<airtonix> um...wut? my keystrokes are suddenly being typed as japanese characters on my remote server terminal
<airtonix> why would the character set suddenly change without any apparent reason?
<airtonix> because now i can't configure anything
<airtonix> sigh compiz
<twb> Why would compiz be fiddling with input methods?
<Jeeves_> kirkland: Someone is unhappy: http://deadmemes.net/2010/10/19/fear-and-loathing-in-debianubuntu-or-who-needs-etcmotd/
<twb> Jeeves_: update-motd *was* a clusterfuck
<twb> Jeeves_: it was rolled out in squeeze (or lenny?) DURING the freeze
<twb> The author does seem to capture the feeling I get every time I deal with some new "feature" that has been introduced by Ubuntu
<Jeeves_> :)
<Jeeves_> Unfinished manpages
<Jeeves_> Missing manpages
<twb> A similar thing happens to me wrt. setting PATH correctly at login time
<twb> For some reason when I log in from tramp, /sbin isn't in root's path
<Jeeves_> Ubuntu seems to be focussing on dumb users too much
<Jeeves_> THey don't need manpages
<twb> Because some people might not log in with a sh shell, so PATH setting moved out of there to... somewhere.  Except pam_environment.so doesn't seem to be the culprit &c &c
<twb> Or how they started with "gee desktops boot slowly" and ended up with "OK so now we have a whole new pid 1 and you need to rewrite all your init scripts in this new system where you can't even ask init to kill -9 your pid instead of -15'ing it, and HUP is assumed to DTRT, &c &c
 * twb froths at mouth
<twb> ``If you thought this was fun, hereâs a cool project: figure out how a USB key gets mounted when itâs inserted and what program decides what options to pass to mount(8). Extra credit: change the default permissions used by all USB keys.''
<twb> Oh my gods, I had to do that for hardy and lucid -- FOR FLOPPIES
<twb> You would not believe how hard gnome makes that
 * ersi shrugs
<twb> Haha, looking at the source, the first line is
<twb> apt-get install udisks=1.0.1-1build1 --force-yes # Avoid Ubuntu's "break floppy support" patch (1.0.1-1ubuntu1).
<twb> (Prisons won't allow USB keys; you can't smuggle a floppy up your arse.)
<twb> http://paste.debian.net/148690/ is the active ingredient
<twb> You can't do the same trick as USB users do, because floppies (except LS120s) don't generate a udev event when they're inserted.
<_Techie_> im having a problem with a compiled kernel module, whenever i load it, it outputs http://pastebin.com/HGctHeMC to the syslog
<_Techie_> i have read that it may be caused by compiling against the incorrect kernel sources, is anybody able to verify this?
<gappie> hi. I am runnnig a shell script on system startup using cron jobs, but the script stops running after 20 seconds. Why is it stopping?
<koolhead11> hi all
<lynxman> morning o/
<_johnny> hi, i'm having some difficulties setting up iscsi. if i run -m discovery -p <ip>, it shows a record with the username and password (checked and rechecked, and reset, it *must* be correct)
<_johnny> however, when adding -t sendtarget it can't login or auth
<_johnny> let alone --login
<koolhead11> Daviey: around?
<_johnny> either for "discovery login to x.x.x.x rejected: initiator error (02/01)" (which should mean bad user/pw right?)
<_johnny> or no record (although i can see a record printed out if i just do -m discovery -p <ip>
<_johnny> any ideas as to what i might be doing wrong?
<Randolph> hi all
<koolhead11> zul: ping me once your around
<lynxman> koolhead11: he's in the sprint with me :)
<lynxman> koolhead11: (Daviey)
<koolhead11> lynxman: dash has new home, just came to know via ttx https://github.com/openstack/horizon  all magic/updates happening here
<lynxman> koolhead11: we know :)
<koolhead11> lynxman: hehe. now i know why i was not able to see all the bug fixes as i was using 4P :(
<koolhead11> cool!!
 * koolhead11 just had a #facepalm moment
<zul> if i could only spell
<RoAkSoAx> smoser: did the change to LOCALBOOT -1 trick worked?
<smoser> RoAkSoAx, don't knwo.
<smoser> not tried. dont knwo what that is.
<smoser> and can't spell, but at least its consistent.
<esde> Hello, I have a question,  I'd like to setup a samba share on Ubuntu Server im using for a little test webserver on our intranet. It is Ubuntu 10.04 LTS, we have a Windows Server 2003 Domain setup. I would like to set up a samba share so that I can browse /var/www/ from my windows machine to make adding/editing files easier. Can anyone help with links, or possibly some assistance? Thanks in advance! :)
<RoAkSoAx> smoser: the PXE booted machines swerent falling back to disk thingy... were there VM's?
<RoAkSoAx> smoser: 17:07 < RoAkSoAx> smoser: if it is a VM, it might be becaus eof the recent change to the PXE file. so in  /var/lib/tftpboot/pxelinux.cfg/01-<mac-address> change KERNEL chain.c32 to LOCALBOOT -1
<smoser> RoAkSoAx, real hardware.
<RoAkSoAx> smoser: try that change and let me know
<RoAkSoAx> smoser: though, is it latest cobbler  in precise?
<smoser> oneiric.
<smoser> i have to have something moderately stable to install other machines from!
<smoser> :)
<RoAkSoAx> smoser: heh, then its not that and have no idea what might be wrong
<RoAkSoAx> maybe is better to try the KERNEL chain.c32
<RoAkSoAx> and see if it works
<RoAkSoAx> smoser: i've seen machines not being able to boot due to the "normal" way to tell it to fallback to disk when it PXE's
<RoAkSoAx> smoser: the thing is this: 1. machines pxe boots and installs. 2. machine reboots. 3. machine pxeboots but pxe file tells it to boot from HD. 4. machine boots from HD.
<ejv> i'm having some problems with my ubuntu box and apcupsd. "Error contacting apcupsd @ localhost:3551: Connection refused" Sometimes it works for the first few minutes of the server being on, then it stops responding. Suggestions?
<zul> smoser: why am i getting "not a bootable disk" when trying to use the cloud images
<smoser> how/what are you trying to boot?
<smoser> RoAkSoAx, right. thats how it is supposed to work.
<smoser> and that is (i thikn) how it worked in natty-ppa version of cobbler for me... but that system was far from clean.
<zul> smoser: using nova on precise
<smoser> RoAkSoAx, so this, right: http://paste.ubuntu.com/764976/
<smoser> zul, can i see ?
<smoser> what cloud-image did you try to boot ?
<zul> oneiric
<smoser> what
<smoser> .tar.gz?
<zul> smoser: yes
<smoser> that is not a bootable disk
<smoser> :)
<zul> it isnt?
<smoser> so it will complain "not a bootable disk"
<smoser> you need a kernel for that.
<smoser> but you can use the .img
<smoser> and not deal with a kernel.
<zul> ah ok
<smoser> if you're on precise, use this:
<smoser> cloud-publish-ubuntu --disk x86_64 oneiric my-bucket
<smoser> and be happy
<smoser> zul, how are you uploding to glance? with euca2ools ?
<zul> smoser: yeah
<smoser> so no keystone ?
<smoser> or you have keystone?
<tash> this is driving me crazy. I installed mysql-server on Ubuntu server 10.04.  ps auxf | grep mysql shows that the server isn't running, but when I /etc/init.d/mysql start it says "start: Job is already running: mysql" ... Furthermore, if I do mysql -u root -p and type the root pass I get: "ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' " ... anyone got any tips?
<smoser> ie, does that work ?
<smoser> cause i want that to work.
<zul> no keystone
<RoAkSoAx> smoser: yeah, and you need to copy the chain.c32
<smoser> where does it come from
<zul> syslinux
<RoAkSoAx> smoser: sudo cp /usr/lib/syslinux/chain.c32 /var/lib/tftpboot/
<smoser> yep
<smoser> gracias
<RoAkSoAx> smoser: de nada
<smoser> RoAkSoAx, so... as some small bit of information.
<smoser> my crappy dell inspiron 531 desktop system works with the chain.c32 path, but not hte local -1
<pmatulis> tash: does mysql use upstart on 10.04?
<smoser> and i had probably found that before.
<smoser> RoAkSoAx, how do i make that [semi]permenant
<RoAkSoAx> smoser: apply the patch of precise's cobbler to oneiric package: 61_ubuntu_pxe_chainc32_default.patch
<smoser> RoAkSoAx, ah. so in precise you've made this change.
<tash> pmatulis: yes
<tash> pmatulis: I tried 'start mysql' too
<tash> # start mysql
<tash> start: Job is already running: mysql
<tash> ps auxf | grep mysql still returns nothing
<raubvogel> tash, what if you netmap to find out who is using the mysql port?
<RoAkSoAx> smoser: yes, this change has been made default in precise
<tash> raubvogel: sorry, not familiar with netmap =\
<raubvogel> Er, I meant netstat. I am a lousy typist ;)
<raubvogel> netstat -apn | grep 3306
<tash> raubvogel: nothing
<tash> btw, this last time I did stop mysql I got 'mysql stop/waiting', then I did start mysql and it just sat there looking at me for 3-5 minutes, so I ctrl+c'd it
<raubvogel> Anything on the logs?
<tash> this is weird, b/c I set this up on another server, identical to this one. I should provide a little background that I left out ...
<tash> I did apt-get install mysql-server.  Then, I created /data/mysql and copied 4 databases from another server to this location.  I did chown -R mysql.mysql /data/mysql ... then I cd /var/lib/ ... rm mysql ... ln -s /data/mysql mysql
<tash> so, an ls -l on /var/lib | grep mysql shows something like this "mysql -> /data/mysql/"
<tash> symlink to the datadir I created
<tash> datdir in my.cnf = /var/lib/mysql
<tash> but this is how I setup my other server, and I didn't have this problem that I can recall
<pmatulis> tash: is this a fresh install of lucid?
<uvirtbot> New bug: #902190 in lxc (main) "udev fails to update (oneric host, lucid container)" [Undecided,New] https://launchpad.net/bugs/902190
<tash> pmatulis: yes
<pmatulis> tash: you installed lucid, then installed mysql-server, and it doesn't start?
<tash> it appears so
<tash> I could just remove it and try again I guess
<pmatulis> tash: why 'appears' so?
<pmatulis> tash: any other fiddling?
<tash> b/c it isn't starting ... so a better answer from me would have been "yes"
<robbiew> ttx: ping
<tash> pmatulis: nope
<tash> I've only installed it, php5, php5-mysql and copied some files from another server to this.
<ttx> robbiew: pong
<tash> I lied ... I fiddled with my.cnf to add slave configuration
<pmatulis> tash: i'll be working with 10.04 later today and i'm going to test your claim
<tash> but have since commented it out
<tash> I did apt-get remove --purge mysql-server just now and am rebooting, I'll try to install again
<tash> dang ... same thing. I rebooted after the remove and purge, then apt-get install mysql-server and then when I try to loging to cli I get that same socket error
<tash> and a ps does not show it as running, wtf
<tash> http://pastie.org/2991726
<tash> so weird ... someone must have seen this before, no?  I'll go peruse google's search results I guess
<pmatulis> tash: if mysqld is not running then don't bother trying to connect
<tash> I can't seem to figure out why it won't start though ...
<tash> nothing useful in logs
<pmatulis> tash: maybe strace will help
<tash> hmmm: http://ubuntuforums.org/showthread.php?t=1479310
<tash> search for "There is a bug"
<tash> if that is true it doesn't make sense ... no problems on my other server
<edgy_> hallyn: hi, what's the status of spice support in kvm
<hallyn> edgy: qemu-kvm-spice package in precise should work
<edgy_> hallyn: I launched virt-manager and got Error starting domain: unsupported configuration: spicevmc not supported in this QEMU binary
<hallyn> edgy_: right you need to use kvm-spice, not kvm.  I haven't looked at virt-manager and libvirt support
<edgy_> hallyn: I also tried kvm-splice directly and faced a problem, let me try again
<hallyn> ok
<tash> pmatulis: I commented out bind-address in my.cnf and rebooted, and still nothing sighs
<edgy_> hallyn: shall i launch the command like this: kvm-spice -vga qxl -spice port=5930,disable-ticketing precise.img?
<hallyn> edgy_: yup
<hallyn> then connect with spicec
<hallyn> spice-gtk should work
<hallyn> edgy_: feel free to open a bug about libvirt/virtmanager, btw, bc i do want to get htat working.  just haven't gotten to it
<hallyn> (and not sure how it can work - need to figure out a way :)
<edgy_> hallyn: i though virt-manager is using kvm instead of kvm-spice, why don't you only replace kvm with kvm-spice?
<hallyn> edgy_: question is where, exactly?  qemu-kvm-spice is not in main (bc spice is not in main and not MIR-able).  libvirt is in main
<edgy_> hallyn: I now launched kvm-spice and then followed by spicec -h localhost -p 5930
<edgy_> hallyn: the problem is it's tooooooooooooooo slowwwwwwwwww
<hallyn> hm - wonder if it got compiled without kvm support
<edgy_> hallyn: the booting is very very slow and when I put my login info and logged to kde in precise the splash takes too much time to display the icons
<edgy_> hallyn: and then it logs me off
<PedroGomes> Hi, does anyone knows if I can in preseed define a user as sudoer? I have defined the creation of root and a normal user but the last as no root access
<hallyn> edgy_: could you file a bug?  we switched the source package it came from, something mustve gone wrong
<hallyn> (in the middle of breakfast with the kids, biab)
<edgy_> hazmat: is there a log file or something you need me to attach to the bug?
<edgy_> hallyn: ^
<hallyn> edgy_: fraid not.  i'm pretty sure i'll be able to reproduce, just mention what the guest is, and the dpkg -l qemu-kvm-spice output
<edgy_> hallyn: ok, by the way I am using precise for guest and host
<pmatulis> tash: did you use strace yet?
<edgy> hallyn: what's this qemu-linaro means?
<hallyn> edgy: it's based on qemu.git, and generally builds all the emulators.  only kvm itself comes from qemu-kvm.
<hallyn> edgy: it sits in universe, which is why it can link against spice, which qemu-kvm can't
<hallyn> but the qemu-kvm-spice build is supposed to enable kvm
<edgy> hallyn: and why spice is in universe not main?
<hallyn> edgy: because it's dependencies have been refused for main
<tash> pmatulis: no, sorry ... never used it, let me man it
<hallyn> it picks some out-there image libraries which noone is maintaining which, frankly, i'd rather not maintain myself anyway, so i'm not too bothered by it
<tash> pmatulis: how would you suggest I use it?
<tash> pmatulis: interesting from syslog: http://pastie.org/2991954
<edgy> hallyn: https://bugs.launchpad.net/ubuntu/+source/qemu-linaro/+bug/902237
<uvirtbot> Launchpad bug 902237 in qemu-linaro "proper spice support is missing from kvm-spice and virt-manager" [Undecided,New]
<kermit> how do i get spaces into a sysctl.conf value
<hallyn> edgy: thx
<JanC> hallyn: if by that image library you mean "libpixman", that seems to be in main already?
<hallyn> JanC: cegui-mk2 xerces-c2 ois devil allegro4.2 dialog svgalib freeimage
<hallyn> (dialog was already MIRd since i made that list, the rest not)
<RoAkSoAx> rbasak: just uploaded the security fixes for cobbler, could you please subscribe 1 of the bug reports to ubuntu-security so its taken care of thorugh there?
<RoAkSoAx> mdeslaur: ping. Hey I have a quick question. Do security updates now have to be uploaded to -proposed instead of -security?
<mdeslaur> RoAkSoAx: no, security updates get uploaded to -security, unless it's something we're _really_ not sure about
<mdeslaur> RoAkSoAx: are you talking about something specific?
<RoAkSoAx> mdeslaur: I just sponsored an upload  (changelog is oneiric-security) and itrejected.. so I was wondering whether I should have uploaded to oneiric-proposed
<RoAkSoAx> s/itrejected/it was rejected/
<mdeslaur> RoAkSoAx: only the security team can handle security uploads
<mdeslaur> RoAkSoAx: what bug #?
<RoAkSoAx> mdeslaur: whole bunch of them really, but I uploaded the branch here: https://code.launchpad.net/~ubuntu-branches/ubuntu/oneiric/cobbler/oneiric-proposed
<RoAkSoAx> the original one is: https://code.launchpad.net/~racb/ubuntu/oneiric/cobbler/security_201112
<RoAkSoAx> though I think given the amount of patches, it would be best to get it to -proposed first
<mdeslaur> RoAkSoAx: ok, so me or someone else on the security team needs to build it in the special security team PPA, and from there, we either QA it, or we can push it to -proposed if we're unsure
<mdeslaur> RoAkSoAx: this is only for oneiric?
<mdeslaur> RoAkSoAx: oh, hrm, there are security fixes mixed with regular fixes in there
<mdeslaur> RoAkSoAx: so we have two options, we build the packages with only the security fixes, test them, and push them to -security, at which point the other bug fixes can be pushed to -proposed
<mdeslaur> oh, wait a sec, I'm slightly confused
<mdeslaur> RoAkSoAx: ok, so it's all security patches except for the trivial one that adds precise
<tightwork> I am trying to install opennebula-sunstone and I get failure: http://dpaste.com/670890/ what is going on?
<mdeslaur> RoAkSoAx: I'll build it in the public security ppa, and then we can decide if we QA and release or push to -proposed, is that ok?
<RoAkSoAx> mdeslaur: that works for me
<RoAkSoAx> mdeslaur: thanks :)!
<mdeslaur> RoAkSoAx: I'll let you know once it's built
<RoAkSoAx> mdeslaur: awesome! thanks!
<mdeslaur> RoAkSoAx: you're welcome! Thanks for preparing it
<tightwork> There seems to be a horrible problem with ruby, rails and the opennebula package
<tightwork> meh, its only ruby who uses ruby anyway
<zul> jdstrand: hey can you do a quick review of python-nosexcover for me?
 * kees attempts to parse that package name
<zul> kees: yeah...welcome to my life ;)
 * ajmitch wasn't going to comment on that one, too easy...
<ajmitch> so this is great, I have a php5 package that I can build in a PPA with a 12 hour queue, but not in pbuilder
<kees> because nose-xmlcoverage is too long
<mdeslaur> RoAkSoAx: actually, since there's already a version in -proposed, I'll wait until it gets released, and I'll build a security update on top of that
<RoAkSoAx> mdeslaur: I bzr push that branch into -proposed, but haven't upload it yet. So should I just go ahead and make the upload to -proposed?
<mdeslaur> RoAkSoAx: can't do that. security fixes need to go through -security, and -security needs to be built in a special way (without -updates)
<mdeslaur> RoAkSoAx: revert your commit to -proposed, and wait until next week and I'll push the security fixes
<RoAkSoAx> mdeslaur: cool, will do, thanks
<mdeslaur> RoAkSoAx: security fixes are slightly complicated, because the -security pocket can be used by people without using the -updates pocket
<mdeslaur> RoAkSoAx: so they need to be built in a special PPA that doesn't have -updates enabled to make sure the dependencies are calculated properly
<RoAkSoAx> mdeslaur: understood :)
<uvirtbot> New bug: #902299 in augeas (main) "lens for mdadm.conf doesn't know to look in /etc/mdadm" [Undecided,New] https://launchpad.net/bugs/902299
<jdstrand> zul: I will give it a shot, it is possible it will be weekend/monday
<RoAkSoAx> .win 2
<zul> jdstrand: k thanks
<tash> does anyone know how apparmor will allow mysql to start :(
<tash> ec  9 13:37:59 cain kernel: [ 8321.348367] type=1503 audit(1323459479.937:1021):  operation="open" pid=20239 parent=1 profile="/usr/sbin/mysqld" requested_mask="rw::" denied_mask="rw::" fsuid=103 ouid=103 name="/data/mysql/ibdata1"
<pmatulis> tash: what user is mysqld running as?
<jdstrand> tash: you need to add /data/mysql/ to your profile
<zul> Daviey: so i played a bit with setting the nova user to /bin/false but it caused a bit of havor
<zul> havoc even
<jdstrand> tash: eg, in /etc/apparmor.d/usr.bin.mysqld add:
<jdstrand> /data/mysql/ r,
<jdstrand> /data/mysql/** rwk,
<jdstrand> tash: then do appamor_parser -r /etc/apparmor.d/usr.bin.mysqld
<Daviey> zul: what happend?
<zul> Daviey: permissions when changing files when creating the instance got all cockeyed
<zul> glance has been switched over though
<Daviey> zul: interesting..
<stgraber> hallyn: starting to poke at mountall/lxcguest, hopefully can get that deprecate that part of lxcguest next week, then we can focus on finding a new home for lxc-is-container and the console stuff
<stgraber> hallyn: that + shutdown/reboot patch and we should be good for 12.04 as far as lxcguest is concerned
<hallyn> stgraber: cool - I'm fixing up the cgroup stuff right now
<stgraber> hallyn: what part of the cgroup stuff are you fixing? :) nesting?
<hallyn> yes, nesting, as well as moving a dead cgroup dir out of the way
<stgraber> cool
<hallyn> and putting lxc cgroups under /lxc while i'm at it
<stgraber> cool, my cgroup filesystem will be less of a mess then :)
<Zanzacar> I have a hdd mounted at /home and I was thinking about upgrading it at some point. From the best of my knowledge all I would need to do is cp /home to the new hdd and reboot is that correct?
<SpamapS> Zanzacar: no
<SpamapS> Zanzacar: you'd also want to change /etc/fstab to mount the new hard drive as /home
<SpamapS> Zanzacar: and you're better off using rsync -a /home/ /mnt/new-home/ .. it will make sure all dates and file perms are exactly the same.
<Zanzacar> ok that sounds good.
<Zanzacar> I thought that it was going to be a nightmare but this seems like it will be pretty easy
<Zanzacar> I just need to wait till I find a hdd that is larger then the one I have.
<SpamapS> Zanzacar: the tricky part is that you will want to extract the UUID of the new filesystem..
<SpamapS> Zanzacar: blkid /dev/xxxx
<kpettit> Can anybody recommend a good helpdesk/troubleticket app?  I've seen a bunch but haven't found one that's opensource that isn't clunky yet.
<jmedina> otrs
<jmedina> it is in the repos
<jmedina> it even has plugin for ITSM
<kpettit> I was just looking at otrs.   I hadn't used it before and don't have any other perl apps so was still looking.  Do you like that one?  Easy to use?
<Zanzacar> SpamapS: thanks for the input I might be back in a few months for further input.
<jmedina> kpettit: let me search a good otrs presentation
<kpettit> thanks.  if you were to install it would you use the deb package or install from source.  Looks like the one on the website is alot newer
<jmedina> you can try with apt and test it, then you can trye the most recent version and trye its new features, it is in active development
<kpettit> will do.  thanks for the suggestion.
<jmedina> ohh they have a android app :)
<hallyn> stgraber:  cat /proc/self/cgroup:  9:perf_event:/lxc/o1/lxc/o2
 * hallyn ships it off to the m-l
<stgraber> hallyn: nice!
<esde> Hello, I have a question,  I'd like to setup a samba share on Ubuntu Server im using for a little test webserver on our intranet. It is Ubuntu 10.04 LTS, we have a Windows Server 2003 Domain setup. I would like to set up a samba share so that I can browse /var/www/ from my windows machine to make adding/editing files easier. Can anyone help with links, or possibly some assistance? Thanks in advance! :)
<Tachyony> nano /ets/samba/smb.conf
<smoser> RoAkSoAx, can i set orchestra to use a different proxy ?
<RoAkSoAx> smoser: yes
<RoAkSoAx> smoser: sudo vim /var/lib/cobbler/snippets/orchestra_proxy
<smoser> k. i'm going to want to configure that in a apt-upgrade safe way
<RoAkSoAx> smoser: you mean the clients?
<RoAkSoAx> smoser: the server does not use the proxy
<RoAkSoAx> as the server is the proxy
<RoAkSoAx> only the clients use it
<smoser> no i mean the server.
<smoser> the server broadcasts itself as the proxy
<RoAkSoAx> smoser: well he doesn't really broadcast himself, but yes, he tells the client's APT that he is the proxy, and upon instcallation, that gets recorded in /etc/apt/apt.conf
<smoser> yes.
<smoser> i was calling that broadcast. as essentially all installed nodes go to him.
<smoser> but yeah.
<RoAkSoAx> smoser: :) sometimes I'm pretty literal with english if you know what I mean
<RoAkSoAx> smoser: i guess that the idea would be to have a config interface where we could configure who is the proxy, who is the logging server, etc etc in case its not the same as the provisioning server
<smoser> i think its not unreasonable that osmeone might want a different proxy
<smoser> and not want an apt-get upgrade to wipe away that choice
<smoser> the case i'm looking at right now was the cobber-devenv
<smoser> i have a proxy elsewhere on my network, and didn't want the cobbler guest vm to be caching stuff itself.
<RoAkSoAx> smoser: right, but yes I do agree that eventually we would need to provide the server with those options. Whether its within cobbler or outside, dunno yet
<uvirtbot> New bug: #902339 in samba (main) "samba(7) references missing programs" [Undecided,New] https://launchpad.net/bugs/902339
<hallyn> stgraber: I *had* planned to stick that patch into the package now, but now I'm thinking I'll wait for it to percolate through a new release.  Lemme know what you think. (re nested cgroups)
<stgraber> hallyn: I'm fine with waiting as long as we get a new LXC upstream release with it before the sprint
<stgraber> hallyn: removing lxcmount.conf really gives weird results, apparently doing so the container somehow manages to access to the outside /dev/console or /dev/tty
<stgraber> hallyn: looking at /proc/mounts in both cases, the only difference that may explain this is the addition of devtmpfs on /dev
<stgraber> http://paste.ubuntu.com/765336
<hallyn> stgraber: ah yes, devtmpfs.  if the container access devices through that it'll get the host's.  This is where we really need a devices namespace :)
<hallyn> i think smoser has been bitten by that before, and i've been expecting it to hit us
<stgraber> right, so the fix we need in mountall is not to mount devtmpfs in a container?
<smoser> thats really not a fix.
<stgraber> smoser: the problem I'm trying to fix here is the need for lxcguest, so that'd be a fix for my problem
<stgraber> the right magical fix is the device namespace
<smoser> what's wrong with lxcguest ?
<smoser> i agree its not the right fix either.
<smoser> but simply not mounting devtmpfs is just asking for someone to mount it later (which lxcguest doesn't help with either)
<stgraber> smoser: one of the goals for 12.04 is to be able to take a regular Ubuntu system and run it without any change in a container
<smoser> good luck sirk
<smoser> sir
<stgraber> well, at this point, I have a working Ubuntu system in a container if I rsync a root filesystem and add lxcmount.conf to it, so we're definitely not far
<hallyn> Let's officially put devices namespace on the map for 14.04 :)
<stgraber> we don't pretend LXC is root safe at this point, so sure, someone can mount devtmpfs and break the console on their host, I just don't want it to do that by default :)
<stgraber> though that'd be a good thing to add to our list of stuff to enforce with apparmor for now :)
<pdtpatrick1> Question .. what's the equivalent of yum install --disablerepo=* ---enablerepo=<reponame>
<hallyn> stgraber: isn't that covered by mount restrictions?
<stgraber> hallyn: well, that particular restriction will be to make sure nothing is mounted there, but yeah, probably :)
<pdtpatrick1> i've seen apt-get -t .. but thats not what i'm looking for. That seems to be for the os name itself.
<stgraber> hallyn: also, apparently if add an entry for /dev in the container's fstab (outside of the container), then mountall doesn't try to mount /dev
<stgraber> hallyn: so we may be able to do what we want without having to touch mountall
<hallyn> jjohansen: will the apparmor mount restricitons be able to say "cannot mount devtmpfs at all" ?
<hallyn> stgraber:  i wonder how that works.  does mountall just not remount anything that's already mounted?
<jjohansen> hallyn: you will be able to specify device type so yes
<hallyn> jjohansen: and "nowhere" will be an option?
<stgraber> hallyn: I guess so, I'm getting a "mountall: Event failed" at boot time though, will see if I can make that one go away :)
<stgraber> hallyn: everything else got mounted though (debugfs, securityfs, ...) so it seems to have done its work
<jjohansen> hallyn: hrmm, it could be, I hadn't actually thought about that one
<smoser> RoAkSoAx, i'm not sure of this, but i *think* that import-isos will block exit of apt
<smoser> on orchestra install even though its done in the background. due to its stdin and/or stdout being still open.
 * hallyn going outside to enjoy the tail end of a nice day - bbl
<RoAkSoAx> smoser: i've never actually run into the problem, but yeah on installation it now has a question on whether you want import-isos to run or not
<RoAkSoAx> smoser: which I was thinking it might be best to default it to False
<RoAkSoAx> so that in upgrades it doesn't import again
<RoAkSoAx> (or update)
<smoser> RoAkSoAx, right. i answered "yes" (actually by mistake)
<smoser> the rest of the installation proceeded , but then i seemed to be hung
<smoser> i started killing 'wget' processes and eventually orchestra-import-isos
<smoser> and immediately upon killing that, apt exited.
<smoser> stgraber, since you're interested in fun lxc work...
<smoser> i'd love it if you could make a cloud image .img file boot.
<smoser> (its a partitioned disk)
<smoser> ie, even support for very simple read disk partition table, get first disk, mount it, lxc-container that
<RoAkSoAx> smoser: uhmmm i've personally never actually seen any issue. But yes, I do agree that having orchestra-import-isos running on install when someone doesn't want it, might be a PITA
<utlemming> smoser: how important is that?
<utlemming> smoser: I have proto-typed that
<utlemming> smoser: with live-build
<RoAkSoAx> smoser: but i guess that orchestra-import-isos is just pulling all the bandwidth
<stgraber> smoser: running kpartx and then using the /dev/mapper entry as rootfs should work (once we get rid of lxcguest, that's)
<smoser> RoAkSoAx, thats not the pro blem i'm saying.
<smoser> i'm saying if they did say "yes" (even on intention)
<smoser> you background the run, with the intent of not blocking
<smoser> but you still block.
<smoser> utlemming, i'm not sure i follow... what do you mean?
<smoser> stgraber, well the images have lxcguest, so thats not an issue with me.
<smoser> and yes, i could use kpartx to do this..
<utlemming> smoser: making boot-able cloud image files....but I thought that they do boot
<RoAkSoAx> smoser: oh you mean it doesn't really run in the background blocking apt from continueing the instllation process of other stuff?
<utlemming> at least the QCOW2 are bootable
<smoser> but for me... i'd rather it all go through libvirt and me not have to "officially" be root to do it.
<smoser> the partitio nimags should boot, given a kernel, but there is no place for a boot loader.
<smoser> RoAkSoAx, it *does* run in the background.
<smoser> but since it has a handle on apt's stdin or stdout, apt will not exit until its the filehandle closes.
<RoAkSoAx> smoser: right, I know understood you
<RoAkSoAx> smoser: any ideas on how to fix that?
<smoser> cobbler-import-isos </dev/null >/dev/null 2>&1 &
<smoser> sdoens't have to be devnull
<smoser> but you close all its filehandles
<RoAkSoAx> smoser: cool, gonna try that, since orchestra-import-isos is actually being run by run-one
<smoser> yeah, just close stdin out and error to it.
<smoser> utlemming, maybe i misunderstood you.
<RoAkSoAx> cool thanks
<smoser> and the partition images are pretty usable in lxc
<smoser> but my hope was to find a way to allow the user to run cloud-init on one of those to do further customization within lxc (rather than kvm)
<smoser> and then, also with a disk image.
<utlemming> I'm thinking maybe I misunderstood you, actually.
<smoser> yeah.
<smoser> utlemming, i have to run...
<smoser> i will look at your MP monday
<utlemming> k
<smoser> utlemming, for more explanation... though..
<smoser> https://help.ubuntu.com/community/UEC/Images#Ubuntu_Cloud_Guest_images_on_Local_Hypervisor_Natty_onward
<smoser> i like that we can customize cloud images via just passing them data.
<smoser> and i'd like to make that a much more usable path.
<smoser> and i thought if you could do that with lxc instead of kvm, it would at happen faster.
<utlemming> yeah, that would be nice
<uvirtbot> New bug: #667935 in swift (main) "Add etc/swift.conf-sample to base swift package" [Undecided,New] https://launchpad.net/bugs/667935
#ubuntu-server 2011-12-10
<hallyn> slangasek: fix is already in precise :)
<hallyn> grr, i keep doing that
<SpamapS> yes, shame on you hallyn for fixing things
<hallyn> ;f2 is devel, ;f1 is server...  keep mixing them up today
<elz89> I am following this, but I can't get the log to fill up with anything? https://help.ubuntu.com/community/BIND9ServerHowto#Logging
<elz89> I think apparmor is the problem, just found something that might work
<SpamapS> elz89: apparmor how?
<SpamapS> Ahh
<SpamapS> elz89: please update that wiki to include the needed changes to the apparmor profile to allow bind to write to said query log.
<tash> has anyone setup mysql replication between servers running ubuntu 10.04 server and mysql5?
<Patrickdk> ya, follow the instructions on mysql website
<Patrickdk> it's been the same since like mysql 3
<tash> someone in #mysql told me today that binlog-do-db= isn't wise to use
<tash> I mean, replicate-do-db
<tash> but that's how I used it on some debian boxes ... setting up on ubuntu for first time, and my slave's mysqld won't start if the slave config is in my.cnf, but the moment I take it out, it will start up :(
<arooni-mobile> where is the cron log on ubuntu server?
<pinche> Hi, I would like to build a private cloud desktop in my home server. Something like this: http://www.youtube.com/watch?v=uDfsMNQ3SrU How would it be possible with Ubuntu?
<aliverius> $ svn co http://svn.runuo.com/repos/runuo/devel/
<aliverius> svn: Can't find a temporary directory: Internal error
<aliverius> what's this?
<Xbert> how can I display what mount options a device was mounted with?
<smokie> hey guys, i have 2 external static ips from my ISP, i want to dedicated one of the ips to my ubuntu server, anyone know how to assign an external ip to ubuntu server?
<oCean> Xbert: use  mount  without arguments
<Xbert> oCean, thanks
<oCean> Xbert: remember not to crosspost in #ubuntu- channels, thanks
<Techdude101> smokie: Does the ubuntu-server have a direct connection?
<smokie> Techdude101, what do you mean "direct connection" ?
<smokie> this is the first time i deal with external ips, i only know how to assign local static ips
<Techdude101> smokie: Direct connection to the modem etc.. i.e. not through a router
<smokie> Techdude101, what i have is a router/modem compination and the ubuntu server is connected directly to that
<Techdude101> smokie: The router needs to be setup to forward/route the traffic for that ip to the interface that your server is connected to
<Techdude101> smokie: Once that's done, it's just a case of setting the static external ip on the server
<smokie> Techdude101, lets assume ive done the first part and the traffic for that ip is forwarded to my server. how can i do the next step and assign that static external ip to the server?
<Techdude101> smokie: same way you would do for a normal static ip (edit /etc/network/interfaces)
<Techdude101> smokie: e.g. iface eth1 inet static address 1.1.1.1 netmask ...
<smokie> Techdude101, hmm i dont need 2 ethernet cards on ubuntu server to do that, right?
<Techdude101> smokie: It is better/easier to have 2 NICs but it is possible to do it with 1
<smokie> Techdude101, alright. so if i have a second NIC, id be setting it up the same way i setup a local ip except i exchange the IPs with my external IPs instead of my local IPs?
<smokie> let me show you what i mean
<Techdude101> smokie: Yeah
<Techdude101> http://www.liberiangeek.net/2010/04/how-to-quickly-create-multiple-virtual-network-interfaces-in-ubuntu/
<Techdude101> That shows how to do it using 1 NIC
<smokie> Techdude101, so my /etc/network/interfaces will looke like this: http://pastebin.com/XbpFxR6Z ?
<smokie> let me read that link you provided
<Techdude101> smokie: That looks like it should work
<smokie> Techdude101, thats great man, thanks! now all i need is to find out how to forward/route the traffic in my router to the server
<Techdude101> smokie: No probs
<uvirtbot> New bug: #902508 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/902508
<psyferre> hey folks.  So I was doing do-release-upgrade and lost my ssh connection.  No screen sessions.  The process appears to be  still running.  Is there any way I can resume it?  My googling seems to indicate a lot of people have asked this question but not gotten any answers....
<tash> any samba guys around? I've got samba installed and configured on server 1, and I'd like to have server 2 configured so that if server 1 dies, server 2 takes over.  Can I copy over the samba db to server 2?  Or do I need to do smbpasswd -a <user> and smbpasswd -e <user> on server 2 for everyone?
<zastaph> hmm just found out that ubuntu server comes with KVM
<zastaph> why am I trying to set up an environment for hosting multiple ubuntu server's with ESXI? :)
<zastaph> what advantages does KVM give me over that
<zastaph> and disadvantages
<l0n> zastaph ESXi lets you set disk shares per VM, it's prob more stable and may be slightly faster as I believe KVM puts all drivers in the root VM whereas ESXi puts them in the hypervisor. Down side of the last point is that your hw might not support ESXi or might not work that well if it isn't server grade
<pmatulis> tash: AFAIK the ubuntu cluster stack is still not stable so you'll prolly need to hack something.  but the user information should be in LDAP at the very least
<zastaph> ESXI is way too complicated for my needs
<l0n> zapotah what's complex about it? Just install then manage via the vsphere tools
<zastaph> there's so many options and settings im never going to use.. and i was just trying to do a clone with the free version
<zastaph> now vbox, that's something I like.. if I could find something as usable as that for servers
<lifeless> is vmware's hypervisor in upstream linux yet? If not then another consideration is that kvm is what is tested and optimised by the kernel authors, better integratin
<zastaph> yes KVM is officially supported by ubuntu
<tash> pmatulis: ok, I was thinking if I could just copy over the smbpasswd file or something it might do the trick. 'course, I don't know how exactly samba stores its users
<tash> so I'm reading about that.
<zastaph> http://www.ubuntu.com/business/server/virtualisation
<zastaph> im hosting on a HP Microserver, so of course it has to be not too slow
<l0n> Don't think the tools are in the kernel but you have got: http://open-vm-tools.sourceforge.net/about.php
<pmatulis> troubleshooting problems when using vmware can be problematic.  vmware folks may say problem is with the ubuntu guest, and ubuntu folks may say it's with the hypervisor
<zastaph> oh yeah the tools took me 2 days to get properly installed
<zastaph> so, im ready to try something else
<l0n> zapotah sounds like KVM might be better for what you're doing but in case you ever go back to ESX for whatever reason, you might find the virtual appliance market place handy (just lets you download a fully working VM with the tools install) e.g.: http://www.vmware.com/appliances/directory/522823
<l0n> woops, I meant zastaph for the above not zapotah, bah you guys have too similar nicks :P
<zastaph> virtual appliances.. first of all. there's 500 appliances just for MySQL, and almost no votes.. how does one choose? :) and how does one get the overview of what's installed, and finally.. when a private person has compiled an appliance, dont you have to trust this person?
<zastaph> also.. stuff are not compiled for your hardware and maybe not running optimal
<zastaph> I thought about giving Xen a shot.. but didnt investigate it much
<zastaph> it seems im going to use ubuntu server for everything.. because i prefer to just setup one master OS to clone them all
<l0n> It's a vm so don't worry too much about the hw but I see your point with trust, I suppose you choose a VM that is created by someone you trust but I've only used the market place for Vyatta which comes from the company that makes it so can't comment too much on that
<zastaph> companies can be 1 person too :p
<zastaph> ah ok didnt get the part that it was the same as made it
<l0n> :)
<zastaph> but esxi is so complicated that it's something you need an education for :)
<l0n> hehe well I wouldn't say that but anyway, I wouldn't worry anymore about it, install KVM, play with it and see what you think
<zastaph> indeed
<zapotah> im always pestered in freenode channel unintendently >.<
<zapotah> channels*
<zapotah> as compensation tell me how to troubleshoot iscsitarget setup on ubuntu and esxi 5.0 sw initiator
<zapotah> the initiator can connect to the target sometimes
<zapotah> but the adapter scan takes a small forever
<zapotah> and occasionally it sees all the luns
<zapotah> and occasionally it doesnt
<zapotah> after the esxi host connects to the target server the ietadm and everything related to iet just basically freezes
<zapotah> wondering if the problem is with my switch, config, the fact i use lvm volumes for luns which reside on a sw raid5 array created with mdadm
<zapotah> or smthng else entirely
<tightwork> I filed bug https://bugs.launchpad.net/ubuntu/+bug/902597
<uvirtbot> Launchpad bug 902597 in ubuntu "opennebula-sunstone requested an impossible situation... apt-get" [Undecided,New]
<tightwork> how to fix?
<zastaph> i presume the first thing to do when installing KVM is to install ubuntu server as main OS on the machine?
<qman__> tightwork, check your sources.list and apt-get update
<qman__> the packages may be in sources that you have disabled or are otherwise unavailable
<zastaph> what about Ubuntu Enterprise CLoud, how does it compare to KVM?
<qman__> zastaph, KVM is a standard virtualization system, where UEC is a distributed virtualization system
<qman__> UEC is designed to scale VM deployments across lots of hardware
<zastaph> ok.. so UEC needs one server per OS, then its not really virtualization is it? :)
<qman__> no, it doesn't
<qman__> UEC requires at least two servers to start, and can run multiple VMs on a server
<qman__> it's set up so that you can add more servers and run many more VMs, and it distributes them across your hardware
<qman__> so if you had, say, 10 physical servers, and 120+ VMs to run, UEC would be a good choice for you
<qman__> you can do plenty of other configurations, but if you don't have at least a 2:1 VM to server ratio, UEC is not going to show its benefits
<qman__> it also requires at least one dedicated controller, so while you can do it with only two servers, it doesn't make a lot of sense unless you have more
<Shbinky> Hey
<Shbinky> Whats up?
<Shbinky> any chance someone can help me with postfix?
<RoyK> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<Shbinky> Thanks
<Shbinky> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<Shbinky> I want to integrate alterMIME to work together with postfix (in order to add disclaimer to outgoing/forwarded messages). I did exacly as postfix-altermine-howto describe but all the mails i send (using the mail command) are sent without the disclaimer. It looks like the script /etc/postfix/disclaimer is not even executed. Hope you can help me with this one :)
<koolhead17> !postfix
<ubottu> postfix is the default !MTA and !MDA on Ubuntu. For help, read https://help.ubuntu.com/community/Postfix and https://help.ubuntu.com/community/PostfixBasicSetupHowto - See also !MailServer
<tightwork> qman__: this is a new install of ubuntu server, I have not disabled any source
<RoyK> koolhead17: I would guess Shbinky knows what postfix is if he's gotten so far as trying to integrate alterMIME...
<zastaph> how come sudo apt-get install qemu-kvm libvirt-bin ubuntu-vm-builder bridge-utils installs Postfix (mail server) and asks me to configurate it?
<MTecknology> I can get wireless to work on this system, but I want to make a bridged interface for it, any tips on doing this? I'm coming up empty in searches.
<rbasak> MTecknology: install bridge-utils and then look at /usr/share/doc/README.Debian.gz
<rbasak> err, /usr/share/doc/bridge-utils/README.Debian.gz
<zastaph> http://ubuntuforums.org/showthread.php?t=1297005
<MTecknology> rbasak: I'm starting to get the impression that using wireless for this is just going to be a constant headache... i tried to revert to the old config so i could install something and I can't even get that to come up now
<rbasak> MTecknology: I've used bridging and wireless configured directly from /etc/network/interfaces and it has worked really well for me in the past
<MTecknology> rbasak: restarted networking and it stayed working, rebooting to make sure it's working right :)
<zastaph> seems kvm is not easy to use aswell.. https://help.ubuntu.com/community/KVM/Networking the section how to do bridged networking
<zastaph> lots of commands required
<MTecknology> rbasak: Whis is what I tried and it's not working, http://dpaste.com/671544/ -- from ifconfig  wlan0 seems to grab an IP addy which should work, br0 shows the static ip, i can't ping anything except the ip wlan0 shows
<MTecknology> This*
<rbasak> MTecknology: sorry I can't immediately see any problem with that. Maybe set bridge_ports explicitly rather than using all? Not sure if it'll match on wlan0 or not
<rbasak> MTecknology: after that I'd use ifconfig/tcpdump/brctl and the ip command to debug what you've got
<MTecknology> I tried setting it to wlan0 before this
<MTecknology> rbasak: hrm..   ifup br0    device br0 already exists: can't create bridge with same name    run-parts: /etc/network/if-pre-up.d/bridge exited with return code 1    RTNETLINK answers: File exists    Failed to bring up br0.
<MTecknology> rbasak: out of curiousity... what version of ubuntu were you running for that?
<MTecknology> It sounds like maybe later kernel versions make bridging much harder
#ubuntu-server 2011-12-11
<MTecknology> rbasak: I just gave um and spent over a half hour trying to run a network cable a whopping 5ft... underneath a heavy as crap desk
<MTecknology> Any ideas why I'm getting this error with the partition layout I'm trying to use for vmbuilder? http://dpaste.com/671572/
<MTecknology> GRR!
<MTecknology> W: Failure trying to run: chroot /var/tmp/tmpPlqqWj dpkg --force-depends --install /var/cache/apt/archives/base-files_6.4ubuntu5_i386.deb /var/cache/apt/archives/base-passwd_3.5.23_i386.deb
<MTecknology> , stderr:
<MTecknology> Everything extracted fine, but then came installing and it went boom
<MTecknology> got further....
<MTecknology> VMBuilder.exception.VMBuilderException: Process (['mount', '-o', 'loop', '/dev/mapper/loop1p2', '/tmp/tmpYadZIX/var/log']) returned 2. stdout: , stderr: mount: could not find any free loop device
<MTecknology> http://dpaste.com/671617/
<MTecknology> that's a little more info, i'm lost
<MTecknology> kirkland: What happened to http://people.canonical.com/~kirkland/ubuntu-vm-builder.html ?
<stiv2k> Ron Paul Draws Big Crowds... http://www.youtube.com/watch?v=pNBtxdl_1UQ
<omersimanovsky> Hello all, i have some issue with my mail server on ec2, i get message from the mail client of " The POP server doesnât support Password authentication."
<omersimanovsky> Someone can help me?
<omersimanovsky> Hello all, i have some issue with my mail server on ec2, i get message from the mail client of " The POP server doesnât support Password authentication.", Someone can help me?
<chewbaaca> Hi
<dfavara> hi all
<dfavara> any idea how to configure two eth, eth0 and eth1
<dfavara> eth0 should be 10.10.10.69 and it should ping 10.10.10.x
<chewbaaca> For what
<dfavara> while eth1 should be 192.168.239.110 and it should ping 192.168.x.x ?
<dfavara> here my route : http://nopaste.info/3a3bde0f0b.html
<chewbaaca> It seems like firewall, using iptables
<dfavara> any idea ?
<mainerror> Hello.
<mainerror> I'd like to give bug #893926 a shot.
<uvirtbot> Launchpad bug 893926 in eucalyptus "Contains traces of UEC" [High,Triaged] https://launchpad.net/bugs/893926
<mainerror> I feel this bug is missing some information though. Should I just grab all the files and grep over them for "UEC"?
<Gaming4JC> Hello everyone, my server was walking just fine until randomly I caught arthur@localhost:/etc/mysql$ mysql -u root -p Enter password:  ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)
<Gaming4JC> sooo
<Gaming4JC> I decided to go ahead and purge it and reinstall
<Gaming4JC> now mysql won't reinstall
<Gaming4JC> hangs with  runlevel:/var/run/utmp: No such file or directory
 * Gaming4JC is confused :P
<Gaming4JC> finally unhung, still got ERROR 2002
<Gaming4JC> I'll probably just go with a different distro, mega issues with this error on Oneric
<Gaming4JC> or I'll just downgrade to maverick last working version
<uvirtbot> New bug: #902865 in lxc (main) "lucid udev upgrade failure on oneiric hosted lxc container" [Undecided,New] https://launchpad.net/bugs/902865
<MTecknology> Any ideas why vmbuilder is breaking? I keep thinking that I might have found a bug, but I don't want to believe it... http://dpaste.com/671965/
<MTecknology> If I don't specify any partition sizes and leave everything default (by not using --rootsize --swapsize --optsize --part) it'll build and create the VM with zero issues at all.
<maroproj> #perl@irc.perl.org
<pythonirc101> I'm running a http server on my ubuntu box (inside a virtual machine) -- and my webserver seems to be slow...any ideas on how I can fix this?
<zaltekk> get better hardware
<RoyK> pythonirc101: how much memory did you give the VM?
<RoyK> pythonirc101: and which webserver? and what sort of content? content size? what hypervisor? memory in host os? what host os? is the pope catholic?
<pythonirc101> 8GB
<pythonirc101> hold on, lemme check
<pythonirc101> indeed 8GB RAM - it's a core i7 machine 4Ghz (overclocked) -- The virtual machine has 2 cores + 8GB
<failover> pythonirc101, looking slow over LAN or internet ?
<pythonirc101> over internet
<pythonirc101> on localhost -- its superfast
<failover> what is the link of server ?
<pythonirc101> the problem is when its accessed over the internet...its very very slow
<failover> If you are serving from home internet, you probably have a high latency and low upload rate
<pythonirc101> When I traceroute -- it waits a lot as well..lemme pastebin the traceroute
<pythonirc101> failover: here is a typical traceroute : http://paste.pocoo.org/show/519442/
<JanC> 70ms isn't too bad
<JanC> and probably not relevant for a webserver
<pythonirc101> its pretty bad...its very slow actually
<pythonirc101> when I use lynx to access the website, it takes seconds...
<pythonirc101> after I go there a few times, its better thou...from one machine that is
<JanC> so, it's not related to the latency you see in the traceroute
<pythonirc101> JanC: how can I find out what is it?
<JanC> 70ms = 0.07 seconds, not several seconds   ;)
<JanC> pythonirc101: accessing the same pages from localhost in the guest is fast?  and from the host computer is fast?
<JanC> what from another computer on the same LAN?
<JanC> and what's the uplink speed of the internet connection?   (and are other applications using that also, e.g. torrents?)
<pythonirc101> JanC: uplink is at least 10mbps
<pythonirc101> JanC: Local network -- superfast
<JanC> so you only have these issues with accesses from external access?
<JanC> pythonirc101: is his a public website (= can we test it)?
<JanC> oh well, I should go to bed really  ;)
<pythonirc101> JanC: indeed, yes,
<pythonirc101> I remember that there were website optimization tools
<JanC> if you have 10 Mbit/s upload from the server location, there should be no speed problem really
<pythonirc101> JanC: I don't think there is -- I just used a website optimization server -- it says good
<yann2> hello! I wanted to ask, what the successor of ubuntu-vm-builder was, now that ubuntu 12.4 is approaching ? Is there still a way to easily create qcow2/raw images without tftp?
<wedgeV> hi, trying to install ubuntu server and manually partitioning a drive, seems the installer doesn't ship with fdisk, what's the tool to use?
#ubuntu-server 2012-12-03
<axisys> which file defines the default PATH ? do not see it in /etc/profile or /etc/bash.bashrc
<axisys> is it /etc/environment ?
<axisys> looks like /etc/login.defs
<axisys> /etc/bash.bashrc will do..
<mjau^> morning peoples!
<mjau^> would anyone happen to know where I can find the source-rpms for apache on the latest ubuntu-release?
<ikonia> mjau^: ubuntu doesn't use rpm's
<mjau^> ikonia: lols, I meant the source-debs of course :)
<ikonia> just use apt-get source
<eagles0513875> hey guys I have a piece of software which i just purchased which is encrypted with ioncube does apache on 12.04 support ioncube
<ikonia> there doesn't appear to be a module referencing iocube
<ikonia> ion
<eagles0513875> :-/ ok
<eagles0513875> thanks
<mjau^> apt-get source eh? great, thx, I'll do that :)
<stiv2k> so i have a peculiar problem with my server
<stiv2k> ever since i installed 12.10 it kernel panics every so often
<stiv2k> and i noticed after a few panics, it happens on the 14th day
<stiv2k> of uptime
<stiv2k> each time
<stiv2k> any ideas why?
<stiv2k> could it be the clock?
<ikonia> what does the actual panic message suggest
<RoyK> stiv2k: pastebin logs
<RoyK> if it panics so badly it can't write logs, enable netconsole or use an old-fashioned serial console to get the logs
<koolhead17> zul: around?
<zul> koolhead17: kind of...whats up?
<koolhead17> zul: coolbhavi is my guide/mentor
<coolbhavi> hey zul koolhead17 said something needs to be repatched and gave me a buildlog
<zul> yep
<hallyn> stgraber: are you going to send another version of your lxc-create template naming patch?
<coolbhavi> zul, it was a build failure and what exactly is the background?
<hallyn> stgraber: on a separate note, I fear that for 13.10 I am going to have to either spend a lot of time writing apparmor integration for libvirt-lxc, or we have to get the lxc2 driver working.  for the sake of openstack
<zul> coolbhavi: basically patch failed to apply
<coolbhavi> zul, yes I could see that
<zul> coolbhavi: what do you mean background?
<coolbhavi> zul, I meant was it applied to some source package?
<zul> nova source package for precise
<coolbhavi> ah never mind got it from the complete buildlog. thanks!
<stgraber> hallyn: hopefully the second option will be easier, then we can just use that as a reason to drop libvirt-lxc ;)
<stgraber> hallyn: I sent a v2 of the lxc-create patch on Friday adding the sha1 sum. I'm not planning on fixing the bash issues at this point as that's out of the scope for that patch (I just moved code around so the bashisms were already there)
<hallyn> stgraber: the '-n ""' is a serious issue though, worth a v3
<hallyn> we've had bugs due to such before - it's not jsut a posix issue
<hallyn> jdstrand: so i've spend way too many hours on this before, only to finally realize i don't know how to best pass the hugepages mount path to virt-aa-helper.  Options are:
<hallyn> 1. add it to the xml so it can be passed
<hallyn> 2. add a new virSecurityAddSimplePath call
<hallyn> 3. harcode /run/hugepages/kvm in the apparmor policy :)
<hallyn> I don't see that (1) would really be acceptable upstream
<jdstrand> hallyn: doesn't this fail with selinux?
<jdstrand> I would think it would-- so they would be interested in whatever in this too
<jdstrand> s/whatever in this/whatever fix is used/
<jdstrand> also, how would virSecurityAddSimplePath work?
<stgraber> hallyn: there were already two of those in the current lxc-create. I didn't add that code, just moved it around :)
<jdstrand> (and just so I understand, the path to /run/hugepages/kvm is a qemu compile time option so libvirt doesn't inherently know what that is-- correct?)
<hallyn> stgraber: those need to be fixed too then :)  Worth a script to find all the instances
<patdk-wk> you can specify the hugepages path in libvirt xml config
<hallyn> jdstrand: no, /run/hugepages/kvm is not a compile time option...
<hallyn> patdk-wk: oh??
<hallyn> you can specify it in qemu.conf, and otherwise libvirt finds it automatically, but all i've foudn for xml is
<hallyn> <memoryBacking><hugepages/></memoryBacking>
<patdk-wk> hmm, damned been a few months since I last did it
<hallyn> patdk-wk: ok - i'll look for it thanks
<hallyn> if it's supported then that's the way to go.
<patdk-wk> ya,  Itested it, found it really didn't help much for me, and just wrote it off as, not worth messing with currently
<hallyn> jdstrand: the virSecurityAddSimplePath would just call virt-aa-helper with a new path and ask it to append that to the current policy
<hallyn> we could then also use that for monitor and other stuff
<hallyn> but i'll follow up on patdk-wk's suggestion and get back to you later - thanks
<jdstrand> ok
<patdk-wk> hmm, maybe I used the qemu automatic mount detection :(
<patdk-wk> heh, fuzzy memory :(
<patdk-wk> was back in sept when I was doing lots of hugepages work
<hallyn> no qemu takes it as command line option, doesn't detect automatically,
<hallyn> but libvirt will detect it automatically if not specified
<hallyn> sadly i don't think it's specificable in the xml
<hallyn> specifiable
<hallyn> and the problem with adding it there is that then we have to decide what to do if it's in the xml at define time
<stgraber> hallyn: sent the lxc-create cleanup patch to the mailing-list
<zul> yolanda: can you have a a look please?
<hallyn> jdstrand: ok so yeah, virSecurityAddSimplePath would basically work like AppArmorSetFDLabel but without resolving /proc/self/fd/N
<hallyn> stgraber: thanks!
<yolanda> zul, about the lxc-create cleanup patch?
<zul> yolanda: oops https://code.launchpad.net/~zulcss/quantum/grizzly-fix/+merge/137576
<hallyn> stgraber: sigh, i personally feel tabs would be better than spaces, but i'm sure i'm alone on that :)
<jamespage> zul, hmm - can I express and opinion?
<jamespage> or maybe ask a question at least
<stgraber> hallyn: well, I usually prefer spaces, don't necessarily mind tabs but really hates mixed tabs and spaces which was what we had :)
<stgraber> hallyn: as 90% of the script was indented with spaces, I just replaced the remaining tabs by spaces
<hallyn> stgraber: yup, i'm going to ack it of course.
<hallyn> stgraber: you didn't make any other changes on any lines where you changed indent?
<hallyn> hm, i wonder why $opt doesn't need to be "$opt" in optarg_check
<hallyn> oh, that's why.  nm
<stgraber> hallyn: nope, those were just reindents
<hallyn> stgraber: one more q - is 'if [ $a -eq 1 -a $b -eq 2 ]; versus 'if [ $a -eq 1 ] && [ $b -eq 2 ] really a bashishm?
<stgraber> hallyn: no, it's not, that's the 'Use shell syntax for and/or in if statements instead of the "test"
<stgraber> syntax.' part of my commit
<hallyn> oh. oops.  i just replied with the q (and ack).  oh well
<hallyn> hm,
<hallyn> does that mean that your new version results in more forks?
<hallyn> oh well
<stgraber> hallyn: nope, it doesn't because those aren't spawned in sub-shells and test is a shell builtin
<hallyn> even in dash?
<chris_> Can iMacros be run with Lynx?
<stgraber> hallyn: yep
<jamespage> yolanda, zul: comment on that merge proposal re quantum metadata proxy stuff
<chris_> serious?
<chris_> I want to be able to browser automate on a headless box...is that possible?
<jdstrand> hallyn: you said that hugepages is specifiable in qemu.conf?
<zul> jamespage: son of a bitch
<jacobw2> hi, i have a problem with virt-intsall on ubuntu server
<jamespage> zul, I'm happy to spend some time on it in the next couple of days
<jamespage> (that specific stuff works around a really ugly bit in folsom quantum)
<zul> jamespage: i just merged it in the master branch but i can do it this afternoon should the package be like quantum-metadata or something?
<jacobw2> using --location=<precise>, the kernel and initrd are downloaded to /var/lib/libvirt/boot but disappear when virt-install finishes, seabios hangs on 'booting from rom' because the files aren't there to boot from
<jdstrand> hallyn: also, while you can't detect the path to hugepages in the xml, can virt-aa-helper see if hugepages is specified at all in the xml?
<jamespage> zul, lemme take a lok
<zul> k
<jamespage> zul, quantum-metadata-agent I think - there is an /etc file for it as well
<zul> awesome..im just fixing up the jenkins build but ill have a look this afternoon
<jamespage> zul, something ugly happening in python-keystoneclient I think
<jamespage> I've been trying to get something else finished today otherwise I would have dived in....
<zul> jamespage: oh?
<jamespage> zul, forget that - upstream already fixed it
<jamespage> they added a pip-requires which was part of python core
<jamespage> which made the package un-installable
<zul> jamespage: awesome
<jamespage> https://github.com/openstack/python-keystoneclient/commit/0f83602b6251c2547a9f3211037f65f6dd1105f1
<hallyn> jdstrand: yes, specifiable through qemu.conf, otherwise it automatically tries to find a hugepages mount
<hallyn> jdstrand: yes, it can find that hugepages are in use
<hallyn> jdstrand: so virt-aa-helper *could* reproduce the qemu logic for detecting the mount point
<hallyn> but that involves in part parsing /etc/libvirt/qemu.conf, so prefer not to
<jdstrand> hallyn: what I was thinking was that we could make it easier-- I think it might make an acceptable compromise:
<jamespage> zul, trying to figure out the differences between the two
<jamespage> ns and no ns
<jdstrand> if virt-aa-helper detects that hugepages are in use, it uses the hard-coded path
<zul> jamespage: glance-precise-grizzly is still failing for some reason
<hallyn> jdstrand: I guess on the bright side that won't break any current users...
<jdstrand> *perhaps* we could hardcode that path in qemu.conf with a note saying that changing it means you would want to also upadte the apparmor profile
<jdstrand> hallyn: right-- the idea here is that hugepages are only granted to those VMs that are configured to use it
<jamespage> zul, I've seen that test fail before - I think it may be a little flakey
<zul> ack...say it aint so :)
<jdstrand> hallyn: as soon as an admin toggles them on or off, then the profile will be updated
<hallyn> jdstrand: sadly that doesn't seem upstreamable either though.  I'm afraid I need to go ask this upstream
<hallyn> jdstrand: heh, there is one other possibility -
<jdstrand> hmm, I think that could be upstreamable personally, but really, this needs to be fixed in all svirt drivers
<hallyn> have qemu_driver.c open the hugeapges_mount dir, and call the AppArmorSetFDLabel on that fd :)
<jdstrand> so they may have an idea on how to fix it to give you, or may just fix it themselves once they realize it is busted in selinux
<hallyn> right
<hallyn> you know i think in the meantime i might go the fd route
<hallyn> jdstrand: it's possible i misunderstand though - is that the purpose of AppArmorSetFDLabel ?
<hallyn> must be - lemme go try that, then email the list
<hallyn> after breakfast :)
<jdstrand> hallyn: so, AppArmorSetFDLabel is very much apparmor specific
<jdstrand> hallyn: you don't want to call taht from qemu_driver.c
<hallyn> jdstrand: right, i'd use the virSecurityWhatever hook
<jdstrand> AppArmorSetFDLabel is code refactoring for SetSecurityImageFDLabel and SetSecurityTapFDLabel
<jdstrand> those are pretty specific
<hallyn> oh.  drat
<jdstrand> I'm guessing upstream would want a new SetSecurityHugepagesFDLabel
<hallyn> i see.  not what it hought
<hallyn> ok then i'll just email them.
<jdstrand> then we would do something like:
<jdstrand>     .domainSetSecurityHugepagesFDLabel      = AppArmorSetFDLabel,
<jdstrand> but I'm guessing what they would want there
<hallyn> jdstrand: but actually taht wouldn't do for selinux
<hallyn> well, maybe.
<jdstrand> selinux would implement SELinuxSetSecurityHugepagesFDLabel
<jdstrand> or whatever
<jdstrand> but yeah, get upstream involved :)
<hallyn> right, it's just that they wouldn't change the fd label :)  but that's ok
<hallyn> yup
<hallyn> thanks jdstrand !
<jdstrand> np
<jazzkutya> hi, what packages should i install on 12.04 to run 32bit apps?
<patdk-wk> ia32-libs-multiarch:i386
<jazzkutya> thanks
<jazzkutya> i have this problem with it: http://pastebin.com/NVM6eHxX
<jazzkutya> what causes this, can I solve it somehow?
<patdk-wk> it says you have issues
<patdk-wk> you did run, apt-get update, right before attempting to isntall right?
<jazzkutya> yes, even dist-upgrade because i had held back packages
<jazzkutya> and even rebooted
<jazzkutya> right now i have no issues reporter by apt-get install (no arguments)
<jazzkutya> *reported, sorry
<jazzkutya> how can i install ia32-libs without those 2 libs having problems? you know gphoto and sane are totally useless on a server :)
<hallyn> stgraber: do you think all templates should use -H in the rsync to install?
<hallyn> well i'll start with just lxc-clone
<alex88> hi guys, is generally a bad practice to set tap devices 777?
<stgraber> hallyn: that'd make sense
<patdk-wk> jazzkutya, not sure you about, but for me, they are only *suggested* packages, and therefor not installed by default
<patdk-wk> not even installed on my system, but ia32-libs-multiarch is
<jazzkutya> apt-get install --no-install-recommends ia32-libs-multiarch gives same error and man page shows no similar option for suggested packages
<patdk-wk> suggested are not installed by default, recommends are
<jazzkutya> libsane is on a Depends: line of apt-cache show
<patdk-wk> libsane != sane, and libsane doesn't depend on sane
<jazzkutya> but it depends on libsane which it can't install and i awfully not need that on a server anyway
<jazzkutya> solved my problem temporarily by installing libc6:i386 instead of ia32-libs-multiarch
<jazzkutya> i hope the fucked up (i think the problem is this) will be fixed sometime
<jazzkutya> *repo
<jamespage> yolanda, quantum-ns-metadata-proxy must be included in the quantum-l3-agent package
<jamespage> yolanda, I think it also makes sense to include the quantum-metadata-agent in that package as well (along with the configuration file)
<jamespage> I can't see a use-case where you could deploy then separately
<jamespage> yolanda, we also need an upstart configuration for quantum-metadata-agent
<jamespage> the one for quantum-server is probably a good template to follow
<yolanda> ok, i'm taking a look at these packages, i need to browse them a bit first to understand better
<jamespage> yolanda, okay-dokey - zul - do you have an opinion on the above re the quantum-metadata-agent
<zul> jamespage: sounds good to me
<zul> yolanda:  youll have to patch the metadata agent conf file for the right state path directory and the right rootpath as well
<jamespage> zul, is that something we should try to upstream?
<zul> jamespage: yeah i was thinking of diong the rootwrapper at least
<skrite> hey all
<zul> yolanda/jamespage: i would suggest holding off on making that change for a couple of hours so this can get in: https://review.openstack.org/#/c/17362/
<yolanda> zul, ok, i'm studying the code now
<zul> ack
<jamespage> adam_g, when you have time; I've put all of the changes for initial quantum support into the openstack charms up for review
<jamespage> adam_g, bug 1079782
<uvirtbot> Launchpad bug 1079782 in charms "Charm needed: Openstack Quantum" [High,New] https://launchpad.net/bugs/1079782
<roaksoax> jamespage: i'll propose a MP tomorrow for the cluster stuff
<roaksoax> jamespage: and integrate it with your deployer
<jamespage> roaksoax, the quantum charm has now gone; I've renamed it 'quantum-gateway'
<jamespage> quantum is now a core part of nova-compute and nova-cloud-controller
<roaksoax> jamespage: ok cool, good to know
<jamespage> roaksoax, the metadata service stuff sucks for quantum on folsom; so I would recommend testing with a quantal image + --config-drive True
<jamespage> that way the network is not required for initialization by cloud init
<roaksoax> ack
<roaksoax> jamespage: i was testing this in canonistack and things seemed to work just fine though
<jamespage> roaksoax, yeah - it does
<jamespage> the only bit you can't do is connect up the external port for floating ip access; but you can access stuff from the gateway if need be
<roaksoax> right, ack!
<med_> jamespage, so just deploy nova-compute/nova-cc and it uses Quantum. Does it also use cinder?
<jamespage> med_, it can do yes
<med_> thanks.
<sliddjur> I have setup a iptables table. I put all info in /etc/iptables.rules . How do I properly apply the settings?
<RoyK> sliddjur: I just use ufw - it's simpler to work with and does most things
<RoyK> !ufw
<ubottu> Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo | GUI frontends such as Gufw (GNOME) and Guarddog (KDE from Lucid onwards) also exist.
<stiv2k> RoyK, hey
<stiv2k> RoyK, i've already looked at the logs and cant seem to find anything useful
<stiv2k> but i might be overlooking things
<RoyK> logs? what logs?
<stiv2k> RoyK, sorry, im just now replying to you from my question 8 hours ago
<RoyK> oh, repeat it, please. it's been a long day
<stiv2k> about my server panicking every 14 days
<stiv2k> every 14 days it kernel panics
<RoyK> every 14 days??
<stiv2k> yes
<stiv2k> thats what ive noticed so far
<RoyK> is there a cron job scheduled to run at that time?
<stiv2k> maybe its just coincidence , but it seems like on the 14th day it panics
<stiv2k> um
<stiv2k> i have a couple cron jobs that run several times a day
<RoyK> do you have the panic message?
<stiv2k> no
<RoyK> then little can be do to help...
<stiv2k> anything for me to keep in mind for the next time?
<RoyK> what i'd do first if it was my server, was to start a thorough memory test
<RoyK> yes, setup network console
<stiv2k> network console?
<RoyK> that way, the panic message will (probably) be loggable
<qman__> yeah, gotta get that kernel panic message
<RoyK> !netconsole
<RoyK> google it
<stiv2k> ok
<RoyK> !netcon
<stiv2k> https://help.ubuntu.com/community/Installation/NetworkConsole
<stiv2k> this one?
<RoyK> afaics, that's for installing with a network console
<RoyK> you probably don't need that
<stiv2k> oh
<stiv2k> whoops
<RoyK> https://wiki.ubuntu.com/Kernel/Netconsole
<qman__> I have a question, I'm trying to restore a hardy system from file backup, and I've been fighting my hardware for close to a month now
<stiv2k> thanks
<stiv2k> yes this looks like it will be helpful
<qman__> I finally got something that will boot in the system but it's quitting during the boot, saying it can't find the filesystem by UUID
<stiv2k> if it will allow me to get the panic message
<qman__> I think I may have accidentally created the filesystem as ext4, but my question is, would a hardy kernel be able to boot it as ext3 or not?
<RoyK> stiv2k: still - I'd recommend running memtest86+ on that box. bad memory can make a system panic very easily
<stiv2k> RoyK, pretty sure ive done that before
<stiv2k> and it runs solid for 14 days straight
<stiv2k> but on the 14th day it just goes kaput
<stiv2k> im pretty sure that's the third time in a row it crashed on the 14th day
<RoyK> are you sure it's 14 days?
<stiv2k> i installed it the day 12.10 came out
<stiv2k> and its been doing it ever since
 * RoyK only uses LTS for servers...
<qman__> same
<stiv2k> where as on 11.04 i had a >1y uptime
<qman__> hence the above problem trying to restore a hardy server
<TheLordOfTime> same here, servers get LTS for stability! :P
<RoyK> stiv2k: you need the panic dump, then
<stiv2k> ok
<stiv2k> thanks for info
<qman__> think it'd be possible/advisable to try a do-release-upgrade from within a chroot via systemrescuecd?
<qman__> that's how I got in to get grub working
<stiv2k> RoyK, qman__, here is my server: http://stats.stiv2k.info
<jamespage> zul, yolanda, adam_g: I really do need to get the auto-lander working for MP's for the lab don't I
<zul> uh?
<zul> yeah
<RoyK> stiv2k: I'd install munin on that as well to get nice graphs showing performance numbers over time - something might be eating memory or similar. with only 512MB, a memory leak can kill the system within rather short time
<stiv2k> RoyK, cool, ill check it out... been waiting until i stumble upon some old DDR333 modules to upgrade the ram
<stiv2k> server was built from random parts i acquired for free
<RoyK> stiv2k: http://munin.karlsbakk.net/munin/ <-- that's my servers ;)
<stiv2k> whoa
<stiv2k> munin is cool
<RoyK> you get pretty detailed graphs from munin
<stiv2k> RoyK, why do you have so many servers
<sliddjur> RoyK, I am using ufw now. when doing ufw status i get port 53 allowed. But nmap myhostname doesnt show port 53 open...
<sliddjur> i restarted aswell
<RoyK> stiv2k: only two physical, lamia and smilla, the others are VMs for different purposes
<stiv2k> oh
<stiv2k> what language is your blog
<RoyK> sliddjur: try 'ufw disable' and then 'iptables -vnL'
<qman__> I've got six physical
<RoyK> iptables rules aren't removed by ufw
<qman__> while realistically I could get away with three physical if I virtualized the old junk, I can't afford to replace them right now
<sliddjur> RoyK, what does iptables vnL do
<sliddjur> then just start ufw again?
<RoyK> sliddjur: it just prints whatever tables are present in iptables
<RoyK> btw, how do you run the nmap scan?
<sliddjur> nmap myhostname
<sliddjur> not fqdn
<RoyK> a better way would be to test for the service - 'host google.com ip.of.dns.server'
<RoyK> unless you're running something else than dns on port 53 :P
<RoyK> also, that nmap scan only scans for tcp, and dns is *usually* udp
<sliddjur> I am setting up a dns server on my class. But I must first pass first problem in opening port :)
<RoyK> (except zone transfers aren't, and tcp can be used otherwise)
<sliddjur> nmap localhost gives me port 53 open
<qman__> the port is open unless blocked
<RoyK> does bind listen to 0.0.0.0:53?
<qman__> just because it's not blocked, doesn't mean anything is listening, either
<sliddjur> RoyK, wouldnt it be listening by default on port 53? im a bit lost...
<qman__> only if it's configured to
<sliddjur> qman__, where is that setting in bind?
<RoyK> sliddjur: netstat -ln --tcp | pastebinit
<RoyK> sliddjur: netstat -ln --inet | pastebinit
<RoyK> i mean
<sliddjur> http://pastebin.com/r1DRaAbv
<RoyK> sliddjur: http://paste.ubuntu.com/1408341/
<sliddjur> hmm
<sliddjur> why isnt it showing up when i do it locally on my hostname??
<RoyK> what?
<qman__> this is why: 127.0.0.1:53
<qman__> you're only listening on localhost
<qman__> you need to configure it to listen on other addresses
<RoyK> qman__: no, bind listens to all addresses
<RoyK> qman__: it just doesn't listen to 0.0.0.0, it uses a socket per address
<qman__> oh, I see
<RoyK> typical bindishness
<qman__> yeah, that's strange
<patdk-wk> na, that is a udp thing
<RoyK> oh, it is?
<patdk-wk> to make sure the source udp package comes from the same location
<RoyK> ok
<RoyK> makes sense...
<qman__> but then why do it on tcp too?
<patdk-wk> no idea :)
<patdk-wk> probably cause they already have the *function* setup to do it, and just reused code
<RoyK> probably just uses the same socket setup code ;)
<samba35> what is best practice to configure dns on 12.04.1 when i have domain /static ip with isp and i want to host mail and web server for personal use
<RoyK> hrmf! -19.2 ÌC and falling - I don't like winter!
<RoyK> samba35: just install bind and point your domain to the server's IP - and make sure you have a secondary somewhere
<qman__> samba35, the best practice is to leave your DNS on the hosting provider unless you have a good reason to run it yourself
<RoyK> heh - yeah
<qman__> registrars do it for free, no sense putting up the effort or risk in doing it
<RoyK> [slightly offtopic] Any idea what might cause this (on a RHEL server)? http://paste.ubuntu.com/1404641/
<samba35> sorry i dont know much about dns setting ,it was complex for me
<RoyK> bind configuration is a PITA before you get used to it. after that, it's just a slightly less PITA
<patdk-wk> qman, well, registers also get ddos a lot too
<samba35> pita ?
<jacobw2> samba35: put it in /etc/resolvconf/resolv.head
<RoyK> samba35: Pain In The Almightly
<samba35> not in /etc/hosts
<patdk-wk> jacobw2, what does that have to do with it?
<jacobw2> samba35: /etc/resolvconf/resolv.conf.d/head even
<qman__> oh, that
<qman__> I was thinking DNS server, not DNS client
<qman__> I still do it the old way, I just remove the link and make a file
 * patdk-wk just puts it in interfaces file
 * jacobw2 is a hipster :p
 * RoyK uses the interfaces file as well - works stably...
<qman__> I'll have to agree with that path though
<qman__> using the interfaces file makes more sense logically and will work on more systems
<RoyK> # Dynamic resolv.conf(5) file for glibc resolver(3) generated by resolvconf(8)
<RoyK> #     DO NOT EDIT THIS FILE BY HAND -- YOUR CHANGES WILL BE OVERWRITTEN
<RoyK> meaning - don't edit /etc/resolvconf/resolv.conf.d/head manually ;)
<qman__> right
<halvors> Hi!
<samba35> more confused
<halvors> My someone help me generate the certificates for this tutorial? https://help.ubuntu.com/12.04/serverguide/postfix.html (Mail-stack-delivery)
<TheLordOfTime> halvors, you mean step 2 of SMTP auth?
<TheLordOfTime> refer to https://help.ubuntu.com/12.04/serverguide/certificates-and-security.html
<TheLordOfTime> since that's what it links,'
<adam_g> jamespage: FYI ive been working on packaging the new kombu + pyamqp in ppa:gandelman-a/ppa
<RoyK> halvors: selfsigned?
<halvors> RoyK: I don't know what i need to enable SMTPS?
<RoyK> usually you would want an official certificate
<RoyK> I'd guess some servers will deny talking to something with a self-signed certificate
<RoyK> some, or most
<RoyK> http://www.openssl.org/docs/HOWTO/certificates.txt
<halvors> I know.
<halvors> But self signed is ok.
<halvors> What i need help for is to generate these:
<TheLordOfTime> halvors, only for testing, not public deployment
<RoyK> halvors: just google 'create self signed openssl'
<halvors> /etc/ssl/certs/ssl-mail.pem
<RoyK> should work well
<halvors> /etc/ssl/default/ssl-mail.key
<halvors> I simply want to create a certificate for my mail server. I'm not gonna pay someone to do it...
<halvors> I just wanna create it on my own...
<yolanda> hi adam_g, about your question in the email, this is something that we've been discussing in the channel, seems that quantum-metadata-agent will be normally used with l3-agent
<RoyK> halvors: that may mean other SMTP servers will deny talking to you over SSL - but then - your choice ;)
<RoyK> SSL certs don't have to cost a fortune http://webdesign.about.com/od/ssl/tp/cheapest-ssl-certificates.htm
<halvors> RoyK: If i don't enable SMTPS anyway, other smtp server arn't going to talk to me either :P
<halvors> I only want my users to be able to...
<TheLordOfTime> where're you getting that from...?
<halvors> SMTPS is not enable in postfix by default...
<ScottK> Don't get confused
<ScottK> SMTPS is not SMTP over TLS/SSL
<halvors> What then?
<ScottK> SMTPS is a specific encrypted submission procotol used only by Microsoft on port 465
<TheLordOfTime> mhm
<RoyK> ScottK: eh...? http://en.wikipedia.org/wiki/SMTPS
<halvors> So i don't wanna use SMTPS?
<halvors> Go for submission?
<EntropyWorks> so whats the deal with 12.10 and the new naming of NIC '
<ScottK> Also, virtually all certs used in SMTP are self-signed, so there's virtually never a need to buy one for SMTP.
<TheLordOfTime> RoyK, you're aware Wikipedia is untrustworthy right?
<ScottK> RoyK: "Originally, in early 1997, the Internet Assigned Numbers Authority registered 465 for SMTPS."
<ScottK> TheLordOfTime: It's correct, just not well worded.
<EntropyWorks> I reboot a machine and sometimes I get em3 other times I get rename4 instead. this is really annoying
<RoyK> TheLordOfTime: wikipedia is *usually* trustworthy, and a set of people on IRC aren't necessarily trustworthy either
<TheLordOfTime> RoyK, true.
<halvors> So i shouldn't enable SMTPS?
<samba35> i need some help with dovecot ,i am getting ok message with telnet for user and passwd even but now what i should do
<zul> adam_g: https://code.launchpad.net/~zulcss/nova/nova-testsuite-fix/+merge/137652
<halvors> I installed the mail-stack-delivery package wich installs /etc/ssl/certs/ssl-mail.pem and /etc/ssl/private/ssl-mail.key from the ssl-cert package, but should't i generate them on my own?
<RoyK> halvors: http://bit.ly/TBVsxY
<ze_king> Someone now a program so i can archive rar in ubuntu server?
<RoyK> doesn't 7zip support that?
<RoyK> p7zip, that is
<ze_king> i only get .7z fils with that
<RoyK> apt-get install rar \o/
<ze_king> that doesnt work neither :P
<Pici> !info unrar
<ubottu> unrar (source: unrar-nonfree): Unarchiver for .rar files (non-free version). In component multiverse, is optional. Version 1:4.1.4-1 (quantal), package size 107 kB, installed size 241 kB
<ze_king> Reading package lists... Done
<ze_king> Building dependency tree
<ze_king> Reading state information... Done
<ze_king> Package rar is not available, but is referred to by another package.
<ze_king> This may mean that the package is missing, has been obsoleted, or
<ze_king> is only available from another source
<RoyK> ze_king: works for me (on lucid)
<ze_king> im on ubuntu server ;<
<RoyK> and precise
<RoyK> so am i
<ze_king> hm, okey
<RoyK> sudo apt-get install -y rar unrar
<ze_king> same as before
<ze_king> Package rar is not available, but is referred to by another package.
<ze_king> This may mean that the package is missing, has been obsoleted, or
<ze_king> is only available from another source
<shauno> rar's in multiverse, which I don't believe is a default repo
<ze_king> on what source list is rar then?
<Pici> !info rar
<ubottu> rar (source: rar): Archiver for .rar files. In component multiverse, is optional. Version 2:4.0.b3-1 (quantal), package size 554 kB, installed size 1188 kB (Only available for i386; amd64)
<Pici> also multiverse
<ze_king> but how can i get it? =/
<RoyK> have you enabled multiverse_
<RoyK> ?
<ze_king> na, i dont :p
<Pici> Then thats a good place to start
<ze_king> sry, i should rename myself from ze_king to ze_noob ;<
<RoyK> just /nick ze_noob ;)
<ze_noob> :D
<RoyK> :)
<ze_noob> irssi is the shit ;D
<stiv2k> ze_noob yeah it is
<yolanda> leaving for today, bye!
<keithzg> Trying to send a message to all logged in terminal sessions of a specific group, but apparently -g isn't a valid option for the Linux version of "wall" (I swear it is on at least some form of BSD)
<keithzg> is there any alternative, or fix to that?
<sarnold> keithzg: some scripting around write(1)
<sarnold> ?
<RoyK> shouldn't be too hard to parse /etc/group and extract the members ;)
<halvors> RoyK: By default when i'm trying to connect to my mail server using SMTP, i get the error "Relay access denied". But i provide the client with needed login information... How can i fix that?
<keithzg> sarnold, RoyK: good thoughts! Sad that the -g flag is missing, nonetheless. One of the few (only?) times I've longed for something that *BSD has, heh
<RoyK> halvors: you need to allow authenticated users to relay - google should know, I haven't setup such a thing myself, sorry
<sarnold> keithzg: yeah, I've had that kind of feeling before myeslf.. I can't recall which specific feature, but it seemed like something was way easier in bsdland..
<sarnold> hrm, and I don't see an easy getgrent()-based program in man -k getgr that you'd easily use in shell scripting. pity.
<keithzg> alas
<jdstrand> adam_g: fyi, bug #1065187 was fix in http://www.ubuntu.com/usn/usn-1626-1 (I updated the bug)
<uvirtbot> Launchpad bug 1065187 in glance/essex "Non-admin users can cause public glance images to be deleted from the backend storage repository" [Critical,Fix committed] https://launchpad.net/bugs/1065187
<jdstrand> (I updated the bug)
<adam_g> jdstrand: ah thanks. looks like i need to adjust this script to check for security updates like that.
<adam_g> you might see a few more like that, sorry in advance
<jdstrand> ok, no worries
<jdstrand> adam_g: if you are adjusting a script, you might want to consult https://usn.ubuntu.com/usn-db/database-all.json.bz2
<jdstrand> adam_g: there is also database.json.bz2 which contains only active releases of Ubuntu
<adam_g> jdstrand: oh cool. i'll definitely take a look. when you send a out a security update, does a corresponding bug task get filed against the stable release thats being updated?
<jdstrand> adam_g: no. we don't track CVEs in LP for a number of reasons. if a task already exists, we'll reference the bug in the changelog
<jdstrand> assuming we know about it
<jdstrand> adam_g: fyi, bug #1064914 and bug #1079216 were also already fixed (I adjusted the bugs)
<uvirtbot> Launchpad bug 1064914 in keystone/essex "Removing user from a tenant isn't invalidating user access to tenant" [Undecided,Fix committed] https://launchpad.net/bugs/1064914
<uvirtbot> Launchpad bug 1079216 in keystone "token expires time incorrect for auth by one token" [High,Fix committed] https://launchpad.net/bugs/1079216
<qman__> so I have a drive which I want to automatically mount if it's there, but I don't want to stop the system from booting, which it currently is
<qman__> it currently has this in fstab: UUID=[blahblah] /media/backup ext4 auto,relatime 0 0
<smw_> qman__, does using the nofail option work?
<tgm4883> Are there instructions anywhere for adding iscsi storage for libvirt?
<tgm4883> I've been attempting to do it though virt-manager, but it keeps throwing errors.
<Daviey> tgm4883: what error are you seeing?
<tgm4883> Daviey, so in the hostname field, I add the IP address of the NAS, I'm assuming that "Source Path" should be attempting to see what iscsi shares are at that IP
<tgm4883> since there is a browse, but that is all greyed out
<tgm4883> so I put the IQN in that field
<tgm4883> Daviey, basically, I'm at this point http://imagebin.org/238067
<tgm4883> Clicking finish throws "Error creating pool: Could not start storage pool: internal error Child process (/sbin/iscsiadm --mode discovery --type sendtargets --portal 10.87.6.6:3260,1) status unexpected: exit status 1"
<tgm4883> I'm assuming that is because I don't have access to the discovery DB
<tgm4883> if I run that command in the terminal, I get permission denied
<tgm4883> running with sudo works fine though
<tgm4883> so the question then is, if that is the issue, what do I need to add myself access to, and does that need to be done on the server or my local workstation?
<uvirtbot> New bug: #1015731 in nova "resize leave leftover libvirt configs" [Undecided,Confirmed] https://launchpad.net/bugs/1015731
<uvirtbot> New bug: #1023169 in nova "update nova to report quantum floating IPs" [Undecided,Confirmed] https://launchpad.net/bugs/1023169
<uvirtbot> New bug: #1028092 in nova "Resizing a Xen instance with attached volumes fails" [Undecided,Confirmed] https://launchpad.net/bugs/1028092
<uvirtbot> New bug: #1050359 in cinder/folsom "Tests fail on 32bit machines (_get_hash_str is platform dependent)" [Medium,Confirmed] https://launchpad.net/bugs/1050359
<uvirtbot> New bug: #1053441 in nova "Instances in vm state DELETED are preventing compute restart" [Undecided,Confirmed] https://launchpad.net/bugs/1053441
<uvirtbot> New bug: #1055413 in nova "Fail to boot raw image on XenServer" [Undecided,Confirmed] https://launchpad.net/bugs/1055413
<uvirtbot> New bug: #1055431 in nova "Xenserver cannot boot vm_mode=xen type images" [Undecided,Confirmed] https://launchpad.net/bugs/1055431
<uvirtbot> New bug: #1056242 in nova "Cloudpipe extension xml serialization doesn't return the instance(s) data" [Undecided,Confirmed] https://launchpad.net/bugs/1056242
<uvirtbot> New bug: #1056285 in nova "ComputeManager does not provide block_device_info on destroy call in revert_resize" [Undecided,Confirmed] https://launchpad.net/bugs/1056285
<uvirtbot> New bug: #1056380 in nova "deleting security group does not mark rules as deleted" [Undecided,Confirmed] https://launchpad.net/bugs/1056380
<uvirtbot> New bug: #1056601 in nova "deletes fail when instance in RESIZED" [Undecided,Confirmed] https://launchpad.net/bugs/1056601
<uvirtbot> New bug: #1057145 in nova "db tests fail with sqlalchemy 0.7.4" [Undecided,Confirmed] https://launchpad.net/bugs/1057145
<uvirtbot> New bug: #1057196 in nova "IP Protocol for security group should be returned in lower case to be compliant with the ec2 api" [Medium,Confirmed] https://launchpad.net/bugs/1057196
<uvirtbot> New bug: #1057719 in nova "libvirt: concurrent detach_volume and terminate fails" [Undecided,Confirmed] https://launchpad.net/bugs/1057719
<uvirtbot> New bug: #1057730 in nova "libvirt: cannot detach volume from stopped domain" [Undecided,Confirmed] https://launchpad.net/bugs/1057730
<uvirtbot> New bug: #1057844 in quantum "allow multiple floating-ip on single port if they use different fixed ips and/or external nets" [Undecided,Confirmed] https://launchpad.net/bugs/1057844
<uvirtbot> New bug: #1059366 in nova "nova-network cannot re-generate MAC address if collision happen" [Undecided,Confirmed] https://launchpad.net/bugs/1059366
<uvirtbot> New bug: #1064914 in keystone/essex "Removing user from a tenant isn't invalidating user access to tenant" [Undecided,Fix committed] https://launchpad.net/bugs/1064914
<uvirtbot> New bug: #887191 in nova "OS API: XML Namespace Handling Broken" [Undecided,Confirmed] https://launchpad.net/bugs/887191
<uvirtbot> New bug: #1050982 in nova "ensure_default_security_group() does not call sgh" [Undecided,Confirmed] https://launchpad.net/bugs/1050982
<uvirtbot> New bug: #1057069 in nova "trigger_instance[add/remove]_security_group_refresh are never called" [Undecided,Confirmed] https://launchpad.net/bugs/1057069
<uvirtbot> New bug: #1057279 in nova "console auth does not work with memcache, unicode error" [Undecided,Confirmed] https://launchpad.net/bugs/1057279
<uvirtbot> New bug: #1058273 in nova "Snapshotting LXC instance fails" [Undecided,Confirmed] https://launchpad.net/bugs/1058273
<uvirtbot> New bug: #1062033 in nova "nova-compute will assign the same device name if volume-attach continuously " [Undecided,Confirmed] https://launchpad.net/bugs/1062033
<uvirtbot> New bug: #1063851 in nova "metadata service throws 500 - NoSuchOptError" [Undecided,Confirmed] https://launchpad.net/bugs/1063851
<uvirtbot> New bug: #1064524 in nova "Nic Ordering not guaranteed with Quantum API" [Undecided,Confirmed] https://launchpad.net/bugs/1064524
<uvirtbot> New bug: #1064713 in nova "hostname in metadata ends with . if dhcp_domain flag is empty" [Undecided,Confirmed] https://launchpad.net/bugs/1064713
<uvirtbot> New bug: #1065092 in nova "Resource reservation isn't rolled back properly for certain failures during Instance Create" [Undecided,Confirmed] https://launchpad.net/bugs/1065092
<uvirtbot> New bug: #1067214 in nova "forget to release resource when terminate an instance from a failed compute node" [Undecided,Confirmed] https://launchpad.net/bugs/1067214
<uvirtbot> New bug: #1069099 in nova "block device mappings for deleted instances are leaked" [Undecided,Confirmed] https://launchpad.net/bugs/1069099
<uvirtbot> New bug: #1070045 in nova "Nova API does not work with QuantumV2 API subclasses" [Undecided,Confirmed] https://launchpad.net/bugs/1070045
<uvirtbot> New bug: #1070509 in nova "nova-api now requires quantumclient" [Undecided,Confirmed] https://launchpad.net/bugs/1070509
<uvirtbot> New bug: #1071600 in nova "confirm_resize mgr call requires admin context" [Undecided,Confirmed] https://launchpad.net/bugs/1071600
<uvirtbot> New bug: #1073858 in nova "nova-api crashes if it is run with nobody account." [Undecided,Confirmed] https://launchpad.net/bugs/1073858
<uvirtbot> New bug: #1073956 in nova/folsom "Scheduler Race Condition at high volume" [High,Fix released] https://launchpad.net/bugs/1073956
<uvirtbot> New bug: #1078085 in nova "Nova does not delete the LV on LVM backed VMs" [Undecided,Confirmed] https://launchpad.net/bugs/1078085
<uvirtbot> New bug: #1079113 in nova "disk path not exists when using LXC with libvirt_images_type=lvm" [Undecided,Confirmed] https://launchpad.net/bugs/1079113
<uvirtbot> New bug: #1079216 in keystone "token expires time incorrect for auth by one token" [High,Fix committed] https://launchpad.net/bugs/1079216
<uvirtbot> New bug: #1004007 in nova "Incorrect Exception raised during Create server when metadata over 255 characters " [Undecided,Confirmed] https://launchpad.net/bugs/1004007
<uvirtbot> New bug: #1056122 in nova "attach-time field for volumes is not updated for detach volume" [Undecided,Confirmed] https://launchpad.net/bugs/1056122
<uvirtbot> New bug: #1057756 in nova "libvirt: if exception raised during volume_detach, volume state is inconsistent" [Undecided,Confirmed] https://launchpad.net/bugs/1057756
<uvirtbot> New bug: #1060836 in nova "libvirt: detaching volume may fail while terminating other instances on the same host concurrently" [Undecided,Confirmed] https://launchpad.net/bugs/1060836
<uvirtbot> New bug: #1060925 in nova "libvirt: rebuild is not using kernel and ramdisk associated with the new image" [Undecided,Confirmed] https://launchpad.net/bugs/1060925
<uvirtbot> New bug: #1061124 in nova "Enabling Return Reservation ID with XML create server request returns no body " [Undecided,Confirmed] https://launchpad.net/bugs/1061124
<uvirtbot> New bug: #1061499 in nova "API calls to dis-associate an auto-assigned floating IP should return proper warning" [Undecided,Confirmed] https://launchpad.net/bugs/1061499
<uvirtbot> New bug: #1061944 in nova "xen volume auto device selection always picks xvdb" [Undecided,Confirmed] https://launchpad.net/bugs/1061944
<uvirtbot> New bug: #1064083 in nova "xenapi migrations fail w/ swap" [Undecided,Confirmed] https://launchpad.net/bugs/1064083
<uvirtbot> New bug: #1064359 in nova "nova-manage doesn't validate the key value supplied to update the quota" [Undecided,Confirmed] https://launchpad.net/bugs/1064359
<uvirtbot> New bug: #1065053 in nova "Nova backup image fails" [Undecided,Confirmed] https://launchpad.net/bugs/1065053
<uvirtbot> New bug: #1065440 in nova "resize does not migrate DHCP host information" [Undecided,Confirmed] https://launchpad.net/bugs/1065440
<uvirtbot> New bug: #1068716 in nova "Instances deleted during spawn leak network allocations" [Undecided,Confirmed] https://launchpad.net/bugs/1068716
<uvirtbot> New bug: #1071168 in nova "'BackupCreate' should accept rotation parameter greater than or equal to zero" [Undecided,Confirmed] https://launchpad.net/bugs/1071168
<uvirtbot> New bug: #1071595 in nova "finish_resize failures result in NoneType exception" [Undecided,Confirmed] https://launchpad.net/bugs/1071595
<uvirtbot> New bug: #1075017 in nova "libvirt imagecache still runs even if disabled" [Undecided,Confirmed] https://launchpad.net/bugs/1075017
<uvirtbot> New bug: #1076308 in nova "Logging CPU incompatibility when attempting live migration fails" [Undecided,Confirmed] https://launchpad.net/bugs/1076308
<uvirtbot> New bug: #1079387 in nova "413 error code doesn't always provide Retry-After" [Undecided,Confirmed] https://launchpad.net/bugs/1079387
<uvirtbot> New bug: #1081436 in nova "Only return the last N lines of the console log" [Undecided,Confirmed] https://launchpad.net/bugs/1081436
<shauno> Okay, no more sugar for uvirtbot.
<uvirtbot> New bug: #1064765 in quantum "There are some cases that L3 API with an invalid parameter returns 500." [Undecided,Confirmed] https://launchpad.net/bugs/1064765
<uvirtbot> New bug: #1066513 in nova "live_migration missing migrate_data parameter in Hyper-V driver" [Undecided,Confirmed] https://launchpad.net/bugs/1066513
<uvirtbot> New bug: #1066887 in nova "live-migration and volume host assignement" [Undecided,Confirmed] https://launchpad.net/bugs/1066887
<uvirtbot> New bug: #1067669 in quantum "Mapping same bridge to different phyiscal networks succeed" [Undecided,Confirmed] https://launchpad.net/bugs/1067669
<uvirtbot> New bug: #1069573 in nova "Cloudpipe in Folsom: no such option: cnt_vpn_clients" [Undecided,Confirmed] https://launchpad.net/bugs/1069573
<uvirtbot> New bug: #1070138 in nova "admin can't describe all images in ec2 api" [Undecided,Confirmed] https://launchpad.net/bugs/1070138
<uvirtbot> New bug: #1071069 in nova "After restarting an instance volume is lost" [Undecided,Confirmed] https://launchpad.net/bugs/1071069
<uvirtbot> New bug: #1071536 in nova "typo prevents volume_tmp_dir flag from working" [Undecided,Confirmed] https://launchpad.net/bugs/1071536
<uvirtbot> New bug: #1073600 in nova "Compute manager doesn't update 'host' field when it tries to run a VM" [Undecided,Confirmed] https://launchpad.net/bugs/1073600
<uvirtbot> New bug: #1073720 in nova "libvirt reboot sometimes fails to reattach volumes" [Undecided,Confirmed] https://launchpad.net/bugs/1073720
<uvirtbot> New bug: #1073736 in nova "Calls to to_xml() to generate XML for a soft deleted flavor fail" [Undecided,Confirmed] https://launchpad.net/bugs/1073736
<uvirtbot> New bug: #1073999 in quantum "Quantum service does not restart after reboot" [Undecided,Confirmed] https://launchpad.net/bugs/1073999
<uvirtbot> New bug: #1074437 in nova "disassociate_floating_ip with multi_host=True fails" [Undecided,Confirmed] https://launchpad.net/bugs/1074437
<uvirtbot> New bug: #1075018 in nova "libvirt imagecache should handle shared image storage" [Undecided,Confirmed] https://launchpad.net/bugs/1075018
<uvirtbot> New bug: #1075859 in nova/essex "use_single_default_gateway does not function correctly" [Medium,In progress] https://launchpad.net/bugs/1075859
<uvirtbot> New bug: #1078718 in nova "Fixed IP isn't released before updating DHCP host file" [Undecided,Confirmed] https://launchpad.net/bugs/1078718
<uvirtbot> New bug: #1080406 in nova "DisassociateAddress can cause Internal Server Error" [Undecided,Confirmed] https://launchpad.net/bugs/1080406
<uvirtbot> New bug: #1083818 in nova "Detached and deleted RBD volumes remain associated with insance" [Undecided,Confirmed] https://launchpad.net/bugs/1083818
<uvirtbot> New bug: #1053633 in quantum "external network can be plugged also as internal network for one router" [Undecided,Confirmed] https://launchpad.net/bugs/1053633
<uvirtbot> New bug: #1060389 in keystone "Non PKI Tokens longer than 32 characters can never be valid" [Undecided,Confirmed] https://launchpad.net/bugs/1060389
<uvirtbot> New bug: #1062046 in quantum "There is a lot of cases that API with an invalid parameter returns 500." [Undecided,Confirmed] https://launchpad.net/bugs/1062046
<uvirtbot> New bug: #1065276 in quantum "Quantum test suite leaks memory like a sieve" [Undecided,Confirmed] https://launchpad.net/bugs/1065276
<uvirtbot> New bug: #1067959 in quantum "When create subnet, you con set up the value as cidr (the value isn't cidr form)." [Undecided,Confirmed] https://launchpad.net/bugs/1067959
<uvirtbot> New bug: #1068674 in keystone "Redo part of bp/sql-identiy-pam undone by bug 968519" [Undecided,Confirmed] https://launchpad.net/bugs/1068674
<uvirtbot> New bug: #1068851 in keystone "Openssl tests rely on expired certificate" [Undecided,Confirmed] https://launchpad.net/bugs/1068851
<uvirtbot> New bug: #1073768 in quantum "killfilter should handle updated/deleted executables" [Undecided,Confirmed] https://launchpad.net/bugs/1073768
<uvirtbot> New bug: #1075369 in quantum "getting quotas from database has severe performance implications" [Undecided,Confirmed] https://launchpad.net/bugs/1075369
<uvirtbot> New bug: #1077292 in quantum "fixed_ip allocation which is not included within allocation_pools makes error when delete port or re-create port" [Undecided,Confirmed] https://launchpad.net/bugs/1077292
<uvirtbot> New bug: #1077651 in quantum "Unauthorized command: cat /proc/None/cmdline" [Undecided,Confirmed] https://launchpad.net/bugs/1077651
<uvirtbot> New bug: #1078210 in quantum "Quantum linux bridge not optimized with libvirt" [Undecided,Confirmed] https://launchpad.net/bugs/1078210
<uvirtbot> New bug: #1079980 in quantum "Delete port fails to gateway ip" [Undecided,Confirmed] https://launchpad.net/bugs/1079980
<uvirtbot> New bug: #1080516 in quantum "delete floatingip should be in one transaction to delete port" [Undecided,Confirmed] https://launchpad.net/bugs/1080516
<uvirtbot> New bug: #1080793 in quantum "python-quantum: not region aware" [Undecided,Confirmed] https://launchpad.net/bugs/1080793
<uvirtbot> New bug: #1080988 in quantum "clear_db() does incomplete db teardown" [Undecided,Confirmed] https://launchpad.net/bugs/1080988
<uvirtbot> New bug: #1081664 in quantum "At times a instance will not receive an IP address from the DHCP agent" [Undecided,Confirmed] https://launchpad.net/bugs/1081664
<uvirtbot> New bug: #1083238 in quantum "There are routing problems when the dnsmasq port does not come first in the routing table" [Undecided,Confirmed] https://launchpad.net/bugs/1083238
<uvirtbot> New bug: #1083387 in quantum "failed to update an external network into non external network" [Undecided,Confirmed] https://launchpad.net/bugs/1083387
<uvirtbot> New bug: #1056420 in glance "nosetest options cause no such option errors" [Undecided,Confirmed] https://launchpad.net/bugs/1056420
<uvirtbot> New bug: #1059634 in glance "Badly named stable/folsom Glance tarballs" [Undecided,Confirmed] https://launchpad.net/bugs/1059634
<uvirtbot> New bug: #1060930 in glance "Admin can update metadata of a deleted image" [Undecided,Confirmed] https://launchpad.net/bugs/1060930
<uvirtbot> New bug: #1060944 in glance "v1 API returns 200 OK when an admin deletes a deleted image" [Undecided,Confirmed] https://launchpad.net/bugs/1060944
<uvirtbot> New bug: #1065187 in glance/essex "Non-admin users can cause public glance images to be deleted from the backend storage repository" [Critical,Fix committed] https://launchpad.net/bugs/1065187
<uvirtbot> New bug: #1065758 in glance "No exclude option to skip tests in run_tests.sh" [Undecided,Confirmed] https://launchpad.net/bugs/1065758
<uvirtbot> New bug: #1073569 in glance "Jenkins jobs fail because of incompatibility between sqlalchemy-migrate and the newest sqlalchemy-0.8.0b1" [Undecided,Confirmed] https://launchpad.net/bugs/1073569
<uvirtbot> New bug: #1076216 in horizon "Edit image popup public checkbox not pulling in value" [Undecided,Confirmed] https://launchpad.net/bugs/1076216
<uvirtbot> New bug: #1076506 in glance "Non-admin users can cause public glance images to be deleted from the backend storage repository in the v2 api" [Undecided,Confirmed] https://launchpad.net/bugs/1076506
<uvirtbot> New bug: #1078497 in keystone "keystone throws error when removing user from tenant." [Undecided,Confirmed] https://launchpad.net/bugs/1078497
<uvirtbot> New bug: #1086151 in nagios-plugins (main) "Nagios utils.pm has wrong default path to rpcinfo" [Undecided,New] https://launchpad.net/bugs/1086151
<tgm4883> well this seems broke
<uvirtbot> New bug: #1071446 in glance "admins can see deleted images in v2 api" [Undecided,Confirmed] https://launchpad.net/bugs/1071446
<uvirtbot> New bug: #1075580 in glance "Glance image-delete HTTPInternalServerError HTTP 500" [Undecided,Confirmed] https://launchpad.net/bugs/1075580
<uvirtbot> New bug: #1085593 in bind9 (main) "bind 9.8.1-P1 crashes with an assertion failure" [High,Confirmed] https://launchpad.net/bugs/1085593
<uvirtbot> New bug: #1086016 in sysstat (main) "iostat does not report load on individual partitions within RAID10 block device" [Undecided,New] https://launchpad.net/bugs/1086016
<uvirtbot> New bug: #1060255 in nova "Host field set too early during builds" [Undecided,Confirmed] https://launchpad.net/bugs/1060255
<uvirtbot> New bug: #1060363 in nova "Resource tracker uses regex DB query too often" [Undecided,Confirmed] https://launchpad.net/bugs/1060363
<halvors> I'm unable to connect to my mailserver (Postfix) using SMTP port 25, but Submission port 587 works just fine, is client connections on port 25 somehow disabled by default in Ubuntu?
<JanC> halvors: are you sure it's not your ISP blocking outgoing port 25 (except for their own mail relay)?
<fission6> i am in need of serious help
<fission6> i think one of my servers has been hacked and i have no idea where to start
<JanC> why do you think that?
<fission6> JanC: i have a ticket opened in linode for TOS violation SSH brute force and a mysterious folder and a HoneyPot kippo logging thing, all of which i am trying to make sense of
<JanC> fission6: sounds like you probably want to re-install the server then  âº
<sarnold> fission6: best is to take the server offline, re-deploy the services from backups, and investigate the hacked machine's hard drive offline...
<JanC> (and keep it more secure next time)
<fission6> i'd like to understand what happened
<JanC> sarnold: linode = VPS
<fission6> i am also in a rut where i did not back it up
<sarnold> fission6: you wouldn't want to inspect that drive in any way from a machine you care about, since the ontents of the system may be able to further crack your inspection tools
<fission6> i want to understand what happened
<sarnold> JanC: oh, I missed that, I never saw him say linode...
<fission6> is there a security channel or something i can review?
<JanC> fission6: what do you need backups of?
<sarnold> fission6: there's a few on #oss-security; I don't know for sure that it is on-topic, but it won't hurt to ask :)
<fission6> mongo and mysql, i feel safe with dumbs from them
<fission6> and images
<fission6> damn this is gonan be a nightmare
<fission6> its funny because for the last 2 weeks i have been debating using lingoes backup
<fission6> linodes
<JanC> you have no backup at all?
<fission6> not really
<JanC> I think that making a database dump should be fairly safe, especially if you check that there is nothing weird in it
<fission6> yea i think so too
<JanC> although, you can never be 100% sure...
<JanC> certainly check all the database users & their permissions
<JanC> (maybe don't dump those at all, or separately)
<JanC> checking images might be more complicated
<fission6> man i can't believe this
<fission6> i just want to understand what happened exactly
<fission6> i really like don't understand...
<JanC> fission6: what applications did you run on it that can be accessed from the outside (web, sshd, ...?)
<ScottK> first priority should be to salvage what you can.  Since it's a VPS, you'll probably never have enough information to know for sure.
<sarnold> .. though if that mysql was remotely accessible, it'd be a good bet.
<fission6> mysql wasn't remotely accessible, i think it was via ssh i mean i don't know i would think i would shave a log or something
<sarnold> oh right, the ssh brute forcing. yeah, if you used password authentication, that can also be a source of trouble.
<JanC> it does (but if an attacker get root he/she can remove/change the logs of course)
<hallyn> stgraber: around?
<JanC> using password auth for ssh is usually not such a good idea...
<hallyn> preferences question...  clearly we want command line specified logfile/loglevel to trump what is in lxc.conf.  But,
<hallyn> if logfile is present in both, do we want lxc_conf to store the command-line specified (active) log file, or the one in lxc_conf?
<hallyn> I guess it has to be lxc_conf
<hallyn> so what is in lxc_conf may not reflect what's going on
<JanC> fission6: were you using any webapps?
<hallyn> all right, that's settled, will dothath:)
<stgraber> hallyn: :)
<fission6> JanC: what do you mean specifically?
<sarnold> hallyn :)
<JanC> fission6: some webapps are known for their security issues  âº
<stgraber> hallyn: the command line should be an override of the container's config and we shouldn't try to change the config file unless the user explicitly wants us to, so yeah, it's possible that there will be running containers saving log entries somewhere else than what's defined in their config, but in such case, the lxc-start command line will let you find out where anyway
<hallyn> stgraber: +1 :)  bbl
<webfox> Hello folks!
<webfox> Could someone help me figure how to verify which keyboard layout is my machine using right now please ?
<webfox> Could someone help me figure how to verify which keyboard layout is my machine using right now please ?
#ubuntu-server 2012-12-04
<webfox> Could someone help me reduce and keep it reduced after boot the console fonts please ?
<hallyn> stgraber: trying out your daily lxc build.  lxc-ls doesn't work :(
<halvors> JanC: No i know that. I'm sending outgoing SMTP traffic from my server via the ISP's relay. What's the problem is that i cannot connect, authenticate and send from it. I use the mail-stack-delivery package :) The host is s1.halvors.org telneting it on port 25 works just fine :)
<stgraber> hallyn: how so?
<stgraber> hallyn: it's still the old upstream shell version as my python implementation hasn't been acked yet :)
<webfox> Could someone help me reduce and keep it reduced after boot the console fonts please ?
<hallyn> stgraber: it doesnt' show running containers :(
<hallyn> were there objections to the python version?
<hallyn> all right lemme review right now :)
<stgraber> hallyn: the only objection was about removing the shell version which I'll try to avoid doing (by adding some magic installing the python versions when possible and otherwise falling back to shell)
<stgraber> hallyn: lxc-ls --active is what you want I believe
<stgraber> hallyn: upstream's lxc-ls doesn't give you the same output as Debian's
<hallyn> stgraber: no --active gave me junk
<qman__> smw, thanks, that's what I was looking for
<TheOnionRack> I've just installed Ubuntu 12.10 Server onto my VPS, and I've found that it's running Apache2 and Samba out of the box. Is that really the default behaviour, or is that something that my VPS provider has done to their VM image? It seems really odd to me that Ubuntu would ship the server with those services preinstalled and already running.
<sarnold> TheOnionRack: that'd be something your VPS did for you
<JanC> it's not the default
<TheOnionRack> I thought that
<TheOnionRack> I wonder what else they've changed
<sarnold> https://wiki.ubuntu.com/Security/Features#ports
<JanC> also, running Samba by default on a public VPS sounds stupid...
<sarnold> ++
<TheOnionRack> Yeah. That's what I thought. It has home shares set to read only by default :O
<sarnold> maybe they're selling "pre-made cloud for you and your windows friends!" or something, but it seems strange...
<sarnold> I'd expect OpenSSH, because it's the easiest way to make anything else work :) but that's it.
<TheOnionRack> It has openssh running out of the box along with bind
<JanC> certainly nothing else should listen externally
<TheOnionRack> but it's not marketed as a cloud VPS, it's just bog-standard VPS
<JanC> is samba actually configured to listen publicly?
<TheOnionRack> yeah
<TheOnionRack> you can mount \\vps.example.com\username and browse that user's homeshare (read only)
<TheOnionRack> across the internet
<TheOnionRack> It's kinda mindblowing
<JanC> I wonder why ISPs insist on changing distro images at all...
<JanC> except maybe if something is needed for the hardware or such
<sarnold> JanC: that's almost a sign that they need better hardware :)
<sarnold> TheOnionRack: very yikes,
<sarnold> TheOnionRack: if it were tied to _your_ IP that'd be a little less scary
<sarnold> but I'd be reluctant to ever use a mahcine that'd run samba on a public-facing IP -- I'm not sure I'd ever trust it to not be pre-rooted.
<pndemc> Is there a way to wget an entire directory and all of its contents?
<sarnold> pndemc: --mirror --no-parent is probably what you're after
<pndemc> sarnold, that looks for an index.html, I just have a bunch of files in the folder that I need it to download
<sarnold> pndemc: how else would the client discover the names of the files to request?
<pndemc> they are not being hidden, simple accessing the directory should reveal the contents
<pndemc> it does in the browser
<sarnold> and your webserver does not automatically generate a directory listing?
<pndemc> it does
<pndemc> wget is not picking up on it I guess though
<sarnold> hrm. I've nevre had a problem with wget --mirror --no-parent http://server/path/to/foo/ -- where there was no index.html, but the server generated one for me...
<sarnold> normally apache generates six different stupid views, and wget will download all six of them, it feels like an utter waste of time :)
<pndemc> sarnold, "domain.com/downloads/tf: No such file or directorydomain.com/downloads/tf/index.html: No such file or directory
<pndemc> "
<pndemc> sarnold, as you can see it's looking specificly for index.html
<sarnold> pndemc: how about domain.com/downloads/tf/   ?
<sarnold> (trailing slash)
<pndemc> sarnold, same error
<sarnold> pndemc: no kidding :(
<ekaj> I installed the KDE desktop on ubuntu server, and I can't figure out how to run Dolphin as root - does anyone have any suggestions?
<sarnold> ekaj: sudo dolphin  ?
<ekaj> Ah sorry, it threw errors so I assumed it didn't work, but it did
<sarnold> a great many kde programs spew a giant pile of debugging information to standard out or standard error, but continue to work just fine...
<sarnold> I find it uesful to run the 'first' KDE program in a terminal window, then minimize that terminal, and run everything else from another terminal -- the messages all come from the first one (which starts the kdeinit process)
<ScottK> If ekaj comes back, tell him Dolphin wasn't designed to run as root.  If he wants to run a KDE based GUI file manager as root, he should use Krusader.
<sarnold> thanks ScottK :)
<jamespage> morning all
<philipballew> is running ksplise on my home server a bad idea?
<philipballew> by bad idea I mean, is it gonna mess up my system?
<sarnold> philipballew: what's ksplise?
<philipballew> sarnold, http://www.ksplice.com/
<sarnold> woah, this things still around?
<philipballew> sarnold, apparently
<iliv> hi
<iliv> I need to run apt-get -s dist-upgrade on hardy for scripting purporses over ssh, but it wants me to do it via sudo
<iliv> precise, for example, doesn't care about sudo and let's you run apt-get/aptitude
<iliv> I'd like to be able to do the same with hardy
<iliv> any ideas how?
<Jeeves_> visudo NOPASSWD
<iliv> Jeeves_, the point is, precise doesn't care about sudo at all. You could just run apt-get -s dist-upgrade
<iliv> I don't like your suggestion because it means writing code for just one host
<iliv> I've got mostly precise servers
<Jeeves_> iliv: It's your call. I just gave you a suggestion
<iliv> Jeeves_, right
<uvirtbot> New bug: #1086244 in lxc (universe) "lxc-stop on precise:  'phys' interface does not come back after lxc-stop" [Undecided,New] https://launchpad.net/bugs/1086244
<uvirtbot> New bug: #1086328 in php5 (main) "package php5-common 5.4.6-1ubuntu1.1 failed to install/upgrade: package php5-common is already installed and configured" [Undecided,New] https://launchpad.net/bugs/1086328
<uvirtbot> New bug: #1079002 in cloud-init "Sudoers writing broken when string" [Medium,Fix committed] https://launchpad.net/bugs/1079002
<roaksoax> jamespage: howdy
<jamespage> hey roaksoax
<roaksoax> jamespage: so looking at the quantum-gateway charm
<roaksoax> jamespage: we only need HA when using OVS then?
<roaksoax> jamespage: or in all cases?
<jamespage> roaksoax, hmm
<jamespage> roaksoax, that charm may only be required when using the ovs plugin
<roaksoax> jamespage: right, since I see that charm installs different packages for OVS and NVP
<jamespage> roaksoax, however as I've not actually worked with any of the other plugins as yet
<jamespage> I'm not 100% certain
<yolanda> jamespage, zul, is the merge proposal i have pending for Quantum very urgent? quite busy today....
<jamespage> roaksoax, that may be fud
<roaksoax> jamespage: right, so: utils.install(*qutils.GATEWAY_PKGS[PLUGIN])
<roaksoax> the OVS plugin is the one that install the l3-agent and dhcp-agent
<zul> yolanda: nah
<jamespage> roaksoax, yes; the nvp one is not populated because I simply don't know yet
<jamespage> need to RTFM
<yolanda> ok
<roaksoax> jamespage: alright, my questions was based on the fact that in the ha-relation-joined we don't need to send cluster data if the plugin is not OVS
<jamespage> roaksoax, right now - yes
<roaksoax> jamespage: ack!
<jamespage> Daviey,  * radosgw: openstack keystone integration
<jamespage> made it into ceph 0.55
<jamespage> 0.56 will be the next LTS
<hallyn> kirkland: you have a kill-a-watt or somesuch right?  What do you measure as the difference in draw in a normal laptop when idle and doing a package upgrade?
<hallyn> stgraber: I'm goign to push the two patches from yesterday (rsync -H) to staging, unless you have a comment?
<stgraber> hallyn: I must admit I didn't really follow that thread but it looks like everyone agrees now? if so, fine :)
<hallyn> k
<zul> jamespage: https://code.launchpad.net/~zulcss/nova/nova-testsuite-fix/+merge/137652
<hallyn> stgraber: have you used lxc.network.type = phys?  I'm a little surprised lxc hasn't been renaming the nic on shutdown all this time...
<stgraber> hallyn: nope, never used it. I actually started working on adding network devices support to lxc-device yesterday, though for lxc-device, there's no way the name can be restored on container exit...
<hallyn> ok, just testing to see if my naive lazy attempt at renaming works
<stgraber> hallyn: I think that at some point I'll want the equivalent of lxc-device in the API so that lxc can do the right thing on shutdown (at least for network devices), but it's not really a priority
<stgraber> hallyn: basically having some call to pass a new network device from the host to the container, renaming it in the process and adding it to the list of interfaces to rename back on shutdown
<tgm4883> What is the best way to add iscsi storage to libvirt?
<tgm4883> There doesn't seem to be any good docs on it and it fails in virt-manager
<stgraber> hallyn: hey, so I've been looking at your patch for the loglevel stuff. Is it me misreading or are you always doing lxc_log_priority_to_string() on the value, even though config_loglevel supports both strings and digits?
<hallyn> stgraber: i store an int in the conf
<hallyn> config_loglevel, if i didn't mess up, shoudl store an int
<stgraber> hallyn: oh, I see c->loglevel is an int and config_loglevel requires a char*
<stgraber> ok, makes sense, I'll ack it :)
<hallyn> stgraber: suppose i could store the const char* in config...
<hallyn> thanks
 * hallyn back to server mtg :)
<uvirtbot> New bug: #1086466 in asterisk (universe) "asterisk 1.8 ringall strategy in queues causes non-answering agents to exit out of Dial() even with 'g' option" [Undecided,New] https://launchpad.net/bugs/1086466
<ttx> smoser: http://www.cloudbase.it/cloud-init-for-windows-instances/
<RoyK> oh, does ubuntu support asterisk these days - that's some task ;)
<smoser> yeah, i just saw that.
<smoser> apiolitti asked me if i'd accept windows patches.
<RoyK> windows?
<RoyK> oh, there's a windows version of * now, it seems
<RoyK> must be wonderful
<RoyK> mixing the spaghetti code of asterisk with windows - two negatives must make a positive, right? http://karlsbakk.net/fun/asterisk-installation.wav
<stgraber> hallyn: submitted the patch to allow shipping "legacy" scripts in lxc
<hallyn> stgraber: cool
<hallyn> stgraber: other than high prio/critical bugs, for now my plan is to push fixes to github and let the fix roll into raring with the next merge
<stgraber> hallyn: that's what I've been doing for a while. Anyway, we should be getting alpha1 next week, so really not worth the effort of making patches for ubuntu
<hallyn> stgraber: jinkeys, the error paths in lxc_spawn() are pretty messed up.
<bjf> arosales, you asked about kernel tests using utah? the answer is no.
<arosales> bjf: roger that. Thanks for the reply.
<bjf> arosales, np
<bjf> arosales, any particular reason for the question?
<arosales> it was a follow on comment smb actually had at todays ubuntu-server IRC meeting.
<arosales> sorr bjf^
<streulma> hello, is there a ppa for PHP 5.3 Daily builds on Ubuntu?
<stgraber> hallyn: I'm going to trigger a daily of lxc very soon, want your nic renaming patch in there?
<stgraber> hallyn: I did a quick review and just posted a single question on the list about it
<RoyK> isn't php 5.3 in upstream?
<zul> hallyn: getting the new qemu to test now
<zul> hallyn: :( http://pastebin.ubuntu.com/1410947/
<tdelam> Hi, I've installed Ubuntu 12.04 LTS server on my server (go figure!) it's been running for a while now and it's merely a web proxy server, it drops connection sporadically ( every few days or weeks ), I can't figure out why. Can anyone recommend a few reasons or things to look for as to why this is happening?
<sarnold> tdelam: anything in the proxy logs? anything in dmesg?
<tdelam> sarnold: no, nothing out of the ordinary
<tdelam> dmesg was the first place i looked
<tdelam> typical stuff that happens on boot
<sarnold> tdelam: are there a handful of long-lived connections that die? or dozens or hundreds or thousands of short-lived connections that die?
<tdelam> sarnold: one long-lived one
<sarnold> tdelam: is there a NAT firewall between the two peers?
<tdelam> yes, cisco PIX, i've ruled that out being that hundreds would go down if it were that device.
<tdelam> once the connection was dropped, I was able to SSH while local and test outgoing connections, those were the not responsive
<sarnold> tdelam: how long is that connection idle when the connection dies? Many NAT firewalls impose an inactivity timeout, and it's often very short
<sarnold> is it ever idle? sometimes idle? idles for two hours sometimes?
<tdelam> sarnold: ms, it's a web proxy for an ISP site which has a lot of traffic.
<tdelam> no, never
<sarnold> damn. :D
<sarnold> tdelam: any chance that pix has logs around the time the connection drops?
<tdelam> ;) it' very weird.
<hallyn> zul: what the heck?  those were supposed to conflict+replace
<tdelam> sarnold: there could be, I haven't checked and to be honest that pix is managed by a 3rd party vendor oddly.
<tdelam> i ruled out the pix considering the fact that all others would drop. I could get someone to login to check the logs though
<sarnold> tdelam: hrm, thjat's an unfortunate complication, but one that makes a certain amount of sense. (I wouldn't want to manage a cisco machine, I don't have the first clue where to start with them. hehe.)
<tdelam> its not fun
<tdelam> if it were hardware dmesg would report it right?
<hallyn> zul: guess i need to add some.  sorry about that.  trying another push
<sarnold> tdelam: you could throw tcpdump on one or both peer and try logging the details of the connection .. maybe some simple grep filtering to knock out the most common packets, or some way to save only the most recent ten minutes or ten thousand packets or something. oof.
<sarnold> tdelam: probably. check also the /var/log/mcelog -- if you've got the mcelog package installed and and MCE happened, it'll log verbose messages there...
<tdelam> ok
<zul> hallyn: otherwise looks ok
<hallyn> zul: new version pushed (but i'm not convinced it's ok)
<hallyn> zul: ok, thanks.  you just had qemu-kvm installed and did apt-get dist-upgrade?
<zul> right
<hallyn> <frown> swear i did that...
<hallyn> ok i'll test that once it builds, then if it's ok ask you to try one more time to make sur ei'm not doing something funky
<hallyn> heck, might be easier to just port the source to 1.3 :)
<hallyn> that'll fix the -z versioning crap too
<hallyn> which btw i'm not sure how to handle when p ushign to the archive.  is there a precedent for that?
<hallyn> stgraber: didn't say it in the email, but pushed the physical nic renaming change into staging with your comment fixed, thanks
<stgraber> hallyn: was just about to ask you if you did :) good
<lvmer> I've got a kind of annoying question... I'm about 3 weeks into ubuntu-server, & I'm struggling with a 'custom program' install. I'm trying to install & configure minidlna-transcode  alongside: minidlna, imagemagick, & ffmpeg.
<lvmer> Information on 'minidlna-transcode' can be found here: https://bitbucket.org/stativ/minidlna-transcode    (for reference)
<lvmer> is there an easy way to page down to your next search term in a 'man' file? or do I just /searchterm   then press f repeatedly to find the highlights myself?
<sarnold> lvmer: 'n'
<sarnold> lvmer: N will go backwards
<sarnold> lvmer: ? will start searching backwards; in that case, n will keep going backwards and N will then go forwards
<lvmer> sarnold: thank you again. :)  it worked perfectly. No more manual hunting xD
<lvmer> do you have any advice on installing a custom program or compiling it? like minidlna-transcode? by chance? xD
<sarnold> lvmer: normally, you follow the untar, ./configure --prefix=/usr/local ; make ; sudo make install   dance -- you lose the distro packaging, but most things support the autotools ./configure script
<lvmer> yah he said it supports ./autogen.sh and ./configure & make & make install
<lvmer> I've just never done it before so I'm a little hesitant on all of it
<lvmer> I was afk, because I had a firewall protocol warning & had to fix it. xD
<uvirtbot> New bug: #1086568 in etckeeper (main) "`etckeeper --help` fails with `No manual entry for etceeper` (sic)" [Undecided,New] https://launchpad.net/bugs/1086568
<jamespage> adam_g, I think I've changed my mind about the network-manager config in the nova-compute charm
<adam_g> jamespage: o rly? :)
<adam_g> jamespage: you prefer to keep it set as a config option in both places?
<jamespage> adam_g, I going to sleep on it and take another look tomorrow....
<lvmer> sarnold: no such file:  ./configure
<adam_g> jamespage: okay. also, did you say there was some discussion somewhere recently about kombu / rabbit HA wrt nova?
<sarnold> lvmer: heh, not all programs supply a ./configure -- you should figure out how to modify the build scripts for your program to install it into a directory of your choosing, so you can install it into /usr/local or ~/local/miniwhatever...
<lvmer> http://paste.kde.org/619832/
<lvmer> sarnold: yah I'm running into an './autogen.sh' problem
<lvmer> I had to install a bunch of packages: libtool autopoint autoconf automake
<sarnold> that's too bad, quite often the software distributor will do that for you
<lvmer> this is a fairly small package or w\e
<lvmer> for dlna transcoding with 'minidlna' which happens to be one of the only working dlna's for my tv at the moment. :/
<lvmer> What do you think I am missing?
<lvmer> I have to install AM_ICONV && AM_GNU_GETTEXT ?
<sarnold> lvmer: try installing libc6-dev
<lvmer> already installed
<lvmer> 0 upgraded 0 newly installed 0 remove 0 not upgraded
<stgraber> hallyn: and a bunch more python changes for your review :) making lxc-device a lot more useful and allowing for non-root lxc-ls
<hallyn> stgraber: cool.  one reviewed, other may have to wait.  good ngiht
<stgraber> hallyn: ok, good night
<hallyn> (cause the lxc-ls one looks complicated :)
<uvirtbot> New bug: #1086598 in tomcat7 (main) "Bad DBCP and JDBC jar, DBCP missing" [Undecided,New] https://launchpad.net/bugs/1086598
<stgraber> hallyn: it's actually much less complicated than the lxc-device one :)
<lvmer> sarnold: still no luck xD  I emailed the creator. Can't find anything on 'm4_pattern_allow' in the configs. :/
<stgraber> hallyn: just moving code around and changing the loop to only grab the object if absolutely needed
<sarnold> lvmer: the solution will be easier than that; it'll proabably just be installing one or another package. I just don't know which one, nor do I know off-hand how to figure out what to install.
<lvmer> sarnold: ah.. well I did try 'autotools-dev' && 'autogen'  but still no luck
<sarnold> lvmer: is there no README with good details? :)
<lvmer> no lol. I asked already :(
<sarnold> be sure to contribute back a README with details on the pakages to install :) the next guy will thank you
<lvmer> I am already making one
<lvmer> sarnold: :)
<sarnold> yay
<lvmer> sarnold: actually lol I did find part of one brb... lmao
<lvmer> sarnold: if I have a file:  new.txt    & it contains: sudo apt-get install libexif 12 libjpeg 62 libid3tag 0 libFLAC 8 libvorbis 0a libvorbisenc2 libsqlite3-0 libavformat53 libavformat-extra-53       how do I run said file?
<sarnold> lvmer: with those spurious numbers in there your best bet is probably to just copy-and-paste the package names out by hand
<lvmer> do I save the file as .sh?
<sarnold> lvmer: mv new.txt new.sh
<lvmer> yah that moves it
<lvmer> how do I run the command inside though?
<sarnold> lvmer: sh new.sh  or sh new.txt
<lvmer> bash
<lvmer> xD got it
#ubuntu-server 2012-12-05
<lvmer> sarnold: almost got it:  http://paste.kde.org/619844/
<sarnold> lvmer: that looks like you're in the wrong directory
<lvmer> ? is that bad? what do you mean?
<lvmer> that's where I copied the file
<lvmer> it has to be in usr/local ?
<sarnold> lvmer: the compiled program should be in /usr/local
<sarnold> lvmer: the sourc code should in a directory in your home directory :)
<lvmer> hum
<lvmer> sarnold: I'm a little lost
<lvmer> $ sudo cpdir -R /share/share/minidlna-transcode  /usr/local     ??
<sarnold> oh /share/share/ that's odd, hehe :)
<sarnold> what's /share ? :)
<lvmer> smb share
<lvmer> oh
<lvmer> um /share is invisible
<lvmer> root / root
<lvmer> the /share/share is the samba share for the server
<lvmer> just easier for me to remember
<lvmer> than some other random directory
<lvmer> lol
<lvmer> sarnold: so do I have to move it?
<sarnold> lvmer: no, but you should 'cd /share/share/minidlna-transcode', the run ./autogen.sh
<lvmer> 10-4
<lvmer> same error
<lvmer> http://paste.kde.org/619856/
<sarnold> hrm...
<escott> lvmer, don't build as root
<escott> lvmer, unpack that tarball to your unpriv'ed $HOME build it there
<lvmer> escott: o  :/   /user/local ?
<lvmer> /home/john ?
<escott> lvmer, no /home/username/subdir
<escott> lvmer, building as root isn't necessary
<lvmer> 10-4
<lvmer> sarnold: still failing though... :(  http://paste.kde.org/619862/
<escott> lvmer, if you sudo mv you need to follow that with a sudo chown -R username:username
<escott> never see you did that
<lvmer> ^^ I did
<uvirtbot> lvmer: Error: "^" is not a valid command.
<lvmer> I did ^^
<lvmer> john@UBUNTUSERVER:~$ sudo chown -R john:john /home/john/subdir
<lvmer> username:group
<sarnold> lvmer: is there a Makefile.am.in or something?
<lvmer> there is a makefile.am
<lvmer> OMG
<lvmer> IT'S CALLED  "Makefile.am"
<lvmer> wtf!
<escott> lvmer, is it makefile.am or Makefile.am
<escott> lvmer, it should be the later
<lvmer> escott: you sure?
<lvmer> oh yah you are right
<lvmer> but that is the error
<lvmer> hum
<lvmer> brb maybe it changed case
<lvmer> yup changed case
<lvmer> wow
<escott> lvmer, is this something from windows. perhaps the person wrote the script for a non-case sensitive os
<escott> lvmer, grep makefile autogen.sh
<lvmer> my server did: preserve-case=no  && default-case=lower
<lvmer> .............. failzzzzz
<escott> or that
<sarnold> lvmer: oh hahaha
<sarnold> lvmer: hahaha
<sarnold> lvmer: you put yuour data on a samba share.
<sarnold> *sigh*
<sarnold> I'm sorry man. I should have noticed that right away twenty minutes ago. :(
<lvmer> sarnold: no problem man... literally you get 99% of my problems solved in 2 seconds
<lvmer> sarnold: glad I had someone to share my frustration with. :)
<sarnold> escott: hehe, if you hadn't kept the line on compiling it in his homedir, who knows how long this would have taken. nice. :)
<escott> sarnold, best practice is what it is for a reason
<lvmer> yah crap.... now I got to figure out how to get the file to my home directory
<lvmer> all the 'cases' are messed up
<lvmer> I've got the zip file & win rar on my home pc... should I tar it? and copy to /share/share   then mv to /home/john/subdir/   & then untar?
<escott> lvmer, just get a new tarball
<lvmer> tarball?
<escott> lvmer, zip or whatever. just unpack it in your home directory
<escott> lvmer, the zip will contain the correct case
<lvmer> what's the command for that? lol
<lvmer> I can't get this to work:  $ sudo rmdir --ignore-fail-on-non-empty  /home/john/subdir/
<escott> lvmer, rm -rf ~/subdir
<escott> no need for sudo. you own it
<escott> lvmer, and to unzip a zip the command is "unzip"
<lvmer> escott: ah you are soooo pro
<lvmer> lol ok
<lvmer> not installed, should I install 'zip' or 'unzip' ?
<lvmer> nvm lol
<lvmer> libavutil headers not found or not usable, & I do have libavutil51 installed
<sarnold> lvmer: install the libavutil51-dev package
<lvmer> libavcodec -same erorr. I assume same solution. xD ty sarnold
<sarnold> lvmer: exactly :)
<sarnold> sometimes it can be difficult to figure out which exact -dev package you're missing, but most of the time it's not too rough
<escott> lvmer, you can grep through the program for #includes and then use apt-file to figure out what dev package you need
<sarnold> in the cases where it is difficult, the 'apt-file' tool can be handy. (Though if you don't think you'll remembre the name, the packages.ubuntu.com webpage is good enough)
<lvmer> sarnold: zomg I've installed like 3 billion packages
<lvmer> sarnold: the self-made readme.txt is getting big xD
<escott> lvmer, it may help to just install a meta-dev package
<lvmer> meta-dev?
<sarnold> lvmer: have you run "apt-get install build-essential" yet?
<escott> lvmer,  apt-cache search metapackage | grep dev
<escott> sarnold, he would have had to to get autotools
<sarnold> escott: .. or install those by hand one at a time..
<lvmer> I installed them 1 at a time
<escott> sarnold, sure he might have
<lvmer> by hand
<sarnold> escott: neat metapackages | grep dev, never seen these before :)
<lvmer> what am I supposed to be doing here lol
<escott> lvmer, this think you are installing what is it? kde something?
<sarnold> escott: it's an on-the-fly video converter
<sarnold> I do'nt htnk any of these would be a big time saver :/
<escott> lvmer, if you were building a kde application with a gui i would recommend kde-sc-dev-latest for example
<lvmer> I'm knackered:  http://paste.kde.org/619880/
<lvmer> so close xD
<sarnold> incidentally, you reallyu shldn't be doing your builds with sudo :)
<sarnold> lvmer: try libmagickwand-dev and libmagickwand4
<escott> lvmer, "alias sudo=echo stop it;"
<sarnold> haha
<lvmer> it's a syntax error though. :/ & I have both packages installed -dev && 5
<KidDeath10k> I have a question about SVN. I have an existing folder that has all the files I want in the initial revision on the server. That folder is on the server. How do I make SVN recognize all the files inside that folder so Revision 0 = all those files.
<sarnold> KidDeath10k: I think svn import is what you're looking for
<KidDeath10k> Hmm, how do I import the folder locally? That command seems to want a url like http:// or svn://
<sarnold> KidDeath10k: what do you mean by "locally"? wouldn't you give the URL to the server's repository directory as the "remote" part?
<sarnold> KidDeath10k: you could probably make 'svn add' work, if you wanted them part of the repository on your _next_ svn ci command
<KidDeath10k> The folder is on the server? so I was trying to so "svn import /home/svn/project/"
<KidDeath10k> without the quotes
<sarnold> KidDeath10k: consider this: "cd /home/svn/project ; svn import svn://servername/path/to/project/"
<sarnold> svn import --help says that the current working directory is assumed if you leave off the local path...
<KidDeath10k> hm.. alright, lets try something different. That isn't working.
<KidDeath10k> How do I make a folder with files already in it.. a svn repository? and it automatically fills in the blanks from there
<KidDeath10k> just mkdir something, then svnadmin create /home/svn/newproject
<KidDeath10k> ?
<lvmer> sarnold: got it, had to change: PKG_CHECK_MODULES(MAGICKWAND, MagickWand)    to:  'PKG_CHECK_MODULES("MAGICKWAND", "MagickWand")'
<lvmer> in the ./configuration file
<lvmer> sarnold:  ok I'm on the $  make ; sudo make install dance   steps
<lvmer> sarnold: I hope I'm not bugging you too much xD
<escott> lvmer, NOOOOOO
<escott> lvmer, DO NOT make install
<lvmer> ?
<escott> !info checkinstall | lvmer
<ubottu> lvmer: checkinstall (source: checkinstall): installation tracker. In component universe, is optional. Version 1.6.2-3ubuntu1 (quantal), package size 114 kB, installed size 502 kB
<lvmer> ? run checkinstall first?
<sarnold> escott: is that the thing that builds the package?
<escott> lvmer, best practice is to "./configure --prefix=/usr/local; make; checkinstall; sudo dpkg -i THE_GENEREATED.deb
<lvmer> what is make?
<lvmer> I don't understand "make;"
<sarnold> lvmer: make is a super-cool dependency resolution and build tool
<escott> lvmer, ./configure --prefix will set things up so that your files go in /usr/local
<escott> lvmer, make actually compiles
<sarnold> it'll help you rebuild all necessary files after you modify one or two in a source project. It's pretty fantastic, if sometimes a bit archaic feeling :)
<escott> lvmer, checkinstall builds a deb file instead of putting the files on the system
<lvmer> so I have to rerun ./configure with the prefix?
<escott> lvmer, yes
<escott> lvmer, or at least you should
<KidDeath10k> Alright, on my server I have /home/svn/aproject created. I moved all the files into that folder... if I use "svnadmin create /home/svn/aproject" will that set the folder as a repository and include all of its contents?
<sarnold> KidDeath10k: I _hope_ that'll error out with a "directory not empty" sort of error
<sarnold> KidDeath10k: I thought you _already_ had a repository created... that explains a bit of why we were mis-communicating earlier. :)
<lvmer> escott: ok I reran ./configure    how do I use the make command, I just installed it.  Do I just type $ make   ??
<escott> lvmer, yes
<KidDeath10k> Oh, I did have on created but I've given up trying to get the darn thing to acknowledge that I've put files in there for people to get with "svn checkout"
<KidDeath10k> so I'm starting it fresh
<lvmer> http://paste.kde.org/619892/
<lvmer> escott: almost everything worked... but that
<escott> lvmer, thats not enough to figure out what is happening. where is MagickWand.h
<sarnold> KidDeath10k: aha :)
<lvmer> no idea lol
<lvmer> john@UBUNTUSERVER:~$ find magickwand.h
<lvmer> find: `magickwand.h': No such file or directory
<KidDeath10k> Ok, yeah I got "Create a new, empty repository"
<sarnold> lvmer: sorry mate, find is -way- harder to ues than that :(
<sarnold> lvmer: find /usr -name magickwand.h      instead
<KidDeath10k> all I want to do is make this folder, this brand new fodler with files that I put into it already, into a repository.
<KidDeath10k> folder*
<sarnold> lvmer: the first argument has to be the top of a directory tree to search
<KidDeath10k> so I don't have to manually add the darn things from my system back to the server
<escott> lvmer, it would be find . -iname magickwand.h
<KidDeath10k> when I just want it to start off that way it needs to be
<lvmer> sarnold: stuck & waiting for a response from server
<sarnold> KidDeath10k: the thing is, evrey repository starts empty; then you either 'svn import' to add files or 'svn add ; svn ci' to add files
<sarnold> lvmer: it will take a while. /usr is big :)
<KidDeath10k> Ok, how do I import a directory that isn't a repository to a directory that is a repository?
<lvmer> nothing
<lvmer> sarnold: nothing returned
<lvmer> sarnold: I'm guessing it actually does not exist for some reason... oh boi
<sarnold> KidDeath10k: what's the server's repository URL now?
<sarnold> lvmer: ah :) time to break out apt-file :)
<KidDeath10k> ipaddress/svn/project
<escott> lvmer, what is magicwand. is that a dependency
<KidDeath10k> but that is empty
<escott> lvmer, maybe it is something to install. hard to say without the actual gcc command that gave rise to the error
<KidDeath10k> there's nothing in it
<lvmer> sarnold:  escott: apt-file is installed, found: libmagickwand-dev, libmagickwand5
<KidDeath10k> If you were to open the repository directory listing using Firefox or something it'd be http://IPADDRESS/svn/project
<sarnold> KidDeath10k: okay, so try this: cd ~/projecta ; svn import . http://ipaddress/svn/project
<escott> lvmer, then updatedb; locate MagickWand.h
<KidDeath10k> sarnold, what is projecta supposed to be? The empty folder or the full folder?
<sarnold> KidDeath10k: the directory with everyhing you want to import into the repository
<lvmer> escott: /usr/include/ImageMagick/wand/MagickWand.h
<escott> lvmer, so what was the gcc line that gave that error
<escott> lvmer, it needs to have -l/usr/include/ImageMagick
<lvmer> http://paste.kde.org/619898/
<KidDeath10k> sarnold, all it does is brings up GNU nano 2.2.6 with
<KidDeath10k> A .
<lvmer> escott: http://paste.kde.org/619904/
<sarnold> KidDeath10k: no other files? O_o
<KidDeath10k> none
<KidDeath10k> It didn't import the folder that isn't a repository that has all the files, into the folder that is empty but IS a repository
<escott> lvmer, also noticing that your build directory is /home/john which is a bad build directory. it should have been a subdirectory /home/john/something_clean
<escott> lvmer, you don't want random files like .bashrc etc in your build dir
<sarnold> KidDeath10k: damn, now I'm confused :/
<KidDeath10k> Ok
<KidDeath10k> Let me explain again
<KidDeath10k> I have two folders
<lvmer> escott: so how do I change that?   add a directory to make?
<KidDeath10k> Folder 1 and Folder 2. Folder 1 = REPOSITORY
<sarnold> KidDeath10k: hehe, no no, I think I've got it -- I'm just surprised that the command didn't work as I expected. :)
<KidDeath10k> Oh ok
<escott> lvmer, when you unpacked it you should have "mkdir build_dir; cd build_dir; mv ../whatever.zip .; unzip whatever.zip"
<lvmer> I can redo now that I know all the problems
<lvmer> escott: should I?
<sarnold> lvmer: most of them won't be problems now, they were just packages to install :)
<lvmer> sarnold: I'm going to delete and redo anything important in /home/john/  ? I've never put anything there
<escott> lvmer, yes
<escott> lvmer, and you are going to have some fun cleaning stuff out of $HOME
<sarnold> lvmer: be careful; /home/john/ was pre-populated with a ton of stuff; run ls -la ~ to see
<sarnold> lvmer: see /etc/skel to have a chance of figuring out what is what :)
<KidDeath10k> sarnold, I pmed you just so you know :)
<lvmer> sarnold: new idea boys......
<sarnold> KidDeath10k: watching now... :)
<lvmer> sarnold: how do I delete files by date... everything bad was made dec 4
<patdk-lap> use find
<patdk-lap> find . -mtime or find . -ctime ...
<lvmer> http://paste.kde.org/619910
<sarnold> you may wish to use find's -cnewer predicate instead...
<lvmer> find ~ -mtime -1       looking ok to delete?
<KidDeath10k> got you stumped in the pm, sarnold? :P
<patdk-lap> nothing there will cause you serious issues if you delete
<sarnold> lvmer: yes; add -delete to that find command. the .lesshst, .nano_history, .cache/ directory, and .bash_history are all unrelated files, but won't really matter to lose :)
<sarnold> KidDeath10k: just too many things at once
<lvmer> /home/john/config.h &&/home/john/Makefile
<lvmer> ?
<escott> lvmer, removing .cache may cause your desktop session to crash, but you can logout and login and it should fix itself up
<lvmer> ssh?
<escott> lvmer, in general the dotfiles should be safe
<escott> lvmer, so keep anything with a .
<escott> lvmer, if you want to send us the output of  ls -ad ~/.* we can tell you want to keep
<lvmer> escott anything starting with a  dot?
<escott> lvmer, yes. generally builds won't touch those
<lvmer> http://paste.kde.org/619922
<lvmer> so I should just exclude them from the 'find' command
<escott> lvmer, maybe rm -rf /home/john/.deps not sure what is in it
<lvmer> how would I exclude the files starting with .   from the find ~ -mtime -1 -delete
<escott> lvmer, find . +iname "\.*"
<lvmer> escott: it's all minidlna stuff:  options, playlist, etc.
<escott> lvmer, actually thats not exactly right
<lvmer> yah
<lvmer>  find ~ -iname "\.*"
<lvmer> that is the opposite of what I want
<lvmer> ignore the .'s
<escott> lvmer, find !(\.*) -mtime -1
<escott> lvmer, that should skip the dotfiles
<sarnold> need ~
<escott> sarnold, thats what the !(\.*) is for
<sarnold> escott: eh, really?
<sarnold> I'll be damned. it does work. :)
<sarnold> escott: _how_ does that work?
<escott> sarnold, it means anything that does NOT glob to literal(.)*
<escott> sarnold, ie all non-dotfiles
<lvmer> john@UBUNTUSERVER:~$ find ~ !(.*) -mtime -1 | pastebinit
<lvmer> http://paste.kde.org/619928
<sarnold> escott: so, on my system, that expands to 20-odd things; why didn't find blow up with twenty odd "path" arguments? :)
<escott> lvmer, the "\" before "." is important
<escott> lvmer, and remove the ~
<escott> sarnold, find is perfectly happy to look through multiple paths
<lvmer> http://paste.kde.org/619934
<escott> sarnold, find has never been a one-path kinda girl
 * patdk-lap uses find for almost everything :)
<sarnold> escott: htf have I been using Linux for 18 years and i'm learning this _today_??
<escott> lvmer, looks good. just replace | pastebinit with -delete. you could also just "rm *.o config.* Makefile stamp-h1"
<sarnold> escott: thank you. :)
<escott> lvmer, i thought this program was going to be much more complex
<lvmer> ......... it deleted everything
<escott> lvmer, in fact it must be more complex. where is the configure.ac file?
<lvmer> seems like no problems though ugh
<escott> lvmer, it deleted everything in that last paste you sent us
<lvmer> john@UBUNTUSERVER:~$ ls -l  /home/john | pastebinit
<lvmer> http://paste.kde.org/619946
<escott> lvmer, http://paste.kde.org/619934/
<escott> lvmer, well thats no good.
<lvmer> john@UBUNTUSERVER:~$ find !(\.*) -mtime -1 -delete
<patdk-lap> ls -la /home/john
<escott> lvmer, cp -r /etc/skel /home/john; sudo chown -R john:john /home/john
<escott> lvmer, yeah check the ls -al first. sorry
<patdk-lap> files with . to start are hidden and don't show normally
<lvmer> ah lmao
<lvmer> we good
<escott> lvmer, now mkdir build_dir; cd build_dir;
<lvmer> john@UBUNTUSERVER:~$ ls -al /home/john | pastebinit
<lvmer> http://paste.kde.org/619952
<sarnold> .. hope you didn't have many customizations in ~/.bashrc or friends..
<patdk-lap> people customize those?
<escott> lvmer, copy your zip file in there and do the things you need
<lvmer> like what?
<lvmer> sarnold: like what*
<patdk-lap> I login to hundreds of systems, so I find it's just not worth my time to customize :)
<escott> patdk-lap, mostly for the command prompt, but i've got a half dozen shopt variables set
<escott> lvmer, you are fine.... just catching up on the confusion about ls -l vs ls -al
<sarnold> patdk-lap: I've got a handful of shell functions and variables...
<patdk-lap> ya, I'll loose them on my system
<patdk-lap> normally just make a shell script and run it if I need it
<patdk-lap> that way I remember to copy them between systems if I need and don't loose it
<lvmer> john@UBUNTUSERVER:~$ ls ~/build/
<lvmer> minidlna-transcode.zip
<lvmer> good?
<patdk-lap> or make bashrc call my script to include it :)
<escott> lvmer, now unzip
<patdk-lap> oh, minidlna
<patdk-lap> that is always fun to compile
<sarnold> patdk-lap: haha, as lvmer has discovered :)
<sarnold> patdk-lap: we all got to relearn why you don't store source on a smb share...
<patdk-lap> ")
 * patdk-lap is just watching a mysql import go, and go, and go
<patdk-lap> 2hours now
<lvmer> lol
<escott> lvmer, before going forward... just to double check there must be a good reason for not just "sudo apt-get install minidlna"
<escott> lvmer, or is this a plugin or somehting
<lvmer> should I still ./configure --prefix=usr/local   ?? or should I leave it in ~/build/
<lvmer> plugin
<lvmer> :p
<escott> lvmer, yes --prefix=/usr/local (the inital slash is very important
<lvmer> /usr/local   or /usr/local/  ?
<escott> lvmer, doesn't matter
<escott> lvmer, perhaps safer to have the final slash in case someone fouled up there configure script
<lvmer> ok and now.... to the hard part
<escott> so i should say shouldn't matter but you never know
<lvmer> make.....
<sarnold> escott: yeah, it's a plugin...
<lvmer> escott: what's a good 'make' command?
<escott> lvmer, a good make? i dont understand the question
<lvmer> nvm I just ran 'make'  it worked
<lvmer> now I do some checkinstall?  or make install?? or what?
<escott> now checkinstall
<escott> nothing has required sudo yet
<lvmer> nope :)
<lvmer> I unzipped correctly this time :)
<escott> which means they are safe commands. (only sudo commands can damage the system)
<escott> lvmer, checkinstall will create a *.deb file
<escott> lvmer, which you should see with ls
<lvmer> please write a description for the package?
<lvmer> end with an empty line or EOF ?
<lvmer> what do I do?
<escott> lvmer, type a description in
<escott> press enter twice
<escott> Transcoder for minidlna compiled by john
<escott> its for your reference later to know what it is
<lvmer> failed
<lvmer> :(
<escott> checkinstall failed. can you show us the output
<lvmer> http://paste.kde.org/619970/
<lvmer> this is the end of the output
<lvmer> the rest was good
<lvmer> I might need sudo
<lvmer> :/
<escott> lvmer, the full thing. from the initial checkinstall command
<lvmer> how? re-run it? with | pastebinit   ??
<escott> lvmer, can you not scroll up in your terminal
<lvmer> http://paste.kde.org/619976/
<lvmer> I pastebinit
<escott> lvmer, evidently sudo checkinstall is correct. odd
<lvmer> still failed
<lvmer> log file : http://paste.kde.org/619982/
<lvmer> everything = ok    excepting  building debian package... FAILED!
<uvirtbot> New bug: #1086646 in cloud-init (main) "text/x-shellscript doesn't run if text/cloud-boothook present" [Undecided,New] https://launchpad.net/bugs/1086646
<lvmer> escott: here is the entire output  -->  http://paste.kde.org/619988/
<escott> lvmer, so you need to press "3" and enter a version number "0.1" would be a good choice
<lvmer> escott: it worked
<lvmer> escott: wow I'm stupid I should've read the log file better, "transcode-1 does not start with digit"
<escott> lvmer, that should have created a *.deb. you can list the files in it with dpkg -l *.deb
<lvmer> it did
<lvmer> now 'make install'  ?
<escott> lvmer, and if you are happy with those files sudo dpkg -i *.deb
<escott> lvmer, whole point was not to use make install
<lvmer> oh, cause it's a bad program? and dangerous?
<escott> lvmer, but to create a deb so that apt has a record of the files you installed and where they went
<escott> lvmer, to avoid conflicts if another package wants to overwrite this ones files. to allow easy remove, and to allow installation on other machines
<escott> lvmer, you can take that deb file, back it up and use it to install in the future if you ever need to reinstall
<lvmer> escott:  !!!!!! you rock!!!!!!
<escott> lvmer, wasnt that hard... just had to get you doing it the correct way
<escott> thanks to sarnold too for working through the starting bits
<lvmer> yah I always thank him like every 30 minutes
<lvmer> sarnold: thank you again. :)
<lvmer> so uh... I feel like a pc-noob again... I created a .deb file, but I didn't install it right?
<escott> lvmer, sudo dpkg -i *.deb should install it
<escott> lvmer, you can check /usr/local/bin and see if the file is there
<lvmer> *.deb ?? why?
<escott> or /usr/local/lib
<escott> lvmer, * just means match anything. i dont know what the name of the deb file is
<lvmer> it's in /home/john/build/minidlna-transcode/
<lvmer> o
<lvmer> and -I = install?
<lvmer> -I = install ***
<lvmer> omg
<lvmer> -i=install
<lvmer> stupid auto correct
<lvmer> xD
<escott> lvmer, yes. you can see dpkg options with dpkg --help
<lvmer>  /home/john/build/minidlna-transcode/minidlna-transcode_0.1-1_amd64.deb
<lvmer> oh boi!
<lvmer> so I can give this to other people?
<Lietha_Zein> trying
<escott> lvmer, yes
<escott> lvmer, usually you put a bit more documentation in it. there might be some config files you need to modify to make dlna pick up this plugin
<lvmer> escott: yup there probably is
<escott> lvmer, etc etc... but checkinstall is the first step towards packaging
<lvmer> escott:  what name do you want on the readme.txt file? or package file? when it goes viral.
<lvmer> sarnold:  same question. what name do you want on the readme.txt file? or package file? when it goes viral.
<escott> !packaging
<ubottu> The packaging guide is at http://developer.ubuntu.com/packaging/html/  - See https://wiki.ubuntu.com/UbuntuDevelopment/NewPackages for information on getting a package integrated into Ubuntu - Other developer resources are at https://wiki.ubuntu.com/UbuntuDevelopment - See also !backports and !sponsoring
<escott> lvmer, the one thing you could do with your package is fix up the dependencies. all the *-dev packages you need to install to build it. the non-dev version should be a dependency
<lvmer> ?
<lvmer> OH
<lvmer> right yes
<lvmer> I have them listed out
<lvmer> escott: currently they are in a readme.txt file. I shall add them with all that packaging tutorial you gave me.
<escott> lvmer, without that apt would happily install the plugin but not minidlna
<lvmer> put your name in it. :p
<lvmer> yah
<lvmer> & sarnolds  :p
<lvmer> thanks again :)
<lvmer> now I'm onto testing. Currently copying a ton of vid files over to the server to test the transcoding
<lvmer> xD
<sarnold> lvmer: README or INSTALL is typical
<sarnold> lvmer: but don't be surprised if the maintainer renames it ;)
<escott> n0ts, please disable the away nick
<n0ts> sorry
<excalibr> hello
<excalibr> why there's no manifest file for server cd image?
<pndemc> I'm using zpanel, and having problem with php not being able to upload files
<pndemc> my server is requiring people to enter www. before the domain, can anyone tell me how to fix this?
<mvp> pndemc you need to adjust DNS setting on the nameserver your domain is on
<pndemc> mvp, know what settings specificly?
<mvp> set A record for domain.com pointing to your IP and add CNAME rule for www to domain.com
<pndemc> mvp, thanks dude, that did the trick
<amanickam> can someone help on MASS troubleshoot
<amanickam> I get this error Unable to create Node: Missing system profile: invalid profile name: maas-precise-x86_64.
<amanickam> even though i have the profile loaded !
<jamespage> adam_g, this is the thread in openstack-dev : http://lists.openstack.org/pipermail/openstack-dev/2012-November/002730.html
<uvirtbot> New bug: #1086775 in bind9 (main) "bind9 uses high CPU after lucid->precise upgrade" [Undecided,New] https://launchpad.net/bugs/1086775
<jamespage> adam_g, review of https://code.launchpad.net/~james-page/charms/precise/cinder/hook-fixup/+merge/138184 appreciated when you start
<jamespage> one break and one improvement for the lab
<uvirtbot> New bug: #1086833 in nova (main) "All nova upstart configuration use 'su' instead of 'start-stop-daemon'" [Undecided,New] https://launchpad.net/bugs/1086833
<zul> smb:  ping
<smb> zul, yup?
<zul> smb: so ill get the xcp/xen 4.2 stuff working this afternoon
<smb> zul, You should only be needing the xcp part. The xen side should be ok
<zul> smb: when debian has xen 4.2/xcp in unstable we will re-sync
<smb> zul, for raring we got what is in experimental (xen-4.2) plus the patch that causes the paths to be fixed (which has been revived by apw)
<zul> smb:  even the ocaml bits?
<smb> zul, Especially the ocaml bits
<smb> Those I did not notice in my upload which re-added qemu-dm
<zul> smb:  ok...im suspecting there are some paths hardcoded for the xen-4.1 as well :(
<smb> zul, I think apw was looking exactly for those
<zul> smb: so is there anything for me?
<smb> zul, I think only to look into the xen-api / xcp package to make it compile
<zul> will do
<zul> i need to get openstack working with it anyways
<apw> zul, yeah xen-api needs porting 4.1->4.2 interfaces, i talked to ijc (ian campbel) about it and they ahve work in progress to sort out the interfaces there
<smb> Yeah, that could be a bit of fun as the "fix" for now is just to make it compile
<apw> zul, but we don't expect to see that for 'about 2 weeks' as of last thursday
<smb> apw, I forwarded you some mail where we got a dirty make it compile for now
<apw> zul, so i think we are in a bit of a holding pattern there till they fix it; it seems non-trivial from the preliminary patches i have seen
<apw> smb, ok
<smb> apw, which will be what zul is looking into
<apw> ack
<apw> (/me is clearly behind the conversation here, and will but out :)
<jamespage> adam_g, OK _ I think the nova-* and quantum charms are ready for review again
<jamespage> I made a couple of extra changes; specifically if you use Quantum it forces nova to use config drive
<jamespage> and there is not a good solution for network metadata in folsom; that will change in grizzly and I'll make it optional again
<jamespage> roaksoax, fyi binding stuff onto 'unit-get private-address' with the maas provider does not work so hell
<jamespage> well
<eagles0513875> hey guys i need to setup outlook to access my mail server my setup is dovecot + postfix + mysql for multi domain setup. are there some modifications i need to make to be able to connect outlook to this mail server?
<patdk-wk> yes
<eagles0513875> patdk-wk: do you have a link or anything on what i need to change
<patdk-wk> hopefully a working postfix+dovecot+dns+firewall+router
<eagles0513875> ??
<patdk-wk> eagles0513875, hmm? how should I know what you need to change, you haven't even told us what your config looks like
<patdk-wk> outlook is just another mua
<eagles0513875> ok
<jamespage> jodh, remind me again why 'stop on [!2345]' is better than 'stop on [016]'
<patdk-wk> easier to make sure start and stop lines match?
<ikonia> eagles0513875: first hit on google http://support.microsoft.com/kb/286197
<eagles0513875> humm ikonia ok then i must have an issue else where as I try to send and recieve i get an error
<patdk-wk> eagles0513875, how can we help you? you haven't posted any error messages, and configuration details, nothing
<roaksoax> jamespage:  hey! im not binding to a private address but rather to an interface
<jamespage> roaksoax, yeah - but I'm guess that will rely on the service not binding to 0.0.0.0 by default
<roaksoax> jamespage:  anyways i refactored the charm... the only problem that i found is that the peer relation before the relation with the primsry serice
<roaksoax> err peer relstion is run before*
<roaksoax> so the peer relation is setting global config while the subordinate relation is setting up the cluster if 2 or more nodes are on the peer relation
<roaksoax> jamespage:to calculate the addrrss to bind to i pass the iface name then obtain ip/ netmask anf calculate network address
<roaksoax> jamespage: but snyways im gonna start working on keystone
<zul> jamespage yolanda or adam_g: care to review? https://code.launchpad.net/~zulcss/nova/nova-fix-xcp/+merge/138257
<yolanda> zul, let me see
<yolanda> i still cannot see the diff
<zul> give it a couple of minutes
<jamespage> zul, yolanda, adam_g: https://code.launchpad.net/~james-page/cinder/grizzly-updates/+merge/138260
<jamespage> general housekeeping + upstart tidy
<yolanda> zul, in the diff file, i see the nova-xcp-plugins.install with the same removed and added lines?
<eagles0513875> patdk-wk: the issue is this that for some reason outlook is explicitly wanting to use port 143 and not 993 which i have setup my server to use
<patdk-wk> why would you use port 993?
<ikonia> have you set up SSL ?
<ikonia> it's an SSL port
<patdk-wk> TLS has replaced ssl
<ikonia> that's what 993 is for though
<ikonia> imaps
<patdk-wk> no, 993 is ssl
<patdk-wk> 143 is tls
<ikonia> imzp
<patdk-wk> all the benifits of ssl, without breaking stuff
<ikonia> oops, imaps
<patdk-wk> yes, and imaps is going the way of smtps, unsupported and gone from almost everything
<ikonia> probably why outlook is not using it
<zul> yolanda: yep
<yolanda> but why is that?
<patdk-wk> outlook will use it, but it's a pain :)
<ikonia> eagles0513875: have you setup ssl ?
<eagles0513875> yes thats all setup
<eagles0513875> wait a min
<ikonia> so you are using SSL with certifciates
<patdk-wk> pastebin a dovecot -n
<eagles0513875> actually i have it using tls
<eagles0513875> yet with tls its still oddly defaulting to 143
<ikonia> then why are you using 993 ?
<eagles0513875> imaps
<ikonia> tls = 143
<ikonia> ssl = 993
<ikonia> tls is not imaps
<eagles0513875> O_o
<patdk-wk> maybe someone needs to explain how encryption works :)
<eagles0513875> patdk-wk: no need im studying it in my security course just getting my ports confused and tied up in knots :p
<ikonia> please don't lie
<ikonia> I hate it when you lie
<ikonia> just say "I didn't know that, great"
<ikonia> rather than "I know this.....I know this, that's why I've just spent an hour doing it wrong"
<hackeron> hey, I would like to install ubuntu-server on a hard drive that I can just plug into a server and boot from - something like dd if=ubuntu-server.img of=/dev/sdd - are there ready images or a guide how to achieve this?
<ikonia> that's not a good way
<hackeron> ikonia: I know and depends on the hard drive size - so that's why I'm looking for a better way to put ubuntu on say 200 hard drives without installing it manually on each :)
<ikonia> unattended install ?
<ikonia> install one disk then clone (assuming they are the same size)
<Pici> netboot?
<hackeron> ikonia: yeh, say I plug in 5 drives, I want something like for i in 2 3 4 5; do bash ubuntu-install.sh /dev/sd$i; done
<ikonia> install it to one drive
<ikonia> then just clone
<greppy> pxeboot + unattended install + puppet/cfengine/chef?
<hackeron> ikonia: yeh, but cloning takes a while if it's a 2tB drive and the ubuntu install only takes 1gb
<greppy> you are going to have to change hostnames and ip addresses.
<greppy> debootstrap may help, I used that in the past to spin up quick base images.
<hackeron> greppy: I don't have pxeboot on these shuttles also I don't want to swap the drive every install - I want to take my existing ubuntu box, plug in 5 hard drives, and install to all 5 simultaneously
<ikonia> just clone the partition ? 1 GB of clone or 1GB of install = same disk
<hackeron> ikonia: but the partition is 2TB
<ikonia> mount 5 disks, copy the data, script the hostname change, install grub
<ikonia> script it
<ikonia> unmount, swap the disks, repeat
<ikonia> you've got a ton of options
<hackeron> ikonia: right, exacly - I'm if a script such as this already exists :)
<ikonia> it's about 8 lines
<ikonia> I'm sure you can write it as it would be custom to your layout
<hackeron> can you show me the first 3, lol?
<ikonia> are you kidding ?
<hackeron> I think it will be a little more than 8 lines
<hackeron> I don't need to customise it
<hackeron> just default is fine
<ikonia> I didn't say customise it
<hackeron> DHCP, hostname can be the same
<ikonia> I said it was custom to your layout
<ikonia> is hostname provided by dhcp ?
<ikonia> or just the IP
<hackeron> dhcp
<ikonia> that's not the default config from ubuntu
<ikonia> so you'll have to set that first in the source build
<hackeron> and you mean partition layout? - I want the "use entire disk" option pretty much - I can script partitioning, it's everything else I have a problem with
<ikonia> no
<ikonia> I mean where you mount the disks for the copy etc
<ikonia> thats "your" choice so the script would be custom to "your" layout/process
<ikonia> hence why you'll write it yourself
<ikonia> it's about 8 lines
<hackeron> how would I install the bare minimum ubuntu with grub and kernel in 8 lines?
<ikonia> please re-read the suggestion
<hackeron> ok, mount_location=/tmp/$RANDOM -- now what, lol?
<ikonia> I don't find it funny
<ikonia> I'm trying to help you / offer advice and you're not paying attention
<hackeron> I am
<hackeron> please show me an example of your 8 lines of code
<ikonia> clearly you're not as you've just asked "what now"
<hackeron> ok, you said 8 lines of code
<hackeron> can you please show me an example, I will find that easier to follow
<hackeron> I can change it to my layout/process
<ikonia> I'm sorry, but if you can't copy your data to multiple disks, it's beyond you
<ikonia> if you need that as an example
<hackeron> if it's so easy, why can't you just show me an example?
<ikonia> hackeron: I'm too stupid to be able to do it, I don't know how
<hackeron> ikonia: ah!!! ok :P
<hackeron> found this: https://help.ubuntu.com/10.04/installation-guide/i386/linux-upgrade.html
<hackeron> guess I'll script that - will probably be a few hundred lines of code
<sarnold> .. why does that guide have someone download the debootstrap package and unpackage it manually rather than .. just install it? sheesh.
<ikonia> there really is no need for any of it
<ikonia> a simple source/target copy and a loop would do it
<sarnold> oh.. the idea is you might be on a non-debian-derived linux at the time. and not have an installer. or something.
<hackeron> ikonia: I suppose, but you still need to partition and install grub and for that you need to chroot into the copied OS and mount /proc and /sys and what not
<ikonia> no you don't
<ikonia> you can install grub from external
<ikonia> you could even just dd the boot sector
<hackeron> ikonia: I will try, there is an additional problem with 2TB drives where I had to create a grub boot partition otherwise the drive wasn't bootable (UEFI requirement I believe?)
<ikonia> ok, so it's 10 lines, not 8 lines
<ikonia> that again should be no problem
<hackeron> ok, thanks, let me try :)
<Tazzz> Hello anyone have experience installing Ubuntu server on an Intel Server with ESRT2 RAID? I tried a couple thing in the BIOS but to no avail.
<Tazzz> Hi
<samba35> i am faceing strange problem i am trying access my some web site it is giveing me message  This site is configured to require an SSL (https) connection.
<samba35> You may want to try chaning http to https in your address bar.
<samba35> If you think this is an error, please contact the administrator.
<TheLordOfTime> samba35, so do https://address/
<samba35> no http port 80
<TheLordOfTime> This site is configured to require an SSL (https) connection.  <-- its likely expecting 443
<TheLordOfTime> if not, https://address:80/
<TheLordOfTime> that should say use port 80 for SSL
<TheLordOfTime> but SSL isnt usually on port 80, its standard listening port is 443
<samba35> https://www.abcdef.com:80/xyx/ ?
<samba35> how do i change this .and why was change to https ?
<TheLordOfTime> yes, but if that doesn't work, then the SSL is likely listening on port 443.
<TheLordOfTime> someone changed your config, or your site doesn't want to work without HTTPS
<TheLordOfTime> nothing i can diagnose from here though
 * TheLordOfTime is at an airport right now :P
<zul> adam_g: https://code.launchpad.net/~zulcss/ceilometer/deps-fixes/+merge/138294
<uvirtbot> New bug: #1086959 in squid (main) "squid crashed with SIGSEGV" [Undecided,New] https://launchpad.net/bugs/1086959
<zul> adam_g:  im going to upload a ceilometer snapshot tomorrow so the MIR team can get a better idea of it tomorrow
<adam_g> zul: did you see my comment in that MP?
<zul> adam_g: which one ceilometer?
<zul> adam_g: just saw it
<adam_g> zul: why does ceilometere need to be a member of the nova group?
<zul> adam_g: because it reads the nova.conf for some settings
<adam_g> zul: which component of ceilometer actually needs to do that, tho? ceilometer-agent-compute?
<zul> adam_g: i believe so
<adam_g> zul: so, if there's one or a couple of components that need to be installed on the compute node, make those Depend on nova-common and add the ceilometer user to nova group in the postinst of that package, instead of ceilometer-common?
<zul> sounds reasonable to me
<hackeron> ikonia: hmm, when I boot it says it can't find a specific UUID, I have root(hd0,0) and kernel/boot/vmlinuz-3.2.0-23-generic-pae root=/dev/sda1 ro quiet splash  in my menu.lst, but it never gets to the menu, I guess because I ran grub-install from the parent OS :/
<hackeron> and if I try to install grub from the chroot, it says: /dev/sdh does not have any corresponding BIOS drive. :(
<hackeron> hmm
<hackeron> ikonia: this is what I have so far: http://pastie.org/5485545
<hackeron> (to set up the first one, subsequent ones I will just rsync the installed system and hopefully just dd the bootloader, but stuck with the bootloader at the moment, hmm)
<sarnold> hackeron: note the target-7762 on line 60
<sarnold> hackeron: you may also wish to umount your ${TARGET}
<hackeron> sarnold: thanks :) - just trying with grub-pc instead of grub now - noticed I have grub-pc installed on all ubuntu servers, hmmm
<hackeron> sarnold: ikonia: sweet, this creates a mostly unattended bootable system (grub asks to select the drive, need to automate that): http://pastie.org/5485601
<keithzg> Hmm. Every vm I create with ubuntu-vm-builder on a new host seems to just hang upon boot, sucking up its maximum available CPU . . .
<keithzg> Existing VMs migrated over run fine, though.
<adam_g> jamespage: just checking, the quantum charm work you've done was developed against folsom? or grizzly?
<pangel> Hi, I'm setting up a standalone 12.04 server. I used to manage most of my stuff manually (./configure, keep install commands in a personal cookbook, things like that). Are there new ways to do things?
<sarnold> pangel: chef / puppet are increasingly popular
<sarnold> pangel: and 'checkinstall' may help you make packages out of your own locally-built packages
<pangel> sarnold: thanks. What about virtualisation? For instance would it be easy to build a continuously-updated image while having the server's apps on a separate, backed-up folder?
<hallyn> jdstrand: do you mind if i send a libvirt merge proposal your way for comment?
<sarnold> pangel: I'm not sure what you mean; though having backups does make sense.. :)
<pangel> sarnold: Take nginx for instance. I'd like to have my upstart scripts and binaries copied to a virtual machine image everytime I change them, while nginx's app-specific config files are symlinked to a separate folder.
<pangel> Then when I need to reinstall, I just boot the image, mount the separate folder, and voila.
<KidDeath10k> Pop Quiz! I have Ubuntu 12.04, Apache2 and Subversion installed.. how do I disable Anonymous checkout? I have it set so it requires a username/password for commiting but can't seem to figure out how to make it do the same for checkout
<sarnold> pangel: seems like it'd just be easier to train chef or puppet or hand-rolled shell scripts to copy what you need around rather than rely upon symlinks to 'better storage'..
<pangel> (clarification: by "copied to a virtual machine image" I mean "trigger an incremental update on the image and propagate the changes to it"
<pangel> sarnold: hm. I'll need to get acquainted with chef and puppet. Note that my imaginary system requires nothing more than doing the usual admin stuff, except every change is automatically added to an image.
<stgraber> hallyn: wasn't sure if you were busy enough so I sent a bunch of patches on the mailing-list ;)
<KidDeath10k> Anyone able to help me? :(
#ubuntu-server 2012-12-06
<halvors> I'm running a Postfix SMTP server, i use the mail-stack-delivery package. But i'm not able to login using SMTP port 25, only using Submission port 587
<halvors> I get, relay access denied :(
<ScottK> Use port 587.  That's what it's for.
<halvors> ScottK: But why am i unable to connect using port 25?
<halvors> And why not use port 25?
<ScottK> IIRC, mail-stack-delivery may not set up smtp auth for port 25.
<ScottK> 587 is for mail submission.
<halvors> I know.
<halvors> But how to enable it?
<ScottK> Look in /etc/postfix/master.cf
<ScottK> If you see what's different for the smtp service and the submission service, you'll probably be able to figure it out.
<ScottK> 587 is better for people who travel a lot because it's not generally blocked or redirected by ISPs/hotels/etc.
<halvors> I cannot see any difference...
<halvors> http://pastebin.com/0dJBhnZj
<ScottK> Interesting.
<ScottK> It may be something in main.cf too.
<halvors> http://pastebin.com/Ca2LqtyB
<halvors> :)
<ScottK> OK.  No idea why it works on one port and not the other then.
<halvors> Have to be something with the authentication...
<halvors> ScottK: Should i uncomment the "-o" lines under the submission line?
<qhartman> halvors, where are you trying to login _from_? Many ISPs block outbound SMTP connections on 25 as a spam prevention policy. Trying doing it from the server itself if you have not.
<halvors1> qhartman: I've done that, if you try telneting the server on port 25 (s1.halvors.org) you'll see that it responds...
<sarnold> halvors1: 250 2.0.0 Ok: queued as C5DB4D60B06
<halvors1> Yes :)
<halvors1> Dec  6 01:43:20 halvors-server postfix/smtpd[29286]: C5DB4D60B06: client=c-71-237-200-29.hsd1.or.comcast.net[71.237.200.29]
<qhartman> halvors, cool
<sarnold> halvors1: yay :D
<halvors1> But it doesn't work when trying to authenticate...
<sarnold> oh. I never learned how to do that by hand.
<sarnold> but if you're authenticating, why not use 587?
<sarnold> you presumably have control over the clients that intend to authenticate..
<halvors1> sarnold: Many people try using port 25...
<halvors1>  5.7.1 <halvors@skymiastudios.com>: Relay access denied
<halvors1> When trying to login...
<halvors1> SMTPS SSL/TLS just times out.
<halvors1> sarnold: What port did you use?
<halvors1> :)
<sarnold> halvors1: 25
<halvors1> Without authenticating?
<sarnold> halvors1: right
<halvors1> Isn't that bad?
<sarnold> it's how email works, for better or worse. :)
<halvors1> Oh you act like a mail server?
<sarnold> halvors1: yeah
<halvors1> And connect on port 25 to deliver mail?
<sarnold> halvors1: http://paste.ubuntu.com/1413692/
<sarnold> I typed all the lines without status codes :)
<halvors1> If you try sending to halvors@skymiastudios.com does it reject then?
<ScottK> halvors1: Yes.  That's how you enable it.
<sarnold> halvors1: denied
<sarnold> funny, even mail from: sarnold@halvors.org, rcpt to: halvors@skymiastudios.com fails
<EntropyWorks> if your planning on netboot install 12.10 be ready for some headaches
<halvors1> sarnold: hmm.
<halvors1> Cause that works when using port 587 and starttls
<sarnold> halvors1: you probably set the relay rules by certificate?
<halvors1> Um. I really don't know, where is that options set?
<halvors1> http://paste.ubuntu.com/1413705/
<halvors1> sarnold: Any idea?
<sarnold> halvors1: no, sorry :)
<sarnold> I was expecting to see a relaymap or something...
<sarnold> .. and with the destination domains not including skymiastudios.com I was a bit surprised that mail gets there on port 587, but .. it's been a long time since I've _used_ postfix.
<halvors1> http://paste.ubuntu.com/1413721/
<halvors1> sarnold: Do you think the following lines should be commented out?
<sarnold> halvors1: no idea there :) sorry :(
<halvors1> sarnold: Ok thank you for your time :)
<sarnold> halvors1 :)
<sarnold> I just wish I had the answers..
<halvors1> sarnold: :)
<jdstrand> re libvirt merge> sure thing
<jdstrand> hallyn: ^
<imachine> hello
<imachine> anyone use ubuntu 12.04 or 04.1 as -vserver?
<imachine> I have a debian squeeze install with 3 vservers. Can I painlessly (i.e. set up/config vservers on ubuntu server box, copy the vserver bodies from debian, start services, profit) migrate that to Ubuntu Server 12.04.* ?
<imachine> The big question is, can I run debian squeeze inside of ubuntu-12.04 server?
<ScottK> I'm pretty sure you can.
<ScottK> But I haven't done it myself.
<uvirtbot> New bug: #1087183 in maas "MaaS cloud-init configuration specifies 'manage_etc_hosts: localhost'" [Undecided,New] https://launchpad.net/bugs/1087183
<jamespage> zul, I'm looking at bug 1085038; looks like the generated entry points are all easy-install so not relevant for the packaging
<uvirtbot> Launchpad bug 1085038 in quantum "Python Modules : Wrong versions" [High,Triaged] https://launchpad.net/bugs/1085038
<Nafallo> guys. are there any plans on compiling libvirt with vpx support?
<Nafallo> that might come down from debian...
<Nafallo> the exclusion of esx that is
<uvirtbot> New bug: #1087228 in bind9 (main) "/etc/network/if-down.d/bind9 doesn't work; should be /etc/network/if-post-down.d/bind9" [Undecided,New] https://launchpad.net/bugs/1087228
<jamespage> yolanda, zul, adam_g: review up for quantum - https://code.launchpad.net/~james-page/quantum/grizzly-updates-1/+merge/138438
<jamespage> also worth being aware of bug 1030195
<uvirtbot> Launchpad bug 1030195 in lintian "lintian reports errors in postinst because of upstart dh_installinit behavior " [Medium,Confirmed] https://launchpad.net/bugs/1030195
<jamespage> I'm pretty sure that alot of postrm scripts are being generated to get rid of that error when its actually a false positive
<Nafallo> ooooh
<Nafallo> vpx/esx is disabled because it would
<Nafallo> put libvirt in multiverse, isn't it?
<hallyn> zul: hey, when you get some time, i think i need some packaging help with https://launchpad.net/~serge-hallyn/+archive/crossc/+sourcepub/2825655/+listing-archive-extra
<zul> hallyn: sure just getting in
<zul> which means still waking up
<hallyn> zul: me too, tbh
<saban> hi, i m using debian.. and i m getting this error when apt-get update W: GPG error: http://ppa.launchpad.net lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B18637BB5175BC68... ? how is this posiblle?
<rbasak> saban: did you use add-apt-repository to add your PPA? If not, the easiest way to explain how to fix it is just to remove it from sources.list and use add-apt-repository to add it again
<hallyn> zul: so really i have two questions, the non-urgent one is what i should call the version # on the new qemu package, given the debian version is < both the ubuntu qemu-kvm and qemu-linaro versions
<zul> erm..
<hallyn> zul: the more urgent one is what to do with qemu-utils and qemu-kvm breaks/replaces
<zul> jamespage: ^^^
<saban> rbasak: as i remember i didnt add anything. and my source.list is this http://pastebin.com/h9wBdkUY
<zul> hallyn: so uh what? :)
<hallyn> zul: hold on, i'll ask you in 29 mins
<hallyn> 20 that is :)
<zul> k
<hallyn> thx
<rbasak> saban: check /etc/apt/sources.list.d/. And it looks like you're running Debian, not Ubuntu!
<jamespage> zul, was ^^^ in reference to quantum or hallyn question?
<zul> hallyn: question
<zul> er..
<zul> jamespage: hallyn's question
<saban> rbasak: yes i know :P i was just asking here becouse i hadnt any clue why i have ppa problem in my debian server.. i got it now one of program was from ubuntu package or something.. now i know where is the problem... tnx
 * jamespage thinks
<jamespage> hallyn, can you explain the version # question more? whats the difference between ubuntu+debian?
<hallyn> jamespage: the more urgent problem I have is:  qemu-kvm depends on qemu-system depends on qemu-utils, qemu-utils does break/replace qemu-kvm, but it wnts to be upgraded before qemu-kvm (bc of the relations)
<hallyn> so short version is 'apt-get dist-upgrade breaks'
<jamespage> ugh
<hallyn> right.  and because of the way files are being moved between packages, everything needs to be replaced at once
<soren> Are none of those relationships versioned?
<hallyn> all are
<hallyn> isn't helping
<hallyn> when qemu-utils is being upgraded, it's seeing the old qemu-kvm...
<soren> Is this already uploaded or do I need to look in bzr to see the control file?
<soren> If the latter, which branch do I need?
<hallyn> soren: uploaded to ppa:serge-hallyn/crossc for raring
<jamespage> soren, dget -u https://launchpad.net/~serge-hallyn/+archive/crossc/+files/qemu_1.2.0-z-dfsg-8.dsc
<soren> qemu-system doesn't seem to depend on qemu-utils, fwiw.
<soren> It recommends it, though, so the result is probably mostly the same.
<jamespage> hallyn, I'm not sure you need Breaks/Replaces on qemu-kvm itself as its a transitional package
<hallyn> jamespage: i need the files in the old qemu-kvm to be removed before qemu-system is installed...
<hallyn> but yeah, qemu-system break/replacing *should* be enough
<hallyn> i'm just getting desparate :)
<soren> At least your kvm package will need an epoch added to it.
<hallyn> yeah i'll get rid of the break/replaces on qemu-kvm altogether.
<hallyn> soren: what do you mean?
<soren> hallyn: Sorry, I phrased that poorly.
<soren> hallyn: Your kvm package will need an epoch.
<hallyn> soren: that also sounds like part of an answer to my first question - how to version these
<soren> hallyn: The others won't need it, just the kvm one. Otherwise it won't supersede the existing kvm package.
<jamespage> hallyn, I'm wondering whether not having a (= ${source:Version) on Recommends: qemu-utils might be something todo with
<jamespage> it
 * jamespage grasps at straws
<hallyn> soren: is the kvm package still needed?  it was transitional...
<hallyn> jamespage: that sounds right!
<soren> hallyn: Nope, you should be able to just get rid of it. Good point.
<hallyn> soren: though will ppl get confused if they can't apt-get install kvm' ?
<jamespage> hallyn, Recommends can do weird stuff with ordering and configuration
<soren> hallyn: Other things that you can get rid of also include:
<soren>  Conflicts: kvm (= 85+dfsg-4.1)
 * jamespage thinks of bacula as a case in point
<soren> It's been a while since that was useful (if ever).
<soren> hallyn: Yeah, that's true.
<soren> hallyn: Things might still depend on kvm rather than qemu-kvm or whatever.
<hallyn> soren: current raring package does not have an epoch on kvm...
<soren> hallyn: Yes, it does?
<soren> Hm.
<soren> From what I can tell, apt is doing exactly what it's being told.
<soren> You're specifying that qemu depends on qemu-system (>= same version).
<soren> So you're telling it that qemu-system must be installed before qemu.
<soren> Same for qemu-system -> qemu-utils.
<hallyn> i'm not asking for qemu
<soren> Oh, sorry.
<soren> Well, same problem, really.
<hallyn> the lack of versioning on recommends as jamespage suggested sounds a likely culprit,
<soren> qemu-kvm depends on qemu-system (= same version).
<soren> So it must be installed first.
<hallyn> right
<soren> And then qemu-system says it needs qemu-utils first.
<soren> But qemu-utils says it'll break qemu-kvm.
<hallyn> << its own version
<soren> Right.
<hallyn> so i want qemu-kvm removed.
<hallyn> that should do the right thing right?
<hallyn> it takes hours for a build to happen so i want to look for other possible problems before submitting :)
<soren> Are you attempting to get rid of qemu-kvm?
<soren> Is that the goal?
<hallyn> yes
<soren> Ah. I see.
<hallyn> qemu-system provides everything
<soren> I missed that entirely.
<hallyn> (it's the debian-experimental git branch, merging qemu+qemu-kvm)
<hallyn> sorry - that would be confusing then!
<soren> Which package replaces qemu-kvm?
<hallyn> qemu-system
<soren> Ok. So qemu-system should say that it replaces, conflicts and provides qemu-kvm.
<hallyn> oh, provides
<soren> Yeah.
<soren> The problem is that you have versioned dependencies on it.
<soren> I don't think we can do versioned provides yet.
<soren> I could be wrong, though. It's been a while.
<soren> Does anything have a versioned dependency on qemu-kvm?
<hallyn> so right now i have http://paste.ubuntu.com/1414805/
<hallyn> as the new debian/control
<hallyn> they just have breaks/replaces on versioned qemu-kvm
<hallyn> soren: jamespage: all right i'll try the pastebin'd version;  my other question then was,
<hallyn> no,
<hallyn> oh i didn't type that
<hallyn> debian version is 1.2.0-dfsg, ubuntu version is 1.2.0+noroms and 1.2.0-2012
<hallyn> apart from updating the source to qemu 1.3.0, or doing what i'm doing in ppa (using 1.2.0-z-dfsg),
<hallyn> is there something else i can do with the versioning when switching to the debian packages?
<hallyn> i don't wnat to do an epoch really since the problem goes away with 1.3.0
<hallyn> soren: jamespage: thanks, let's see how that goes  (build queued)
<luminous> hi, I have had a hard time getting this sorted out in #ubuntu, my issue may require some more expertise,  so I'm here :)   I'm trying to install redmine on a ubuntu server, so it is relevant.
<luminous> http://dpaste.com/842127/ <<< libmagick-dev won't install properly for me, having cancelled aptitude mid-run
<luminous> aptitude install & cancel looked like:  http://dpaste.de/qi8dq/
<jamespage> adam_g, I think we need to wrestle the swift charms back off my finnie
<jamespage> there ain't much review going on around this commits.
<hallyn> jdstrand: hey,
<hallyn> jdstrand: so i'm working on a patch to allow 9p mounts in libvirt,
<hallyn> but the example used in the bug report was a 9pfs under /home
<hallyn> virt-aa-helper expliclty disallows paths under /home
<hallyn> do we want to enforce that for this too?
<jdstrand> hallyn: I'm not familiar with 9p mounts. what do they do?
<hallyn> i'm not either in particular, but they offer a dir on the host through the 9pfs network fs to the vm,
<hallyn> and actually  my patch is treating them and fstype=bind the same way
<hallyn> (this is re bug 943680)
<uvirtbot> Launchpad bug 943680 in libvirt "Apparmor profile does not authorize access to 9p shared filesystems " [Low,Confirmed] https://launchpad.net/bugs/943680
<hallyn> wait, i don't see home explicitly listed
<jdstrand> hallyn: yeah, me either
<hallyn> but i do get virt-aa-helper: error: /home/ubuntu/9p
<jdstrand> hallyn: are you talking about the apparmor profile for virt-aa-helper itself, or the profile it generates for the vm?
<hallyn> virt-aa-helper: error: skipped restricted file
<hallyn> the profile it generates for the vm
<hallyn> gah, sorry, biam
<jdstrand> hallyn: that is probably this check:
<jdstrand> case S_IFDIR:
<jdstrand>   return 1;
<jdstrand>   break;
<hallyn> jdstrand: oh.  that's right.  thanks!  i guess i need to make that '${x}/**'
<jdstrand> hallyn: what type of rule do you want to add in the end?
<jdstrand> right
<jdstrand> so...
<jdstrand> that will require more work
<hallyn> snprintf :)
<jdstrand> hallyn: maybe create a vah_add_dir()
<jdstrand> fyi, upstream doesn't like snprintf
<hallyn> sigh
<hallyn> double sigh
<hallyn> they wont reply to me anyway :)
<hallyn> ok i think i'm going to put that off then.  i thought it might be a quick addition to the other patches i sent to you for review,
<jdstrand> hallyn: possibly because you didn't run 'make check' 'make syntax-check'
<jdstrand> make syntax-check will tell you about things like snprint
<jdstrand> f
<hallyn> and tell me to write in a custom language?
<jdstrand> they will want you to use something like virBufferAsprintf
<jdstrand> so would I btw, that is what virt-aa-helper does
<jdstrand> I got dinged for that when I submitted my patches initially
<jdstrand> hallyn: so, it doesn't have to be overly complicated
<hallyn> no but there are other things to do, and i'm chafing at custom language
<jdstrand> vah_add_file() grows a 'bool dir' arg
<jdstrand> then you can have a different call to virBufferAsprintf when its true
<jdstrand> valid_path could also grow a 'bool dir'
<hallyn> do we want the same restrictions on dirs as on files?
<hallyn> (besides "can't be a dir" :)
<jdstrand> then in get_files() if it is 9p, set dir=True, otherwise default to False
<hallyn> jdstrand: not quite like that,
<jdstrand> hallyn: re same restrictions> for now, I think yes
<hallyn> i'm specifically running through the ctl->def->fss and looking for 'mount' and 'bind' fstypes,
<hallyn> but right
<jdstrand> well, ok
<jdstrand> basically, default to False unless you need it to be True :)
<hallyn> (just want to make sure you're not suggesting I do this elsewhere through a call to reload_profile)
<jdstrand> no, just in get_files()
<hallyn> ok.  thanks.  i guess first (once my disgust settles) i'll do the virBufferAsprintf thing for the patches i've already sent.
<jdstrand> hallyn: so, I was going to suggest making 'make syntax-check' happy. should I just wait for you to do that before I review the merge?
<hallyn> soren: jamespage: ok, still having the same problem...
<jdstrand> hallyn: sorry about that. actually, once you get used to it, their functions work pretty well... but I empathize having gone through it myself
<hallyn> jdstrand: well assuming it's a simple replacement, i'd say no, there's a lot more to those patches which could have real bugs
<hallyn> so as long as there's no problems with the fundamental patches, then i can avoid bugging you next time i send :)
<hallyn> soren: jamespage: so qemu-kvm upgrade causes qemu-system install recommends qemu-utils install which breaks on the old version of qemu-kvm, which isn't installed bc of this loop.
<hallyn> hm, lemme check the pkg contents.  maybe that last conflicts isn't strictly needed
<hallyn> drat.  it is.  qemu-io is in both
<hallyn> wait, if i have qemu-system providing qemu-kvm, does that mean i don't need a qemu-kvm metapackage?
<jamespage> hallyn, I might be tempted to mock this up in an empty package
<jamespage> so I could tweak the depends and see effects quickly
<hallyn> do i maybe want conflicts instead of breaks?
<hallyn> jamespage: yes, except i'd probably spend several hours setting that up without breaking the rest of the packaging so nothing installs :)
<hallyn> lemme ask this q in -devel
<jamespage> hallyn, I think that might be a good idea
<hallyn> uh, wait.  i see another stupid thing i did.  not necessarily related, but perhaps.  biab
<jamespage> yolanda, looking at your revised MP for nova/upstart now
<yolanda> jamespage, i was trying to finish the testings anyway
<yolanda> so maybe it isn't correct
<jamespage> yolanda, the changelog is a little fuddled and not correct formatted - but aside from that looks OK
<yolanda> jamespage, i have it pending to be corrected, yes, i need to push the changes
<jamespage> adam_g, zul: any objection if I create some new views in the lab?  I like the OS series centric stuff we have in the public instance
<zul> no objections here if it makes life easier
<jamespage> yolanda, merged your changes; deploying into the lab right now....
<jamespage> (nova is the trigger for a re-deployment test - and adam_g appears to have the grizzly deployment on precise working now)
<yolanda> great!
<yolanda> i trust more in the changes, now i can test it properly with the new environment
<uvirtbot> New bug: #1087363 in bacula (main) "package bacula-director-mysql 5.2.5-0ubuntu6.2 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1087363
<adam_g> jamespage: +1 to both swift charms and modifying the jenkins views. i was hoping todo some swift work this week.
<jamespage> adam_g, the swift charms contain some bad juju atm the moment
<adam_g> jamespage: is cloud-init the main blocker for quantum's use of config drive on 12.04?
<samba35> rebooted
<jamespage> adam_g, its the guest that needs the later version of cloud-init
<adam_g> jamespage: ya, last i checked the keystone stuff was hard-coded config options. actually it seems whoever pushed the changes to the official charms didn't push all of them
<adam_g> jamespage: oh, ok, so its a guest-only issue?
<jamespage> adam_g, yes
<jamespage> adam_g, quantal cloud images should just work
<jamespage> adam_g, the other thing you need todo is create a tenant network
<adam_g> jamespage: okay. i tried boht last night with no luck. the instance never got its IP, which i assume it gets from the node running the dhcp agent?
<jamespage> adam_g, the ext_net is shared across tenants and has not DHCP - its for floating IP's
<jamespage> adam_g, nova-cloud-controller has a 'quantum-tenant-net' script which will create one for you
<jamespage> I created one for the admin tenant and then ran nova instances as that admin user - that worked OK
<adam_g> jamespage: but for fixed-ips.. i had the network and ports created so that new instances got new fixed IPs from the tenants network associated with it, but the IP never made it to the instance via DHCP
<adam_g> jamespage: does all of the internal traffic flow over eth0? or is it possible/required to set that stuff to use a specific network, similar to flat_interface /w FlatDHCP?
<hallyn> jdstrand: lp:~serge-hallyn/ubuntu/raring/libvirt/libvirt-hugepages updated to use virBuffer
<hallyn> recon i need to resend to libvirt list
<jamespage> adam_g, it does; its encapsulated in gre tunnels between the ovs instances in each compute node and the quantum gateway
<jamespage> adam_g, its possible todo other network configurations but thats the one the charm supports right now
<jamespage> I do want to add other ones....
<jamespage> adam_g, I've not tried what you did with the tenant network;;;
<jamespage> you should end up with a dnsmasq instance running on the gateway which dishes DHCP
<adam_g> jamespage: yup. all *looked* okay. there was dnsmasq running with a host file that was updated when instances came and went, but DHCP appeared not to be working from the instances.
<adam_g> ill redeploy soon and have another look
<jamespage> adam_g, OK
<jamespage> worth checking the tunnels have setup ok with 'ovs-vsctl show'  - you should see one for each endpoint on quantum-agent and nova-compute nodes
<jamespage> adam_g, I stuck in a fix for the python-dnspython problem for all three charms - see my comment in the bug report as to why this is required
<adam_g> jamespage: ack
<nidazole> can anyone help me about  how to combine 3 dd images from 3 SCSI physical disk to one image? the images got through RAID controller. i am trying to launch those to VMWare!!
<patdk-wk> heh?
<patdk-wk> your in the wrong place then
<patdk-wk> and if you combine them into one image, you will mess it all up
<sarnold> nidazole: (a) prepare for, and mentally accept, that you cannot do this. (b) _maybe_ there are md or dm tools that might be able to do this, but it'll probably be annoying, difficult, and you may be the first...
<patdk-wk> you need to convert them to vmdk files
<patdk-wk> oh wait
<patdk-wk> your attempting to join 3 disks from a raid?
<patdk-wk> ya, I did that last month
<patdk-wk> you have to write a program to do it :) or use a very expensive windows program
<sarnold> patdk-wk: hardware raid controller? :)
<patdk-wk> I missread images got through raid, as images not through raid
<nidazole> md didnt work
<patdk-wk> in my case, hardware raid died
<patdk-wk> why would md work?
<nidazole> how to convert split dd images to vmdk?
<nidazole> LIVEVIEW?
<patdk-wk> nidazole, you write a program to do it :)
<patdk-wk> and define split
<patdk-wk> I seriously doubt your *raid* was setup for concat
<shauno> qemu has a helper tool qemu-img which is fantastic for converting between the various formats
<patdk-wk> yes, that will come after you joined the 3 drives back into 1
<nidazole> patdk-wk: ok :)  how?
<patdk-wk> make a program :)
<sarnold> patdk-wk: did you need documentation from the raid card vendor or were you able to figure out the data format by inspection alone?
<patdk-wk> sarnold, I didn't need anything
<patdk-wk> I knew how I setup the raid, so I knew the params, and just wrote a program to unstripe the data
<patdk-wk> also added sparsefile support into it, cause I have a habbit of zero'ng my disks, so it saved a crapload of time
<sarnold> patdk-wk: there was no metadata on the drives that you had to skip? no funny geometry problems? :)
<patdk-wk> in my case, raid10 setup with 128k blocks
<sarnold> patdk-wk: hahahaha
<sarnold> patdk-wk++
<patdk-wk> no metadata, if there was, it was at the end of the disks
<patdk-wk> dumped finished image to new disk, and reboot :)
<sarnold> patdk-wk: hooray for documenting / remembering your setup. Nice. :)
<patdk-wk> I also recovered a raid50 setup, last jan
<patdk-wk> that was much more fun :)
<patdk-wk> raid50 with 7 disks, 3 bad disks, raid card totally screwed
<patdk-wk> finding working disks, getting them in order, recover each of them using ddrescue
<patdk-wk> took almost a week
<patdk-wk> those had metadata, but it was easy to locate a *correct* mbr, and then adjust for it
<sarnold> ooo
<patdk-wk> so the question still remains, how did he have his raid setup? raid1 with spare? raid5? maybe raid6 but I doubt it
<nidazole> thanks, patdk-wk.
<nidazole> about expensive programs?
<nidazole> what programs?
<nidazole> and what kind of params i need to write a program?
<patdk-wk>  is what I used at one time: www.ufsexplorer.com/download_pro.php
<nidazole> patdk-wk: can i combine the images with this?
<patdk-wk> I think so, been a long time since I used it
<nidazole> patdk-wk: and one more question please. what kind of params i need to write a program?
<patdk-wk> heh
<nidazole> just heh?
<nidazole> :)
<patdk-wk> ask an understandable question
<nidazole> i cant, but thank you very much.
<nidazole> very usefull to me.
<hallyn> stgraber: for lxcapi get/set_cgroup_item, i was going to pass in a container obj and use the container's cgroup.  Not name a cgroup.  Based on your email i'm not sure that's what you mean.  di dyou mean to pass a cgroup name in?
<stgraber> hallyn: oh yeah, my e-mail was a bit confusing, I guess the C implementation would be something like get_cgroup_item(c, subsystem, key)
<hallyn> kewl
<hallyn> (actually it'll be 'int (*get_cgroup_item)(container, char *subsys, char *retv, int inlen)
<stgraber> ok, same as get_config_item, works for me :)
<hallyn> stgraber: exactly :)  thanks
<stgraber> after the binding, I expect it to be possible to do things like lxc.Container("p1").get_cgroup_item("blkio", "blkio.throttle.io_service_bytes") in python which would return the content of /sys/fs/cgroup/blkio/lxc/p1/blkio.throttle.io_service_bytes
<stgraber> it's unfortunate that we need to repeat the blkio part in the key, but well, that's how cgroups are and it's not worth working around :)
<cryptonite> hello
<mysteriousdaren> hi cryptonite
<cryptonite> i was interested in setting up a home mail server, what do you think will the rasberry pi be enough or would it be better to run it on a vps?
<shauno> I'd recommend against the Pi simple because residential connections and smtp don't mix well
<sarnold> cryptonite: storage is probably the weak point, I'm not sure I'd want a mail spool on sd or usb..
<sarnold> good point shauno :)
<cryptonite> shauno: what do you mean?
<cryptonite> i have also an atom setup which could be used too
<shauno> cryptonite: many isps block smtp on residential connections, because the primary use-case for it is trojan'd windows boxen.
<shauno> and I have to say I agree with them.  the valid few are far, far out-numbered
<sarnold> â¦ and many other ISPs also put their dynamic IPs on RBLs to help _others_ block their users as well :)
<cryptonite> i think i could disable the smtp port blocking for my connection...
<cryptonite> but you say that other people might not get the emails i send them?
<Ng> so the cloudimg images, they boot with console=tty1 and console=ttyS0, and it seems like it boots with the kernel displaying tty1, but in the plymouth world that means you just see kernel messages and not anything from/above init. Is there an easy way round that? I'd quite like to see all the output
<sarnold> cryptonite: yeah, that's happened to me before...
<shauno> cryptonite: it's quite possible that the more stricter recipients might not look so kindly on such connections, yeah.  which is less relevant if you're only taking inbound
<shauno> but I/O is still a consideration on the Pi specifically
<cryptonite> i would like to be able to do both, send and receive
<zastern> Anybody using ActiveMQ or mcollective on ubuntu? I'm getting a weird error that seems to be specific to the ubuntu packages - when I try to start with /etc/init.d/activemq console activemq, I get ""File /etc/activemq/instances-enabled//activemq.xml not found." Note the double slash.
<sarnold> zastern: how about "service activemq start" or similar?
<zastern> sarnold: it does start, and I see the java process with ps aux, but it's not listening on the specified port
<zastern> thats why im trying to do service activemq console to get debug info
<zastern> i already disabled ufw so its not that
<sarnold> zastern: is it bound to localhost:port or a specific IP:port, just not the one you need?
<zastern> sarnold: its not bound to anything
<zastern> netstat -a shows nothing for it
<sarnold> zastern: darn. :(
<sarnold> zastern: is there anything in the logs?
<zastern> sarnold: no, thats why im trying to use console!
<zastern> haha
<zastern> console is debug output
<zastern> tehres no logs at all from what i can tell
<sarnold> zastern: hehe, I figured you'd look there first, but it never hurts to double-check :/
<adam_g> jamespage: still around?
<sh_t> has anyone here had issues with ubuntu hanging on shutdown/reboot? "Unmounting local filesystems..." is what i'm seeing. fresh installation with 16 JBOD disks setup in fstab.. all working/test mounted prior to reboot
<sarnold> sh_t: sync can take a while..
<sarnold> sh_t: run 'sync ; shutdown -h now', and see if it is still slow at the same point?
<sh_t> server was idle
<sh_t> but i'll try that
<sarnold> hrm.
<sh_t> i read some thread about it on the ubuntu forums.. some people having to put "killall"'s into /etc/init.d/umountroot
<jamespage> adam_g, yep
<guntbert> sh_t: I take a guess: DELL ?
<sh_t> guntbert: no, supermicro
<sh_t> guntbert: it doesn't happen in 10.. only 12 (which ive decided to start using recently)
<guntbert> sh_t: then its probably different from what I experienced, I remember (answered) questions around that topic on askubuntu
<jamespage> adam_g, juju set quantum-gateway ext-port=eth1
<jamespage> and magic will happen
<adam_g> jamespage: okay, i think thats what i probably needed. i had everything up on quantal. instances were getting their IPs, but iw as unable to reach them myself.
<adam_g> jamespage: don't think i had ext-port set, ill try that next time.
<jamespage> adam_g, you can set it now
<adam_g> jamespage: do floating ips (created and associated via quantumclient) work as expected?
<jamespage> adam_g, yes
<jamespage> adam_g, the folsom/stable branch also includes the integration between nova and quantum so you don't have to use quantum at all
<jamespage> adam_g, however the charm does not support that yet
<jamespage> thats for next iteration
<adam_g> jamespage: cool
<adam_g> jamespage: i just put up some MPs for the swift charms to get things rolling there. just migrated to using the openstack-common stuff for cloud archive installation.
<jamespage> adam_g, you can actually see the instance from quantum-gateway
<jamespage> "sudo ip netns exec qrouter-5ba6e7b8-5bdd-4cb7-8a3a-361561d8e771 ping 192.168.21.131"
<jamespage> quantum uses ip namespaces heavily on the gateway
<jamespage> adam_g, did you take the deb out of the charm?
<adam_g> jamespage: but from elsewhere its accessible via 192.168.21.131?
<adam_g> jamespage: yup. that gets installed now from the archive, if folsom (or later) is being installed
<jamespage> adam_g, once you set the ext-port for the gateway yes
<jamespage> all that does is add the port to the bridge and set the link to up
<adam_g> im half tempted to rewrite the swift stuff in python. theres to much config file sync'ing that could be done better using templates
<jamespage> adam_g, I need to sync up the quantum charm to work with common as well
<adam_g> jamespage: i think we can get your stuff merged first, and then sync into there. i mentioned in one of those reviews, id like to have just one configure_network_manager() we can use from both nova-compute and nova-c-c.
<jamespage> adam_g, yeah +1 to that
<jamespage> adam_g, can we make the commons project an official one as well please....
<adam_g> jamespage: sure.
<jamespage> adam_g, looking at you comment re testing for IP in compute/controller
<adam_g> jamespage: https://launchpad.net/openstack-charm-helpers
<jamespage> adam_g, nice
<jamespage> adam_g, I just pushed a fix for the [[ -n private_address ]] bug to cloud/compute branches
<zastern> Anybody running into issues getting activemq running on ubuntu for mcollective? The package seems possibly broken.
<adam_g> jamespage: cool. i wanna do another deploy and then ill merge those
<jamespage> adam_g, ack - thats me done for today - ttfn
<adam_g> jamespage: cya
<adam_g> Ursinha: ping
* You're now known as ubuntulog
<Ursinha> adam_g, pong
<adam_g> Ursinha: er, just sent an email. :)
<Ursinha> adam_g, will reply :) do you want/need the answer now or tomorrow is fine?
<adam_g> Ursinha: no rush. tomorrow's cool
<Ursinha> adam_g, cool :)
<hallyn> stgraber: bleh!  what a pain!  you can't get size of a cgroup file through stat or seek.
<hallyn> i sort of knew that, but was hoping someone had fixed it by now :)
<jeeves_moss> if I have the %maildir% dump from my pooched dovecot install, is there a way to get the e-mails back out of the database so I can import them into a mail program, and then offload them to Exchange?
<Patrickdk> heh?
<Patrickdk> dovecot doesn't do databases
<Patrickdk> you shouldn't even import them
<Patrickdk> you should just setup an imap program and transfer them
<stgraber> hallyn: oh, that's fun, so how do you read those files? just read until you get nothing?
<jeeves_moss> Well, the issue is that the server crashed, and I only have the backup of the maildir directory.
<hallyn> stgraber: yup! :)
<hallyn> stgraber: so i only do that if null pointer is passed in or 0 length
<hallyn> if you pass in a small value your indication will be return value == what you passed in, not the full size as with lxc_get_config_item
<Patrickdk> jeeves_moss, since you only backed up the maildir, you have to rebuild the rest of the server
<Patrickdk> once it's build put the maildir files on it
<Patrickdk> then you can transfer it to exchange, or whatever you want
<Patrickdk> the space savings you got, from only backing up the maildir, is the cost of restoring things, when this happens
<sarnold> many mail clients can grok maildir; maybe aim mutt at the maildir, and configure it to know how to imap to the exchange server, and then 'copy' the mails to a folder on the imap...
<jeeves_moss> Patrickdk, and if the users were in a MySQL database, I'm guessing I'm going to have to totally rebuild EVERYTHING in order to get the mail out of it?
<Patrickdk> getting access to the mail is easy, it's one file per email
<Patrickdk> the issue is, you can't give that to exchange
<jeeves_moss> Patrickdk, or is there a way to set it up that I can run a shell program to login to my exchange server and upload all the e-mails to the "inbox"
<Patrickdk> you can do an imap transfer, but you need to setup an imap server for that to work
<Patrickdk> I don't know of any maildir->imap program
<Patrickdk> only imap->imap
<jeeves_moss> Patrickdk, I know that each e-mail is just a file.  Can I "import" that into the local directory in Thunderbird or something?
<Patrickdk> dunno about thunderbird
<sarnold> mutt should do it
<jeeves_moss> Patrickdk, I'm just trying to thin of the fastest way to move the emails around.  I'd really like to take that old server out to the parkinglot and smash it.
<jeeves_moss> sarnold, mutt will, but I'm not sure how to move the e-mails around.  I had migrated ~50 users to Exchange to shut them up while I sorted out the other mess
<sarnold> jeeves_moss: T lets you tag by patterns. ;C will copy all tagged messages to a folder.
<jeeves_moss> sarnold, thanks!
<sarnold> jeeves_moss: it may not be pretty :) but if you don't want to set up dovecot again and use an imap<->imap, it might be the thing to save your bacon...
<jeeves_moss> sarnold, lol, lets hope.  As I said, it was a v-hosted dovecot/postfix/MySQL mess that I had thrust on me.   I was sick of explaining why M$ products didn't work.  So, I just built an exchange server and everyone shut up
<sarnold> jeeves_moss: muttrc(5), search for "Constructing Patterns" to see the rules available...
<jeeves_moss> sarnold, thanks.
<jeeves_moss> sarnold, now I'm going to see if I can wake it up using WOL
<sarnold> jeeves_moss: plus, you'll have fun when someone wants a mail "out of backups" and you say, "okay, it'll take me about four hours to clone this exchange, an hour to load the database off backup, I'll get it to you ... tomorrow." :)
<jeeves_moss> sarnold, lol.  I've attached a few file boxes to my door.  and the note above it says "If you need something, submit a form (pick a box).  If you've submitted a form, don't bother asking me in person.  They will be accomplished in order of need of the group, not in order of personal preference.  Asking me will result in your request being moved further down the pile"
<sarnold> jeeves_moss: oof :)
<jeeves_moss> a few people have asked, and I have taken their request form and physically moved it to the bottom of the pile while they were standing there.  Under the pile is a garbage bucket.  They're warned that the second request will be moved lower than the pile
<jeeves_moss> damn it.  I can't find the MAC of the server that's turned off
<patdk-lap> sarnold? heh?
<patdk-lap> you NEVER clone exchange to get an email out of backups
<patdk-lap> you just mount the backup, and restore the email
<sarnold> patdk-lap: that's how it was explained to me last time I asked an exchange admin how they got mails out of backups.
<patdk-lap> this was echange pre 2003?
<patdk-lap> I know in 2003 there was a backup mailspool, you restored the backup to it, then did some recovery thing
<patdk-lap> in 2007/2010, you just restore and copy over the active mailspool
<patdk-lap> exchange does some voodoo so it doesn't actually overwrite it
<patdk-lap> I've done this a few times in the last couple of months
<patdk-lap> users completely wiping out their exchange mail somehow via their iphone
<patdk-lap> not nearly as nice as a maildir email restore
<patdk-lap> but I have even dropped maildir/mbox on my mail servers, for mdbox
<sarnold> patdk-lap: yeah, probably 2003, 2004, I asked about it...
<jeeves_moss> sarnold, if I have e-mail cached in Thunderbird, is there a method to sync it back to the server?
<sarnold> jeeves_moss: not that I know of, but I know nearly zero about thunderbird.
<patdk-lap> the only thing I know about thunderbird is it stores email internally using mbox format
<jeeves_moss> sarnold, lol.  Well, I think when I get home, I'm going to fire up that old box, and strip all of the crud out of it.
#ubuntu-server 2012-12-07
<uvirtbot> New bug: #1087491 in unixodbc (main) "package odbcinst 2.2.14p2-5ubuntu4 failed to install/upgrade: El paquete estÃ¡ en un estado grave de inconsistencia - debe reinstalarlo  antes de intentar su configuraciÃ³n." [Undecided,New] https://launchpad.net/bugs/1087491
<maveas> Hi guys.
<maveas> Anyone with experience with MAAS?
<maveas> I am trying to test MAAS in VirtualBox. The MAAS server is installed but nothing happens when I try to boot my node (PXE)
<maveas> Installed maas-dhcp etc.
<maveas> Debugged with wireshark. The node sends dhcpdiscover but there is no response from the MAAS. Have no idea what the problem is. The MAAS is totally open (no rules in iptables)
<sarnold> maveas: is the networking on your system configured for the virtualbox clients to be able to talk with each other?
<sarnold> s/clients/guests/
<maveas> It might not (don't know) :)
<maveas> If each VM is bridged on the same interface (eth0) should it really be a problem?
<maveas> I am able to set a static IP on each VM and access the internet..
<sarnold> maveas: hrm, there's the chance that the packets are leaving your local machine's nic...
<maveas> local as in ?
<sarnold> maveas: try setting up the MAAS master on another physical machine on the physical network? :)
<maveas> guest or host?
<sarnold> sorry, host.
<sarnold> oof. :)
<maveas> Ah
<sarnold> Or it might be easier to fiddle with the networking to unbridge them
<maveas> So even if I tried to setup maas on my host and then boot a guest it would not work?
<sarnold> (and no, I don't know the lingo well enough to use the actual technical term then... :)
<maveas> That's ok :)
<sarnold> maveas: it may not, if the 'bridged ethernet' mode means packets leave your host nic without being subjected to routing 'internal' on the host.
<maveas> I'll try with my desktop as a node
<sarnold> maveas: woo. nice half-way testing point. :)
<maveas> Thank you for your time sarnold. Appreciated :)
<sarnold> please do repotr back, I've been meaning to fiddle with maas in kvm for ages now...
<maveas> Always online @ irc?
<sarnold> maveas: yes
<maveas> Ok. I'll try again tomorrow (2:45am here) and report back with my discoveries :)
<maveas> Caio
<pndemc> is there something like htop where I can view live dl/ul stats?
<sarnold> pndemc: I know I've seen something nicer than this: http://iptraf.seul.org/shots/iptraf-iptm1.gif
<sarnold> pndemc: but man, I cn't remember the name :(
<uvirtbot> New bug: #1084017 in mysql-5.5 (main) "package mysql-server-5.5 5.5.28-0ubuntu0.12.10.1 failed to reinstall" [Medium,Invalid] https://launchpad.net/bugs/1084017
<soren_> hallyn: Not that it matters to the problem at hand, but I'd avoid versioning the dependency from qemu-kvm to qemu-system.
<soren_> hallyn: Also, qemu-kvm used to provide both system and user qemu's, didn't it? If so, I'd make qemu-kvm (the transitional package) depend on both, otherwise people using qemu-user will lose functionality in the upgrade.
<eagles0513875> hey guys I am setting up a mixed setup environment. client computers are windows based and the server back end is going to be linux based. in terms of user authentication with the network from the front end is RADIUS sufficient for that purpose or is its purpose only for wifi authentication
<vezq> it can be used but depending on amount of users, also think what database RADIUS will use for users, e.g. LDAP if there are a lot of users
<vezq> also security is one aspect, see this: http://lists.freeradius.org/pipermail/freeradius-users/2012-April/059947.html
<peterrus> when trying to upgrade from 11.10 to 12.04 I get:
<peterrus> Exception during pm.DoInstall():  E:Could not perform immediate configuration on 'mysql-client-5.5'. Please see man 5 apt.conf under APT::Immediate-Configure for details. (2)
<peterrus> that package is not installed
<tizz> hi everybody! where is an IP alias (eth0:0) defined if it is not in /etc/network/interfaces? I deleted everything in /etc/network/interfaces but still eth0:0 is up after each reboot, with a static IP assigned. where the heck could this be defined in? thanks a lot!
<vezq> tizz: check this directory /etc/network/if-up.d
<vezq> also can be some initscript
<tizz> vezq, thanks a lot, saved my a lot of time! there was actually a bash script in /etc/network/if-up.d creating the alias.
<jamespage> jdstrand, hey - I'm reviewing a MP for a new version of iptables for raring; its the same version as is Debian experimental (1.4.16.3)
<jamespage> and thoughts on whether thats a good idea or not?
<samba35> how do i get X windows on windows with xming ,what i have to change in putty
<greppy> samba35: you need to use port forwarding, specifcally x11.  connection, ssh, x11, check enable forwarding.
<samba35> ok
<soren_> jamespage: Do you know why it's in experimental rather than in unstable?
<soren_> jamespage: 1.4.16.3 is in unstable.
<jamespage> soren_, you are quite correct  - I misread the output of rmadison
<soren_> jamespage: Back when I maintained iptables, I don't recall ever having any reservations about pulling in new versions.
<soren_> fwiw
<jamespage> soren_, my reservation was really around it being in experimental still :-)
<scalability-junk> hey I'm working on a kickstart file and I have issues with encrypted raid.
<scalability-junk> I wanted to use --fstype and --encrypted and --passphrase within raid of the kickstart, but it says sees options are not supported.. any hints?
<scalability-junk> am I right to assume that kickstart files are sort of not supported with ubuntu?
<jdstrand> jamespage: right, so 1.4.16.3-4 is in unstable. you'll be able to drop a patch or two iirc, so yeah, I think that would be fine
<jamespage> jdstrand, ack
<Daviey> jamespage: We should probably look at a rsyslog merge aswell soonly?
<jdstrand> jamespage: before you upload it, can you at least 'sudo ufw enable' then reboot, then 'sudo ufw status' to make sure it still comes up?
<jamespage> jdstrand, OK
<jamespage> Daviey, most probably
<jdstrand> I know there are a couple upstream bugs for things that iptables has deprecated. it might be noisy, but still work. I'll fix the noisy bits. if it doesn't work, pass it to me and I can fix ufw and upload both at the same time
<jdstrand> jamespage: ^
<jamespage> jdstrand, gotcha
<jdstrand> thanks
<hallyn> soren_: it was before oneiric that qemu-kvm provided qemu-user, though
<hallyn> soren_: what would be the reason to avoid versioning the qemu-kvm -> qemu-system depend?
<soren_> hallyn: You should generally only do versioned relationship if the version really does matter.
<soren_> hallyn: ...and I don't see how it does here?
<soren_> hallyn: The looser the relationship is, the easier things will be for apt.
<hallyn> soren_: well an older qemu-system which doesn't have qemu-kvm wouldn't suffice, is all...
<hallyn> but i can drop it
<soren_> Oh. I thought qemu-system was a new binary.
<hallyn> no qemu-linaro provides it now
<soren_> But still:
<hallyn> for qemu without kvm
<soren_> Erm... /me thinks some more
<hallyn> soren_: meanwhile last night i reproduced what i thought was the situation with some dummy pkgs ina container with private mirror...  and all worked fine
<hallyn> so i'm going to go pour over the control file and look for another typo
<hallyn> :(
<soren_> Heh .
<soren_> Enjoy.
 * soren_ is of little use today due to some sort of flu
<hallyn> thanks :)  I really should try to enjoy - it would be fun if i didn't feel like i was on a deadline
<caribou> jamespage: howdy, did you see the not from scott Kitterman about the walinuxagent SRU ?
<jamespage> caribou, yes - Daviey sorted things out with the SRU team I believe
<caribou> jamespage: ah, ok. What was the private bug he was reffering to ? I don't remember seeing one
<jamespage> caribou, there is one referenced in the change log
<caribou> jamespage: I thought it was the public bug I was working on...
<rbasak> smoser: busy? I've got a couple of tools that could go into cloud-utils that I'd like you to look at before I integrate it.
<smoser> rbasak, fire away
<caribou> jamespage: so looks like they removed the SRU for Quantal for walinuxagnet
<rbasak> So the first one is the libvirt cloud-localds wrapper. It takes one of three subcommands, create, destroy and import.
<rbasak> First you import <image_name> <filename>. image_name might be "raring", and filename would be your download of the raring cloud image. That'll stick it into libvirt in /var/lib/libvirt/images/raring
<rbasak> Then "create <hostname> <base_image>" which will create a cow image /var/lib/libvirt/images/<hostname> and start it. It injects your ssh key, a hostname and avahi-daemon install into the localds
<caribou> :12
<smoser> rbasak, ok. i hope that we will have wonderful tools for doing the downloading by the end of this cycle, and also tools that will keep your local image  list up to date.
<rbasak> After that "ssh ubuntu@<hostname>.local" should work
<smoser> so hopefully we can use that.
<rbasak> We can add that. I haven't done it yet for a first iteration
<smoser> right.
<rbasak> destroy gets rid of it completely
<rbasak> I have no idea what to call this tool!
<smoser> why 'a' a hostname, and 'b' a avahi-daemon ?
<smoser> rbasak, well, i started something very similar with lxc
<rbasak> I figure that zeroconf is the easiest way to find machines in a test/dev environment. No messing with IPs then. ssh just works too.
<smoser> and called it "lxc-cloud"
<rbasak> So libvirt-cloud then?
<smoser> well, i was thinking the other way.
<smoser> localcloud <hypervisor>
<smoser> lcloud
<smoser> lcloud <kvm> import
<smoser> lcloud lxc import
<med_> caribou, sounds like the walinuxagent thing is being worked (various ways)
<smoser> ?
<rbasak> As a single tool or as a wrapper to call the other tools or don't care?
<smoser> rbasak, what do yo uthink ?
<rbasak> cloud-fingerprint has subcommands grep, import and fix. fix just wraps grep and import. grep filters console output for the cloud-init fingerprint printout. import takes that on stdin, calls ssh-keyscan, ssh-keygen, verifies fingerprint etc.
<smoser> i think single python would be nicer.
<caribou> med_: k
<rbasak> So I can do "euca-get-console-output i-123|cloud-fingerprint fix 1.2.3.4" and it just works
<rbasak> I thought it was time to split that out as this is useful for both local and remote clouds
<smoser> rbasak, right.
<smoser> how are you doing networking with libvirt ?
<smoser> is this on the system libvirt ig uess ? (qemu:///system)
<rbasak> The tool currently hardcodes qemu:///system. That could be configurable.
<smoser> and how do you create and delete images ? it requires sudo ?
<rbasak> The domain xml is picked up from a template. I intend that to go in /etc and ~/.something so that the user could override.
<smoser> hm.
<rbasak> Using lxml to manipulate the template, changing disks and hostname only. Networking stays as-is.
<smoser> k.
<smoser> i just come to the realiszation that we poitentially have
<rbasak> Using libvirt python binding to create and delete images. No sudo needed.
<smoser> lcloud libvirt-kvm
<smoser> lcloud kvm
<smoser> lcloud libvirt-lxc
<smoser> lcloud lxc
<rbasak> I'm not sure about non-libvirt
<smoser> (ie, with or without lxc in the middle).  apparently there are people that do not think libvirt-lxc is "the real lxc"
<rbasak> We would then have to manage things about where the persistent information about images is kept, at which point we'll have reinvented libvirt
<rbasak> for kvm
<smoser> rbasak, i agree, but there are many annoyances on libvirt and kvm.
<rbasak> For lxc, the lxc package already does this
<rbasak> So that's OK
<smoser> well, networking is different is the big thing.
<rbasak> What networking can you not do with libvirt?
<zul> jamespage:  ping http://paste.ubuntu.com/1416957/
<smoser> rbasak, the biggest issue i have with libvirt is its insistence on root owning my images.
<smoser> rbasak, just that the networking is different.
<smoser> not insufficient, just idfferent.
<jamespage> zul, in a bit - have my head in swift charms from adam_g ATM
<rbasak> If you go through the API, then that is no longer an issue, since you can still create/delete etc without root. With a wrapper tool that understands the API, is it really needed for someone who just wants to use images?
<zul> jamespage: okies its just more cloud-archive tooling
<smoser> rbasak, how do you delete images through api ?
<smoser> i guess i didn't realize you coudl do that.
<rbasak> you can virsh vol-delete --pool default <image>
<rbasak> There are definitely things you can't do via the API
<smoser> if your'e telling me i dont have to be root, but just have qemu://system access, then that rocks.
<rbasak> And the API is really annoying and tedious to use
<rbasak> But with suitable well-designed wrappers that pain should go away
<smoser> but what is '<image>' there?
<smoser> a path to an image ?
<rbasak> I'm not sure what will work. I use just the filename as it appears in /var/lib/libvirt/images
<rbasak> The abstraction is that directory is a storage pool
<smoser> right. but then how did you put the image there.
<rbasak> virsh vol-upload
<smoser> oh good night.
<rbasak> (yes, it's a pain!)
<smoser> i didnt realize that was there. wow.
<smoser> i guess our end game would be that those full images would be synced/populated as root
<smoser> and your instance images would be qcow deltas backed by those
<rbasak> I do belong to libvirtd btw
<smoser> and then you'd hvae to upload "full localds ISOs"
<smoser> rbasak, well, generally, i really like what you're doing.
<smoser> and i really want to have nice tools like this for kvm and lxc
<smoser> as i want to use them for testing cloud-init :)
<rbasak> I'd like to write juju providers for this too :)
<smoser> rbasak, 'lc2' (local compute cloud)
<smoser> ?
<rbasak> I like it. Makes it sound like a product though!
<smoser> at the moment, we're only repllicating *compute*
<smoser> in the future, we'll have analogs for object store, block storage, networking
<smoser> ...
<smoser> :)
<smoser> and then profit
<rbasak> that sounds like quite an interesting stack of tools. I wonder what we could call the entire collection?
 * smoser wonders how much VC money we can get based only on the IRC conversation above.
<smoser> rbasak, one thing that i want to at least attempt to support is non-ubuntu
<smoser> images
<rbasak> So far nothing is specific to ubuntu, only cloud-init, I think
<smoser> with, of course, cirros being the first set of non-ubuntu images.
<smoser> so what all do you do in the guest ?
<smoser> oh, and do you take user-data ?
<smoser> it has to
<rbasak> Oh, I am assuming that avahi-daemon exists and can be installed.
<smoser> what does that get you?
<rbasak> I'm creating user-data. Right now I don't have the ability to take anything supplied by the user
<rbasak> avahi-daemon makes zeroconf work. I can ssh <hostname>.local and it finds it
<rbasak> No messing with IPs then
<rbasak> I've come to the conclusion that it's the cleanest way of finding ephemeral machines in local use
<smoser> i think i'd rather mess with IPs if i can find a way to deal with it.
<smoser> i really dont want to make assumptions about the guest.
<smoser> other than possibly that it brings up eth0
<rbasak> It's a standard, doesn't really depend on anything apart from IP networking, will work with IPv6 well, doesn't depend on the dnsmasq trick which always felt horrible to me
<smoser> well, if you're doing libvirt, you can specify
<smoser> right?
<smoser> you can set the ip that it will get on dhcp based on its mac that you also specify
<rbasak> Not sure of the details. I struggled the last time I tried. libvirt was a bit buggy with the network xml stuff then (oneiric maybe)
<rbasak> Suddenly we need to have an IP allocation mechanism
<rbasak> And know what it is and how to query it
<rbasak> With zeroconf, it doesn't matter what the user's using. He could be bridged to his LAN and using his own dhcp server and I don't need to care - it'll still work
<rbasak> I'm not saying that we shouldn't support an alternative, just that this is a very easy case that takes no effort to get started
<smoser> all this in exchange for making grave assumptions on the guest
<rbasak> And we could add options for other mechanisms in the future
<smoser> and not supporting user-data
<smoser> :)
<rbasak> I'm doing three things in user-data currently
<rbasak> I'm automatically grabbing your ~/.ssh/id_rsa.pub and sticking that in
<rbasak> I'm adding avahi-daemon
<rbasak> And I'm setting your hostname based on what you asked for it to be called
<smoser> id_rsa.pub can be meta-data not user-data
<smoser> same with hostname
<rbasak> Oh, OK
<smoser> so avahi-daemon is the sticking point.
<smoser> but libvirt probably makes this work, honestly.
<rbasak> Well user-data is YAML, so it's easy enough to have options that manipulate user-supplied user-data
<smoser> rbasak, well, its not guaranteed to be yaml
<rbasak> Oh
<smoser> and it sucks to merge.
<smoser> well, anyway.
<smoser> tahat can be solvve.d
<rbasak> Well how about making it yaml if you want zeroconf, or if you supply non-yaml then you don't get that or have to do it yourself
<smoser> rbasak, well, the thing you really need to do is use multi-part input.
<smoser> one part comes from you, one from the user.
<smoser> if you're doing that.
<smoser> the issue then is that multipart cloud-config does not actually merge well, but you could use boothooks for your portions.
<rbasak> I'm not familiar with the details of that. How would two yaml parts be merged? What if I want avahi-daemon installed and the user wants hello installed?
<rbasak> OK
<smoser> but then you're makign assuptions on the guest again (ie, you'd have to know to use 'apt-get' rather than 'yum install')
<rbasak> Yes
<smoser> hm..
<rbasak> At some point, assumptions on the guest allow us to make the tool more useful and do more automatically, which for a command line tool like this I think is important.
<smoser> lets table this for now. i think with libvirt and a network of our own we can make this work.
<smoser> but, i'm ok with your solutio nfor now.
<rbasak> I favour making it simple by default, but possible to turn off some of the automation in return for removing assumptions on the guest, so then it'll still work with non-ubuntu guests
<eagles0513875> hey guys what is the group name for samba is it samba or something else as I created a share directory in /srv/samba/SHARE NAME it has right permissions and everything but I cannot add it to the samba group
<eagles0513875> hey guys what is the group name for samba is it samba or something else as I created a share directory in /srv/samba/SHARE NAME it has right permissions and everything but I cannot add it to the samba group i get chgrp: invalid group: `samba when i try to change the group
<SpamapS> eagles0513875: samba runs as root
<SpamapS> eagles0513875: because it needs to map uids <-> samba users
<eagles0513875> :-/ ok what i was planning on doing is restricting users to shares for their particular department
<eagles0513875> does that mean i need to add each user to the root group?
<eagles0513875> SpamapS: im a bit lost as to now go about setting up my permissions in terms of users :-/
<SpamapS> eagles0513875: well you need to either tell samba what to set the user to in the share config, or tell samba how to map users.
<eagles0513875> how do i go about doing that as there is no mention https://help.ubuntu.com/12.04/serverguide/samba-fileserver.html about having to do that
<eagles0513875> SpamapS: are you talking about what is mentioned here https://help.ubuntu.com/12.04/serverguide/samba-fileprint-security.html in terms of the groups?
<SpamapS> eagles0513875: there is, its just not obvious.    security = user
<eagles0513875> I have that set
<SpamapS> sudo mkdir -p /srv/samba/share
<SpamapS> sudo chown nobody.nogroup /srv/samba/share/
<SpamapS> pretty clear there
<alex88> hi guys, I'm starting an fcgi daemon this way
<alex88> exec su -c "spawn-fcgi -s /tmp/imageserver.sock -u www-data -g www-data -n -- /usr/bin/multiwatch -f 10 /bin/imagefogimageserver" www-data
<alex88> inside an upstart script
<alex88> but sometimes the socket doesn't get createdâ¦ what can be the issue?
<eagles0513875> SpamapS: if i have /srv/samba/product and another share at /srv/samba/product/123 can i change the permissions of that directory to have the group 123 and users samba
<SpamapS> alex88: that looks good to me. no errors reported
<uvirtbot> New bug: #1087765 in lxc (universe) "Not all containers get started at bootime" [Undecided,New] https://launchpad.net/bugs/1087765
<alex88> SpamapS, in fact usually it works fine, now the service was giving 502, i've checked and the socket wasn't there, but service service name status gave the proc id
<alex88> I've restarted and the socket still wasn't there, restarting service instead make it working
<eagles0513875> Tm_T: can i ask you a question really quickly if i have a share /srv/samba/A and i create another share in its subdirectory /srv/samba/A/B can i on subdirectory B modify the permissions and group and ownership. ownership to samba and then the group to a particular department group?
<Tm_T> eagles0513875: why not
<eagles0513875> right now I cannot change the parent directory its set to nobody nogroup
<eagles0513875> should the parent directory A in my example be changeable as well?
<Tm_T> eagles0513875: I assume you get an error message when you try change ownership
<Tm_T> and yes why not
<eagles0513875> yes i get an error on the parent directory
<eagles0513875> be it the user or the group i get chown: invalid user: `samba'
<eagles0513875> i checked the group file and the group samba exists
<Tm_T> "getent group | grep samba" would tell you something
<eagles0513875> sambashare:x:112:jaquilina oops its samba shre
<eagles0513875> my bad
<eagles0513875> Tm_T: epic fail on my part
<Tm_T> eagles0513875: this is exactly what is worrying me
<eagles0513875> i just figured it out
<Tm_T> you get clear error message, and yet...
<eagles0513875> i got it
<jamespage> adam_g, see MP's for comments on swift charms.
<jamespage> adam_g, the only thing I did not manage to do was actually verify that swift was working :-)
<uvirtbot> New bug: #1086128 in nova "ec2 api entry point for DescribeImages shows only public" [Undecided,New] https://launchpad.net/bugs/1086128
<hallyn> jdstrand: still no comments from upstream on the patches from lp:~serge-hallyn/ubuntu/raring/libvirt/libvirt-hugepages .  Do you think it would help if you commented on those threads instead of doing the bzr merge review?
<jdstrand> hallyn: I plan on commenting
<jdstrand> hopefully today, otherwise tuesday (it's at the top of my todo list after some MIR reviews)
<jdstrand> s/tuesday/by tuesday/
<hallyn> jdstrand: on the libvir-list ?
<jdstrand> yes
<hallyn> jdstrand: awesome, thanks.  have a good weekend
<jdstrand> thanks, you too
<jdstrand> hallyn: do you have packages with those patches somewhere?
<hallyn> jdstrand: no, but i can push them to a ppa if it helps
<hallyn> (i mean yes, but compiled locally on an instance)
<jdstrand> hallyn: a source package on chinstrap would be fine
<hallyn> k
<jdstrand> hallyn: I noticed that '[PATCH 1/1] add vnc unix sockets to apparmor policy' does not include a test case in tests/virt-aa-helper-test. could you add one?
<hallyn> jdstrand: http://people.canonical.com/~serge/libvirt_1.0.0-0ubuntu3ppa1.dsc  and http://people.canonical.com/~serge/libvirt_1.0.0-0ubuntu3ppa1.debian.tar.gz
 * hallyn goes to look at how those testcases are done
<jdstrand> hallyn: can you also add one for '[libvirt] add security hook for permitting hugetlbfs access (v2)'? that one would just be doing the equivalent call to virt-aa-helper that ApparmorSetHugepages() is doing
<hallyn> jdstrand: what is that meant to test exactly?
<jdstrand> hallyn: that virt-aa-helper is doing what you meant for it to do
<hallyn> ok
<jdstrand> it exited with the correct exit code. also, if you pass '-d' to virt-aa-helper-test, then you will get debugging output to visually inspect
<jdstrand> hallyn: ^
<hallyn> jdstrand: ok that test program looks grok-able, thanks for that :)
<jdstrand> np
<phunyguy_work> Hey folks, I am not on Ubuntu-server, but I need to write a script for some proxy settings, and I need some advice.  I have a script that currently checks to see if my LAN is pingable, and if not, try to connect via VPN, and if I am at home, it will disconnect the VPN.  What I want to accomplish is have it change system-wide proxy settings when I am away from home and connected VPN to proxy my web traffic through
<phunyguy_work>  home, (including aptitude), and when I am home, stop using the proxy.   Any ideas hwo to accomplish the proxy changes dynamically?
<phunyguy_work> (the reason I ask here is due to command-line stuff)
<adam_g> jamespage: re swift review, i'd rather spend time doing a proper rewrite of that charm than working on the current bugs. i think the underlying design of how swift-proxy + storage are deployed with the current charms is broken, and we can do better
<halvors> I ran chmod 6755 /usr/lib/dovecot/deliver wich conflicts with the setuid. How to revert it?
<sarnold> halvors: "conflicts with the setuid"? do you want that file to be setuid or setgid or neither when you're done?
<halvors> I want it back to default...
<jamespage> adam_g, ack
<ankushsachdeva> my wifi does not connect to adhocs :(
<uvirtbot> New bug: #1087261 in openssh (main) "package openssh-server 1:5.3p1-3ubuntu7 failed to install/upgrade: el subproceso post-installation script devolviÃ³ el cÃ³digo de salida de error 2" [Undecided,New] https://launchpad.net/bugs/1087261
<raub> Trivial question: how do I partition a hard drive during the server installation using command line?
<sarnold> raub: look for commands cfdisk or gparted first, then fdisk.
<raub> sarnold: cfdisk, gparted, and fdisk are not in the built-in shell offeredn during install. And I forgot how to add a package at that point
<raub> shame on me
<sarnold> raub: try find / -name '*fdisk*' ... it may be there, just under a different name.
<sarnold> err
<sarnold> raub: under a different _path_ than you may expect
<raub> sarnold: hate to say only fdisk thingie it reports is a package (.udeb).
<sarnold> raub: darn.
<raub> I am going to dl a new iso just in case
<raub> Still no nice. Even with a single ext4 partition
<raub> sarnold: it seems I am not the only one https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/802081
<uvirtbot> Launchpad bug 802081 in qemu-kvm "qemu raw/nocache fails to operate on LVM partition with 4k sector size" [Undecided,Expired]
<sarnold> raub: aha. Perhaps you can revive that bug... it never got the information hallyn asked for..
<xnox> raub: sarnold: I thought this was fixed in lvm2 and SRUed.
<raub> sarnold: thing is that it only happens during install
 * xnox just had a dejavu moment.
<raub> xnox: had that happen to you before?
<raub> sarnold: If I run the livecd, I can partition it to my heart's content
<xnox> raub: well. I never had the qemu problem myself, but I remember uploading fixes to resolve an approx similar problem you are discussing here.
<raub> But if I try to install it it will go boink
<raub> xnox: sounds like they were not committed?
<jamespage> adam_g, still around?
<adam_g> jamespage: yes
<jamespage> adam_g, with regards to the rewrite of the swift charms; how long do you think that might take?  I'm concerned about the quanlity of whats in the charm store
<jamespage> seriously considering whether we should unpromulgate it
<adam_g> jamespage: im working on it now, hope to have it up for review before EOD mon? i'd +1 that idea. i dont know how those canonical-specific changes got in there to begin with
<jamespage> adam_g, me neither
<uvirtbot> New bug: #1077148 in walinuxagent (main) "Package walinuxagent version 1.2" [Medium,Confirmed] https://launchpad.net/bugs/1077148
<Daviey> adam_g: updates published
<Daviey> https://lists.ubuntu.com/archives/cloud-archive-changes/2012-December/thread.html
<adam_g> Daviey: danke
<Daviey> adam_g / zul: Just a reminder to upload with debuild -v, to have a fuller log
#ubuntu-server 2012-12-08
<scalability-junk> hey anyone familiar with kickstart files for ubuntu?
<scalability-junk> I'm trying "raid / --fstype ext2 --encrypted --passphrase=test --level=1 --device=md1 raid.12 raid.22" but I only get unrecognized option for fstype, encryption and passphrse
<scalability-junk> I tried with --fstype=ext3 and ext2 too.
<scalability-junk> any hint?
<xnox> scalability-junk: it should work without the raid or without encrypted but not both. /me is trying to make that combo work.
<xnox> scalability-junk: this is not a limitation of kickstart per-se, but rather the underlying debian preseeding as far as I can see currently.
<scalability-junk> xnox, ok  but I even get unrecognized option for fstype alone
<scalability-junk> xnox, any way you found having a raid partition encrypted?
<scalability-junk> I don't want to use seed files... I like kickstart ones :P
<scalability-junk> xnox, so any recommendation or is the best solution to use seed files?
<escott> scalability-junk, i know nothing about this seed file kickstarter business, but won't you need to run mdcrypt on top of the mdraid. so won't that require two entries?
<scalability-junk> escott, actually thats what the --encrypted is for it takes a block device lvm, partition or raid and use mdcrypt afaik to decrypt it
<scalability-junk> *encrypt it
<aFeijo> is it possible to install vmware workstation 9 in a ubuntu 12.10 server?
<pmatulis> does anyone still use workstation?
<patdk-lap> I do on 2 workstations and several laptops
<demona> I'm using 12.10's linux-image-virtual kernel in a Xen VM and would like to install at least one more kernel for remastering experiments. However, it looks as if installing the new kernel results in the old one being removed.
<demona> Granted, it might not be the kernel as I'm also installing a lot of older packages in this batch.
<patdk-lap> old ones are not removed, unless you do an autoremove
<patdk-lap> or maybe you just mean removed from grub, then you need to adjust the grub config to list them all, so py-grub xen loader sees it
<demona> No, I mean, first I do 'dpjk --setselections < selections', then 'apt-get dselect-upgrade'. At the second stage, it warns me that some packages will be removed, including the headers and other stuff for my current kernel
<demona> *dpkg
<patdk-lap> well, what did you expect
<patdk-lap> you deselected it
<demona> I guess I read that as 'dselect', not 'deselect' :)
<patdk-lap> no
<patdk-lap> when you setselections
<patdk-lap> it unset the ones you didn't select, I bet
<demona> Ah so - I would have expected a lot more listed, but that makes sense
<patdk-lap> it's been awhile since I have done that
<demona> On the surface, I just want to install this list of packages, but my bigger picture is to build a fresh INX (inx.maincontent.net, last alpha release based on Lucid)
<demona> I'll probably have a devil of a time with the framebuffer, all the alsa stuff is mostly deprecated at this point
<demona> But I'd settle for getting all the cli/curses stuff working, at least
<demona> It was already weird enough having to do this extra dselect step to get rid of some, but not all, of the dpkg warnings - it seems to be some bug in dpkg ('package not found in database' when it clearly is when you apt-cache search/show)
<elkingrey> Can anybody explain to me why Ubuntu puts apache's conf directives in apache2.conf and not in httpd.conf?
<patdk-lap> elkingrey, cause it's based on debian and not redhat
<elkingrey> patdk-lap: yeah, but apache defaults them in httpd.conf, why change it?
<patdk-lap> ask debian?
<halvors1> I'm trying to test my spam filter, the problem is that i don't have a non-spam filtering SMTP server avaliable, can somebody send an email to "halvors@test.halvors.org" with this string in it?
<halvors1> X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
<patdk-lap> try using telnet
<demona> lol @ system-config-kickstarter...I'm remastering a server, wherefore the GUI tools :)
<FunnyLookinHat> Anyone here using the NodeJS PPA on raring ?
<FunnyLookinHat> Was about to upgrade but decided I should check first that it would work well enough with some required packages...   figured that the quantal ppa would probably work fine.
<uvirtbot> New bug: #916085 in libvirt (main) "kvm-qemu, libvirt-bin: kernel panic if using memory balloon" [Low,Expired] https://launchpad.net/bugs/916085
<uvirtbot> New bug: #1003854 in openldap (main) "Database upgrade/migration fails with nested db directories (lucid to precise)" [Medium,Confirmed] https://launchpad.net/bugs/1003854
<uvirtbot> New bug: #1086162 in maas "IPMI based power management default to IPMI 1.5 based authentication" [High,Confirmed] https://launchpad.net/bugs/1086162
<wmp> hello, maybe anyone know how to make autoamtical: dpkg-reconfigure --frontend=readline exim4-config
<wmp> i want to automatical send "1" and execute dpkg-reconfigure
<FunnyLookinHat> Hey - anyone here running raring ?  I'm wondering if any of you are running NodeJS locally for testing and wanted to see if using the quantal chris_lea PPA suffices..
<FunnyLookinHat> I was going to test it in VirtualBox - but apparently it's not playing nicely with the installer.
<FunnyLookinHat> :)
<SpamapS> wow its sad how far behind nodejs is in Debian/Ubuntu
<FunnyLookinHat> yeah
<SpamapS> 0.6.19 vs. 0.8.15
<FunnyLookinHat> still .6
<FunnyLookinHat> SpamapS, are you running raring locally yet?  Or holding off ?
<FunnyLookinHat> I know you do a bunch of Juju stuff...  figured you'd be on it.
<SpamapS> FunnyLookinHat: I am toying with moving one of my boxes to it
<FunnyLookinHat> heh
<SpamapS> FunnyLookinHat: I am not really doing much juju anymore actually.. but.. not sure why that would encourage me to move to raring.
<SpamapS> main reason pushing me to raring is that my trackpad drivers just don't work right on quantal.. and there may be fixes in raring's kernel
<FunnyLookinHat> Dev'ing the next release!
<FunnyLookinHat> ;)
<FunnyLookinHat> ah - what hardware do you have?
<SpamapS> MacBookAir 4,1
<FunnyLookinHat> Ah.
<SpamapS> works flawlessly in 12.04
<SpamapS> something went south with the xorg switch in 12.10 .. and the xorg guys say its the kernel driver behaving badly in 3.5
<SpamapS> which I can confirm, it works better w/ 3.6
<FunnyLookinHat> Oh - then I'd assume the 3.7 kernel they're building in raring right now would definitely have the fix as well
<FunnyLookinHat> I guess I'll be the guinea pig - I feel like there should be a way to build PPAs for the dev branch of Ubuntu
<SpamapS> uh
<SpamapS> there is
<SpamapS> you just tick the "raring" box
<SpamapS> PPA's get the new series as soon as it opens
<FunnyLookinHat> what the - then tell that Chris Lea guy to do so.
<FunnyLookinHat> or I'll pull his source package and build my own I guess.
<SpamapS> FunnyLookinHat: he runs quite a few PPA's.. I imagine he may have a method to the madness. Maybe waiting for beta's?
<SpamapS> early in the process.. sometimes.. things go badly
<FunnyLookinHat> SpamapS, Yeah I would assume so too... I sent him a message via launchpad to see if he's tick raring or let me upload the source packages to my own PPA so that he doesn't have to deal with the effects of buggy stuff.
<FunnyLookinHat> Looks like very few are building for raring at all at this point - xorg-edgers ( for obvious reasons ) seems to be the only major ppa building for it.
<thebwt> I'm having trouble with ltsp (all fat client issues to be clear). my server is running precise but I want to host quantal images. The way the images are hosted seems to have changed in quantal. So on precise when you ltsp-buil-image --dist quantal --fat-client the image doesn't seem to be handed out.
<jesusemelendezm> hey guys!
<jesusemelendezm> how are you all ??
<morfeo_81> hi there
<morfeo_81> how can create simple hot spot to connect from other device to my localhost server using wireles?
<demona> patdk-lap: Don't know how but I have installed my list of packages and rebooted, with no errors yet.
#ubuntu-server 2012-12-09
<d3wy> Howdy all, anyone free to give a quick hand with samba (Ubuntu) host with OSX client?
<a5m0> is there a way to auto-login to root on console cli and run a program on boot?
<mikal> /etc/rc.local is run at the end of each runlevel as root. You could put something there if you had the right safeguards?
<lifeless> a5m0: why do you want to login on the console, why not just run it on boot ?
<lifeless> a5m0: @reboot in crontab may be all you need
<lifeless> mikal: ^ in case you didn't know ;)
<mikal> :P
<lifeless> I suppose you could set getty to bash
<mikal> Or do something with a bonkers custom init...
<a5m0> i just want it to boot up into a cli status program
<cwillu_at_work> a5m0, look at /etc/init/tty1.conf
<cwillu_at_work> I've done exec /sbin/getty -n -l /usr/local/bin/nobodytop -8 38400 tty6 on one of my boxes
<cwillu_at_work> where nobodytop is just a wrapper that starts top as nobody
<uvirtbot> New bug: #1088136 in exim4 (main) "AUTH cannot handle a request with an initial-response over 2048 bytes (GSSAPI-related)" [Undecided,New] https://launchpad.net/bugs/1088136
<uvirtbot> New bug: #1088160 in openvswitch (main) "ovs-brcompatd: could not open brcompat socket.  Check "brcompat" kernel module." [Undecided,New] https://launchpad.net/bugs/1088160
<sliddjur> hello my dns server doesnt resolv domain name. only subdomain. what did i miss?
<RoyK> sliddjur: sorry, I don't understand - does 'host google.com' work?
<sliddjur> RoyK, nothing happens
<sliddjur> i have tried to set up my own bind server. but when i ping my server (student481.linuxkurs.tfe.umu.se) i get no replys. but for example www.student481.linuxkurs.tfe.umu.se) works
<RoyK> sliddjur: there isn't an A entry for student481.linuxkurs.tfe.umu.se
<RoyK> roy@smilla:~$ host student481.linuxkurs.tfe.umu.se
<RoyK> student481.linuxkurs.tfe.umu.se mail is handled by 10 mail.student481.linuxkurs.tfe.umu.se.
<cloudman> sliddjur, try putting 8.8.8.8 in your resolve.conf  might be something temporary
<cloudman> resolv.conf I mean
<tedski> or 4.2.2.1 if you don't like the googles
<cloudman> whatever works :)
<tedski> true :)
<cloudman> I had the problem the other day, it went away ??
<i3luefire> http://pastebin.com/EEMDhFzh why does an upgrade want to remove my kernel?
<tedski> it's only removing the kernel header packages
<i3luefire> ok. good point. but is that not bad?
<tedski> i3luefire: uname -r output, please?
<tedski> it is not bad... if they're needed, they won't be removed
<i3luefire> root@ubuntu-server:~# uname -r output
<i3luefire> uname: extra operand `output'
<i3luefire> Try `uname --help' for more information.
<tedski> skip the output
<tedski> i was asking for the output of 'uname -r'
<i3luefire> 3.2.0-32-generic
<tedski> so, you must have had a package that required the source of the kernel (kernel headers) and you may have removed it
<tedski> aptitude realizes this and says it will remove those header packages
<i3luefire> ok. thank you very much. it just seemed scary at first
<i3luefire> http://arstechnica.com/gadgets/2012/11/how-to-set-up-a-safe-and-secure-web-server/2/
<tedski> a scared, reluctant sysadmin is a safe sysadmin :)
<i3luefire> that is a guide i am following
<i3luefire> :) thanks
<i3luefire> i may be back later i guess
<tedski> looks like a good guide
<tedski> i'm glad they explain the worker model in brief rather than just saying, "type apt-get install blah" and look for the It works! page!
<i3luefire> oh. that sounds good
<i3luefire> i am currently using apache for webmin and some other minor stuff
<i3luefire> http://imgur.com/62crA
<i3luefire> i think i am going to stop with the nginx install because i dont want to mess up my currently working setup with apache. and running them side by side seems too difficult.
<anepanal1ptos> Hello, how do i change the metric of a dhcp gateway route?
<anepanal1ptos> for example, in debian, the dhcp'd default gateway has metric 0, but in ubuntu it has metric 100
<maxb> Mine doesn't seem to have any displayed metric at all ... does that just mean metric 1 ?
<maxb> Although wouldn't the metric on a default route only be useful if you had multiple default routes?
<maxb> Which doesn't seem to make much sense
<qman__> it's a failsafe
<qman__> if that interface or router goes down, you still have another route to the internet
<qman__> the other purpose is, if you want DHCP on one interface and static on another, but you want the static gateway to take precedence
<maxmahem> O
<maxmahem> I've noticed that the 12.10 install seems to hang when detecting hardware if it has like 128mb of ram, am I correct on this or just not patient enough w/ it?
<escott> maxmahem, 128MB is very very little ram, suggesting a very very old system. it might be that it hangs because it tries to access some kind of hardware bus that doesn't exist
<maxmahem> escott, well in this case it's a virtual machine.
<maxmahem> Hardware detection works fine if I increase it so say 512 or so.
<escott> maxmahem, so give it more ram for the install
<escott> maxmahem, you will want that extra ram during install just to make the install go faster
<maxmahem> escott, I did :). I'm just wondering if this is expected behavior, or maybe I'm not being patient enough w/ the hardware detector when running on such a small amount of rma.
<maxmahem> *ram
<escott> maxmahem, i dont think anyone cares
<escott> maxmahem, there is a javascript implementation of qemu. if you want to see something go slow you could install ubuntu in your web-browser
<maxmahem> I'm not particularly interested in watching things go slow, I'm interested in the minimum memory required for the installer.
<escott> !requirements
<ubottu> Hardware requirements to install, boot and comfortably use Ubuntu are listed at https://help.ubuntu.com/community/Installation/SystemRequirements - For a !flavor with lower requirements, see !Xubuntu or !Lubuntu
<uvirtbot> New bug: #1088235 in puppet (main) "package puppetmaster-passenger 2.7.18-1ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/1088235
<qman__> the requirements aren't hard, though; for example, I've run lubuntu on 128MB and the system runs fine
<qman__> can't use youtube with that little RAM, but can't really expect that
<anepanal1ptos> maxb: the problem is, i already have a 0.0.0.0 route advertiesed on my network
<anepanal1ptos> maxb: and i want this machine to use the one that is local, as it is also connected to the internet.
<anepanal1ptos> this is my debain route list
<anepanal1ptos> 0.0.0.0         76.239.22.1     0.0.0.0         UG    0      0        0 eth1
<anepanal1ptos> 0.0.0.0         10.4.254.1      0.0.0.0         UG    2      0        0 eth0
<anepanal1ptos> as you can see, the advertised one has metric 2 (the bottom one) so the machine prefers it's local gateway
<anepanal1ptos> but in ubuntu, the advertiesed route gets metric 2, and the local gateway has metirc 100, so it still prefers to go out another 'exit node' (so to say).
<anepanal1ptos> idealy, i need to find the script that calls the dhclient and start from there (i think.)
<qman__> you just need to configure your static address with a metric of 0
<qman__> there are a few ways to do it
<anepanal1ptos> no no, the internet address is dynamic
<anepanal1ptos> it comes from a cable modem
<qman__> so the internal address isn't static either?
<anepanal1ptos> (sorry to break you/cut you off, i just didnt want you wasting your time in the wrong direction. i know how to do that via etc network interfaces)
<anepanal1ptos> the internal is, and it has metric 0
<qman__> then set its metric over 100
<anepanal1ptos> and from the internal, via a routing protocal, it learns there is another gateway on the network
<anepanal1ptos> so it gives the 'other gateway' metric 2.
<anepanal1ptos> however this machine also has a local gateway, and for some reason, dhclient is adding it to the route table with metric 100
<qman__> fair enough
<qman__> sounds like it would be configured in the dhcp client somewhere
<anepanal1ptos> yeap. ill rtfm for the rest of it, i just need a little push in which files deal with calling dhcp
<qman__> might look into man dhclient, or /etc/dhcp3/dhclient.conf
<qman__> it might also be different in the version you're using, I'm on 10.04
<anepanal1ptos> i am also on 10.04
<anepanal1ptos> hmm
<anepanal1ptos> i think the magic is someplace else, my debian and ubuntu dhclient.conf look identical
<maxmahem> qman__, for what I'm doing w/ this server, 128 is more than sufficent, it's just that setting the ram to one thing for the install then changing it once I get it up and running is kind of a hassle.
#ubuntu-server 2013-12-02
<blueking> I managed to fuck up some on mine server... believed I didn't need apparmor... removed it   and with it  followed LOT stuff :O
<blueking> included gnome... now it seems desktop window  are borked
<ikonia> blueking: please try to control your language
<blueking> sorry ikonia
<ikonia> no problem, just a nudge
<smoser> jrwren, http://pad.ubuntu.com/server-seed-review
<smoser> that is jamespage seed review notes.
<smoser> i was / am adding yours
<jrwren> thanks.
<ancaster> hello all. I'm the defacto sysadmin for a uni neuroimaging lab. We have 15 pretty powerful workstations and one server, all ubuntu.
<ancaster> We have more workstations on the way. all are clustered together using sun grid engine, but also seat humans during the day.
<ancaster> I'm thinking about a better way to provision everything and keep bits of software and whatnot coordinated across all the machines.
<ancaster> I've been playing with ansible, and now recently with MAAS to manage PXE booting (something we don't do).
<ancaster> Is MAAS overkill for a 20+ desktop stations? is there something more apt I could be using?
<ancaster> Does it make sense to combine MAAS and ansible to manage configurations?
<pmatulis> ancaster: MaaS is for rolling out machines on a regular basis.  that doesn't sound like what you're doing
<ancaster> pmatulis: thanks.  Okay, I guess I  just thought it might be helpful for getting PXE booting up and running.
<ancaster> pmatulis: do you think this is something better to just roll my own?
<pmatulis> ancaster: try cobbler
<ancaster> ah, i'd seen that but read somewhere that for ubuntu it was the basis of MAAS so just when directly there.
<ancaster> *went
<ancaster> pmatulis: so cobbler runs well on/for ubuntu then?
<pmatulis> ancaster: that's what MaaS used to have under the hood i'm quite sure.  but now MaaS contains rewrites of just the necessary bits that cobbler gave MaaS
<ancaster> pmatulis: ah, I see.
<bigjools> please, don't use cobbler
<bigjools> maas will work fine here
<ancaster> bigjools: oh?
<bigjools> cobbler is ancient and has more holes than swiss cheese
<ancaster> bigjools: hmmm.  is there something better?
<bigjools> you can provision with maas and use landscape for package management
<ancaster> landscape costs $$ right?  I'm not sure our lab admin will spring for that.
<bigjools> it's free up to so many seats IIRC
<ancaster> (even though they'll happily pay for my time to sort all this cruft out)
<ancaster> ah, okay.
<bigjools> failing that you might try puppet
<bigjools> but ymmv
<ancaster> i've been playing with ansible for most of the post install setup actually. seems easy enough.
<pmatulis> the only way landscape can be free is for a trial account, which expires after 30 days
<bigjools> ah
<anunakki> so uhhh
<anunakki> ayone else have like major issues setting up xen on ubuntu-server
<anunakki> cause i most certainly have  been having a miserable time with it
<anunakki> lol
<ancaster> bigjools: pmatulis: okay, thanks for your ideas.  I'll consider.
<parallel21> Anyone have experience with preseeding ubuntu installs?
<pmatulis> !ask | parallel21
<ubottu> parallel21: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<parallel21> kk
<parallel21> I'm getting an error when at the end of my preseed on the command `d-i finish-install/reboot_in_progress node` failed with exit code 127
<TheLordOfTime> Can anyone point me at a method to block all (or at least most) Tor traffic?
<andol> TheLordOfTime: As in blocking traffic from tor exit nodes? https://www.torproject.org/docs/faq-abuse.html.en#Bans
<eagles0513875_> hey all I have a postfix dovecot mysql with virtual user and domain and for some reason two mac mail clients cannot connect to outgoing postfix smtp server using tls and port 587
<mac_nibblet> Where does the iptables save the configuration to in 13.10 ?
<andol> mac_nibblet: To wherever you have iptables-save output it.
<andol> mac_nibblet: https://help.ubuntu.com/community/IptablesHowTo#Configuration_on_startup
<mac_nibblet> i see
<mac_nibblet> thanks
<marcolino> Hi, is it possible to create new directories with the owner being the owner of the parent directory instead of the user that created the sub directory?
<rbasak> maroloccio: yes. See: http://en.wikipedia.org/wiki/Setuid#setgid_on_directories
<maksymov> hi!
<marcolino> rbasak, I've already tried setgid and acl, will attempt one more time once my backups is done. Going to attempt acl recursive, hopefully that will sort it out as at the moment it is not doing what I want
<maksymov> Help me with manual partitioning raid on uefi
<maksymov> http://ubuntuone.com/35paRglcvXUeGxZooESxaP
<maksymov> but uefi don't see grub
<marcolino> maksymov, can't really help, I don't have systems with uefi but this link could be a starting point http://askubuntu.com/questions/355727/how-to-install-ubuntu-server-with-uefi-and-raid1-lvm also try doing a search on google, it might help you come up with something.
<jamespage> zul, I poked the precise-icehouse archive full of the main staging archive in the lab
<jamespage> however I did lose the backports you had already done - I'll try sort that out now
<Daviey> jamespage: added you to ~ubuntu-reports-dev
<jamespage> Daviey, thanks - opening report for icehouse cloud-archive
<jamespage> Daviey: does this https://code.launchpad.net/~james-page/ubuntu-reports/cloud-archive-icehouse/+merge/197337 look OK?
<ttx> cloud-init ported to FreeBSD
<Daviey> jamespage: yeah, ideally... it might make sense to consider a bzr controlled wrapper script.. the cronjob is getting mental.
<Daviey> crontab*
<jamespage> ttx, yeah - I saw that
<Daviey> ttx: Yeah, and based on the windows codebase.. found that odd, personally
<jamespage> ported or re-implemented
<soren> Daviey: Licensing concerns, perhaps.
<soren> Daviey: Those guys seem to avoid anything that even smells of GPL (in any of its many varieties) like the plague.
<Daviey> soren: ah!
<Daviey> could well be
<soren> Daviey: I haven't actually looked, but I'm guessing the windows edition is Apache licensed or something.
<Daviey> it is
<babinlonston> Downloaded Ubuntu Alternate Server 12.04 , In my server there are 4 HDD, How can i Configure Software RAID5 in it .
<marcolino> just came to realise that maybe acl isn't what I need, it seems to give write permission which is good but what I need is a way to create directories owned as the owner of the parent directory instead of as myself
<marcolino> I need the newly directories to be foobar:user instead of user:foobar, anyone care to help me or at least point me in the right direction
<marcolino> Would like for foobar to be constant whenever I create a directory, I could chown but that becomes tedious after the fifth to tenth time
<soren> marcolino: Just set the sgid bit on the parent directory.
<soren> marcolino: sudo chmod g+s /path/to/directory
<marcolino> soren, tried that didn't see a difference when creating test directories even tried u+s which is what I need, yet newly directories are still owned by me also tried acl since this is what google pointed me to. I think it is a combination of both, however, the problem is getting it to work
<soren> Oh, sorry, I misread.
<soren> Yeah, setuid on directories won't work. setgid will.
<marcolino> I will be happy to just be able to create a sub directory as foobar instead of myself or maybe I am just going around this the wrong way...
<soren> marcolino: What are you trying to do?
<marcolino> soren, just built an ubuntu development server, quite happy with the current initial basic setup. The problem I have is with /var/www which is owned by www-data, I am a member of it, however, drupal doesn't like the permission user:www-data, so I am attempting if possible to swap it around without having to chown all the time
<marcolino> since I've been using ubuntu I have never so far managed to do this, but I've decided I should look into it, it is actually tedious when apps expect www-data and not me as the user and acl, set(gid/ui) is not helping
<jamespage> smoser, if you are happy with the initial list I've prepared for seed review, I'll circulate that via email as well.
<jamespage> zul, how about using {upstream_version}+master when we rebase patches on trunk etc...
<jamespage> zul, https://code.launchpad.net/~james-page/python-heatclient/ftbfs-1/+merge/197354
<jamespage> zul: https://code.launchpad.net/~james-page/python-ceilometerclient/icehouse-ftbfs/+merge/197361
<zul> jamespage:  +1
<jamespage> zul, ta
<zul> jamespage:  git seems broken
<jamespage> zul, yeah - its stuck in new in -proposed
<jamespage> I pinged in -release to get it accepted
<zul> ack
<knoppix> question about  amp
<knoppix> how to downgrade from php 5.4 to 5.3
<zul> jamespage:  its too early in the morning how do you wrap and sort again
<jamespage> zul, wrap-and-sort
<zul> jamespage:  duh
<jamespage> zul, do you reckon smb would include your LDFLAGS export fix for the cloud-archive in the xen package?
<zul> jamespage:  probably
<smb> jamespage, If smb knew anything about those
<jamespage> looks failry no-op for trusty imho
<smb> zul, Which xen version is in cloud-archive anyway?
<zul> smb: the latest that was in saucy
<smb> zul, The one in saucy should actually need no LDFLAGS patch naymore after I merged back some Debian changes
<smb> I believe there was some chunk in there which caused them correctly to get passed on for userspace
<zul> smb: i think i ran in the ldflags issue when i was building for precise though memory is hazy right now because of lack of caffine
<smb> zul, It might be. I feels like a while ago and I think to remember that there was a version in between which at least had issues. Cannot remember either whether that was the final one or a previous.
<smb> Probably best to re-try current and we would see
<smb> (given enough caffeine)
<zul> jamespage:  libvirt 1.2.0 is out as well (with the python split)
<zul> jamespage:  https://code.launchpad.net/~zulcss/python-novaclient/d2to1/+merge/197373
<smoser> jamespage, i added some things.
<smoser> i know that some of them are annoying (in that the're dependencies from other places)
<zul> jamespage:  https://code.launchpad.net/~zulcss/python-glanceclient/d2to1/+merge/197380
<smoser> rbasak, ping
<rbasak> smoser: pong
<smoser> https://code.launchpad.net/~smoser/maas/maas.ubuntu.com.images-ephemeral.saucy-generic/+merge/196790
<smoser> had you seen that ?
<rbasak> smoser: I have. I've been speaking to others on the Canonical hyperscale team who I thought would validate it. I'll check with them. If not, I can check it.
<rbasak> smoser: I mean it looks good in principle; just not verified that it actually works for us.
<ogra_> we have a hyperscale team ?!?
<rbasak> smoser: also, what do we need to validate releases other than saucy? Or will that change only affect saucy images?
<ogra_> if my team doesnt scale to the workload, can i offload some of it to the hyperscale team then ?
<ogra_> ;)
<rbasak> ogra_: juju add-unit :-P
<ogra_> lol
<smoser> rbasak, well, i verifed all releases with diff.
<rbasak> smoser: oh, that's handy.
<smoser> i thought i might try this morning to do a "compare-output"
<smoser> that did all i did manually to just compare what youv'e built to what is on cloud-images
<smoser> (diff was of the .manifest files)
<smoser> which should ble sufficient here.
<rbasak> smoser: sounds like you've done much more of the validation I thought I'd need to do.
<rbasak> smoser: I guess I can do a run through of my other Saucy fixes from scratch, but use your patch instead of my workaround, and see if that works, and then we'll be good.
<smoser> k.
<smoser> i will try to put together a compare script for easier validation
<savid> Does anyone know why "df -H /" would show a drastically different number for space used than "du -s /"?  I'm showing 20GB used when using df, but only 11GB used when using du.
<jrwren> savid: duckduckgo search for du v. df gives top 2 answers both with great explainations
<jrwren> tl;dr: usually its an open file descriptor that has been deleted, but not closed. (hence, open)
<zul> jamespage/hallyn: ping when you are both available (re: libvirt-python bindings)
<savid> jrwren, cool, thanks
<caraconan> Hi there. What could be the equivalent on Ubuntu of this Suse command? chkconfig --list |grep -i sendmail Thanks
<caraconan> I know how to enable/disable services with update-rc.d , now I want to check if the service is already enabled
<jamespage> jodh, ^^ chkconfig for Ubuntu? I think I know the answer
<jodh> jamespage/caraconan: no chkconfig as yet. An equiv would be "sudo initctl show-config sendmail|grep -q 'start on' || echo DISABLED"
<rbasak> What about services using init.d on Ubuntu, rather than upstart?
<TimR> can anybody tell me how I would be able to mount an other hard drive to my server
<TimR> anybody?
<sarnold> TimR: where is that hard drive? what options are available to you?
<sarnold> man lj1's connection resets are annoying...
<TimR> I dont know I just want to know how to mount an other hard drive
<sarnold> TimR: mkdir -p /mnt/other_drive ; mount /dev/sdh1 /mnt/other_drive    (replace /dev/sdh1 with whatever disk and partition the kernel reports for the drive in dmesg output or from sudo lshw -class disk
<jamespage> zul, adam_g: when icehouse archive pockets get populated this report will complete - http://reqorts.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/icehouse_versions.html
<zul> jamespage:  ack...ill start queueing stuff up and making sure it builds locally
<jamespage> smoser, I uploaded the juju-core SRU that just got accepted into saucy into the cloud-tools staging area
<jamespage> zul, nice
<jamespage> you might have problems with ipxe
<jamespage> not sure that debhelper format 9 is supported on 12.04
<zul> jamespage:  nice
<jamespage> oh - no - I am mistaken
<jamespage> probably ok
<jamespage> smoser, I'm drafting the seed review email to -devel -server -cloud
<smoser> want to put that in an etherpad ?
<jamespage> do you think I should include the pad contents or just refer people to the pad?
<smoser> include the changes we are dicussiong
<smoser> you can link to the padd for more info if you'd like
<smoser> but people responding there will want to respond to something inline.
<jamespage> smoser: http://pad.ubuntu.com/server-seed-review
<szaus18> any manual on how to install openstack on 13.10, all I found is for 12.04
<jamespage> szaus18, broadly the instructions are the same - just skip the bits about enabling the cloud-archive for 12.04
<jamespage> its all in distro
<jamespage> szaus18, fwiw the recommended platform is 12.04
<jamespage> 13.10 works just fine - but you only get 9 months before you have to upgrade
<szaus18> jamespage: thanks, trying here. I need 13.10 as I'm trying this on a powerpc 64b server
<jamespage> szaus18, that sounds like a good reason to use powerpc
<jamespage> 13.10 rather
<jamespage> (cloud-archive for 12.04 does not support powerpc port)
<szaus18> i could spin devstack for a quick try, which i normally do on x86, but powerpc does not have nodejs
<jamespage> szaus18, really interested to see how that goes for you - we don't get to many powerpc openstack users
<jamespage> szaus18, the nodejs requirement in horizon is no longer present in havana
<jamespage> it uses python-lesscpy
<szaus18> really? devstack havana branch still complains no nodejs package
<jamespage> szaus18, that sounds like a devstack bug to me
<szaus18> let me try python-lesscpy on powerpc then see if that gets devstack going
<szaus18> thanks!
<jamespage> np
<szaus18> Package nodejs is not available, but is referred to by another package.
<szaus18> this is for powerpc/13.10, let me see if i can workaround this in devstack, it's good to know nodejs is no longer mandatory
<TheLordOfTime> is there any somewhat-easy method to set up the firewall to block tor traffic?
<TheLordOfTime> i want to block tor traffic on a specific port (which a specific web-facing service runs on)
<andol> TheLordOfTime: The link I gave you earlier today, that didn't cover it for you?
<TheLordOfTime> andol, missing in the scrollback
<TheLordOfTime> because i don't have a ton of scrollback lines set here.
<TheLordOfTime> (for good reason, if i set it to the 20000 lines i'd need the ZNC would OutOfMemory)
<andol> https://www.torproject.org/docs/faq-abuse.html.en#Bans
<TheLordOfTime> andol, that's a half answer
<TheLordOfTime> no better than the tards at ServerFault who never specified a way to translate the exit node lists into actual firewall rules
<andol> TheLordOfTime: The the specific way you do that all depends on your specific setup. Nothing Tor specific about that.
<TheLordOfTime> andol, then i guess i'm not getting any useful data from here, either... what I have are multiple tor exit node lists available to me.
<TheLordOfTime> what I need is to get those into firewall rules
<TheLordOfTime> so far all i've been getting are lists of IPs.
<TheLordOfTime> with no way to turn those to iptables rules other than me doing everything by hand
<TheLordOfTime> and with large lists that seems somewhat inefficient
<andol> Script something, and put the block list in a dedicated chain?
<smoser> jamespage, do you tihnk 'w3m' could be dropped ?
<smoser> i think it makes sense to at least to add it to the list of candidates. its listed as "Documentation", but I don't think i've ever used 'w3m' for doc on a server.
<smoser> (or anywhere else)
<sarnold> :( I use w3m for both local documenation and troubleshooting-web-browsing..
<zul> hallyn:  i have libvirt 1.2.0 built
<szaus18> jamespage: i 'fixed' devstack and now it's running on powerpc ï¼)
<szaus18> did not read release notes carefully and it's  good to know nodejs is no longer mandatory
<szaus18> will do a patch
<blueking> what's fastest filetransfer method between two pc's  (server + pc) on local net gigabit  net ?
<blueking> are there ftp server for ubuntu that support multipart ?
<zul> mdeslaur:  hey they new libvirt 1.2.0 splits off the python bindings into its own package...just thought you would want to know
<mdeslaur> zul: ah, thanks
<tonyyarusso> I'm having some trouble with LDAP authentication.  There's a machine running 12.04 that a former coworker set up, and as far as I can tell he did it right and it seems to match our other clients, but 'getent passwd' only returns the local accounts.  I have confirmed connectivity to our LDAP server with ldapsearch.  Thoughts?
<sarnold> tonyyarusso: does /etc/nsswitch.conf look right?
<tonyyarusso> sarnold: yeah.  passwd: files ldap
<tonyyarusso> sarnold: Know of any other troubleshooting I can try?
<zul> hallyn:  ping
<sarnold> tonyyarusso: sorry, that was my one shot :)
<tonyyarusso> aww :P
<hallyn> zul: .
<zul> hallyn:  i have libvirt 1.2.0 and libvirt-python 1.2.0 packaged, ill put it in a ppa for you to test
<hallyn> zul: ok, thanks.
<hallyn> i'll set up a test vm, lemme know when ppa is ready
<zul> hallyn:  https://launchpad.net/~zulcss/+archive/libvirt-1.2.0 when built
<blueking> nfs server, it can share /home/<username>/  ?    and require one to logon it with password  from windows pc with mapped network drive?
<zul> jamespage:  do you want to take care of ceph and openvswitch?
<zul> jamespage:  er for the CA
<HiddenDjinn> blueking, you'd probably get more mileage with samba
<blueking> HiddenDjinn:  wasn't fast enough with samba :/
<blueking> HiddenDjinn:  got only 28MB/s on samba
<tonyyarusso> sarnold: Dumb mistake.  Typo in our domain...
<moparisthebest> so i've got multiple different-sized drives in mdadm RAID1 configuration
<moparisthebest> over top of which I have an LVM, so they all show up as 1 big drive
<moparisthebest> that's entirely mirrored so a single hard drive failure doesn't lose any data
<moparisthebest> i'm planning on adding LUKS encryption to this setup, but where should I add it?
<moparisthebest> so, right now, ext4 -> LVM -> RAID1 -> physical disks
<moparisthebest> and I think my choices are ext4 -> LUKS -> LVM -> RAID1 -> physical disks
<moparisthebest> or
<moparisthebest> ext4 -> LVM -> LUKS -> RAID1 -> physical disks
<moparisthebest> I guess technically 'ext4 -> LVM -> RAID1 -> LUKS -> physical disks' is an option too, but it doesn't sound like the best one
<xnox> moparisthebest: your reasoning is correct. last one is a pain, as you'd need to enter password for each physical disk.
<xnox> moparisthebest: forlast, is good if you want to have _all_ LMV volumes encrypted
<xnox> moparisthebest: the first one is good if you still want to have unecrypted volues.
<moparisthebest> I don't want any unencrypted volumes, and I'll be using keyfile(s) instead of passwords so that's not an issue either
<moparisthebest> I also think btrfs could replace ext4, LUKS, and MDADM RAID1, entirely, but I'm not sure if it's ready to be used like that yet
<blueking> what is wrong with apt-get install nis  ?  I get  3 issues ->  initctl: unknown job: rpcbind, initctl: unknown job: ypbind, initctl: unknown job: ypserv   <-   something wrong or can keep on installation ?
<bekks> blueking: You could take a look which files are actually installed by that package.
<blueking> bekks:  how I do that ?
<bekks> dpkg-query -L nis
<blueking> bekks:  when do apt-get install rpcbind    i get initctl: unknows job: rpcbind
<bekks> !info rpcbind
<ubottu> rpcbind (source: rpcbind): converts RPC program numbers into universal addresses. In component main, is optional. Version 0.2.0-8.2ubuntu2 (saucy), package size 40 kB, installed size 152 kB
<bekks> blueking: Well, then look at the content of that package :)
<blueking> but what does initctl do ?
<blueking> hmm  think I have problem with D-Bus
<bekks> blueking: look at the first three lines of the installed files: http://packages.ubuntu.com/raring/amd64/rpcbind/filelist
<bekks> that are the "jobs" you may start/stop.
<blueking> I get error messages when run initctl reload-configuration
<chaos_> When I save oneliners to my collection I usually do this for variables (is there a shorter way?)   /sbin/udevadm [..] --name=`read -p "Device (sda): " r; echo -n ${r:-sda}`
<jamespage> zul: will do
<Nox_404> hi, i need help for a raid5 recovery, here is what happend : RAID5 mdam with 3 disks and a lvm on it. A  disk was disconnected because of a bad connection (the sata went away). So i received a notification and i  plugged back the disk without doing anything else. Later i had to reboot the system (install requirement),  but i'm stuck after GRUB, there is only a black screen !
<Nox_404> (ubuntu server 12.04)
<xnox> Nox_404: drop to root shell (recovery boot option)
<xnox> Nox_404: read mdadm man pages online
<xnox> Nox_404: do --scan & --add devices to assemble the array back together.
<xnox> it will need a resync.
<Nox_404> ok i'll try but why it doesn't boot, it's a raid5 so i can still use the 2 others no ?
<xnox> Nox_404: depends on what happened, depends if "boot_degrated=true" was configured / set.
<Nox_404> xnox: Can you tell me the procedure ?
<ikonia> Nox_404: you're not running your root file system on the raid array are you ?
<Nox_404> i do.... why ?
<ikonia> well, that will make it harder and a chicken and egg situation
<Nox_404> everything is on the raid5 exept GRUB
<ikonia> I'm assuming your root file system is under lvm control on the aray
<ikonia>  /boot can't be ?
<Nox_404>  /boot is not on the raid
<ikonia> ok good
<Nox_404> and yes there is a lvm
<ikonia> putting the root on the raid makes it a bit more complex under lvm control
<ikonia> try to assemble the array from a livecd
<Nox_404> i said it stop after grub so it's not that bad
<Nox_404> 6 hours.....
<ikonia> window 14
<ikonia> oops
<Nox_404> but thanks for your help
<jkyle> so, I'm getting periodic and very hard to track down failures with apt-cacher-ng. they've just cropped up recently in our deploys...could be version related, but not sure.
<jkyle> they generally look something like: apt-cacher.err:Mon Dec  2 14:37:09 2013|uburep/pool/main/c/cpio/cpio_2.11-7ubuntu3_amd64.deb storage error [500 Server reports unexpected range], last errno: Operation now in progress
<jkyle> the error is the same, but hte package (or packages) are always different
<jkyle> they only happen once, restarting the debian installer or runnign apt-get install again resolves the issue
<jkyle> and it doesn't come back till the next fresh start
<jkyle> from what I can tell from the acng source, this error means the range header it received was not complete
<jkyle> so anyone else seen this?
<sarnold> tonyyarusso: oh, good! thanks for reporting back :)
<sarnold> jkyle: https://bugs.launchpad.net/ubuntu/+source/apt-cacher-ng/+bug/1234946
<uvirtbot> Launchpad bug 1234946 in apt-cacher-ng ""Size mismatch" caused by writing wrong data" [Undecided,Confirmed]
<jkyle> sarnold: nice, didn't find that one when searching
<jkyle> found one for disablign range header checks that was pushed in a previous version
<jkyle> but that sounds _exactly_ like what I'm seeing
<sarnold> jkyle: yeah, I went nuts for a few hours as I tried to figure out what was broken in my setup, and when I started checking the data on disk against what I could see from the mirror I was using apt-cacher-ng was the highest point of failure for me.
<roaksoax> hallyn: any ideas? http://paste.ubuntu.com/6511799/
<sarnold> jkyle: since it had worked fine for me from 12.04, 12.10, 13.04, I didn't suspect it as quickly as I should have when it failed for me under 13.10...
<jkyle> sarnold: well, if it makes you feel any better I'm on 12.04
<jkyle> 0.7.11-1~ubuntu12.04.1
<jkyle> but this is definitely it
<jkyle> seen the sum mismatch and the bad header errors
<sarnold> jkyle: oh! cool! you've probably got a much smaller potential diff
<jkyle> so 0.7.10 clears it up?
<sarnold> the funny version number makes me think that's quite likely
<sarnold> if it does, that'd be very useful to -know-
<jkyle> we'v eben on 12.04 for quite a while and this really is a recent development
<jkyle> relatively. like the last few weeks I'd say
<hallyn> roaksoax: looks like lxcbr0 doesn' texist :)
<jkyle> hot servers dont' seem to show it, so it'd only crop up on new deployments that had an empty cache
<hallyn> roaksoax: what's in host's /var/log/upstart/lxc-net.log?
<roaksoax> hallyn: dnsmasq: failed to create listening socket for 10.0.3.1: Address already in use
<hallyn> roaksoax: is this a nested container?
<roaksoax> hallyn: the thing is i installed, it worked jhust fine. Didn't use lxc in couple of days and it doesn't work
<jkyle> sarnold: was wondering if squid-deb-proxy works during an unattended install
<roaksoax> hallyn: not it is not
<hallyn> roaksoax: so what is using 10.0.3.1?
<hallyn> roaksoax: pastebin 'ifconfig -a' output
<roaksoax> hallyn: that is from lxc-net.log.1.gz
<roaksoax> hallyn: so noone is using 10.0.3.1 now
<hallyn> roaksoax: so if you do 'sudo start lxc-net' what do you see?
<jkyle> sarnold: it's failing at line# 438 : http://git.fsinf.at/apt/apt-cacher-ng/blobs/d656c645d99ac99b0045e663492f0824d8cfee2e/source/fileitem.cc
<roaksoax> hallyn: start: Job is already running: lxc-net
<hallyn> roaksoax: and you're telling me lxcbr0 does not exist?
<roaksoax> hallyn: i just restarted and after that it *now* exists
<roaksoax> hallyn: apparently not creating it on machine restart
<roaksoax> that might be the cause
<hallyn> reboot and prove it :)
<hallyn> roaksoax: do you have ufw instlaled and running/
<sarnold> jkyle: hrm, I don't think I ever got log messages, I just had corrupted data.
<roaksoax> hallyn: i do, let me reboot
<jkyle> sarnold: well, to be honest that error might be a red herring
<sarnold> jkyle: sorry, no direct ideas re: squid-deb-proxy during an install, but I -hope- it does, it just looks like a standard http proxy..
<hallyn> roaksoax: if you have ufw enabled then actually this is a real bug - iptables call in lxc-net.conf needs to add -w to args list.
<hallyn> s/is/could be/
<roaksoax> hallyn: uhmm rebooting this time had br0
<roaksoax> err
<roaksoax> lxcbr0
<hallyn> roaksoax: was there really nothing in /var/log/upstart/lxc-net.log ?
<hallyn> roaksoax: if it is the ufw race, then it'll be a once-in-awhile thing
<roaksoax> hallyn: the file didn't even exist, only a .gz one which was old
<jkyle> sarnold: well, I'll know in about 30m hehe
<roaksoax> hallyn: that might be it indeed
<hallyn> roaksoax: ok, well let me open a bug for that and we'll go from there - thanks
<roaksoax> hallyn: cool thanks!
<hallyn> roaksoax: bug 1257117
<uvirtbot> Launchpad bug 1257117 in lxc "lxc-net must use -w flag for iptables" [High,In progress] https://launchpad.net/bugs/1257117
<jkyle> squid-deb-proxy seems to work easily/well enough.
<sarnold> jkyle: I didn't have good success with the squid-deb-proxy-client package, fwiw; I just hard-coded the proxy into my clients. It's not ideal, but I didn't feel like fighting avahi at the time.
<jkyle> sarnold: that's what I'm doing. it's easy enough to set the proxy in the preseed
<jkyle> besides, I don't want my servers bypassing the cache server if it can't find it. I'd rather they fail and alert me to a problem. Also, pretty sure setting the proxy in the preseed is required if you want the client to pull down packages from the cache during install
<hallyn> and, fix for that pushed to trusty, but waiting on saucy sru
<hallyn> roaksoax: you were on saucy i hope?
<roaksoax> hallyn: yes. so a few days ago i create a saucy container, destroyed it. rebooted machine and tried to create a trusty container.. then it failed to start as i showed you
<roaksoax> hallyn: but yes, this was saucy
<sarnold> jkyle: cool :D
<hallyn> roaksoax: ok, thanks.  ttyl
<hallyn> sarnold: hey!  is that a bored look on your face? :)
<sarnold> hallyn: uhoh :) what's up? :)
<hallyn> sarnold: so there's a bit of code up at github.com/hallyn/cgmanager
<hallyn> sarnold: in particular, the cgmanager_move_pid and get_scm_cred() functions in cgmanager.c, and the movepid.c standalone test program...
<sarnold> hallyn: no kidding? man you're quick ;)
<hallyn> sarnold: movepid sends a dbus request, then tries to send an scm_credential after the dbus message
<hallyn> but there's much raciness going on in the scm_credential sending.
<hallyn> as you know (sigh) you have to setsockopt() to so_passcred before the other end can send you an scm-crednetial
<hallyn> so i'm trying to have the receivig end first send a character with write(sock, buf 1) so the client knows its safe to send.  that never gets received...
<hallyn> so anyway, i'm just asking if you know anything about the state of the underlying socket fd while you're doing dbus junk :)
<sarnold> hallyn: hrm, I don't see any _move_ functions in cgmanager.c
<hallyn> oh, sorry, you have to git co dec2.1
<sarnold> hallyn: ah, that's easier, I don't know much about the dbus implementation :(
<hallyn> i should set a default branch :)
#ubuntu-server 2013-12-03
<sarnold> ah there we go! :)
<hallyn> sarnold: it's possible at this point that i've thrown in some cruft that's *causing* trouble, so a quick glance would really be appreciated.
<sarnold> hallyn: line 279, realpath() is used on the cgroup pathname; will it necessarily exist in the filesystem? since realpath() resolves symlinks, I think it's got to be a real path...
<sarnold> hallyn: line 284 constrains the strcmp to the length of rcgpath, but if tmppath is longer, the extra data may not be checked
<sarnold> (that's probably intentional behavior, but still I thought I'd point it out)
<hallyn> sarnold: realpath(p) where p has no symlinks shoud just return p, iiuc,
<hallyn> sarnold: and yeah, i just want tomake sure that tmppath isn't above or outside of rcgpath
<hallyn> i.e. /a/b/../../..
<sarnold> hallyn: does line 314 need a \n?
<hallyn> sarnold: it might,  yeah.  ceratinly can't hurt, will add it, thanks :)
<hallyn> sarnold: actually that has been workign without it.  but still i'll add it
<sarnold> hallyn: well, it might. I know apparmor's had no end of \n vs no \n in magic file problems...
<sarnold> hallyn: sorry, nothing else stood out as a potential problem :(
<hallyn> sarnold: drat.  ok - thanks.
<hallyn> i'll have to delve into the dbus implemetnation then
 * hallyn puts on his spelunking gear
<sarnold> ugh, good luck
<hallyn> thanks again :) - ttyl
<hallyn> zul: so many tests passed, but turns out your libvirt-python package failed to build  https://launchpad.net/~zulcss/+archive/libvirt-1.2.0/+build/5292931
<hallyn> zul: (http://paste.ubuntu.com/6512081/ has the list of failures - probably libvirt-python is responsible for all)
<zul> hallyn:  ill fix it up
<MarGul> Just installed PHP for my ubuntu-server running nginx and I have done changes in my virtual host file (settings http://paste.ubuntu.com/6512329/ ). I created a index.php file in /usr/share/nginx/html but when I try 192.168.0.254/index.php I get "unable to connect"
<MarGul> Am I forgetting something? I have restarted nginx a couple of times with no luck
<Trace_> Hey is there anyone that could help me out with some dependency issues?
<pmatulis> !ask Trace_
<pmatulis> !ask | Trace_
<ubottu> Trace_: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<szaus18> gosh there are so many ubuntu 13.10 packages missing for ppc
<szaus18> is there a way to tell dpkg-buildpackage to use multiple core? my core0 is busy but the rest is all idle
<szaus18> i see, it supports -j
<sarnold> szaus18: or try setting the environment variable DEB_BUILD_OPTIONS=parallel=4 or whatever
<blueking> what command to check how much space left on usb device   mounted /mnt/usb ?
<geser> df -h /mnt/usb
<blueking> and to check how much stored in each folder ?
<blueking> ls  and some options
<ogra_> du -hcs /mnt/usb/*
<blueking> TY
<blueking> :)
<blueking> ogra_:  and geser
<blueking> decided to reinstall ubuntu server :/   had some glitch here and there   some errors with initctl   and more stuff I couldn't find out how to fix :/
<jamespage> zul, hold fire on icehouse backports - hacking something out to automate it on a regular basis for simple no-change backports
<Daviey> jamespage: erm, wasn't there already a backport-o-matic that adam_g wrote?
<jamespage> Daviey, we have most of the scaffolding - it just needs glueing together
<Daviey> Oh!  Nice.
<zul> jamespage:  i was just making sure things build yesterday
<jamespage> zul, I almost have it working; it checks if mismatches, backports and build tests - if it builds it will upload, if not expect an email :-)
<zul> jamespage:  well on my list so far openvswitch, mongodb, ipxe, libunwind ftbfs so far
<jamespage> zul, openvswitch? interesteing
<jamespage> ok
<zul> jamespage:  when you get a chance can you have a look at the migrate ftbfs https://launchpad.net/ubuntu/+source/migrate/0.8.2-1/+build/5294293 i have to get liam ready for school
<blueking> what dhcp server  people recommend for ubuntu server ?
<blueking> for homeuse
<blueking> and what's extra features does ldap gives ? -> isc-dhcp-server-ldap  vs isc-dhcp-server ?
<andol> blueking: If it is for home use, and you aren't familiar with ldap, it is not something you need.
<andol> http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol
<blueking> ok  found out that  ldap are goodie if  one have several servers  if I understood it right
<Cryp71c> Just got an Ubuntu VPS setup and its been a while since I've run a server in Linux. I know I probably aught to create a user account rather than doing everything using root, but for each site that I run on this VPS, should I create a different user account for it? or just create a single 'www' user account and run all sites out of that? What about the DB?
<jamespage> zul, ok
<blueking> my interfaces got names   p3p1 p2p1     in interface-order  should I use p*p1 or p?p1 ?
<blueking> hmm or is it this -> p+([0-9])p+([0-9])
<blueking> hmm or is it this -> p+([0-9])p+([0-9])?(_([0-9]))*             how does this one look like ?
<soren> blueking: What are you trying to do+
<soren> ?
<blueking> edit  interface order
<blueking> my nic has p3p1 and p2p1
<soren> Why edit the order?
<blueking> no need to ?
<soren> How could I say?
<soren> I don't know what your motivation is.
<soren> Why did you start looking into this in the first place?
<blueking> I made backup of ubuntu and  did a clean install and putting back conf
<blueking> that what I know was working
<soren> pXpY(_Z) is biosdevname assigned names based on physical location in your system.
<blueking> (_z) not visible then
<blueking> ok :)
<soren> No, it only applies in certain cases.
<blueking> I was thinking I didn't need  apparmor   apt-get remove apparmor and saw EVERYTHING disapear :P
<blueking> somehow reinstall of stuff didn't work without issues and caused several error msg
<blueking> atleast have  firewall dhcp server  samba share fixed
<zul> jamespage:  keystone is building fine locally now
<jamespage> zul, omg I'd forgotten how long ceph takes to build
<zul> jamespage:  hehe
<arosales> hallyn, sorry for the late notice, but I think you are up today to chair the ubuntu server IRC meeting
<hallyn> again?
<hallyn> seems like only yesterday :)
<zul> hallyn:  you love it
<hallyn> I did add a "ping the next week's moderator" to the checklist.  who's not following it?
<hallyn> oh, heh.
<hallyn> zul: it does allow me to do the rude fast meeting :)
<hallyn> yikes that's quite an action list
<zul> hallyn:  yep yep
<caribou> jamespage: do you remember the following bug : LP: #1241674
<caribou> jamespage: juju-core broken with OpenStack Havana for tenants with multiple networks
<jamespage> yes
<jamespage> still broken
<caribou> jamespage: I'm looking at it; is there any known workaround ?
<caribou> jamespage: i.e. until it get fixed in juju-core ?
<caribou> jamespage: before I go ahead and  start looking at ways to deal with this
<jamespage> caribou, erm - not run multiple tenant networks for juju environments - sorry that's the best I can suggest right now
<jamespage> I know that sucks
<caribou> jamespage: :-) I was about to say "except *not* running multiple networks"
<caribou> jamespage: ok, thanks for the info, at least I know what to expect
<jamespage> I know gnuoy has been hitting this issue as well
<jamespage> gnuoy, is there a plan yet? or are we still waiting on juju-core upstream
<caribou> A long round of applause to everyone involved with the fastpath installer :-D
<caribou> this will change my testing life
<jrwren> what is fastpath installer?
<jrwren> is that same as curtin or curt installer?
<caribou> jrwren: well, actually these praises should have gone to #maas
<caribou> jrwren: it is, that's how it's called in maa
<caribou> maas
<jamespage> jrwren, yeah - thats right
<jamespage> its integrated into maas but driven by curtin I think
<caribou> jamespage: afaik, fastpath is a maas tag that makes the installer use curtin
<roaksoax> caribou: the fastpath installer is using curtin to do the install really
<roaksoax> caribou: it gets activated by adding the tag
<caribou> roaksoax: ah, ok. thanks for the precision
<roaksoax> caribou: np :). I know there isn't really much info out there to clarify this
<caribou> roaksoax: I just didn't take time to have a look at the code. I think this is where the doc resides ;-)
<jamespage> zul, that's working quite nicely
<zul> jamespage:  ceph?
<jamespage> zul, ceph done
<zul> jamespage:  keystone is down to 4 test failures all have to do with essex keystoneclient
<jamespage> 16 packages done infact
<jamespage> 3 failures
<jamespage> zul, gah - is that stuff still in tree - I thought it was going to be dropped?
<zul> jamespage:  its still there
<jamespage> zul, btw libunwind won't pass its test suite if apport is enabled
<jamespage> if that was the build failure you saw
<zul> nose has been ripped out so have to run the testsuites with all the stuff we have skipped in the past
<jamespage> it expects core dumps on disk in defined locations - apport intercepts those
<zul> jamespage:  ack
<zul> jamespage:  now if i could only figure out whats going on with nova
<jamespage> zul, yolanda is looking at heat and ceilometer
<zul> jamespage:  ack
<jamespage> can't remember whether I mentioned that or not
<zul> jamespage:  dont think so
<yolanda> zul, adding python-pip to build-depends make sense? it doesn't build without that, but i can't see it on requirements, so maybe it's something with my machine
<zul> yolanda:  no it doesnt...just patch it out of requirements.txt
<yolanda> zul, it isn't in requirements, but if i don't have pip installed in my machine, i received error i showed you
<zul> yolanda:  wha?
<zul> yolanda:  can you post the full build log?
<yolanda> sure
<yolanda> zul http://paste.ubuntu.com/6515025/
<yolanda> seems it's a req from pbr
<yolanda> Installed /home/ubuntu/build-area/ceilometer-2013.2/pbr-0.5.23-py2.7.egg
<yolanda> Searching for pip>=1.0
<zul> yolanda:  how are you building the package are you using pbuilder?
<yolanda> bzr bd
<yolanda> that's first step
<zul> yolanda:  right you want to use bzr bd -S and then use something like pbuilder or sbuild otherwise you are going to get problems like this
<yolanda> zul, sorry, yes, bzr bd -S
<yolanda> i receive the error executing the bzr bd -S command
<zul> yolanda:  make sure you have python-pbr installed
<yolanda> mm, it wasn't, but i executed and apt-get build-dep ceilometer
<yolanda> let me try now
<yolanda> it's that, yes
<yolanda> i may be using an old ceilometer package to get the build deps
<jamespage> yolanda, zul: some of the package clean calls will pull in deps if they are not already installed
<jamespage> bzr bd -S -- -nc will avoid this
<jamespage> but is bad practice
<jamespage> (but in a bzr tree you should not get cruft - so its not to bad)
<zul> i hate you testr
<arosales> hallyn, the "ping the next week's moderator" was from me following the checklist. Apologies on it being so late on the ping though
<yolanda> zul https://code.launchpad.net/~yolanda.robla/ceilometer/icehouse_refreshed_patch/+merge/197553
<zul> yolanda:  merged thanks
<yolanda> cool
<yolanda> easy one
<smoser> utlemming, can you just please 'ack' that we will plan on producing alpha-1 images for cloud-images. ?
<utlemming> smoser: done
<utlemming> smoser: or did you need me to ack that somewhere else besides the meeting?
<smoser> probably here or ther eis sufficient
<smoser> maybe just say so in #ubuntu-release also
<smoser> can you do tha t?
<smoser> so other people are aware
<zul> jamespage:  https://code.launchpad.net/~zulcss/keystone/icehouse-ftbfs/+merge/197559
<w0rmie> i am adding some update paths to the sources.list file by adding two lines such: deb http://ftp.ubuntu.com/ubuntu/ gutsy main universe multiverse restricted
<w0rmie> deb-src http://ftp.ubuntu.com/ubuntu/ gutsy main universe multiverse restricted
<w0rmie> but while updating via terminal i cannot get the updates via gutsy
<jamespage> w0rmie, gutsy is no longer supported
<jpds> w0rmie: You need to upgrade that machine.
<jpds> w0rmie: I mean, gutsy's not been supported since 2009.
<w0rmie> i need to install kerreghed to boot them into a supercomputer
<w0rmie> what's the alternative then?
<jamespage> smoser, can you review the pad
<rbasak> w0rmie: you might find http://askubuntu.com/q/91815/7808 helpful. But you should upgrade.
<smoser> jamespage, i say "ship it"
<jamespage> smoser, ack
<jamespage> smoser, hey - there are a few updates in cloud-tools staging - specifically the juju-core one is needed for some stuff
<jamespage> as I uploaded I'm a little reticent to accept it
<smoser> jamespage, are you askign me to push to -propsed ?
<jamespage> smoser, pls
<smoser> i can do that. i actually thought you had.
<smoser> sure.
<smoser> jamespage, i only see juju-core in staging.
<jamespage> smoser, thats it then
<jamespage> I think the report is stuffed on reports.qa.ubuntu.com
<jamespage> I'll take a look at that
<smoser> jamespage, well, its not "stuffed"
<smoser> its just incorect report
<jamespage> stuffed == incorrect :-)
<smoser> its not wrong
<smoser> its correctly reporting what it was told to report
<smoser> it was just told to report something != what you actually want
<smoser> i've thoguht of taking a look at that
<smoser> what we want is 2 tables
<jamespage> lp:ubuntu-reports
<smoser> ubuntu -> -next
<jamespage> I can deploy updates now
<smoser> err...
<smoser> ubuntu devel -> -next
<smoser> and
<smoser> ubuntu stable -> staging -> proposed -> updates
<jamespage> yeah - that makes sense
<smoser> i just pushed juju to -proposed
<jamespage> smoser, thanks
<jamespage> zul, xen, python-wsme, qemu, webtest, simplejson, openvswitch, urllib3, msgpack-python, spice, ipxe, requests all fail to backport
<jamespage> everything else is good
<jamespage> zul, I can fix openvswitch now - I know what the issue is
<zul> jamespage:  msgpack-python has been deprecated in favor of python-msgpack
<zul> we also need to include newer six and iso8601 as well
<lfaraone> I wrote a tool for configuring network interfaces on ec2. What package would this be useful to add to?
<smoser> jamespage, can you give me a quick "how to ruN" for that thing ?
<jamespage> smoser, for what - the report?
<smoser> yeah
<jamespage> smoser, yeah - I struggled with that - one second
<smoser> i'lll submit a doc with my proposed branch
<zul> jamespage:  ok nova fixed i think
<jamespage> zul, great
<szaus18> been a long time LTS server user, now have to work for powerpc, where many packages are unsupported, am I better of to use wheezy/debian
<zul> jamespage:  can you bounce me the failures mins the openvswitch one so i can have a look
<szaus18> s/of/off/
<jamespage> zul, look at the console log in the lab
<zul> ack
<szaus18> trying hard to get nova-compute-kvm  built on 13.10 since last night
<rbasak> szaus18: which powerpc packages work in Debian but not in Ubuntu?
<szaus18> nova-compute-kvm for example
<rbasak> Anything else
<rbasak> ?
<szaus18> at the moment this is the major one, i do see other packages that are not supported during the search
<szaus18> would like to run some search to find out the whole list, it won't surprise me there are more
<szaus18> oops, nova-compute-kvm build failed yet again on ppc, time to try debian
<szaus18> is Ben here?
<jamespage> zul, spice self-fixed
<jamespage> on the next hourly backport-o-matic
<zul> jamespage:  cool
<zul> jamespage:  nova is almost fixed
<jamespage> zul: couple of comments on the keystone merge
<jamespage> zul, also we need to merge in the security update that landed last week
<zul> jamespage:  yeah we should get that security update in trusty
<jamespage> zul, it's already done
<zul> oh..
<zul> jamespage:  updated
<frojnd> Hi there.
<jamespage> zul, patch headers?
<frojnd> Anyone here familiar with posftix?
<frojnd> Every second I get a warning: mysql:/etc/postfix/mysql-virtual-alias-maps.cf lookup error for "root@mydomain1.com"
<zul> jamespage:  should be there
<zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/python-cinderclient/1.0.7/+merge/197587
<jamespage> zul, I'll leave that to roaksoax
<zul> jamespage:  ack
<roaksoax> zul: already commented
<zul> roaksoax:  i thought it was there...removed the changelog comment
<roaksoax> zul: done
<frojnd> I have a very newbie question, regarding postfix configuration. I decieded I'll go from beginning because I've missed something.
<frojnd> When it asks me for the system mail name I enter mail.mydomain1.com if dig -t mx mydomain1.com shows: mydomain1.com 5278 IN MX 10 mail.mydomain1.com ??
<frojnd> Is this correct?
<Shockwave> hi people!
<Shockwave> do you have web sites for to learn linux ubuntu server
<sarnold> Shockwave: this is a good starting point: https://help.ubuntu.com/12.04/serverguide/
<Shockwave> for the administration of linux ubuntu server  cllass online o tutorials=?
<Shockwave> sarnold: thanks !
<Shockwave> ;)}
<Shockwave> this is all for to learn the  administration of linux servr=??
<frojnd> hm
<frojnd> this is odd
<frojnd> On one hand it says: This name will also be used by other programs. It should be the single, fully         â   â qualified domain name (FQDN).
<Shockwave> frojnd: is with me=?
<frojnd> And fqdn in this case fqdn for mail is mail.mydomain1.com
<frojnd> and on the other: Thus, if a mail address on the local host is foo@example.org, the correct value for   â   â this option would be example.org.
<Shockwave> ok perfect!
<Shockwave> sorry!
<Shockwave> greetings
<Shockwave> Decepticonssssssssssssssssssssssssssssssssssssss
<frojnd> So which one is it? mail.mydomain1.com or mydomain1.com ?
<lfaraone> smoser: I want to contribute a utility to cloud-init that would run on boot (after eth0 was configured), after any interface was configured, and manually by request of the system adminitrator. The purpose of the program would be to configure network interfaces for the IPs assigned to it inside an AWS VPC.
<lfaraone> smoser: does that sound like a good fit to be included in cloud-init?
<jrwren> lfaraone: what does this utility do that I cannot already do with cloud-config ?
<smoser> lfaraone, bug 1153626 ?
<uvirtbot> Launchpad bug 1153626 in cloud-init "Multiple Interfaces and IPs not detected in AWS VPC" [Medium,Triaged] https://launchpad.net/bugs/1153626
<lfaraone> jrwren: I create an EC2 instance, and associate three IP addresses with the default network interface. I add another two network interfaces with a couple IPs each.
<sarnold> frojnd: well, given what you've pasted there, I'd say go with 'domain1.com' alone...
<smoser> ie, is this "ec2-net-utils" ?
<lfaraone> with the script I wrote, each available interface is initialised and dhcpd run if applicable, aliases are automatically configured for interfaces.
<sarnold> frojnd: (though it's been many years since I've run my own mail server, those neurons are getting thin and weak :)
<smoser> i am interested in having something like that in cloud-init and in hooking into the same basic infrastructure as it would/will be created on openstack
<lfaraone> smoser: I didn't look at ec2-net-utils, but it probably does something similar.
<frojnd> sarnold: yeah. Ok will do
<smoser> lfaraone, the key thin gyou've not mentioned above is that it can/should run from udev hotplug
<lfaraone> smoser: I hadn't investigated that, but it wouldn't be hard to add the relevant trigger, I'm sure.
 * lfaraone hasn't worked with udev too much, previously.
<smoser> lfaraone, so, generically, yes. i'd really like to have a solution for that
<smoser> and i'm willing to help you if you're interested in ccreating one and getting into c loud-init and ubuntu
<lfaraone> smoser: Awesome. Would this just live in cloudinit/config/handlers/? I can put what I have into a branch and work from there.
<smoser> i dont really think its a handler so much. handlers are for "parts" (of user-data)
<smoser> dont worry about where it lands so much.
<smoser> maybe just put it into a new dir named 'utils/' or something
<smoser> and push a branch for me to look at.
<lfaraone> smoser: I have a somewhat related question about the contributions process; mind if I PM?
<smoser> thats fine
<hazinhell> is there an updated lxc for precise besides the daily ppa?
<frojnd> This is amazing. netcat mail.mydomainq.com 25 shows: 220 mydomain1.com ESMTP Postfix (Ubuntu) When I do ehlo mydomain1.com I get: 250-mydomain1.com 250-pipeling, 250-status and a bunch of other 250-things... but when I do netcat mail.mydoman1.com 110 nothing happens, terminal goes into another line. Instead it should connect to the pop3 courier, am I right?
<sarnold> frojnd: don't forget that pop3 / imap4 is completely unrelated to the esmtp that handles the incoming MX ...
<sarnold> frojnd: going to another line without any further response makes me wonder if you've hit a firewall that DROPs rather than REJECTS... how's your firewalling look? does your ISP put any firewalling in place?
<frojnd> sarnold: I've enabled tcp 110 port
<sarnold> frojnd: does it work locally? does netstat -alp | grep 110 show it?
<frojnd> ha
<frojnd> empty
<sarnold> frojnd: hunh. then your 'nc' should have failed immediately...
<frojnd> I thought ufw accepts changes right away after adding a rule
<sarnold> frojnd: oh, I screwed up, try netstat -nlp not -alp --- perhaps netstat looked up the 110 in /etc/services to report 'pop3' instead. sorry.
<frojnd> still... sudo netstat -nlp | grep 110 nothing
<frojnd> but ufw raw | grep 110 gives me:  0        0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:110
<TheLordOfTime> anyone know what `atd` is?
<TheLordOfTime> i see it in htop but i have no idea what it is nor do i recognize the system username (daemon)
<xnox> TheLordOfTime: $ man atd
<TheLordOfTime> xnox, okay... why are atd and cron both running on the system...?
<TheLordOfTime> is that normal for 12.04 systems?
<shauno> they do different jobs.  cron is recurring, atd isn't
<frojnd> sarnold: does this matter? I have 2 external IPs Domains are set for the ip that isn't active in ifconfig
<TheLordOfTime> so then i shouldn't be alarmed by the sudden appearance of atd in the processes list.
<TheLordOfTime> okay, thank you
<shauno> if it's new I'd ask why.  but it's not unusual to have them in parallel
<xnox> TheLordOfTime: it's required by lsb-core, Linux Standard Base it's one of the core components that is guaranteed to be available across all distributions....
<sarnold> frojnd: if the port isn't shown open in netstat, that means your pop3 daemon isn't configured to open it, or the pop3 daemon isn't running
<TheLordOfTime> xnox, okay, i only asked because the server that i'm checking was listed in DroneBL's DNSBL as a botnet node, but the box is locked down and there's no evidence nor rogue processes...
<TheLordOfTime> atd was the only process i didn't immediately recognize.
<zul> roaksoax:  https://code.launchpad.net/~zulcss/nova/icehouse-refresh/+merge/197595
<frojnd> sarnold: ofcourse :S I used before dovecot and now I  forgot to start it
<frojnd> I just installed courier-pop and imap for testing this
<sda> hi all, I start ubuntu minimal on my laptop,it load the keyboard then freeze. When I check the kernel message i read: ieee80211 phy: brcnsnac: fail to load firmware brcm/bcm43xx-0.fw
<sarnold> sda: try installing the linux-firmware package onto that host; it might require booting with 'single' or something similar..
<sda> sarnold, how? i am trying to install a new system with ubuntu minimal cd.
<sarnold> sda: ah, so this is during the installer?
<sda> yes
<sda> sarnold, and i cannot skip
<sarnold> sda: oh, sorry, I misunderstood your first question. :(
<sda> sarnold, probably because i was not clear! :D anyway any ideas?
<sarnold> sda: sorry, I'm pretty weak at the installing end of things, I'm better once they're upand running ;)
<sda> sarnold, worth a try!
<sda> :D
<sda> sarnold, i'll try to use ubuntu server
<sarnold> sda: if all else fails, try the desktop disc -- it'll be mostly the same stuff, with the annoyance of networkmanager instead, but you can deal with that once it's running. :)
<sda> sarnold, but i don't want to install a gui, i don't want to install programs like firefox for my CLI server
<sarnold> sda: yeah, that's good, but if the laptop is gving you trouble, perhaps the desktop installer will do a better job of making it work. you can always turn off or uninstall X once it's installed
<bogeyd6> alot of new faces, very few old ones
<bitbyte_> Anyone on tonight who's got experience with ipsec certs who can help with a issue loading the certs in strong swan ?
<frojnd> Well that's interesting. I can't even send a mail using telnet
<frojnd> Oh and I've removed /var/log/mail.log and recreate it but now nothing will be saved in this file
<frojnd> I've made sure that it hass sufficent rights
<sarnold> frojnd: you may need to ask the server to rotate logs; if it has a filehandle open to the old log file and continues to log there, the file will not be accessible further but the data won't be freed until the server either rotates logs (and thus closes the file) or is restarted (and thus closes the file)
<sarnold> frojnd: check /proc/pid/fd/ for a list of files the server has open, one of them might be /var/log/mail.log (deleted)
<frojnd> sarnold: don't have /proc/pid/fd
<frojnd> not even /proc/pid
<sarnold> frojnd: ah, sorry, you have to look up the pid of your server via pidof postfix or something similar
<lfaraone> smoser: I pushed up what I have to start with to https://code.launchpad.net/~lfaraone/+junk/configure-interfaces
<frojnd> pidof postix empty
<bitbyte_> does any one know how to run openssl to generate a cert without encryption ?
<bitbyte_> i run private/strongswanKey.pem -out cacerts/strongswanCert.pem     and when pressing enter to skip password it errors saying password needed
<smoser> lfaraone, thanks. i'll try to take a look at that tomorrow.
<jpds> bitbyte_: Why aren't you using the strongSwan pki utils?
<bitbyte_> the honest answer is I don't know how
<jpds> bitbyte_: http://wiki.strongswan.org/projects/strongswan/wiki/SimpleCA
<bitbyte_> jpds can i generate the certs from that method and implement them in the other config
<jpds> bitbyte_: What other config?
<bitbyte_> sorry the link i posted from the walk through i was following i.e. http://serverfault.com/questions/212382/how-to-set-up-strongswan-or-openswan-for-pure-ipsec-with-iphone-client
<jpds> bitbyte_: No idea about that, I've always used ipsec pki.
<jpds> bitbyte_: But the client should just take the cert.
<bitbyte_> jpds ok cool i'll give a shot, do you know any other resources to look at as i find the strong swan documentation a bit hard to read
<jpds> bitbyte_: I always go to strongswan.org.
<bitbyte_> jpds one last question do you know if osx will accept the .der certs in their inbuilt ipsec / keychain ?
<bitbyte_> if not ill google
<frojnd> sarnold: by server u mean postfix?
<jpds> bitbyte_: http://wiki.strongswan.org/projects/strongswan/wiki/IOS_(Apple)
<bitbyte_> that page comes up as removed
<jpds> bitbyte_: You're missing a ).
<sarnold> frojnd: yeah, at least I think that's what I saw you confiuring earlier
<bitbyte_> *face palm*
<jpds> bitbyte_: And don't worry about the docs being hard to read, that's just ipsec.
<bitbyte_> jpds much appreciated this issues been bugging me for past few days
<frojnd> sarnold: so in theory reinstalling postifx could fix mail log
<sarnold> frojnd: I hope it wouldn't take -that- much -- try first a 'sudo service postfix restart'
<frojnd> sarnold: won't hel
<frojnd> help
<frojnd> or it won't log verbose :)
<sarnold> frojnd: hrm :/
<frojnd> the problem is that I've start from the beginning. I'm trying to simply send email when connected to telnet localhost 25
<frojnd> I leterally do this: ehlo localhost
<frojnd> mail from: root@localhost
<frojnd> rcpt to: test@localhost
<frojnd> data
<frojnd> subject: ....
<frojnd> and when I su to test and do mail: it says no mail
<frojnd> Oh and when I do . when trying to write an email, it says: 250 2.0.0 Ok: queued as A6E83CA00C2
<frojnd> and still not /var/log/mail.log heh
<frojnd> I'd just like to know why it won't send email from localhost
<sarnold> frojnd: anything in mailq output?
<frojnd> Also when I do telnet localhost 25 it shows me 220 mydoman1.com  ESMTP Postfix (Ubuntu)
<frojnd> sarnold: for user test, it's empty
<Shockwave> Hi people!
<Shockwave> what is disc containers and benefic=??
<bitbyte_> jpds Hey can you take a look at the start up log for my ipsec as it's now throwing the same error when loading the certs but reversed ? if i paste bin the log and tell you the lines you ok to take a quick look ?
<frojnd> What is default logging facility in ubuntuserver?
<frojnd> I need to restart it to see if postfix will start logging afterward
<sarnold> frojnd: rsyslogd
<frojnd> sarnold: tnx
<frojnd> it was that 'r' infornt of syslog :)
<sarnold> :)
<frojnd> and it works :)
<sarnold> yay!
<sarnold> now you've got error messages you can use to actually fix your -real- problem :) but progress is progress, hehe
<frojnd> yeah :)
<frojnd> but it's not error I'm afraid
<jpds> bitbyte_: Sure.
<frojnd> sarnold:
<frojnd> This is the newst log http://sprunge.us/CUOV when I try to send a mail as root to test
<frojnd> I  have no idea what sysadmin is doing there
<frojnd> or how it gone there
<sarnold> frojnd: oof. grep for 'sysadmin' in /etc and see what turns up? :)
<frojnd> ah It's in /etc/aliases
<frojnd> from previous attempts of configuring.. I've updated aliases now
<bitbyte_> jpds i think i might have sorted it
<bitbyte_> jpds looks like it was myself being slack and not cleaning up mess from before
<frojnd> sarnold: finally :)
<frojnd> sarnold: got amil locally juhu
<jpds> bitbyte_: Hehe.
<sarnold> frojnd: \o/  :)
<frojnd> sarnold: http://sprunge.us/WWcD this is how it looks like when it's working
<sarnold> frojnd: much better
<frojnd> yeah :) now I can build the rest of setup ssl only and stuff :)
<frojnd> I'd prefer pgp keys
<frojnd> sarnold: heh when I send mail from outside I don't receive mail
<frojnd> Specifically from gmail. But gmail won't state that that there is any error. So it's lost somewhere
<sda> hi all, i'm trying to install ubuntu server on my old laptop. Once I arrive at detect network, it stall because it's not able to load wifi firmware: ieee80211 phy0: brcmsmac fail to load firmware brcm/bcm43xx-0.fw. I don't need the wifi card to install. Any IDEA?
<frojnd> sarnold: u have any ideas why when I send email from gmail to my newly created server I won't receive mail? I've opened ports 110 and 143 I can also see them when I to netsetat -tlnp | grep 101/143
<frojnd> ah
<frojnd> I think I know what the problem is
<frojnd> port 25
<frojnd> which is not opened
<frojnd> ha
<crazysix_> Hello. I need to apply upstream patches to my ubunutu 12.04 server in response to a PCI scan as seen here:http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1635.html. Can give me a hint on how to get started?
<uvirtbot> crazysix_: ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers to bypass intended access restrictions by triggering the creation of cached SOAP WSDL files in an arbitrary directory. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1635)
<frojnd> ha
<frojnd> When sending mail using mailx from ubuntuserver to gmail account I see sent from: @mail.mydomain1.com and not @mydomain1.com lol
<frojnd> ANd myhostname is set to mydomain1.com :)
<sarnold> frojnd: don't forget there are two From headers; one, known as From_, is the "envelope From" header, and it is the one your MTA is liable to set. the other one, "From: ", is an email header set by the MUA, and it is unlikely to be changed by the MTA..
<crazysix> anyone have any ideas on where to start here? Or a good resource?
<sarnold> crazysix: wow, what kind of idiot PCI scanner would pretend open_basedir() is a security mechanism???
<crazysix> trustwave...
<crazysix> they also did not recognize any of the issues addressed by ubuntu packages and I had to dispute those.
<sarnold> crazysix: feel free to let them know that open_basedir() always has been and always will be a gigantic disaster, one more indicator that the PHP authors really didn't know what they were doing....
<crazysix> but, now I have to remedy these
<crazysix> lol
<crazysix> will do
<sarnold> crazysix: I mean, if they wanted to report back, "hey, you're running PHP, that's a disaster", I'd agree, but "open_basedir() is broken", and ... wow. just wow. :) hehe.
<crazysix> however, I still have about 3 more issues that I need to apply these upstream patches for
<crazysix> lol
<sarnold> crazysix: oh? which else?
<frojnd> sarnold: I don't understand really. Where is this set.
<crazysix> here is another CVE-2011-4718 http://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-4718.html
<uvirtbot> crazysix: Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4718)
<uvirtbot> crazysix: Session fixation vulnerability in the Sessions subsystem in PHP before 5.5.2 allows remote attackers to hijack web sessions by specifying a session ID. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4718)
<sarnold> crazysix: yikes, those patches look miserable.
<crazysix> sarnold: yeah, not too thrilled about this one
<crazysix> sarnold: I have to catch the bus. I'll be back later. Thanks for looking at those.
<sarnold> crazysix: can you instead demonstrate that your application's use of php sessions is managed like this? https://wiki.php.net/rfc/strict_sessions#current_solution
<crazysix> sarnold: I will try. Apparently Drupal already takes care of the session issue. I will try to make that argument
<crazysix> sarnold: thanks again
<sarnold> crazysix: have a good night, good luck :)
<hallyn> zul: just a reminder, will waiting on python-libvirt 1.2.0 :)
<frojnd> sarnold: about that mail.mydomain1.com which should mydomain1.com when I use mail to send mails to external emails.. I still don't understand where is this set in postfix
<sarnold> frojnd: depends upon which header was set to mail.mydomain1.com -- was it the envelope From_ header or the message From: header?
<frojnd> sarnold: I really don't know where this is set. At least in main.cf I didn't set anything like it
<frojnd> sarnold: this is the mail client issue not the postfix?
<sarnold> frojnd: then check your mailx configuration?
<frojnd> sarnold: aha now I get it
#ubuntu-server 2013-12-04
<hallyn> xnox: hey, (stgraber suggested I ask you) do you know of any way offhand to have n thread handlers in an nih_main_loop()?  (particularly this is a nih-dbus app)
<xnox> hallyn: first one needs to recompile libnih with "--enable-threading" flag, if there is need we can provide it as a separate package. It's same api/abi (sans threading) but threading is not considered safe for e.g. init.
<xnox> hallyn: and then I believe you would have a main_loop per thread.
<xnox> hallyn: entirely untested, first step is to recompile and check the test-suite results.
<xnox> hallyn: if you want some better thread API, I'm all ears.
<xnox> I'm writting a lot of libnih upstream code these days.
<xnox> hallyn: if you are ok with something more haevy weight, i'd look into into glib / gio, they have more dbus features/code.
<stgraber> xnox: it's for the cgroup manager, I think we're mostly using nih for the convenient dbus API. If we are to move away from it, my guess would be to go straight with libdbus and not depend on a giant library like glib
<hallyn> xnox: hm, thanks.
<hallyn> stgraber: bs.  if we go away from it, i'm going with straight unix socket :)
<hallyn> effing kids these days with their little toolboxes that trade control ('its so complicated') for crappy random boilerplate
<stgraber> hallyn: considering the pile of hack you had to do to get ucreds to sort of work with dbus, I can't blame you ;)
<hallyn> stgraber: now i realize that really the thing to do is add scm_creds sending to dbus,
<stgraber> yeah, but that'd be awkward since dbus supports tcp and a bunch of other medium on which scm_creds won't work
<hallyn> same with sending scm_rights though
<xnox> stgraber: scm_creds work with libdbus on linux (or so I thought)
<xnox> plus libnih-dbus depends on libdbus, so you already have libdbus.
<xnox> (granted with nih main loop)
<stgraber> xnox: you can get the initial ucred from the socket, passing a scm_cred later on over the raw socket proved to be pretty tricky
<xnox> I see.
<stgraber> xnox: basically what we need is to have our client send a dbus message, then send a ucred struct, then wait for the reply from the server
<stgraber> xnox: the server needs to grab the message from the client, wait to get the ucred, then process the request and return the reply
<stgraber> based on what hallyn has been telling me today, it's not nearly as easy to do as it should be...
<hallyn> xnox: yeah you cannot send a ucred using dbus.  dbus sends an scm_cred during auth phase but that' sit
<hallyn> stgraber: not just not easy, not supported
<hallyn> stgraber: however, in the end i figured out how to fetch my own reply so I could bypass the send_message_call_reply_block(0 or whatever
<hallyn> that was a big step up
<hallyn> all i have to do is manually send the scm-credential over the underlying fd
<hallyn> xnox: I don't suppose you are at all 'in' with the upstream dbus crowd? :)
<hallyn> still the dbus perf overhead (by all accounts no better than at least 2-4x) may be insurmountable
<xnox> *giggle* not really no. If anything they hate me for bringing up "upstart dbus activation" and opening with "remember, scott & lennart had a fight about it 2 years ago"
<hallyn> lol
<hallyn> stgraber: hm, so would statically linking cgmanager against a custom-build libnih with threading be a problem?  after all we wanted minimal dependencies
<xnox> hallyn: hm.. but surely kdbus would need to marshal creds & rights? and it looks like systemd commits of kdbus do have it.
<xnox> hallyn: i'd provide threaded libnih in debian/ubuntu, but.....
<hallyn> xnox: the server can get the creentials of the caller.  but that's not what i'm after
<xnox> hallyn: libnih/upstart are removed from most RPM distros these days due to non-maintainance.
<hallyn> non-maintenance?
<xnox> hallyn: as in no RPM package maintainers in fedora (after it stopped being their init)
<xnox> and almost by definition that meant no other RPM distros maintained it either.
<hallyn> gotcha
<hallyn> (i woudl have thought the RHEL folks would want to maintain it for a bit)
<xnox> hallyn: talk to pitti, he did do dbus work, as far as I remember and he might now a better way to do it.
<stgraber> hallyn: any static linking is usually very badly seen from the archive admin team and for good reason (security updates being the biggest one)
<hallyn> stgraber: yeah...
<stgraber> hallyn: desrt (Ryan Lortie) also has a few commits in dbus upstream (but don't mention nih since he's one of the glib guys ;))
<hallyn> i dislike glib and nih equally :)
<xnox> cgroups manager is an exercise in FLOSS political correctness =)
<hallyn> (not that i would've used dbus at all without nih)
<hallyn> xnox: astute
<stgraber> my feeling is that we either manage to get nih and dbus to play nice or we go with good old (lxc-style) C and raw unix socket then try to build a protocol that's not too awful on top of that
<hallyn> stgraber: i'm done with it for tonight, will look more tomorrow - but near as i can tell, all my tests were working today, but that was an accident and in fact the scm_cred sending is very racy
<hallyn> (meaning i'm feeling down on our chance of being able to use dbus - again, unless we start making upstream dbus changes)
<stgraber> upstream dbus changes will quite problematic with our plans of backward compatibility...
<stgraber> *will be
<hallyn> stgraber: yup
<hallyn> though couldn't we just also backport the dbus delta? :)
<hallyn> 'ust'
<hallyn> 'just'
<hallyn> i crack me up
<zul> hallyn:  yeah will have it tomorrow
<xnox> stgraber: hallyn: if i understand it right, once authenticated you can open a new abstract private dbus socket for that client & expect the first connect/authentication to be the "new" crendentials you want the client to pass (if kernels permits you to do that) followed by a stream message / magic cookie you gave the client during it's initial authentication.
<xnox> ...... but that wouldn't pass scm_rights, only creds, horum.
<xnox> dbus-over-dbus
<techact> hi
<stgraber> xnox: the trick is, we don't want the default ucred struct that's sent on open. We want an hand made struct to be sent instead which contains a different uid and pid than the default one.
<stgraber> xnox: that's how we transmit the uid and pid of the task in a way that gets converted by the kernel into the host namespace.
<xnox> stgraber: if it's hand-made, would it be verified by kernel? oh interesting. well the _CRED and _RIGHTS are arrays of ints, which is a native dbus type.
<xnox> stgraber: it's just you'd need to hand construct it from a{i} into struct ucred once you receive it.
<stgraber> xnox: it is verified and converted by the kernel
<stgraber> xnox: that's how we retrict root in a container from sending us a pid that doesn't belong to the container
<stgraber> xnox: and that's also how we then get the mapped PID on the host namespace (in the container you send the uid and pid in the container. On the host you receive the uid and pid as seen by the host)
<xnox> with marshalling between receiver/sender
<stgraber> sending an equivalent of the struct over dbus would bypass that convertion and validation step by the kernel which would make the whole thing worthless
<xnox> yeah, it would be worthless.
<xnox> i don't see how dbus can help you here, since it's inherently insecure for this. Using sockets is the only way i can think of how you can make sure that kernel does conversion/validation.
<stgraber> the biggest issue we have is that there's no easy way from the host to know what's the host PID from a provided container PID. The only two ways we can do that is either by attaching to the container (setns with PID namespace) which is only supported since 3.8 (our target is 3.2) or sending scm_cred over a unix socket
<stgraber> so our current dbus implementation is similar to upstart's, so we are our own server on the host and we use a unix socket, so as we have access to the raw socket, we can send the ucred, but as hallyn said, that's very hackish and racy
<stgraber> so I guess hallyn will poke at it some more tomorrow and if that looks like too much of a hack, we may fallback to our own protocol, ditching dbus and nih for a good old handmade solution...
<stgraber> on the upside, that'd reduce our dependencies to basically just the C library, which would be convenient for portability (LXC supports most distros and native Android)
<stgraber> tbh I wasn't terribly looking forward to porting libnih to bionic ;)
<rostam> HI I need to install python-autobahn on my 12.04 LTS update 3 system. Could someone help me to find out where to get that? thx
<AlecTaylor> Which Java should I install, and how can I install it with its dependencies?
 * AlecTaylor tried `sudo apt-get install default-jre -f`
<martisj> mornigng
<martisj> I'm having issues with our ssh keys on an ubuntu 10.4.3 server.
<martisj> When ssh'ing in to the server it's still asking for a password even though my key is in the ~/.ssh/authorized_keys file
<mardraum> martisj: check the ssh logs, either incorrect key or file perms usually
<martisj> mardraum: thanks!!
<martisj> found a stackoverflow related to permissions, but it doesn't seem to be it :S
<martisj> probably incorrec key
<martisj> :S
<martisj> mardraum: n00b question, where is the ssh log located?
<martisj> found it now
<martisj> var/log/auth.lgo
<martisj> I foud this in the log: error: key_from_blob: remaining bytes in key blob 268
<martisj> blah :S
<yogesh> hi
<blueking> hello
<blueking> where I find settings for removeable devices,  my raid array /dev/md0  are listed as removeable that it shouldn't be
<andol> blueking: Listed where?
<blueking> andol:  I installed ubuntu server   and added ubuntu gnome desktop  to it    when open 'files' application  raid array are listed there as removeable
<andol> blueking: Have you defined a mount point for /dev/md0 in your /etc/fstab?
<blueking> yes
<andol> In that case I don't know. At least in Unity I seem to recall that having been the distinction.
<blueking> UUID=xxxxxx-some numbersxxx /home/user/downloads ext4 defaults   0  2
<blueking> nothing wrong there ?   added this line after finished initial install of ubuntu server
<sarnold> blueking: in some sense, it -is- removable, you can always use mdadm to turn off the raid array and thus 'detach' it...
<blueking> sarnold:  ok
<blueking> it wasn't mounted in start
<blueking> usb mounted devices are not listed in fstab   don't know where settings for that are ?
<sarnold> blueking: check /etc/udev/ and /lib/udev/ for that...
<blueking> sarnold:  will look into it
<blueking> sarnold:  nothing configured in udev.conf
<sarnold> blueking: no, it wouldn't be, check out /lib/udev/hwdb.d/20-usb-vendor-model.hwdb and other files. information about usb devices is scttered all over the udev files..
<sarnold> blueking: time for me to call it a day :) have fun and good luck
<blueking> thanx for help :)
<blueking> sarnold:
<blueking> hmm in /sys/devices/virtual/block/md0/removable     it's 0  flag  means not removable
<jamespage> yolanda, some feedback on the heat charm - more units tests would be good; and I'd rather see use of the pwgen function from charmhelpers than using hexdump if that would work OK
<yolanda> jamespage, ok, i'll take a look
<jamespage> yolanda, you can probably ditch the upgrade_charm hook - that call was put into existing charms to deal with changing the default vhost for rabbitmq
<yolanda> jamespage, about the heat logo, the one that we have in launchpad isn't the official one?
<jamespage> yolanda, don't worry about that for now - I'll poke someone in the design team for some nice openstack ones
<jamespage> they did the ones for the other openstack charms
<yolanda> ok
<yolanda> jamespage, i have a conflict with ceilometer. stevedore version requirements is >=0.12, but we have only 0.10-2, shoud we update stevedore version first?
<jamespage> yolanda, sounds like a good idea
<jamespage> yolanda, I just pinged zigo (debian maintainer)  - lets see if he has immediate plan - if not we delta it and give him a patch if need be :-)
<yolanda> ok
<blueking> a question about local net, have setup one pc as router  ubuntu server, with dhcp server  shorewall .. and two asus routers that I have some options to set these two...  1:  make its own subnet for wifi  one wifi router and the second router set in AP mode   or 2: set both wifi router in AP mode and have same subnet as local net ?
<yolanda> jamespage, created this MP to prevent at least the FTBFS: https://code.launchpad.net/~yolanda.robla/ceilometer/icehouse_ftbfs/+merge/197692
<yolanda> it will be pending the stevedore upgrade to 0.12, because package right now doesn't work
<jamespage> yolanda, OK _ I checked with zigo - he has other challenges as he needs to test with havana as well
<jamespage> so I uploaded to trusty
<yolanda> jamespage, you uploaded 0.12 version?
<jamespage> 0.13 actually
<yolanda> cool, so i'll try to update my MP for ceilometer
<jamespage> yolanda, should land in a bit
<jamespage> backport-o-matic will detect it and shove it into the lab the the icehouse staging PPA
<jamespage> Daviey, named for you ^^
<jamespage> yolanda, some feedback in your ceilometer MP
<yolanda> ok
<R_L_N> hey guys quick question
<R_L_N> im trying to install ubuntu server without the network configured
<R_L_N> this should be fine except for when i get to the step for choosing a mirror
<R_L_N> i cant get past it because it fails to find the mirror
<R_L_N> is there a secret way past this? i cant see one
<jamespage> zul, most of our backport failures either seem to be python3 related or due to BD's on dh-python now
<jamespage> zul, dh-python from wheezy backports looks like it might be an option
<jamespage> at least the delta is probably good for the backport we need to have
 * jamespage looks deeper
<yolanda> jamespage, pushed the fixes for ceilometer, but it won't work until new stevedore is pushed
<zul> jamespage:  ack
<smoser> roaksoax, were you planning (or could you) upload a maas to trusty that is >= 1.4+bzr1693+dfsg-0ubuntu2.2  ?
<smoser> currently trusty < saucy-proposed
<smoser> which is a "violation" in some sense
<smoser> jamespage,  could you review https://code.launchpad.net/~smoser/ubuntu-reports/cloud-tools-next/+merge/197604
<jamespage> smoser, sorry - I suck
<smoser> its admittedly not the most beautiful patch in the world, but it works
<smoser> and it gets me charts that actually have meaning versus the confusing bunch of RED at http://status.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/cloud-tools_versions.html
<smoser> OMG RED!
<jamespage> smoser, looking now
<roaksoax> smoser i was working on the package split before releasibg a new version since i wanted it out there sooner rather than later
<smoser> roaksoax, just upload 2.2
<smoser> early and often rather than perfect.
<smoser> rbasak, https://bugs.launchpad.net/maas/+bug/1257082
<smoser> i'm confused.
<uvirtbot> Launchpad bug 1257082 in ntp "MAAS does not use NTP servers specified in DHCPD options" [Undecided,New]
<smoser> NTPDATE_USE_NTP_CONF=yes is "correct", no?
<smoser> it looks to me like:
<rbasak> smoser: I'm not sure that makes sense. AFAICS, if ntpdate intends to pick up the DHCP NTP server, surely it should do it by default?
<smoser> i know i'm missing something.
<smoser> but to me, ifup of dhcp causes /etc/dhcp/dhclient-exit-hooks.d/ntpdate
<smoser> to run
<smoser> which writes
<smoser> /var/lib/ntpdate/default.dhcp
<roaksoax> smoser: do you have anything to upload that doesn't involve a new upstream release?
<smoser> and then after that is written
<smoser> /etc/network/if-up.d/ntpdate would run, which reads that file if present.
<smoser> roaksoax, why can't you just upload the same thing to trusty that is in saucy ?
<rbasak> smoser: except it doesn't, which is either intentional or a bug. Take a look at the logic in /usr/sbin/ntpdate-debian.
<smoser> rbasak, i'm missing something
<roaksoax> smoser: ah! i see.. i guess noone every copied to the package to trusty
<smoser> http://paste.ubuntu.com/6519871/
<rbasak> smoser: if NTPDATE_USE_NTP_CONF=yes (the default), then /var/lib/ntpdate/default.dhcp is never examined.
<smoser> rbasak, thats /usr/sbin/ntpdate-debian
<smoser> oh.
<smoser> i see.
<smoser> i just assumed that the list of files thre in the 'yes' case
<smoser> included /var/lib/ntpdate/default.dhcp
<rbasak> Seems to me that NTPDATE_USE_NTP_CONF should be treated as if it says no if /etc/ntp.conf doesn't actually exist.
<smoser> and never even looked at the other case.
<rbasak> I think a bug in Debian is warranted here, to at least figure out the intention.
<smoser> yeah.
<rbasak> I'll file it, shall I?
<smoser> yeah. and link to yours.
<smoser> thanks rbasak. i just assumed line 10 there was searchign through ntpdate/default.dhcp
<zul> hallyn:  libvirt-pythong should be fixed now
<zul> jdstrand:  ping
<jdstrand> zul: hey
<zul> jdstrand:  can you get someone to look at the MIR for python-misaka please?
<jamespage> zul, OK - have a dh-python that works for icehouse/precise
<zul> jamespage:  sweet
<zul> im just fighting python-librabbitmq
<jamespage> zul, can you check http://paste.ubuntu.com/6520014/ and +1
<jamespage> I'll then push it to all the right places manullay
<zul> +1
<zul> maybe we should get that delta in dh-python as well
<zul> jamespage:  actually nevermind about what i was saying in the delta
<jamespage> smoser, OK - I did a local test and then deployed it to the server
<smoser> so will the server magically add the 'cloud-tools-next' ?
<smoser> jamespage, ^
<jamespage> smoser, no i need to enable that
<jamespage> smoser, which I have now down /44 past the hour
<smoser> i have no idea what that meant
<jamespage> smoser, it runs at 44 minutes past the hour
<jamespage> the reports are staggered
<smoser> ah.
<smoser> k.
<Daviey> jamespage: hah, backport-o-matic :)
<jcastro> https://blueprints.launchpad.net/ubuntu/+spec/servercloud-s-webscale
<jcastro> does anyone know if any of this is targetted for T?
<jamespage> jcastro, nginx was mentioned - rbasak was looking at that I think
<jamespage> varnish - nid
<zul> jamespage:  crap glance milestone.proposed is using olso.messaging
<jamespage> zul, is it or is that on master?
<zul> jamespage:  milestone-proposed
<zul> jamespage:  aka icehouse-1
<zul> grumble grumble
<jamespage> zul, better get it uploaded then
<jamespage> :-)
<zul> jamespage:  i have it uploaded its just old
<jamespage> Daviey, b-o-m for short
<zul> just need to do an MIR
<Daviey> jamespage: b-o-o-m would be better :)
<jamespage> zul, that should be a nod through right?
<zul> jamespage:  b-o-o-m Daviey jinx
<zul> jamespage:  yeah
<zul> im on it
<jamespage> zul, good man
<jamespage> zul, OK - we have quite a few blocked on http://people.canonical.com/~ubuntu-archive/component-mismatches-proposed.svg
<smoser> jamespage, hoorah!
<smoser> http://status.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/cloud-tools_versions.html
<smoser> http://status.qa.ubuntu.com/reports/ubuntu-server/cloud-archive/cloud-tools-next_versions.html
<smoser> still red, but meaningful red
<zul> jamespage:  yeah im working my way through im kind of ignoring python-nose though since its not a openstack dependency anymore
<jamespage> ok
<jamespage> smoser, we should get b-o-m running for cloud-tools and cloud-tools next
<zul> jamespage:  kombu is mostly done, misaka is blocked on a security review
<zul> jamespage:  we need to package oslo.rootwrap after icehouse-1 is out as well
<zul> jamespage:  ok oslo.mesaging a11 (needed by glance) and MIR filed
<zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/glance/oslo-messaging/+merge/197752
<zul> jamespage:  oslo.messaging MIR approved, and boomed it
<hallyn> zul: it's a problem that 'sudo apt-get dist-upgrade' doesn't cause libvirt-python to be installed automatically.  so you keep your python-libvirt 1.1.4 by default until you fix it
<zul> hallyn:  argh...
<zul> ill fix that up
<hallyn> ok - new tests running (first failed bc i didnt notice the break :)
<jamespage> zul, +1
<zul> jamespage:  thanks
<jamespage> yolanda, ceilometer build fix looks OK _ add one missing BD - down to 35 test failures now!
<jamespage> pushed
<smoser> jamespage, any idea how big a mess this is:
<smoser> https://launchpad.net/~ubuntu-cloud-archive/+archive/cloud-tools-next/+build/5300997
<smoser> dh-systemd dependency
<jamespage> its not that bad tbh
<jamespage> at least I don;t think so
<smoser> ok. i'll give a try
<jamespage> I just had to backport dh-python for 12.04 for the icehouse archive
<smoser> jamespage, did it work ?
<smoser> is it no change?
<jamespage> smoser, yes - but I had to delta it quite a bit
<smoser> hm..
<jamespage> it was already backported for wheezy which was pretty close
<smoser> well i guess my only real option ins to take your work then.
<jamespage> smoser, I'd try it
<smoser> jamespage, so i guess i'll just take your cloud0 and make it ctools0 ?
<jamespage> smoser, do you need dh-python?
<smoser> bah
<smoser> for some reason i was thinking dh-systemd was dh-python
<smoser> yeah, i'll look at it
<jamespage> smoser, is that for mongodb per chance?
<smoser> yes
<jamespage> smoser, boost will be an issue as well
<jamespage> precise has a to-old version
<jamespage> I'd not got to looking at that just yet
<adam_g> jamespage, so theres a bit of hacking we need to do around the neutron config that gets passed thru nova-compute -> nova-compute, currently handled by nova-compute's CloudComputeContext
<adam_g> jamespage, moving that to the charmhelpers context
<jamespage> ok
<smoser> utlemming, can we get trusty builds of maas-ephemeral images turned on ?
<adam_g> jamespage, eek actually this is quite a bit of refactoring
<jamespage> zul, gah - that fix for pbr was not quite enough
<zul> jamespage:  :(
<zul> jamespage:  simplejson fixed
<jamespage> zul, I think I have to drop the u at the start of the string as well
<igalic> Hello happy people.
<igalic> I'm hitting https://bugs.launchpad.net/ubuntu/+source/preseed/+bug/705113 and wondering if anyone knows how to fix it
<uvirtbot> Launchpad bug 705113 in preseed "partman-lvm/device_remove_lvm does not work if volume group name already in use on disk (dup-of: 154086)" [Undecided,Confirmed]
<uvirtbot> Launchpad bug 154086 in partman-auto-lvm "Installing to HDD with previous ubuntu fails to create fresh LVM claiming group already in use" [High,Fix released]
<xnox> igalic: you can wipe the drive clean, or do lvm superblock removal.
<xnox> igalic: if you are doing automated pressed you can wipe it from early command
<xnox> igalic: i have tried to fix this bug for real, but i'm not sure at which point it happens now again / how to reproduce it. Such that I can catch were else it's borked.
<igalic> xnox: I did lvremove only, then ran the setup again. How would I wipe it clean in early command, though?
<igalic> I'd like to fix for future installations too.
<xnox> igalic: lvremove does not remove the "volume group".
<xnox> igalic: you need to remove the volume group.
<xnox> igalic: vgremove.
<igalic> xnox: no. I'm doing an lvremove on the HOST. This is a VM setup. I'm giving the VM a disk that's essentially an lvm partition. But even if I lvremove that partition, when I create a new host on top of it, it'll end in conflict.
<xnox> igalic: from the point of view of booted install, what does it see?
<xnox> igalic: e.g. can you go into advanced partitioning?
<xnox> does it see a blank "disk", which happens to have "ghosts" ?
<igalic> xnox: it sees the same disk that the previous installation created. Which is bad, because I'm running in a preseed, I don't *want* to go into any partioning.
<xnox> (lvremove doesn't zero out the disk, so you do have left over metadata left, the installer goes to create partition table & partitions and if they align identical.... which they will for auto-preseed.... lvm metadata is re-detected and BOOM lvm2 explodes)
<xnox> igalic: before provisioning a VM, do provide it with clean disks.
<igalic> xnox: and I can't preseed that out?
<igalic> lvm/confirm_nooverwrite boolean false  or somesuch?
<xnox> installer scans the disk and sees no partitioning table no nothing, later when it goes to partition it things appear out of the blue and it doesn't know how to deal with it.
<igalic> ah.
<igalic> I see.
<xnox> igalic: you can preseed partman/early_command which does dd if=/dev/zero of=$your-target count=30M or somesuch.
<xnox> igalic: as far as I understand it's a bug in "lvcreate on the host" where "lvcreate" will give you "a random disk with random data on it"
<igalic> "random"
<xnox> igalic: well, last unused extend, which would match last removal in best case scenario
<xnox> igalic: can you try  on the host: lvremove, lvcreate --zero y, provision VM with that created LV and check what happens?
<igalic> xnox: no can-do. lvcreate is done by koan. I will however create a bug report for that.
<xnox> actually that will not zero out the whole volume, only beginning of it.
<igalic> *nod*
<igalic> xnox: count=30M == 30 million?
<igalic> huh?
<xnox> ... 30 MB....
<xnox> do bs=1MB count=30 if you wish.
<igalic> xnox: one 1m was enough.
<igalic> xnox: https://github.com/cobbler/cobbler/issues/664
<xnox> cobbler *shrug*
<igalic> Can someone exlain to me how to set a default gateway for IPv6? http://dpaste.com/1492966/
<jkyle> I accidentally uploaded a package to a ppa that doesn't exist so it was rejected. But when I trie dto dput again to the correct ppa, it says it's already been uploaded
<jkyle> is there a way around that
<henkjan> pff, bug #879324
<uvirtbot> Launchpad bug 879324 in apt "apt-get dselect-upgrade prefers multiarch over native" [Medium,Triaged] https://launchpad.net/bugs/879324
<henkjan> nasty one :(
<hallyn> zul: that's a negatory on the libvirt tests:  http://paste.ubuntu.com/6522197/
<hallyn> i'll take a look tomorrow if you don't find it first, but not tonight
<zul> hallyn:  son of a bitch
<hallyn> s/:/ you/
 * hallyn out, bbl
<Pryath> Do any of you happen to have experience setting up an Amazon EC2 webserver with ubuntu server 13 64bit?
<sarnold> I wouldn't be surprised if I've done that a few times.. are you having trouble?
<Pryath> that is an interesting question, would you mind if I query with you to avoid spamming the channel?
<sarnold> channel would be best, other people can learn or correct me if I'm wrong :)
<Pryath> I've spent many hours trying to configure this thing. After fixing a few obscure errors and problems which should probably have never occured, I'm now having trouble logging in to phpmyadmin. Not only that, but the thing is randomly giving me two different error codes w/ the same message for the same problem ( #2003 & #1130) "Cannot log in to the MySQL server". I'm sure I'm missing something like s
<Pryath> etting a default user/pass, but I already did that when I installed everything. I even reinstalled phpmyadmin to reset the passwords
<Pryath> to say the least I'm so burnt out from fixing all the other problems & I've spent 30 minutes trying to fix this one. I don't know who to ask or where; the problems have been so numerous.
<sarnold> yikes, mysql and phpmyadmin both have iffy security histories; please make sure the configuration of both tools only allows connections from hosts you expect, you have host-based firewalling to only allow connections from hosts you expect, and please double-check your AWS security groups to make sure _those_ only allow connections from hosts you expect.
<Pryath> well my security group disallows public connections
<sarnold> good good
<Pryath> only my ip can ssh in
<Pryath> or use http/https
<sarnold> Pryath: are both mysqld and phpmyadmin running on the same host? is mysql configured to allow connections from localhost if so?
<Pryath> bind-ip was set to 127.0.0.1, I know that because I was trying another tweak
<Pryath> not sure if that's what you mean?
<Pryath> and I believe they are both on the same host
<sarnold> cool. mysql will have a specific username and password used for connecting to it, I can't recall if it is set in my.cnf or set in a database table once you've connected.. make sure it matches your phpmyadmin credentials.
<Pryath> I'm normally a windows user. I've used ubuntu very sparingly so it's been hard to adapt to this
<Pryath> I'll see if I can figure out if that's the case
<Pryath> I looked through my.cnf and I don't see a username or password entry
<sarnold> Pryath: hey, the serverguide has a nice little command for changing the mysqld root password: sudo dpkg-reconfigure mysql-server-5.5
<sarnold> Pryath: https://help.ubuntu.com/12.04/serverguide/mysql.html
<Pryath> I was actually on that page already
<Pryath> it's one of my 20 tabs open
<Pryath> I believe I've already done that
<Pryath> I'll do it again just to see
<Pryath> should my mysql username just be root?
<sarnold> for the user account that will manage the other mysql user accounts, table privileges, etc., yes
<Pryath> "granting access to database phpmyadmin for root@localhost: success.
<Pryath> verifying access for root@localhost: failed.
<Pryath> "
<sarnold> Pryath: is there anything informative in the logs?
<Pryath> it's quite amusing actually, it says "error encountered creating user:" but it's just a blank line after that
<Pryath> oh by the way this is me doing sudo "dpkg-reconfigure -plow phpmyadmin"
<Pryath> I already did mysql, there were no errors for that
<Pryath> well anyways, I've been at this for too long and need a break. Thank you for trying to help me sarnold
<sarnold> Pryath: good luck, keep at it, and don't forget to read through the log files... they're your friends. :) good luck!
<sponzor> hi. i seted up vsftpd ssl on ubuntu 12.04 server. i added users and tested. everything works fine.. now im trying to access files that i uploaded over ftp to server via browser. so when i go ftpserver:990 and then type in ftp:ftppass and see files.. can someone point me to the right direction for google on that?
<sarnold> sponzor: what's wrong? it sounds like it works fine?
<sponzor> yeah when i go to ip:990 it askes for user:pass and it wont accept it
<sarnold> are there any error messages in the vsftpd log files that might indicate why it rejected the username and password?
<sponzor> yeah Thu Dec  5 00:29:57 2013 [pid 1] [anonymous] FAIL LOGIN: Client "10.0.0.11"
<sponzor> but i get this error even  if i dont enter password
<sponzor> and i disabled anonymous in .conf
<sarnold> sponzor: perhaps the browser tries anonymous and username@domain as password when trying to retrieve the directory listing in the first place?
<sponzor> tryed username@domain its same
<sarnold> sponzor: try ftp://username:password@ftpserver:990/   and see what that does?
<sponzor> same error and askes for us:pass this is conf i double checked it and it looksfine http://pastebin.com/kDDFZdR2
<sponzor> do i have to edit apache sites to make it work?
<sarnold> sponzor: what is listening on port 990? apache or vsftpd?
<sponzor> vsftpd
<sarnold> is that how you -want- to get to the files via web browsers?
<sarnold> I've assumed this whole time that you wanted to use vsftpd as the server and configure it for both good ftp clients (like lftp) and bad clients (like web browsers :)
<sponzor> ah no :D if someone needs to download i can gaeve him link to file and username:pass (chrome firefox..... much easer than ask him to install filezilla or something... half of ppl cant even connect with filezilla :/ and other half like me cant make server to work :D
<sarnold> sponzor: that's not a surprise, ftp is a horrible protocol, half the firewalls in the world break ftp. hehe.
<sarnold> sponzor: if you want folks to use web browsers, it would probably be best to also configure apache to have access to these files, and serve them up via http on a different port
<sarnold> you could use http authentication if you wanted to restrict it by username/password, but that would be a separate apache-owned username/password database in the easiest cases
<sponzor> hmm thats even better i can make different users with no rights to use ftp, but only to download from web. great advice
<sarnold> sponzor: I've used mod_authn_file with good success for small numbers of users: http://httpd.apache.org/docs/2.2/howto/auth.html
#ubuntu-server 2013-12-05
<sarnold> hallyn,zul, do i recall someone recently complaining about qemu dying with a message "virtio: trying to map MMIO memory"? This looks important: http://lists.linuxfoundation.org/pipermail/virtualization/2013-December/025830.html
<hallyn> sarnold: well it sounds like https://bugs.launchpad.net/qemu/+bug/818673  except the link you posted only mentions 9p-virtio
<uvirtbot> Launchpad bug 818673 in qemu "virtio: trying to map MMIO memory" [Undecided,New]
<nocturnal_> i just installed ubuntu server on this old proliant server i found. is there a way to access it from my laptop but login with a gui?
<nocturnal_> i know i can ssh into it but i wish i could use a gui for some things
<arie_kiyoshi> assalamualaikum all
<jamespage> smoser, I'd suggest an alternative approach to backporting mongodb
<jamespage> its only a small delta to make it compat with what's already there
<jamespage> smoser, backporting boost is something we really don't want todo
<jamespage> smoser, this is the mongodb delta - http://paste.ubuntu.com/6524540/
<jamespage> I think that is acceptable to carry
<jamespage> I've started pushing delta branches to ~ubuntu-cloud-archive on launchpad so we can manage this easier
<jamespage> zul, ^^
<jamespage> can you both review and +1 that for upload
<jamespage> thanks
<zul> jamespage:  +1
<jamespage> zul, btw I fixed openvswitch in trusty to work OK on 12.04
<jamespage> zul, but the tests fail in the PPA
<zul> jamespage:  i see
<zul> jamespage:  https://code.launchpad.net/~zulcss/python-troveclient/simplejson/+merge/197865
<jamespage> zul, conditional approve
<zul> jamespage:  just fixed
<zul> jamespage:  https://code.launchpad.net/~zulcss/glance/oslo.messaging-refresh/+merge/197870
<zul> jamespage:  im going to fix this nova build and then get to icehouse-1, can you please +1 the glance merge for me please?
<jamespage> zul: +1
<zul> jamespage:  thanks
<zul> jamespage:  that was easier than i thought: https://code.launchpad.net/~zulcss/nova/sphinx-build/+merge/197890
<zul> jamespage:  im starting to do icehouse-1
<jamespage> zul, ack
<jamespage> zul, +1 on that merge above
<zul> jamespage:  thanks
<smoser> jamespage, that mongodb is great if we can keep it that minimal.
<smoser> i uploaded libboost and -dev and dh-shystemd to cloud-tools but will drop them.
<smoser> do you have a plan for handling this delta?
<jamespage> yes
<smoser> and you coul just drop the dh-systemd with no fallout ?
<jamespage> smoser, yes
<smoser> so for now can i / should i just upload your mongodb to cloud-tools also ?
<jamespage> smoser, that should work yes
<jamespage> I'm uploading to icehouse-staging as we speak
<smoser> gracias
<jamespage> so I may as well go get a coffee
<jamespage> the branch is up-to-date
<smoser> branch ?
<jamespage> smoser, lp:~ubuntu-cloud-archive/ubuntu/precise/mongodb/precise-icehouse
<jamespage> I propose that we manage delta using full packaging branches - which allows us to treat them like merges from debian
<jamespage> zul, ^^ - that approach will stop us loosing delta
<smoser> so i should od one of ubuntu/precise/mongodb/precise-cloudtools ?  you think ?
<zul> +1 from me
<jamespage> smoser, yes - I should think so
<smoser> bah.
<smoser> debuild -S on mongodb wants scons and boost-dev
<gQuigs> what version of openvswitch should be used with the lts-saucy kernel on 12.04?
<jamespage> gQuigs, you can either use the openvswitch from the havana cloud archive
<jamespage> OR
<jamespage> you can wait for the openvswitch-datapath-dkms-lts-saucy package to appear - but not just yet
<jamespage> it will be 1.10 release
<gQuigs> jamespage: thanks!
<jamespage> gQuigs, the lts-saucy package is just the dkms module - we don't backport the userspace tooling
<jamespage> you need to use the cloud-archive for that
<gQuigs> jamespage: I didn't see a lts-saucy dkms driver, should I use raring?
<jamespage> " you can wait for the openvswitch-datapath-dkms-lts-saucy package to appear - but not just yet"
<gQuigs> (raring's dkms driver)
<zul> jamespage:  just as a heads up i had to use OSLO_PACKAGE_VERSION in the nova debian/rules because we rename the tarball and then we are fighting python-pbr (for rc1)
<zul> er...icehouse-1
<jamespage> ok
<zul> jamespage:  just doing a local build first
<gQuigs> jamespage: oh are you saying that I shouldn't use the lts-saucy kernel with openvswitch until the dkms package appears?
<jamespage> yes
<gQuigs> jamespage: (for customer) trying to see if a bug is fixed in the 3.11 kernel..  any other way?
<gQuigs> specifically just for testing...
<jamespage> gQuigs, use the openvswitch from the havana cloud archive
<jamespage> it does work with 3.11 kernel
<jamespage> https://wiki.ubuntu.com/ServerTeam/CloudArchive
<gQuigs> jamespage: oh, so no dkms driver is needed with that...
<jamespage> gQuigs, that version includes the dkms driver - but the native kernel module does have GRE support in 3.11
<gQuigs> jamespage: awesome, thanks!
<zul> jamespage:  i love regressions
<smoser> jamespage, i'm sure i'm being especially stupid
<jamespage> smoser, ?
<smoser> but i can't even get debuild -S to work for mongodb
<jamespage> smoser, urgh - yeah
<jamespage> scons winges
<smoser> http://paste.ubuntu.com/6525386/
<jamespage> smoser,  try bzr bd -S -- -nc
<jamespage> -nc is not nice but works
<jamespage> I'll fix that up in Debian (along with not being able to disable tests right now)
<smoser> i guess 'bzr bd -S -- -nc' preceeded by 'rm -Rf * .pc && bzr revert' is probably pretty clean
<jamespage> zul, do you need some help? there are quite a few things for icehouse1?
<zul> jamespage:  nah im good
<jamespage> zul, its not actually released yet is it?
<zul> jamespage:  some of them are
<zul> jamespage: nova neutron ceilometer glance keystone are
<jamespage> zul, I'll plug away at CA deps then
<jamespage> fyi python-webtest is uninstallable at the moment but that's at the bottom of the list
<zul> jamespage:  cool thanks...how is openvswitch going?
<zul> jamespage:  ack..
<jamespage> zul, well the suggestion was that I try building it on a server with the hardy kernel used by the PPA's
<jamespage> and I'd not wasting time doing that
<zul> jamespage:  heh
<jamespage> it can stay broke for the moment - 1.10.0 is enought for now
<zul> ack
<jamespage> zul, doing libvirt next - need to stick in a delta
<zul> jamespage: yeah i have a debdiff if you want it
<jamespage> zul, pastebinit
<zul> jamespage:  gimme a sec
<zul> jamespage:  http://paste.ubuntu.com/6525457/
<zul> jamespage: nova icehouse-1 ready in a sec
<zul> jamespage:  https://code.launchpad.net/~zulcss/nova/2014.1.b1/+merge/197919
<jamespage> zul, OSLO_VERSION due to switch from .b1 to ~b1 right?
<zul> jamespage:  yep we should be able to switch it when icehouse is actually out
<jamespage> yeah
<jamespage> zul, two minor comments
<zul> jamespage:  pushed
<zul> jamespage:  i mean corrected
<jamespage> zul, fix the double space after OSLO_VERSION in the changelog and then +1
<jamespage> I don't need to re-approve
<zul> jamespage:  done
<zul> jamespage:  https://code.launchpad.net/~zulcss/neutron/2014.1.b1/+merge/197922
<jamespage> zul, OK - python-webtest installability is block the builds for precise
<jamespage> I'll try fix that up
<jamespage> zul, nova is still failing to build in the lab for some reason
<zul> yeah seems to be blocking python-pecan
<zul> nova for precise or icehouse?
<jamespage> zul, for trusty
<zul> jamespage:  ok ill have a look
<jamespage> the sphinx doc build borkes
<zul> jamespage:  i think its pbr thats causing problems
<zul> anyways ill have it look
<zul> jamespage:  https://code.launchpad.net/~zulcss/ceilometer/2014.1.b1/+merge/197927
<jamespage> zul, +1
<w0rmie> for a cluster configuration nfsbooted could not be located while installing it (ubuntu 13.10)
<w0rmie> any ideas?
<roaksoax> is there a way we can allow daemons to bind to non-root ports?
<roaksoax> jamespage: thoughts?
<roaksoax> smoser: ^^
<jamespage> roaksoax, authbind
<roaksoax> jamespage: so that's standard then?
<jamespage> roaksoax, did you mean that the other way around?
<roaksoax> jamespage: have you used it in any package?
<jamespage> roaksoax, I think tomcat7 uses it
<roaksoax> jamespage: nah, maas is using authbind now for cluster celery to bind to a port (it not being root), just trying to figure out the way to do it right
<roaksoax> jamespage: k thanks!
<w0rmie> for a cluster configuration nfsbooted could not be located while installing it (ubuntu 13.10)
<w0rmie> any ideas?
 * hazinhell read through the cgroup manager discussion http://thread.gmane.org/gmane.linux.kernel.containers.lxc.devel/5272
<zul> roaksoax:  ping
<zul> roaksoax:  can you +1 this https://code.launchpad.net/~zulcss/glance/2014.1.b1/+merge/197941
<rbasak> smoser: on bug 1257082, the Debian upstream bug is against ntp, not isc-dhcp. I'll change that, shall I?
<uvirtbot> Launchpad bug 1257082 in ntp "MAAS does not use NTP servers specified in DHCPD options" [High,Confirmed] https://launchpad.net/bugs/1257082
<rbasak> smoser: AFAICT, isc-dhcp is doing exactly the right thing.
<smoser> sure. change it that sfine.
<smoser> and, yeah, i agree.
<genii> I think isc-dhcp is pretty much abandoned. The last changes in the dhclient-script for instance are 2005, plus the -n switch doesn't work and no one seems inclined to fix it.
<rbasak> genii: perhaps it's just that it's working well enough that it doesn't need any significant attention? For your -n switch problem, is there a bug with a patch in it?
<rbasak> genii: it's a pretty critical package so I'd be surprised if it's really abandoned.
<rbasak> People ask me about some of my projects often. They're not abandoned; they're feature complete with no significant bugs!
<genii> rbasak: Actually, the dhclient-script had numerous bugs in it, a colleague of mine went over it last week and fixed them in our local copy. That one was easier since just a shell script. We're working on looking at the dhclient binary now to see about fixing the -n issue and some others.
<rbasak> genii: thank you for your work. Please send them to Debian!
<genii> Hehe
<Pryath> I'm using an Amazon AWSEC2 ubuntu server 13.10 64bit system. When upgrading I get this message "A new version of /boot/grub/menu.lst is available, but the version installed currently has been locally modified. What would you like to do about menu.lst?"
<Pryath> should I keep the local version or install the package mainter's version?
<rbasak> Pryath: I believe accepting the package maintainer's version is fine. I think it's an issue that something on the system modified it (not you), and so it shouldn't need to prompt you. However, I'm not absolutely sure, so if your server is mission critical then you shouldn't proceed on my account.
<rbasak> Pryath: and you had backups of everything available before you started the upgrade, right?
<Pryath> rbasak: it's a new instance of amazon AWSec2
<Pryath> so there's nothing to backup, thank you for the advice
<Pryath> hrm I guess it didn't work anyways
<Pryath> rbasak should I be worried about this? http://pastebin.com/S1rUCyHD
<Pryath> Re-running the upgrade it appears there are no longer any updates to install
<zul> roaksoax:  https://code.launchpad.net/~zulcss/keystone/2014.1.b1/+merge/197955
<zul> jamespage:  https://code.launchpad.net/~zulcss/horizon/2014.1.b1/+merge/197957 one more after this
<zul> roaksoax:  https://code.launchpad.net/~zulcss/horizon/2014.1.b1/+merge/197957 one more after this
<Pryath> don't use ubuntu often; what do I do if mysql 5.7 asks me for root password at install? There is no root password but it's not letting me continue by leaving it blank
<gdhagger> Pryath, give it some password for now, remove the password after install.  not ideal, but should work - unless they made root pw mandatory in mysql 5.7 itself
<Pryath> this whole process has been a nightmare. I finally got it all working only to find ubuntu is still on 5.5
<Pryath> which is not compatible with my tables (in certain ways)
<Pryath> but when I do a manual install it's like impossible - there's so many things to reconfigure and so many obscure error messages
<rann> hey all, just a heads up, not sure where to file, but we're seeing consistent kernel panics at boot on linux-image-3.2.0-57 (virtual machines on top of VMware ESXi 4.1). (re)booting with -56 works. A quick search on the bugtracker and google shows no known issues.
<sarnold> rann: 'ubuntu-bug linux' ought to get you most of the way to the bug report
<bogeyd6>  166335
#ubuntu-server 2013-12-06
<zzxc> Hey does anyone have any experience with setting up AFP?
<sarnold> zzxc: I used netatalk 13, 14 years ago with good success. Of course that predated OS X clients... :)
<zzxc> sarnold: Is there a need to create an afp user and password like there is with samba?
<markthomas> zzxc: afp uses user-based authentication if that's what you're asking.
<sarnold> zzxc: In a quick search of the code, initscripts, I don't see any code that'd require creating a user for netatalk, it looks like it should run as root in the usual case
<zzxc> markthomas: If it works as it does for osx I would imagine that it would just be the user's login (as in the same that you ssh into)
<markthomas> yes.
<zzxc> sarnold markthomas: I"m trying to share the /mount directory. I get prompted for a user name and password, but the login creds error.
<zzxc> I'm going to make the pretty obvious guess that the reason is that my user may not have be the owner or have rwx premissions for that directory...
<markthomas> zzxc: why afp?
<zzxc> markthomas: primary os is osx. I also have a samba share right now but honestly its a pain in the ass.
<sarnold> yup, that sounds like samba. :/
<markthomas> I have smb and afp here, and between linux and mac i find smb less of a hassle. and yes, i just used samba and "less hassle" in the same context.
<sarnold> zzxc: does netatalk use pam to authenticate users? if so does your /etc/pam.d/netatalk look correct?
<zzxc> sarnold: Let me check one second.
<zzxc> sarnold: The pam.d/netatalk doesn't have any documentation. It includes common-{auth,account,password,session). But I'm not really sure what its suppost to look like
<sarnold> zzxc: okay, that'd probably be sufficient for the user to log in at the console.
<sarnold> zzxc: is there anything more useful in the logs?
<sarnold> check both /var/log/auth.log and netatalk logs
<zzxc> markthomas: honeslty the majority of my issues boil down to premissions, though being able to let other users login in should they want and having it broadcast via bonjour (since only two of my close friends have windows) would be nice.
<zzxc> sarnold: There are afp log messages in auth, but when I tail it nothing and try the same creds, nothing happens/
<sarnold> zzxc: *sigh* sorry, I'm not seeing anythjin in the manpages or source that looks useful. :/
<sarnold> zzxc: if you give it username/password you know are bogus, do you get the same or different error?
<zzxc> sarnold: Nope tells me its a bad login and reprompts me.
<sarnold> zzxc: different error?
<zzxc> That please contact you're network admin message is soo irrating when you're the network admin.
<sarnold> hehehe, yes
<zzxc> sarnold: No error message, the login prompt shakes and prompts you to try agian.
<sarnold> zzxc: is that the same or different than happens when you give it the good username and password?
<sarnold> I'm curious if the authentication works but it fails somewhere else..
<zzxc> sarnold: "Check the server name or IP address, and then try again. If you continue to have problems, contact your system administrator." is when its a valid user and password. Otherwise it just shakes the prompt and ask me for it agian.
<zzxc> sarnold: Nothing is showing up in the netatalk logs, and when it does error out I don't get a message in the auth logs.
<sarnold> zzxc: okay, cool, a thread to pull on. :) are you trying to mount a filesystem / directory that isn't exported? how do permissions look like for that directory and all directories above it?
<zzxc> sarnold: I'm trying to mount my /mount/sda directory.
<zzxc> sarnold: Orginally I was just trying to mount my /mount drive, figuring it would be nice to have access to everthing there.
<zzxc> and orginally mount was owned by root, Its currently owned by me now and I ahve full permissions to it and everything inside.
<zzxc> sarnold: this is the line from the how to guide I was looking up "/mount/sda BlackBox allow:james options:userdots,upriv"
<sarnold> zzxc: sorry, got into a conversation...
<sarnold> zzxc: how about ls -ld /mount /mount/sda  ?
<zzxc> sarnold: No worries rwxr-xr-x and james:root on both
<sarnold> zzxc: man. that sounds like it ought to work. :(
<zzxc> yeah I know its getting super annoying at this point.
<sarnold> zzxc: so I guess it's time to bring out the unfun tools -- you could use fatrace to see what files are being accessed, or you could strace -p <pid of the server> -- and see if you can follow the system calls that lead to the decision to reject access.
<sarnold> zzxc: if neither of those give you much to work with, you can try ltrace -- that traces function / library calls, not just system calls -- maybe it'll be more direct about the problem, but it's often like drinking from the firehouse
<sarnold> firehose :)
<zzxc> ack. I think I'll call it quits and look at it later with a fresh pair of eyes.
<sarnold> zzxc: good luck! if you figure it out and don't mind, I'd be curious to hear the result.
<sarnold> zzxc: time for me to call it a day too :)
<zzxc> sarnold: Thanks for you help with it. I'll let you know if I figure it out.
<blueking> hello again
<blueking> just wonder:  route -n shows 169.254.0.0     netmask 255.255.0.0 are added to routing table  right out of sky...  interfaces file or hosts file does not have this ip/netmask    saw  one could Append the following directive: NOZEROCONF = yes  in file /etc/sysconfig/network     but there are NO sysconfig folder in /etc on ubuntu 13.10 installation
<blueking> I am lost :(
<fishcooker> im on ubuntu server there is an option about the kernel thing?
<fishcooker> which one should i choose
<fishcooker> im on ubuntu server installation.. there is options about to choose the kernel, which one should i choose?
<e_t_> fishcooker: Choose the one with the highest version number, probably the one at the top of the list.
<fishcooker> thanks e_t_: i go with linux-image-generic
<fishcooker> https://help.ubuntu.com/community/ServerFaq#Is_a_dedicated_SMP_kernel_available_from_the_Ubuntu_Server_installation_CD.3F
<eagles0513875> hey guys any samba experts in here. I have a question in regards to ACL's im guessing samba ignores the ACL's on ubuntu server and uses its own correct?
<jamespage> zul, I uploaded webtest again with waitress as depends - it really is needed
<jamespage> the package won;t work without it - however pyquery and lxml are suggests IMHO so did that as well
<jamespage> zul, I took a libbo and re-introduced the sqlite patch you dropped back into the heat packaging - it was causing a dep-8 failure
<jamespage> pushed and uploaded
<jamespage> zul, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728425 is blocking backporting python-babel - which is preventing other things from passing tests right now
<jamespage> nova
<uvirtbot> Debian bug 728425 in src:python-babel "FTBFS in a sbuild chroot" [Serious,Open]
<makara> what was to blame for the Ubuntu Forums being hacked?
<jamespage> zul, babel fixed - I've submitted the fix back upstream
<jamespage> non-deterministic test cases - gotta love-em
<blueking> hello
<blueking> kernel sets iprouting 169.154.0.0   netmask 255.255.0.0     been reading that one can set  nozeroconf=yes in /etc/sysconfig/network   but on ubuntu 13.10 there are no folder  /etc/sysconfig     couldn't find solution on ubuntu   someone who can help me ?
<blueking> when I connect  ethernet cable to laptop   it gets two IP  192.168.2.10   and  was given auto  169.254.x.x     and net unreachable
<blueking> anyone knows if one can put nozeroconf= yes in /etc/network/interfaces ?
<rbasak> blueking: can you specify exactly what you're trying to do? Ubuntu people aren't necessarily familiar with RH/Fedora config syntax.
<blueking> rbasak:  problem are  kernel somehow adds iprouting  169.254.0.0
<blueking> I need to disable that
<blueking> I disabled some avahi stuff but  kernel kept on putting iprouting 169.254.0.0 back
<rbasak> blueking: are you getting this address on a desktop machine? Or a server machine?
<blueking> route -n show  169.254.0.0
<blueking> and mine laptop   that I connect to net with cable  gets  192.168.2.10 AND 169.254.x.x
<blueking> and the net    are pending on off   all the time
<blueking> when connect to another  basic router  no problem
<rbasak> It sounds like you have a desktop issue. Try #ubuntu.
<blueking> not desktop issue
<rbasak> It sounds like you need to adjust your network manager settings in some way, since that's what gets you your address on a desktop machine by default.
<blueking> route -n show that kernel adds iproute 169.254.0.0
<blueking> on  other distro they can set nozeroconf= yes to turn it off
<rbasak> blueking: are you getting this address on a desktop machine? Or a server machine?
<blueking> rbasak:  on server machine
<blueking> with route -n that is
<rbasak> blueking: I don't understand why you'd get that. A default Ubuntu server installation does not use Zeroconf.
<blueking> rbasak:  I even tried to set up static ip to my laptop   and turned off dhcp on laptop   and put in ip manual  still it received 169.254.x.x adress
<rbasak> If your laptop gets a 169.254 address it is because it cannot find a DHCP server to give it a correct address (or, very unusually, a DHCP server is handing out bad addresses)
<rbasak> Do you have a DHCP server daemon running on your server?
<blueking> isc-dhcp-server
<rbasak> It sounds like you have some significant non-default thing going on either on the server or on your laptop. Getting a Zeroconf 169.254 address is automatic. There's nothing to disable on a server for this since normally there is no server component that "issues" such an address; a client just picks up one that is available without the help of a server.
<zul> jamespage:  cool
<rbasak> Exceptionally, I suppose a DHCP server could be misconfigured to hand these out, but that seems unlikely. I suggest you run a tcpdump on both the server and laptop to figure out where from and how you get that address.
<jamespage> zul, babel is backported now
<jamespage> I think that might mean nova can build ok on precise now :-)
<blueking> ok have to figure out how to make tcpdump
<zul> jamespage:  cinder as well
<jamespage> zul, unfortunately it missed the last b-o-m run
<blueking> rbasak:  think problem came after I installed webmin
<rbasak> blueking: could be.
<rbasak> !webmin | blueking
<ubottu> blueking: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<blueking> and had some issues with making isc server visible on it... and might be that dhcp3 server been enabled somehow
<blueking> oh so webmin are reason
<jamespage> rbasak, what was so bad about how webmin managed configuration files?
<rbasak> jamespage: no idea. All I know is that everyone says it's broken!
<jamespage> rbasak, well I agree that webmin is probably so out-of-date
<jamespage> but was it not superceded by ebox and then zentyal?
<rbasak> I'm not saying that it is webmin in this case. Just that webmin does stuff, and is not recommended, and blueking seems to have had stuff done to his server and it's not working, so it's worth investigating that possibility.
<jamespage> right
<jamespage> fair enought
<blueking> could u mention how to search/find packages that currently are installed on system ?
<blueking> without webmin that is
<blueking> apt-cache search  looks for all packages   but want to check what are current in system
<rbasak> blueking: dpkg -l
<blueking> ok
<rbasak> blueking: that'll also show you removed packages that aren't purged. See the dpkg manpage for details, but I think "dpkg -l|grep ^ii" or something will filter to installed packages.
<jamespage> zul, cinder and heat have flushed through to the CA staging area
<jamespage> zul, I think everything else is still held up in trusty-proposed right now
<zul> jamespage:  ok ill kick off the builds for precise testing (nova/cinder)
<jamespage> ?
<zul> precice-icehouse-nova/cinder
<jamespage> zul, nova should go through next run - it missed new babl
<jamespage> precise-icehouse-nova is running right now
<zul> ack
<zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/keystone/tests-refresh/+merge/198066
<zul> jamespage/roaksoax: https://code.launchpad.net/~zulcss/python-heatclient/mox3/+merge/198068
<zul> jamespage:  it looks like swift-bench has moved out into its own project
<jamespage> zul, your heatclient branch conflicts
<zul> jamespage:  damn it
<zul> jamespage:  better branch https://code.launchpad.net/~zulcss/python-heatclient/mox3/+merge/198072
<jamespage> yolanda, did you push a new update with more unit tests for the heat charm?
<zul> jamespage:  i added a WI for swift-bench
<zul> jamespage/roaksoax:  https://code.launchpad.net/~zulcss/swift/swift-bench/+merge/198073
<jamespage> zul, minor niggle on keystone
<jamespage> zul, swift +!
<jamespage> 1 rather
<zul> jamespage:  keystone niggle fixed
<jamespage> zul, nova just b-o-m'ed
<jamespage> gonna milk this for all its got!
<zul> jamespage:  sweet
<jamespage> zul, oh - I tried your patch for libvirt - that was OK _ but I got a test failure - any chance you can take a look sometime today and see if its easily fixable/reproducable?
<zul> jamespage:  it was failing on some client test?
<zul> jamespage: (backporting python-mox3)
<jamespage> zul, http://paste.ubuntu.com/6530065/
<jamespage> zul, so I see
<hallyn_> stgraber: might be nice to have options to the ubuntu and ubuntu-cloud templates to specify apparmor profile
<hallyn_> (preferably by shorter names)
<hallyn_> lemme know if you have thoughts on that
<jamespage> zul, I get email on uploades (james page == openstack ubuntu testing bot)
<zul> jamespage:  yeah i had the same problem
<zul> jamespage:  unfortunately the libvirt tests are  light on the verbage
<jamespage> zul, any idea on the qemu failuer?
<zul> jamespage:  not yet
<zul> jamespage:  i blame hallyn somehow ;)
<hallyn_> i accept nothing
<jamespage> zul, python-crypto builds OK locally - odd
 * jamespage looks deeper
<zul> jamespage:  looking at qemu
<jamespage> zul, ta
<jamespage> something about DTC not being avaliable
<zul> jamespage:  it would help if i used the right release :)
<hallyn_> zul: all right, re-running the libvirt tests on trusty, first without your ppa then with.
<zul> hallyn_:  ack
<zul> jamespage:  "ERROR: DTC not present." ?
<roaksoax> rbasak: when an arm machine is first booted in MAAS, it loads an i386 ephemeral image to get it enlisted?
<rbasak> roaksoax: ?
<rbasak> roaksoax: no, it uses an armhf ephemeral image.
<rbasak> Did I say i386 somewhere?
<roaksoax> rbasak: how does it know to use one?
<rbasak> Ah. Now that's a very good question :-)
<roaksoax> rbasak: i mean, when it pxe boots, config.commissioning.template is used, and that itself tests for amd64 or i386
<rbasak> Right now, highbank does it by falling back to fetching /pxelinux.cfg/default.arm.highbank (or something like that), then default.arm, then finally default.
<rbasak> MAAS' dynamic TFTP implementation picks up on that, and serves a suitable default file, which fetches the correct arch kernel/initrd.
<rbasak> I never had to connect anything between the correct arch kernel/initrd and the correct arch ephemeral as far as I can remember. I presume the code already DTRT.
<rbasak> Another possible mechanism is a DHCP vendor identifier option, which U-Boot does provide. But we ended up not using that.
<rbasak> So the amd64/i386 differentiating pxelinux template is never used in the armhf case.
<yogeshsarwate> Hi all i got a dns addresses on noip.com i want to run my own email server and irc chat server can anybody guide
<zul> qemu: i think it needs a newer libfdt-dev so i back ported it
<rbasak> roaksoax: notice that /etc/maas/templates/pxe/config.commissioning.armhf.template is distinct from the more generic  config.commissioning.template
<rbasak> IMHO it should be the other way round, as it's the Intel case that's special, but never mind.
<roaksoax> rbasak: yeah... for some reason I thought it, by default, any type of hardware uses cponfig.commissioning.template, but I guess for arm it uses config.commissioning.armhf.template before the machine is even enlisted
<rbasak> Right
<rbasak> The TFTP server does the detection.
<rbasak> (currently)
<roaksoax> rbasak: where in the code is that exactly, do you know?
<rbasak> Looking
<rbasak> roaksoax: http://bazaar.launchpad.net/~maas-maintainers/maas/trunk/view/head:/src/provisioningserver/tftp.py
<rbasak> roaksoax: the regex picks up the default-(whatever) in lines 93-111.
<roaksoax> rbasak: eah that's where I'm looking
<roaksoax> rbasak: i see now, cool thanks!
<rbasak> The code that used the resulting match used to be in there, but I guess it's moved now.
<jamespage> zul, for some reason python-crypto won't build in the lab
<jamespage> its OK on ppa and locally
<zul> jamespage:  weird
<hallyn_> zul: what time is the openstack-lxc mtg?
<jamespage> zul, i see the issue
 * jamespage twiddles a knob
<jamespage> zul, fixed - for reference the schroot's where not providing a /dev/shm
<jamespage> (using tmpfs)
<jamespage> zul, you need to fix that niggle for keystone harded - forwarded is spelt incorrectly
<yogeshsarwate> Hi
<jamespage> zul, urgh - heatclient needs mox and well as mox3 btw
<jamespage> I'll fix that and merge your change if thats ok
<zul> jamespage:  okies
<zul> jamespage:  that needs to be fixed upstream it should use mox3
<jamespage> zul, ah - OK
<jamespage> zul, well I pushed it with both for the time being
<zul> jamespage:  yeah im submitting a patch upstream
<jamespage> zul,  keystone and we are all green in ci for icehouse btw
<zul> jamespage:  ill poke at keystone
<jamespage> zul, your mp is not merged yet
<zul> jamespage:  qemu is building in bom btw
<jamespage> yeah - I see
<jamespage> nice
<zul> jamespage:  https://code.launchpad.net/~zulcss/keystone/tests-refresh/+merge/198066
<w0rmie> i've some problems with tftp-hpa configuration, the package is installed, but no file such /etc/default/tftpd-hpa to set
<w0rmie> any ideas?
<markthomas> w0rmie: check /etc/default/tftp-hpa
<w0rmie> markthomas: the default folder with a simple ls does not contain any file named tftp-hpa
<jamespage> zul: just checking that now - I'll merge it if its good
<zul> jamespage:  okies we just have libvirt and libunwind to worry about
<w0rmie> markthomas: should i create a file to set the tftp-hda to default task?
<markthomas> w0rmie: checking.  sec
<jamespage> zul, I did an install of everything from the trunk testing ppa
<markthomas> w0rmie: trying to figure out why I have one.
<jamespage> swift appears to have lost all is upstart configs for some reason
<markthomas> w0rmie: yes, the upstart job for tftp-hpa loads /etc/default/tftp-hpa
<w0rmie> markthomas: ok, should i create a new file with the defaults for tftp-hpa or i should fin an existing file into /etc/defaults/ named tftp-hpa?
<markthomas> There are four options listed in the tftp-hpa defaults file.  You can find them in the upstart script.
<zul> jamespage:  er?
<markthomas> w0rmie: have a username of tftp, directory is whatever, address is 0.0.0.0:69, options="--secure -vvv"
<jamespage> zul, its odd - non of the packages have upstart configs any longer
<zul> jamespage:  wtf?
<jamespage> zul, same on trusty and precise
<highvoltage> it was zapped with lennart's deathray
<zul> jamespage:  keystone does.
<jamespage> zul, yes - it appears to be isolated to swift
<zul> jamespage:  hmm...ill have a look
<jamespage> zul, I'm looking
<zul> jamespage:  ok ill poke libvirt then
 * jamespage breaths again
<jamespage> the release version in saucy/trusty does
<jamespage> must be something in the branch
<jamespage> zul, keystone merged
<zul> jamespage:  cool thanks
<zul> jamespage:  could be over zealous cleanup by me
<jamespage> zul, http://paste.ubuntu.com/6530751/
<jamespage> wanna +1 that? saves a mp
<zul> jamespage:  arrgh...yeah +1
<jamespage> zul, I've dropped b-o-m to run daily instead of hourly now
<zul> jamespage:  ack
<jwal> Hi.  I am trying to setup a non-interactive install of roundcube from the debs.  It is all working - using debconf-set-selections - except I am being prompted for a password.  I just have to hit enter for it to continue (using pgsql ident).  Can somebody help me debug what is happening? (also asked in #ubuntu, sorry for cross post)
<zul> jamespage:  maybe leave it at daily and when the milestones come around turn it on for hourly?
<ersi> Kind announcement: Today is the last day to do the FLOSS survey 2013: http://floss2013.libresoft.es/
<jamespage> zul, well it can be run manually as well
<zul> jamespage:  true just thinking
<jamespage> smoser, I'm getting bored of syncing image data - have you started on a simplestreams charm yet  - or can I start hacking on one
<smoser> jamespage, not started on said charm.
<smoser> you are welcome to do that for sure.
<jamespage> great
<smoser> i dont know that i understood why you think its a separate charm thoug
<smoser> rather than just confiuration of glance charm
<jamespage> smoser, so when we want to use it with maas - its not tied to glance :-)
<smoser> i dont follow
<jamespage> that's entirely hypothetical
<smoser> oh. maybe i see a bit.
<jamespage> smoser, I actually pushed back on a MP to include this in the glance charm this week; I think it complicates the glance charm when it does not need to
<smoser> boo
<smoser> link to mp ?
<jamespage> smoser, can't find it now
<jwal> The answer was to 1) run install in interactive mode 2) copy the relevant output from debconf-get-selections 3) [the step I was missing] change any line ending "password" to "select" (for an empty password) 4) apply the config using debconf-set-selections
<bitbyte> hey guys I have a quick question any one able to answer ?
<bitbyte> basically i'm setting up strong swan with my home router and its not got a static ip and the server sits behind a firewall performing NAT I keep getting policy=PSK error. Am i going to be able to resolve this issue ? as some suggest the L2TP/IPSEC vpn can not work if the router is performing NAT which the server sits behind
<bitbyte> Basically i'm setting up strong swan with my home router and its not got a static ip and the server sits behind a firewall performing NAT I keep getting policy=PSK error. Am i going to be able to resolve this issue ? as some suggest the L2TP/IPSEC vpn can not work if the router is performing NAT which the server sits behind
<markthomas> bitbyte: why IPSEC and not OpenVPN?
<bitbyte> I've elected to use Strongswan and try setup IPSEC
<markthomas> bitbyte: Is this a learning project, or does it fit a specific business or technical need?
<bitbyte> It's just personal learning to setup a strong IPSEC VPN
<sarnold> I don't know the technical details since our admin set it all up for us eight years back, but we used ipsec for our vpn and we all had NAT systems at home and at the office and things worked out great. though our admin did have the ability to set up the ipsec gateway on the firewall itself, iirc.
<bitbyte> the real issue i can see at the moment is that I'm having issues defining the inbound ip's cause they will all be dynamic ones connecting as it will be from different locations.
<bitbyte> but I did think that having right=%any and rightsubnet=0.0.0.0/24 would resolve that
<bitbyte> but I keep running into this pesky PSK error
<markthomas> bitbyte: It's been quite a few years since I deployed an IPSec VPN as well.
<bitbyte> It's been a challenging project the security guys at my work suggested strong swan but only get to quiz them during work hours sadly
<sarnold> an excuse to stay home! :)
<bitbyte> I work for a banks technical support so their very "official" and shy away from any personal project items
<bitbyte> I feel in my config i'm missing something so simple gerrr
<zul> jamespage:  libvirt fixed
<hallyn_> zul: which libvirt is fixed?
<zul> hallyn_:  1.1.2 backport for precise
<hallyn_> stgraber: if you happen to have time to add an apparmor profile to trusty's lxc that allows mount fstype=ext*, please feel free :)
<hallyn_> you know, in case youthought i'd feel you were stepping on my toes...
<hallyn_> zul: ok
<stgraber> hallyn_: I found the source of the IPv6 bug, one char fix :)
<hallyn_> excellent
<stgraber> hallyn_: http://paste.ubuntu.com/6531493/
<hallyn_> i'm drafting a message to satan's advisory group^W^W^W dbus m-l
<stgraber> (I was looking for bugs in the parser instead of the writer... once I looked at the latter, the bug was rather obvious...)
<hallyn_> stgraber: no way!
<hallyn_> i swear i straightened those out...
<kieppie> hi folks
<kieppie> anyone here familiar with LXC?
<kieppie> I've been giving it a go on vanilla Debian (wheezy) - but the "stable" & docco's are fubar & it seems absolutely nothing has even been tried to remedy the situation since 2011/2012
<e_t_> !anyone
<ubottu> A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<hallyn_> zul: ok, the new failures in libvirt 1.2.0 are http://paste.ubuntu.com/6532080/
<hallyn_> perhaps just a virt-install regression
<hallyn_> re-running to get the exact error msg
<hallyn_> zul: d'oh, virtinst was not installed.
<hallyn_> <slap>
<hallyn_> zul: but, do you have a fix yet for libvirt-python upgrade?
<hallyn_> zul: all right.  so virtinst depend on python-libvirt which conflicts with libvirt-python.
<hallyn_> so if you're not going to rename libvirt-python to python-libvirt, then you must at least create an empty python-libvirt depending on libvirt-python.
#ubuntu-server 2013-12-07
<fishcooker> Linux 3.2.0-57-generic #87-Ubuntu SMP Tue Nov 12 21:38:12 UTC 2013 i686 i686 i386 GNU/Linux.. yes i do install 12.04..but in case i choose linux-image-generic for its kernel
<fishcooker> now my wifi card don't work well
<fishcooker> how to add propietary wireless card driver
<zul> hallyn_:  yeah ill do it this weekend ;)
<stevie_man> I am trying to upgrade my 10.10 server but I need to install update-manager-core but when I do I get the following error: E: Unable to locate package update-manager-core
<stevie_man> Infact I get that error for everything I try to install using ap-get
<hallyn_> zul: cool - ttyl
<hallyn_> all right i think i'm going to drop the linaro patches from qemu in the 1.7 merge.  They are mostly for omap3 support, would be surprised if too many people cared.
<hallyn_> (and the patchset is a bit stale - i successfully refreshed the set, but am not feeling particularly confident about the result)
<yogeshsarwate> Hi
<cfhowlett> yogeshsarwate, ho
<diverdude> is LTO-6 the most recent tape format for backup?
<cju-pp> I am using EC2 to host an Ubuntu server. After a few hours of running, the SSH crashes. If I stop and start the server it works again, I can't figure out why this is happening, anyone have any ideas what logs I should look through to start figuring it out? I have googled online for the past few hours already.
<t0lk_> I have php 5.2.10 on ubuntu 12.04 and no matter what I do I can't get it upgrade to any other version. Can anyone point me to the right guide?
<bekks> t0lk_: How do you try to upgrade then?
<t0lk_> i did udate/upgrade/full-upgrade
<t0lk_> thyen add-apt-repository ppa:ondrej/php5
<t0lk_> and update/upgrade again
<t0lk_> nothing changed
<t0lk_> thanks bekks for help
<bekks> Then you have to take a look at the PPA to see which versions it provides.
<t0lk_> okay
<t0lk_> bekks it says the repository has 5.5.6 https://launchpad.net/~ondrej/+archive/php5/+index?batch=75&memo=75&start=75
<blueking> has there been some changes some packages?  got som errors in networking,  service networking restart didn't work with clean install,  And avahi was installed by default and putted in iproute 169.254.0.0   that I found in /etc/network/if_up, if_down    didn't do that in install of ubuntu server  some days ago ?   does ubuntu server install  some stuff  by default ?
<blueking> avahi_autoipd
<ikonia> "errors in networking" isn't very specific
<blueking> service networking restart   -> Unknown job
<ikonia> 1.) what version of ubuntu is it 2.) is it a physical or virtual host 3.) has that ever worked on this exact machine running your current ubuntu build ?
<blueking> route -n  did show  169.254.0.0    in addition to IP's I set in /etc/network/interface   p2p1   dhcp and p3p1  set by static to 192.168.0.1
<ikonia> not what I asked
<blueking> ubuntu 13.10
<blueking> server
<ikonia> ok, you can't be bothered reading my questions clearly and answering them, I'm not helping
<blueking> everything worked nice  until I installed webmin     then suddenly  net wasn't working  tryed to fix it for 10 hours, gave it up  made a clean install, net was ok  install isc-dhcp-server   set up dhcp's conf files    and shorewall    and net was down route -n shows 169.254.0.0 was back
<blueking> avahi are installed by default ?
<cfhowlett> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<blueking> I know that
<blueking> didn't install it on new system
<blueking> ikonia: I didn't specify any virtual host,  physical host   mobo got two interfaces identified as p3p1 and p2p1
<ikonia> blueking: not interested sorry, I asked 3 questions very clearly, you chose to ignore them, and ignore them a second time after I asked again.
<blueking> ifconsorry have a baby 2 weeks that needs my attention
<ikonia> a nonsense excuse, you've got time to sit here and type answers to questions I didn't ask, you've got time to type the answers to the questions I asked
<blueking> ikonia: sorry that I've taken your time,  Will come back later when I can focus more to convo here  sorry, see you later
<blueking> ok  think i found out where i failed'
<Pryath> Anyone here know what to do to allow MultiViews (for apache2) if I've already set "AllowOverride All" and "Options Multiviews" in both apache2.conf and 000-default.conf (in sites-available) AND have "RewriteEngine On" in .htaccess?
<Pryath> it still doesn't work
<mikeshollen> Good morning. I am setting up a Linux server, and I am trying to install/configure the no-ip server for free dynamic DNS. I ran make install, and followed through with the questions being asked. I am under the impression it should be running now. How do I check to see if it is currently a running service?
<ikonia> mikeshollen: checking if the daemon is running, checking if the IP is updated in dns
<ikonia> mikeshollen: looking at any log files ?
<ikonia> mikeshollen: looking at startup warnings/error messages when you started the application
<mikeshollen> ikonia, thank you for your help. You'll have to bear with me, I'm a linux noob.
<mikeshollen> ikonia, how do I check to see if the daemon is running?
<ikonia> mikeshollen: ok - before going any further, I'd suggesting reading https://help.ubuntu.com - the server section and get a basic idea of how to work with the OS as a server
<ikonia> mikeshollen: if you can get the basics of how to run the machine, you can then move forward easier
<mikeshollen> ikonia, reading
<mikeshollen> ikonia, so when I want to install the new pending security updates in my server, I enter 'sudo apt-get install unattended-upgrades' or is that to automate future updates?
<ikonia> thats a package for a software package/configuration
<ikonia> apt-get upgrade will bring your machine inline with the pending updates
<mikeshollen> thank you
<mikeshollen> ikonia, how frequently would you recommend running this for a server? do you think once per month is sufficient?
<ikonia> mikeshollen: you'll need to work out the risks of what you are running, once a month can be fine, but so can once a week, once a day, etc etc, weigh up the pros/cons
<mikeshollen> ikonia, there are no sensitive files on the server. My primary concern is uptime
<mikeshollen> ikonia, if eth0 is my ethernet, what is my wireless? eth1 doesn't seem to work
<ikonia> I don't believe the server install ships with wireless tools
<ikonia> mikeshollen: why don't you just run the desktop version - which has everything needed/ready for a home computer
<ikonia> mikeshollen: you'll find it a LOT easier to get working
<mikeshollen> ikonia, i am running the home desktop version. I did not want a gui, but I tried installing server 64 and 32 bit on my nettop for hours and after grub the system wouldn't post at all
<mikeshollen> ikonia, I eventually gave in, and installed 12.04 lts desktop in 64 bit
<ikonia> ok - so then #ubuntu would be the right channel for you
<mikeshollen> ikonia, they sent me here. I am trying to work in command line remotely
<mikeshollen> ikonia, they told me the server type questions I was asking would be better suited for this channel
<arstan> Greetings! I'm trying to customize 12.04 server, looking at http://razvangavril.com/linux-administration/custom-ubuntu-server-iso/ guide. I know I'm doing all correct, double checking with community wiki as well the steps... But for some reasons I get this error with python-maas-provisioningserver md5 checksum error...  screenshot - http://razvangavril.com/linux-administration/custom-ubuntu-server-iso/
<arstan> anybody had this kind of issue? any clues here?
<ikonia> mikeshollen: you're ubuntu ubuntu desktop edition - I suggest #ubuntu as this channel is for the server release, and you're not usin git
<mikeshollen> ikonia, ok
<ikonia> mikeshollen: they told you to come here as you said "I'm running a linux server", which suggests your running the server build
<arstan> http://imgur.com/NAN8NBT anybody?
<ikonia> arstan: error seems pretty clear
<arstan> ikonia: yep, pretty clear. but using the same sources without adding any additional changes to  the seed file it works like charm
<ikonia> doesn't change the fact that your current media is corrupted
<arstan> ikonia: I don't make changes to that deb file in any way
<ikonia> I didn't say you did
<arstan> ikonia: Ok, may be you give me a hint here?
<ikonia> arstan: your media is corrupted/damaged/can't be read
<ikonia> fix / renew the media
<arstan> ikonia: renew? hows that?
<ikonia> "make a new copy of the media"
<arstan> ikonia: done copying over and over few times already
<ikonia> what is this media ? a cd - an apt repo, a usb stick ?
<arstan> ikonia: iso image. from ubuntu cdimage
<ikonia> and you've mounted the ISO image ?
<ikonia> how are you using it
<arstan> ikonia: I mount it locally and make copy using rsync
<ikonia> so either a.) your source is a problem b.) your copy process is corrupting it
<arstan> ikonia: must be process
<arstan> sudo mkisofs -J -l -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table -z -iso-level 4 -c isolinux/isolinux.cat -o ./ubuntu-12.04.3-custom-server-i386.iso custom-iso/
<arstan> ikonia: amything suspicious for you here?
<ikonia> so this isn't an ubuntu cd
<ikonia> this is you making your own image
<arstan> ikonia: thats right, sir
<ikonia> then I'm out
<arstan> ikonia: why?
<ikonia> I don't know the process / changes you're making
<ikonia> so I'm not validating something I don't know
<arstan> ikonia: good point
<arstan> ikonia: thanks anyways!
<ikonia> sorry
<arstan> ikonia: https://help.ubuntu.com/community/InstallCDCustomization but this seems to be quite outdated
<arstan> ikonia: https://help.ubuntu.com/12.04/ seems theres not much help there
<ikonia> I don't write those documents, nor do I use them so I don't know their current status, I find most community docs out of date / unmaintained / tested so rarely trust them
<jrwren> mikeshollen: did you find wlan0 yet?
<Pryath> I'm still having trouble configuring mod rewrite and multiviews for my ubuntu 13.10 server w/ apache. Would any of you be able to help me? I've set AllowOverride All in the vhost and apache2.conf. I've also specified Options MultiViews in those places AND the .htaccess file
<arstan> Pryath: have you enabled mod_rewrite module?
<Pryath> I believe I have, I've tried every solution I could find online
<arstan> Pryath: can brief me about your problem?
<Pryath> trying to go to http://<server>/search when search.php is located in /var/www/
<Pryath> and I get a not found
<Pryath> but if I do http://<server>/search.php it is found
<Pryath> so multiviews is not working
<Pryath> and rewrite is not working
<Pryath> nor is specifying ErrorDocument
<arstan> Pryath: so you just want to rewrite search.php to answer for domain.com/search?
<Pryath> MultiViews is supposed to make it so <anything>.php can be resolved with http://<server>/<anything>
<Pryath> but it is not working
<Pryath> it isn't just search.php, it's every .php file
<arstan> Pryath: Is there any other reason you need MultiViews and not just an .htaccess rewrite?
<Pryath> the htaccess rewrite is for things like profile/<#>
<arstan> Pryath: because you can easily rewrite to rewrite *.php files to domain.com/search?
<Pryath> I'm trying to tackle the multiviews problem first
<Pryath> which may end up fixing the other problem I'm trying to fix
<arstan> Pryath: whats you are looking for with multiviews? what to achieve?
<Pryath> [09m:18s] <Pryath> MultiViews is supposed to make it so <anything>.php can be resolved with http://<server>/<anything>
<arstan> Pryath: thats mod_rewite with .htaccess. Read - http://www.ask.com/explore/apache-multiviews-3660
<arstan> Pryath: http://stackoverflow.com/questions/14182741/apache-clean-urls-with-multiviews-enabled
<jrwren> yes, that is not what I understand multiviews to be.
<Pryath> "The effect of MultiViews is as follows: if the server receives a request for /some/dir/foo, if /some/dir has MultiViews enabled, and /some/dir/foo does not exist, then the server reads the directory looking for files named foo.*, and effectively fakes up a type map which names all those files, assigning them the same media types and content-encodings it would have if the client had asked for one o
<Pryath> f them by name. It then chooses the best match to the client's requirements."
<Pryath> arstan: already seen that page
<jrwren> indeed. I've just never seen multiviews used that way.
<Pryath> how have you seen it used
<jrwren> the canonical language example
<Pryath> can you be more specific?
<jrwren> content negotiation like this: https://httpd.apache.org/docs/current/content-negotiation.html
<arstan> Pryath: define your problem clearly. IMHO
<Pryath> that's where I got that text from
<jrwren> i noticed :)
<Pryath> that page
<Pryath> arstan: I've defined it as clearly as I possibly can
<jrwren> Pryath: try #apache? :)
<Pryath> I've configured apache2.conf, my 000-default.conf, and .htaccess
<Pryath> no one answered me there
<Pryath> I'll try again
<arstan> Pryath:  [09m:18s] <Pryath> MultiViews is supposed to make it so <anything>.php can be resolved with http://<server>/<anything>
<Pryath> right
<arstan> Pryath: thats a rewrite. simple as that
<Pryath> it means you don't need to use a file extension
<arstan> Pryath: yes, rewrite can help with that. Why is that not enough for you?
<arstan> Pryath: from my googling the solution: RewriteRule ^/?page/(.*)$ page.php/$1 [L]
<arstan> Pryath: http://stackoverflow.com/questions/1337695/remove-php-extension-with-php
<arstan> Pryath: http://stackoverflow.com/questions/12231650/how-to-use-apache-mod-rewrite-to-remove-php-extension-while-preserving-the-get
<jrwren> Pryath: for the record, Multiviews just plain works for me. I had no idea it was enabled, but all my .html files I can reference without the .html
<Pryath> well for some reason every single thing I do with ubuntu turns into 3 hours of scowering for a solution
<arstan> Pryath: thats totally not fair thing to say, bro
<ikonia> Pryath: then I'd suggest using an OS that you are more comfortable with
<Pryath> I figured out the problem
<Pryath> apache2 default install for ubuntu server 13.10
<Pryath> is missing something
<Pryath> http://serverfault.com/questions/473788/the-mod-negotiation-seems-to-be-enabled-but-php-files-without-extensions-retur
<Pryath> mod negotiation is not configured for .php
<Pryath> but it is configured for .html
<Pryath> what an annoying and obscure problem...
<Vooloo> How can I get GLIBCXX_3.4.14 on Ubuntu 10.04?
<Vooloo> or .15 rather
<wiehan> hey, I have an ubuntu 12.04.3 server setup with plex, zoneminder, transmission, etc. I upgraded my router (And I don't really see how this has anything to do with the problem I am experiencing); but I cannot access my server through the usual way say in my browser typing http://ubuntu-server:10000 (for webmin). All that works if I do is 192.168.1.9:10000 (Same for all other web interface apps running on the server). Meaning
<wiehan> only the IP address connects to the server not the server name, which surely wasn't changed. I am puzzled
<jrwren> Vooloo: compile it yourself?
<jrwren> wiehan: names have to resolve to IPs somehow, be it classic dns, or mdns or netbios. something was resolving the name to IP address in the past and is not now.
<andygraybeal> so the gui runs on console ctrl-alt-f7 right?  is there a way to run a libvirt/kvm box and have it show up on say ctrl-alt-f6 or something?
<xnox> andygraybeal: not really no, libvirt/kvm "show" you the screen via VNC. and do note that the virtual machine also has the same VTs as normal installation (e.g. it also has gui on ctrl-alt-f7)
<xnox> andygraybeal: you could start a secondary session on vt6 instead of tty6 job and open VNC connection to the server..... but it would be that great.
<andygraybeal> xnox okay
<xnox> _would not_ be that great that is.
<andygraybeal> i read it as such, thank you though for iterating.
<xnox> =)
<andygraybeal> hm... so here's my problem.. i have a users computer, that i want to run kvm on to run windows for quickbooks... it's for a very small business and can't afford a 'server'
<xnox> andygraybeal: i use virt-manager for all my VMs. Works like a charm.
<andygraybeal> yea, but i don't want to teach her how to use virt-manager :)
<andygraybeal> but maybe i should.
<xnox> andygraybeal: and gives a graphical way for anyone to "connect" to a given VM and auto-start them on boot.
<xnox> andygraybeal: i believe you can make a desktop shortcut that opens it full screen.
<andygraybeal> okay that is good enough i suppose.. at my previous job, i set them up with LTSP and ltsp can support different rdp/vnc on different virt consoles.. it was rocking.
<andygraybeal> but it was on a terminal, not the server itselfl
<xnox> andygraybeal: or create a user account that does it, which one logs into to work "on windows"
<andygraybeal> thank you xnox, very good solutions
<xnox> andygraybeal: lightdm has remote login options, but i'm not entirely sure how that works.
<andygraybeal> ah neat.
#ubuntu-server 2013-12-08
<kieppie1> howdy
<kieppie1> anyone online familiar with LXC?
<kieppie1> howdy - anyone familiar with LXC? I'm following the official Debian (vanilla) docco's, but LXC as implemented seems FUBAR - does not work "out of the box", and the docco's acknowledge this (going on close to 2 years now) with no intent for resolution in sight. I'm wondering if the state for Ubuntu is much better
<blkperl> kieppie1: lxc works fine in ubunut
<kieppie1> blkperl: 100% as per docco on wiki? you familiar with the issues @ debian re busted templates?
<blkperl> idk about the debain stuff, but you can easily make ubuntu lxcs on ubuntu
<kieppie1> blkperl: sweet, thanks
<tubaguy50035> any reason why the "install" option wouldn't show up on a live USB?
<tubaguy50035> For 13.10 *
<andygraybeal> so in general if i want to use openvpn to route only specific data ... is it easy enough to do that?
<andygraybeal> the vpn would only be access HR/task management/ldap stuff over vpn, nothing else... all else can go on regular network/internet.
<monokrome> Does anyone know how to give options to something for an automated install? I need to set the mail name for postfix
<monokrome> google wins
<Ravimandal> hi
<cfhowlett> Ravimandal, greetings
<strixUK> so, i've just set up mysql replication on a new box, and i (deliberately) let it overwrite and update the 'mysql' database
<strixUK> other than changing the password in /etc/mysql/debian.cnf, are there any other implications of doing this?
<ramadhan> ping !
<auronthas> question:  /etc/network/interfaces     where eth0 are net and eth1 are local net,  what to put in on gateway in setup of eth1  when  eth0 are iface eth0 inet dhcp where IP might change now and then ?
<auronthas> can one put name of  eth0 connection as gateway or it has to be specified IP address ?
<strixUK> you can only have one gateway on the system, and if eth0 is being configured by dhcp, then dhclient will set that automatically.
<strixUK> you don't need to do anything special with eth1, since there will be a net route for that automatically
<auronthas> ok so I have to comment out gateway on eth1 then
<strixUK> if there is a router directly attached to eth1 (the network, not the port) for a network that is not eth1's net, you'll need to add specific net routes for those other networks, or the kernel will try to get there via eth0 - but this situation almost certainly doesn't apply to you.
<auronthas> ubuntu server are beeing configured to act as router itself
<auronthas> but gets dynamic IP from ISP
<strixUK> the only thing relevant to that is whether this machine is configured to forward packets
<strixUK> all packets received (by whatever interface) will be routed according to the routing table
<auronthas> going to install  isc-dhcp-server to listen on eth1 and shorewall as firewall
<strixUK> right, so dhcpd needs to hand its eth1 ip to its clients
<auronthas> nods
<strixUK> there's no need for an explicit gateway spec in this machine's interfaces
<auronthas> so in basic I only need to set  static IP and netmask in eth1
<strixUK> right
<auronthas> goodie, thx for help  :)  have a nice day/night whereever u are in world :)
<auronthas> ah dinner time in UK now
<jmedina> HI there
<jmedina> I hope you can help me with a libvirt/kvm problem
<jmedina> Im using ubuntu 13.04
<jmedina> whenever I try to start a virtual machine I get a message like this:
<jmedina> qemu-system-x86_64: -drive file=/labs/kvmimages/neti01.example.com-disk1.img,if=none,id=drive-virtio-disk0,format=qcow2,cache=none: could not open disk image /labs/kvmimages/neti01.example.com-disk1.img: Permission denied
<jmedina> I checked the permissions/owner and was reseted to root:root and 660
<jmedina> I change them to root:libvirtd and 660 and again, when I try to start the VM they are reset to root:root
<jmedina> I have been looking in some mailing lists but I have not get a solution
<jmedina> I already  disabled the libvirtd apparmor profile
<jmedina> It looks it is libvirt who changes the owner
<jmedina> my user is member of kvm and libvirtd
<jmedina> It worked in 12.04
<jmedina> this happens when I try to start a vm from virt-manager or virsh
<andygraybeal> jmedina, i recall something similar...
<andygraybeal> but i don't remember any of it
<jmedina> :S
<andygraybeal> sorry, i'm not helpful
<andygraybeal> currently my email server is run by gandi.net because i bought my domain with them.  i would like to use mailman for maillists.  is it possible to configure mailman on my own server.. without having to move MX records over to that server?
<andygraybeal> i don't want to run a full blown mail server on my own server... .but i want to use mailman ... maybe this is not possible.
<jmedina> well, I modified /etc/libvirt/qemu.conf the parameter group from root to libvirtd and restarted libvirtd-bin and everything is working as expected, thanks :)
<andygraybeal> jmedina, rock on
<auronthas> just installed  isc-dhcp-server    question about  option router  that gives gateway to clients, when router IP on ethernet connection are dynamic  one can't put static IP to option router   how to put dynamic ip in dhcpd.conf file ?
<auronthas> should I use option router-discovery ?
<pmatulis> auronthas: a router should not have a dynamic address
<auronthas> pmatulis: Talked to friend of me,  localnet's router ip is eth1's IP   ofcourse "facepalm"
<auronthas> pmatulis:  where eth0 goes to net
<gdi2k> hi all, I have a server with high latency on a LAN causing me headaches. Other machines can ping each other in the 0.01ms range, but anything to / from this machine takes around 50ms (avg). It's a RTL8111/8168B card which has given me driver headaches before. Should I just replace it or is there something else I can do?
<patdk-lap> gdi2k, heh, that is really odd
<patdk-lap> normally you don't get >30ms with gigabit, and that doesn't include any os stack latency/interrupts
<patdk-lap> for me, 80-140ms is *normal* for gigabit
<gdi2k> yes, this is gigabit. it is capable of delivering - ping summary shows Best less than 0.1ms but worst 141 with avg around 50ms
<gdi2k> it's all over the place
<gdi2k> load is not too high - 1.6 on a quad core machine
<gdi2k> (no HT)
<gdi2k> load has no impact - I whacked it with 4 instances of cpuburn to saturate the cores, and ping is unchanged
<andygraybeal> i followed these instructions at this website: http://burn.co.nz/blog/?p=245  well.. just the line:  sudo aptitude install request-tracker4 \
<andygraybeal>  rt4-apache2 rt4-clients rt4-db-postgresql apache2-doc lynx \
<andygraybeal>  postgresql apache2 libapache-dbi-perl fetchmail
<andygraybeal> and i didn't get any chances to put in a password for postgres or answer any of the questions that request tracker asks....
<andygraybeal> how do i do this over?
<andygraybeal> i will try purge, but i'm afraid it won't work
<andygraybeal> i'm so good at messing this kind of stuff up
#ubuntu-server 2014-12-01
<colifato> hi all - hola a todos
<colifato> somebody can help me with fail2ban and sasl?
<pmatulis> !ask | colifato
<ubottu> colifato: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<colifato> sorry.. is my first time :(
<colifato> how i can block these messages: Nov 30 22:11:06 server1 postfix/smtpd[4391]: message repeated 10 times: [ warning: unknown[212.185.111.115]: SASL LOGIN authentication failed: authentication failure]
<lordievader> Good morning.
<kevindf> Is there any good monitoring software with web interface that's free for home users to monitor statistics of like 2 servers?
<Malinux> munin perhaps?
<kevindf> Will take a look at that, thanks
<pmatulis> morning
<designbybeck_> I'm trying to learn as I go here. What is the best way to new users and make the sudoers? 'adduser' seems better than 'useradd'
<lordievader> designbybeck_: One is a frontend for the other, see the manpages.
<lordievader> And adding them to the sudo group gives them sudo rights.
<designbybeck_> hmmm
<pmatulis> designbybeck_: adduser unless you have special requirements
<designbybeck_> pmatulis, was trying this: http://www.liquidweb.com/kb/how-to-add-a-user-and-grant-root-privileges-on-ubuntu-14-04/
<pmatulis> designbybeck_: nah
<designbybeck_> or might this be better pmatulis http://askubuntu.com/questions/7477/how-can-i-add-a-new-user-as-sudoer-using-the-command-line
<pmatulis> 'sudo adduser john && sudo adduser john sudo'
<designbybeck_> ok thank you pmatulis I'll try that
<Delta-User> Anyone here can help me out setting up ftp to virtual hosts in apache?
<Lartza> I assume there is no StartSSL alternative for truly free SSL certificates?
<sanderp> I'm currently experiencing odd behaviour with my Avahi installation. Needs manual restart about every few hours or so. Anyone who knows what's up?
<whatupx> Lartza, not yet.  letsencrypt.org will be starting next year though
<alan_> Hello. I'm new to Ubuntu. During setup of Ubuntu Server, I joined a wireless network on wlan0. Upon reboot, there are no network devices in `ifconfig`. Did I miss something in the setup process to apply the WiFi settings to the system? Thank you.
<TheBurgerKing> quick questionâ¦does Screen work on the server version of Ubuntu?  iâd like to have multiple terminal windows open at once
<qman> Yes
<TheBurgerKing> excellent, thank you
<Alina-malina> when i access my domain name without www i get into var/www folder, please help me guys
<Patrickdk> Alina-malina, heh? you don't even get a login prompt?
<Patrickdk> how are you accessing it? ssh?
<Alina-malina> www.example.com
<Patrickdk> what is that?
<Patrickdk> that is a hostname
<Patrickdk> not an *access* method
<Alina-malina> Patrickdk, https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-14-04-lts       so now when i access the example.com i get into /var/www/ folder  and when i access www.example.com i get into /var/www/example.com/public_html folder :-/ please help me, i really dont understand what is going on
<soren> Alina-malina: You should share your VirtualHost config.
<Alina-malina> shat you mean?
<Alina-malina> soren, this is my virtualhost http://pastebin.com/ih7L2jsE
<soren> Alina-malina: But even without seeing it, I'm pretty sure we'll see that there's not servername or serveralias that matches your example.com.
<Alina-malina> both are in there
<Patrickdk> and you restarted apache?
<Alina-malina> yes tons of times
<Alina-malina> :-/
<Patrickdk> and they dont exist anywhere else?
<bekks> "Servername example.com" is invalid, anyways.
 * Patrickdk does not, using example.com in your pastebin can cause invalid diagnostics
<soren> sudo apache2ctl -t -D DUMP_VHOSTS
<soren> Please provide the output of that command.
<sarnold> is there anything in your logs?
<Alina-malina> http://pastebin.com/iTbRH6yb
<soren> I'm going to go ahead and guess that it doesn't actually say example.com and that you're actually redacting what we're seeing... and then I'm not going to help you. Because even though I don't know who owns example.com, I'm going to guess it's not you.
<Alina-malina> yes
<soren> Stop fixing the output and provide it as is.
<soren> Or fix it yourself.
 * soren wanders off
<Alina-malina> i dont want to paste it publicly
<soren> Then good luck getting help.
<Patrickdk> then your unlikely to get a *public* answer/help
<soren> If you change the output people need to help you out, they can't help you.
<soren> And won't.
<soren> So toodles.
<Alina-malina> i am sorry i cant
<Patrickdk> I sure hope you didn't register that domain from somewhere
<Patrickdk> as domains are public too
<bekks> Alina-malina: you cant tell us a public domain name? :)
<WhiteIntel> Hello can someony tell a remote desktop solution that is working out of the box with user session handling, good performance, easy to install?
<Patrickdk> servers don't have desktops
<WhiteIntel> really, and if I have one installed on mine?
<NegativeFlare> WhiteIntel: if you've got one installed on yours, then its not a "server" anymore.
<WhiteIntel> sorry, but thats not true...
<WhiteIntel> Many servers have grafical environments installed and they are also working as a server.
<Patrickdk> dunno, my windows servers don't even have graphical enviroments installed anymore
<Patrickdk> but that hardly matters
<Patrickdk> as those packages aren't part of the ubuntu-server, but part of ubuntu-desktop
<WhiteIntel> you donÂ´t have to install one, but some services need one, I need also one.
<Patrickdk> yes, but your asking the wrong people
<Patrickdk> your asking people that don't use gui, to recommend to you a gui
<NegativeFlare> WhiteIntel: hmph, its a matter of opinion. And in my IT department, if you've got a GUI installed. Its not a server.
<WhiteIntel> That might be in your department but a server is not defined if it has a GUI or not
<qman> GUIs are for desktops
<qman> That said, if you're looking to set up a terminal server, that's what LTSP is for
<RoyK> freenx might be worth a peek
<WhiteIntel> Sorry, but I will quit the discussion if a server is no so server with a gui, that was not my question...
<WhiteIntel> I tried the maintanced version of freenx x2go, but x2go is not working with gnome3 in ubuntu 14.04 :\
<RoyK> WhiteIntel: most of us use GUIs for desktop/laptop stuff and ssh connections to servers
<RoyK> WinstonSmith: and then perhaps remote X if we want to run something graphical from the server
<WhiteIntel> Most of my servers either, but I have some services that needs a gui.
<WhiteIntel> Is there a user session handling like in rdp?
<NegativeFlare> If you're looking for "remote administration" for GUI, I'd go with VNC
<sarnold> ssh -X X11 forwarding?
#ubuntu-server 2014-12-02
<Jeeves_Moss> how do I convert a large number of windows IIS files into somethign that AWStats can read and add to the current log set?  I've pulled them off of an old server that was decomissioned.
<Alina-malina> good mornin
<lordievader> Good morning.
<leeyaa> hello
<leeyaa> i did upgrade of 12.04 LTS to 14.04 LTS, xen server host and it seems upgrade messed up xen hypervisor versioning
<leeyaa> i have 4.4 installed, but when i try to use xl or xm it is looking for 4.1
<leeyaa> any idea how to resolve it ?
<smb> leeyaa, do you still have any 4.1 packages installed (dpkg -l|grep xen) except the hypervisor one?
<leeyaa> smb: yeah it seems libxen-4.1 is still present along with libxen-4.4
<smb> leeyaa, Ok, that one might be ok while transitioning. Just to make sure, you rebooted after the upgrade? And if you have grub menu visible make sure the right hv is selected
<leeyaa> smb: server was rebooted. i have no console access though, so i cant check visually which kernel is selected. check with grub maybe ?
<leeyaa> it is using 3.2.0-31 so i guess thats older
<leeyaa> hm
<leeyaa> latest is 3.13
<smb> for 14.04, right
<smb> you can check /boot/grub/grub.cfg for which entry is default and what that points to
<leeyaa> that means older kernel is booted
<leeyaa> it is set to set default="0>2"
<leeyaa> how to tell which one is latest and choose it ?
<smb> Actually with 14.04 there should be a /etc/default/grud.d/xen.cfg which should override the default. There would be a message about it when running update-grub though
<leeyaa> nah i have no /etc/default/grud.d/xen.cfg
<smb> default should be a text string "set default="Ubuntu GNU/Linux, with Xen hypervisor""
<leeyaa> ah sorry typo
<leeyaa> smb: i believe it does boot with xen but it boots older kernel
<leeyaa> so it is a matter of changing boot order i guess
<leeyaa> and yes XEN_OVERRIDE_GRUB_DEFAULT=1
<smb> Depends on whether that default string ended up in /boot/grub/grub.cfg. If it is a number it boots the x.th element with the string it would be the first menuentry with that string
<leeyaa> smb: i have no entry for 3.13.0-40 in grub config
<leeyaa> lets see i might have forgotten to run update-grub
<leeyaa> i though upgrade scripts do that for me
<smb> Yeah, they should
<smb> assuming you ran do-release-upgrade
<leeyaa> i did
<leeyaa> well update-grub detects the new kernel
<leeyaa> but i have no menu entry for it http://paste.ubuntu.com/9342672/
<kevindf> Hello, I'm trying to ping on my Ubuntu server but getting "Operation not permitted" when I disable my firewall I can ping perfectly. I've tried analyzing my Iptables http://pastebin.com/ESVWHmjN but don't see wich rule is not allowing the ping. I've heard flushing my iptables would work but I don't want to do that
<kevindf> Anyone know what might be wrong in my Iptables rules?
<smb> thats odd... does it contain any "Xen 4.4" or even "3.13" for kernel versions at all?
<smb> leeyaa, Somehow when I would do the same grepping as you on a 14.04 server I get a completely different generic layout. http://paste.ubuntu.com/9342755/ The one you got feels like a file generated in 12.04
<leeyaa> smb: yes. i just need to force it to boot from latest kernel
<smb> leeyaa, more latest hypervisor
<leeyaa> smb: yes
<smb> You should have a /boot/xen-4.4-amd64 as well
<smb> This one will change /sys/hypervisor/version/* which is used by the tools
<leeyaa> smb: yeah i have /boot/xen-4.4-amd64.gz
<smb> leeyaa, I would probably check the access/mod time of /boot/grub/grub.cfg to ensure this actually gets updated
<smb> Since you ran update-grub again it should be todays date
<leeyaa> smb: it does
<leeyaa> -r--r--r-- 1 root root 20924 Dec  2 10:59 /boot/grub/grub.cfg
<leeyaa> ffs
<leeyaa> i had update-grub and update-grub2
<leeyaa> this box is such a mess
<smb> leeyaa, Yeah, I was just starting to wonder whether grub-common was the right version... Actually I think the move from grub to grub2 was pre-12.04 but one had to manually run a script...
<leeyaa> now that grep sees the new xen kernel
<leeyaa> but how the heck to force it to boot from ti :D
<smb> leeyaa, If its the newer layout the default string boots the first xen entry and through the ordering it should be the latest...
<smb> Its hard to say for sure with an unknown boot config :)
<leeyaa> smb: thats the whole grub.cfg http://paste.ubuntu.com/9342904/
<leeyaa> i miss grub1 :D
<smb> leeyaa, the cfg file was a bit more human readable but from the functionality I rather like grub2 ;)
<leeyaa> smb: ok then how to choose 3.13 ;p
<smb> leeyaa, I believe that if you reboot now, you would be fine
<leeyaa> smb: nope tried
<leeyaa> it boots into 3.2.0-31-generic
<smb> Oh wait ... there was some script which was supposed to migrate people from grub to grub2. If there is still grub1 there it selects what to boot from /boot/grub/menu.cfg
<leeyaa> what about another approach - is it possible to check which entry is 3.13 and force it to boot that entry ?
<leeyaa> ima change GRUB_DEFAULT="0>2" to GRUB_DEFAULT="Xen 4.4-amd64"
<leeyaa> thats what i have on the servers without problems
<smb> leeyaa, The main question right now is whether this servers uses menu.cfg or grub.cfg. The grub.cfg you posted should boot the right kernel. You probably should check whether the kernel/hv you get booted into makes sense when looking at menu.cfg
<leeyaa> smb: do you mean menu.lst ?
<smb> leeyaa, Ah yeah that... it has been a while
<leeyaa> i have no idea how to determine that. menu.lst looks normal too
<smb> leeyaa, maybe pastbinit for me, too
<leeyaa> this is menu.lst smb http://paste.ubuntu.com/9342994/
<smb> leeyaa, Right, that default is 0 and the first element to hit is the new hv/kernel...
<leeyaa> exaftly ...
<leeyaa> exactly ...
<smb> really strange... hm, is there something with 'grub-editenv /boot/grub/grubenv list'
<smb> something like next_entry set...
<leeyaa> smb: that prints nothing
<smb> ok, so not overriding the default there... hm
<smb> leeyaa, The only one odd thing with your grub.cfg I notice is that the script order might be modified. By default that would be 10_linux, then 20_linux_xen. And yours is 20_linux_xen and the 21_linux
<smb> Maybe that creates a confusing cfg file. But the whole file now only has Xen 4.4 elements, so despite a 3.2 kernel grep . /sys/hypervisor/version/* should now be 4.4 and the xen cmds working
<leeyaa> smb: nope xen version wont change until i dont change the kernel ;p
<smb> leeyaa, wrong. the dom0 kernel has nothing to do with the hv version
<leeyaa> smb: well /sys/hypervisor/version/ still shows 4.1
<Jeeves_Moss> is anyone here good with AWstats?  I combined my old IIS logs with my apache logs, and now it's skipping everything when it goes to do the logging run
<smb> In that case, whatever you booted was not using the grub.cfg nor the menu.lst you look at. Because both now have no xen-4.1 to boot
<smb> leeyaa, Just a guess, but I saw root=md0, so you normally would have /boot on a seperate fs/partition
<smb> leeyaa, Make sure that is mounted
<leeyaa> smb: yeah its mounted
<smb> leeyaa, Somehow I would be at the end of my knowledge. Whatever is booting the system, it cannot be possibly using either config file that currently is in /boot/grub. I don't know how to figure out what gets booted. Not sure I want to suggest reinstalling grub2 to the mbr on a host I had no console...
<leeyaa> smb: i think it is installing grub on wrong disk rofl
<smb> leeyaa, Well that does explain a lot. So maybe dpkg-reconfigure grub-pc lets you set things right?
<tafa2> salt puppet or chef?
<NigeyS> would anyone have an idea how to manage vhosts on ubuntu 14.04 that doesnt involve storing the vhost configs in sites-available and sites-enabled ? i'd like to store the configs on a nfs mount instead.
<Odd_Bloke> NigeyS: For Apache?
<Odd_Bloke> NigeyS: Assuming so: /etc/apache2/apache2.conf has an "IncludeOptional sites-enabled/*.conf"; you should be able to do something along those lines pointing at your own path.
<NigeyS> Odd_Bloke yup, 2.4.7 i think it is
<NigeyS> i see. thanks, i'll take a look at that, our eold setup was on RHEL so it was just Include /bla/vhosts/*.conf
<Odd_Bloke> NigeyS: IncludeOptional just avoids erroring if there isn't anything to include.
<Odd_Bloke> NigeyS: So essentially the same thing. :)
<NigeyS> got ya, that's very helpful, thanks!
<NigeyS> while i'm here, dont suppose anyone knows how to get rid of this from dmesg .. ? seems to be specific to EC2 instances ..   xen:balloon: reserve_additional_memory: add_memory() failed: -17
<pmatulis> morning
<acmehandle> I'm on a VPS that runs ubuntu server, is there a way I can save the template, or take a snapshot that way if I need to rebuild I dont have to start from scratch?
<NigeyS> acmehandle does the provider you have the vps with not have a snapshot function ?
<acmehandle> They claim they do but when I click on the backup link nothing shows up and they claim they take a nightly snapsho
<NigeyS> might be worth emailing them to see why nothing shows up
<smb> NigeyS, the ballon message should go away with the latest kernels that just were released
<smb> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1304001
<uvirtbot> Launchpad bug 1304001 in linux "xen:balloon errors in 14.04 beta" [High,Fix released]
<NigeyS> smb nice! thanks, ill update the kernel then.
<kully3xf> Hey all. I have two folders i've been rsyncing. /home/hcc/hcc to /var/www/hcc : somehow they've become hardlinked. I need to delete them, and start over, I deleted the /var/www folder, but cannot delete the /home directory as it tells me device or resource busy
<kully3xf> I've deleted everything in side, it's an empty directory
<NigeyS> you want to delete /home ?
<kully3xf> no just the one folder in the user's directory. /home/hcc/hcc
<kully3xf> rm -rf returns rm: cannot remove `hcc': Device or resource busy
<kully3xf> but there's nothign in the directory
<NigeyS> ls -lah show any hidden files ?
<RoyK> NigeyS: -a does
<kully3xf> nah
<kully3xf> total 0
<RoyK> kully3xf: what about 'lsof /home/hcc/hcc' ?
<kully3xf> and ls -al on the directory shows d, so it's not linked
<NigeyS> weird, but yeah try lsof
<kully3xf> command bash twice user me, fd cwd, type dir, device 202,80, size /off 0 node number name hcc
<kully3xf> both are the same
<kully3xf> lsof: WARNING: can't stat() ext4 file system /home/hcc_bids/hcc_bids (deleted)       Output information may be incomplete. COMMAND   PID       USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME bash     9078 {myuser}  cwd    DIR 202,80        0 5161011 hcc bash    19106 {myuser}  cwd    DIR 202,80        0 5161011 hcc_bids
<kully3xf> no ideas? :(
<ej> how can I set an interface to use a static IP?
<ej> always, as soon as it's connected
<kully3xf> http://www.howtoforge.com/linux-basics-set-a-static-ip-on-ubuntu
<ej> kully3xf: thanks
<kevindf> Is there a free version available of Nagios for home users?
<Pici> kevindf: Er... yes?
<RoyK> kevindf: apt-get install nagios? ;)
<kevindf> I tought Nagios was for enterprise only :) just noticed now they have Nagios Core
<RoyK> kevindf: to be honest, choose something else
<kevindf> How about Monin?
<RoyK> kevindf: nagios hasn't been updated much the last 10 years or so
<kevindf> Monit*
<Pici> I use icinga personally. it is a fork of nagios.
<RoyK> kevindf: I use munin *and* icinga (a nagios fork), and we have some old xymon, and we're moving towards zabbix
<RoyK> munin is really nice for trending
<RoyK> and easy to setup
<RoyK> one system doesn't exclude the other
<kevindf> alright, thank you for your advice. will take a look at icinga and munin
<Pici> I've been using pnp4nagios recently, but munin is nice for things that you don't necessarily need alerts for (although I think it might be able to do those as well)
<pmatulis> both munin and nagios are in main which makes them fully supported
<RoyK> kevindf: I'd start off with munin - it won't hurt - then look into icinga and zabbix and whatnot
<RoyK> kevindf: icinga is built on the old nagios horse (it's a fork plus a bunch of new code), and I'm not sure how good it is compared to other tools these days
<kevindf> Will do that, It's more for experimenting that I'm installing monitoring software so it's a good thing to test them all out
<RoyK> ah :)
<Alina-malina> hmmm how can i stop servers all together, apache and mysql with 1 line of command?
 * pmatulis kind of wants to say 'sudo poweroff' but no
<pmatulis> Alina-malina: you could prolly do some upstart stuff to do it.  otherwise a shell script
<Alina-malina> well sometimes i need to stop both to make some c hanges quickly, since it is high loaded resourse
<Alina-malina> so good to know such features
<Alina-malina> maybe some  .bat script?
<lordievader> Alina-malina: Some bash script, or some upstart script. I've written a upstart script that starts/stops pulseaudio+mpd.
<Alina-malina> hmmm i have heared about that stuff first time
<leeyaa> smb: thanks for the help earlier. it was failed raid ;p
<leeyaa> which really explains all
<smb> leeyaa, awesome... not. but you're welcome :)
<acmehandle> How do I set up my var/log/syslog ?
<acmehandle> The machine is running but the log is 0
<crinkle> hello, I was directed to ask bigjools or Odd_Bloke about getting packages in ubuntu cloud archive, are they around?
<pmatulis> crinkle: they appear to be
<crinkle> I'm hoping to see https://pypi.python.org/pypi/python-openstackclient in UCA at some point and wondering what the process and timeline would be
<pmatulis> crinkle: if no help here then i suggest sending a note to ubuntu-server mailing list
<crinkle> pmatulis: great, thank you
<hadifarnoud> I just need a very simple email forwarding on my server. for example, forward invite@domain.com to something@gmail.com
<pmatulis> hadifarnoud: this server is acting as the final destination MTA?
<hadifarnoud> pmatulis: not sure what that means
<pmatulis> hadifarnoud: what happens when you do not have such a forwarding set up?
<hadifarnoud> pmatulis: delivery failure. I have no mail server whatsoever
<pmatulis> hadifarnoud: well, then forwarding won't work b/c the server is not even receiving the mail
<hadifarnoud> pmatulis: I know. my question wasn't about the forwarding part only. I need a light setup to just receive email on my server.
<hadifarnoud> whaat should I use?
<sarnold> do you need to receive email at this server at all? you could just let google handle it all for you
<hadifarnoud> sarnold: unfortunately, Google apps blocked Iran IPs. sanctions suck
<pmatulis> hadifarnoud: you need to configure an MTA (mail receiving server) that receives invite@domain.com
<sarnold> hadifarnoud: ah. that is very frustrating.
<hadifarnoud> pmatulis: can you name a few? I'd google for tuts
<sarnold> hadifarnoud: take a look at postfix or exim; I slightly prefer postfix but both are fine mail servers.
<hadifarnoud> sarnold: not to mention it's stupid. what does Google have to do with anything
<hadifarnoud> cool
<pmatulis> hadifarnoud: no, no, you need to have some control over an MTA.  do you?
<hadifarnoud> pmatulis: what do you mean by control?
<pmatulis> hadifarnoud: ability to configure it via root privileges
<hadifarnoud> pmatulis: yep
<hadifarnoud> I'm thinking about having a separate mail server. it looks easier :D
<pmatulis> hadifarnoud: good.  what software is it running?
<sarnold> hadifarnoud: gmail's anti-spam is significantly better than anything I have ever configured myself.
<hadifarnoud> pmatulis: nginx and mysql
<pmatulis> hadifarnoud: hmm, i'm probably misunderstanding your situation.  is invite@domain.com an active email?
<hadifarnoud> pmatulis: nope. we do not have ANY mail server at all. if you send one to that address, it will not deliver.
<pmatulis> hadifarnoud: ok finally
<hadifarnoud> this is a quick fix to be able to receive email at invite@domain.com for now
<pmatulis> hadifarnoud: sadly, email servers are never a quick fix
<sarnold> so true.
<pmatulis> hadifarnoud: but postfix is the standard MTA in the Ubuntu community
<hadifarnoud> pmatulis: now I have to find a tut that just handles postfix
<pmatulis> hadifarnoud: well not really
<pmatulis> hadifarnoud: actually, yes, if you will be forwarding to gmail
<hadifarnoud> :)
<pmatulis> hadifarnoud: your biggest concern is to not become an open relay.  and no port blocking from your ISP?
<benbro1> what happens when two programs compete over bandwidth?
<hadifarnoud> pmatulis: dude. email servers are hard
<pmatulis> hadifarnoud: yeah
<benbro1> I have a video streaming server and a web server serving static files
<hadifarnoud> pmatulis: what should I set FQDN? mail.domain.com or just domain.com?
<benbro1> can I give more priority to the streaming server?
<pmatulis> hadifarnoud: dude, you'll need to study :)
<sarnold> benbro1: yes, http://lartc.org/howto/
<hadifarnoud> pmatulis: I know, right?
<benbro1> sarnold: reading thanks
<hadifarnoud> just not clear FQDN role is here. if my mail is me@domain.com, then FQDN should be domain.com or I can use anything and set MX to that?
<pmatulis> hadifarnoud: you'll need a domain bro
<hadifarnoud> pmatulis: got one. camva.ir
<pmatulis> hadifarnoud: good
<hadifarnoud> so I can set hostname to mail.camva.ir?
<hadifarnoud> or has FQDN has to be camva.ir?
<pmatulis> hadifarnoud: it can be anything but that sounds very good
<hadifarnoud> ok cool
<pmatulis> hadifarnoud: what matters in terms of names is in DNS
<pmatulis> hadifarnoud: but it's good to keep them in sync
<hadifarnoud> I thought so pmatulis
<teward> FQDN means fully qualified domain name.  mail.camva.ir is acceptable.  doombringer.domain.tld is also another acceptable, so long as it resolves to one specific server that doesn't have a dynamic rotation
<teward> (dynamic mailserver IPs that change frequently likely will end up badly for one)
<hadifarnoud> aww, thanks teward.
<teward> (dynamically changing IPs on mailservers might usually end up flagged as possible spam in some spamfiltering)
<aandy_> hi guys, is it possible to emulate VT/tty/console over ssh? as in, "virtual" keyboard over ssh?
<sarnold> aandy_: screen / tmux / script do various amounts of terminal emulation
<aandy_> sarnold: neat idea with screen/tmux, i hadn't thought of that. scripting as in bash + /dev/tty or?
<sarnold> aandy_: the script(1) tool, it records what you type and the 'responses' and saves them to a file named 'typescript'. pretty neat if very old school :)
<aandy_> sarnold: nice! :) thanks a lot
<K4k> I've just set up apt-mirror and downloaded everything (I think) to be a full blown package mirror. I can access /pub/ubuntu and see /dists and /pool in there but when I try to install with it set as my mirror it fails with "The installer failed to download a file from the mirror"
<K4k> Is there a way to figure out what file or why it might be failing?
<K4k> oh... wait it's on another tty :)
<Patrickdk> no idea, it worked for me when I used to do that
<K4k> it's looking for /pub/ubuntu/dists/trysty/universe/debian-installer/binary-amd64/Packages
<K4k> Mine stops at universe and jumps straight to binary-amd64
<K4k> Ah, it appears main/debian-installer is a seperate thing and needs it's own line in apt/mirror.list
<K4k> @_@
<NigeyS> random question, but how do make text BOLD in a shell script?
<Patrickdk> depends on your term
<NigeyS> true, was thinking of using tput
<userf> what u think about investing in silver?
<ScottK> I think it's off topic for a channel about Ubuntu Server.
<grendal_prime> im trying to set up letodms but im having a really werid issue
#ubuntu-server 2014-12-03
<acmehandle> How do I go about updating my openssl?
<acmehandle> I have version 1.0.1f and I should have version 1.0.1g
<sarnold> acmehandle: sudo apt-get update && sudo apt-get -u upgrade
<acmehandle> Hhhm, I ran update.  This is a fresh install.
<sarnold> acmehandle: check that the version that is installed matches the most recent release http://www.ubuntu.com/usn/usn-2385-1/
<acmehandle> Yeah, '0 upgraded'
<sarnold> acmehandle: you can check the version with dpkg -l openssl 'libssl*'
<acmehandle> Yeah, it says 1.0.1f
<acmehandle> Which is a January release
<acmehandle> First thing I did when I started this vps was upgrade
<sarnold> oh I'm sorry, I forgot dpkg -l cuts off the version numbers. sigh.
<acmehandle> update then upgrade rather
<sarnold> acmehandle: dpkg -l openssl 'libssl*' | cat
<sarnold> the pointless |cat means output isn't a terminal, so it won't truncate the vresion numbers. look for the 1.0.1f-1ubuntu2.7 or whatever...
<Patrickdk> or just do a apt-get install openssl libssl
<Patrickdk> and it will force it
<acmehandle> Right, it all says 1.0.1f
<sarnold> acmehandle: that's not the part that matters.
<acmehandle> oh
<sarnold> acmehandle: the part that matters is _after_ the hyphen
<Patrickdk> but openssl website says he needs g or h :)
<acmehandle> -1ubuntu2.7
<Patrickdk> your fine
<sarnold> acmehandle: yay :) you've got hte most recent
<acmehandle> What Patrick said.  :/
<acmehandle> So why does openssl says g
<teward> acmehandle: the OpenSSL website may say that you need g or h, but the security patches to fix those vulnerabilities have already been applied to 1.0.1f-1ubuntu2.7
<acmehandle> Ah, I see.
<teward> acmehandle: openssl upstream will always recommend to use the latest release to get all the bug fixes
<sarnold> acmehandle: because they think everyone downloads openssl source and recompiles it all the time, when in reality, almost no one compiles their own openssl, because that's how you get regressions :)
<teward> but the security team takes the upstream patch commits and applies them to the older revisions (like 1.0.1f) and patches the vulnerabilities, in accordance with security triage procedures.
<teward> and what sarnold says.
<teward> acmehandle: but rest assured, so long as the full version string (1.0.1f-1ubuntu2.7) is installed, you're fine, as it has those patches
<sarnold> I mean, I'm glad for the folks who do run upstream openssl, because someone has to find the regressions :)
<sarnold> .. same as I'm glad someone runs linus's -rc kernels :)
<Patrickdk> the only upstream that maintains stuff, is bash :)
<sarnold> Chet was amazing during the whole shellshocked thing.
<teward> sarnold: indeed.
<teward> Patrickdk: heheh
<Patrickdk> hey, it made life easy for me to backport that crap to debian v4
<teward> urgh, debian 4...
<teward> makes me glad I use Ubuntu, I don't have to deal with massive version changes from one release to another, as much...
<Patrickdk> well, not my fault
<Patrickdk> company I contract for, bought another company
<teward> heh
<Patrickdk> they where working on a new product (fully deployed on 13.10? why? not lts?)
<Patrickdk> and the old system that was in, self-manage mode, was left from years ago, on debian4
<teward> Patrickdk: at least you aren't having to take 14.04 patches and taking them back to Hardy, or god forbid Dapper, versions
 * teward had a case where he had to do that :/
<sarnold> Patrickdk: zounds...
<Patrickdk> I took over maintance a month
<Patrickdk> and hadn't even learned where everything was yet
<Patrickdk> teward, I had already backported around 30 things to trusty, 2months before it was released
<teward> Patrickdk: tell me about it, during the Trusty dev cycle I was already backporting entire packages to Precise just for my own needs, let alone nitpicking security patches
<Patrickdk> no, I mean, to trusty, before release
<Patrickdk> to precise, ya, still doing that
<Patrickdk> I have dropped support for lucid though
<Patrickdk> half my stuff is on trusty
<Patrickdk> the other half, is likely never to upgrade, but will be replaced
<Patrickdk> or run in parrallel, till precise dies
<teward> Patrickdk: funny story: when i took over the nginx PPAs, it was around 12.04 that I took over almost exclusively, and the first thing I did was drop all Lucid support - that was causing headaches upon headaches for me... and I had bad experiences with the interim dev releases so I just started sticking to LTSes
<teward> makes life easier on production systems, sticking to the LTSes
<teward> (so long as you backport software where necessary to support the applications you have to run)
<Patrickdk> why must the rhel installer be so annoying compared to ubuntu
<teward> +1
<acmehandle> Any advice where I should point the 'root' path on my server?  I often hear that /var/www/ is not a good place
<Patrickdk> and I always thought it was /root
<sarnold> Patrickdk: lol
<sarnold> acmehandle: what's wrong with an htdocs of /var/www/?
<Patrickdk> it depends on a crapload of things
<Patrickdk> nothing to do with not a good place :)
<acmehandle> The great thing about the internet is that anyone can be an admin.
<Patrickdk> it is as good a place as any other, depending on how you *configure* your server
<acmehandle> sarnold: I honestly dont know.  For django framework I hear one thing,
<acmehandle> for rails I hear another.
<acmehandle> when talking to apache its another.
<Patrickdk> that is cause they all have their own defaults
<Patrickdk> just adjust it, and make sure you maintain proper security
<Patrickdk> though, with django/rails/...
<Patrickdk> they will be working as fastcgi likely
<Patrickdk> so they don't even have to even care
<Patrickdk> as long as you direct the aliases for their static content, correctly
<Patrickdk> they could even be on totally seperate servers, as far as apache cares
<sarnold> acmehandle: aha. :) there's a fair amount of cargo-culting in some of those communities. It might not hurt to ask "why?" when something seems arbitrary :)
<Patrickdk> :)
<acmehandle> Right, the 'why' is where I have to remember to put on an asbestos suit
<Patrickdk> normally the answer is, cause you have to change it so many times!
<sarnold> sometimes yes :) hehe
<sarnold> I'm a grumpy old grouch so I don't much care one way or the other, hehe :)
<acmehandle> I'm admining my own vps webserver. So honestly I dont care.  I'm going to experiment with nginx this time around and hopefully experiment with django and rails
<acmehandle> and some javascript
<acmehandle> I personally dont even care about nginx or apache for that matter, but from what I gather so far if I want to do any kind of web sockety stuff I need nginx
<acmehandle> But I thought there were some kind of genuine security concerns the way everyone makes it sound about /var/www/ or wherever.
<sarnold> acmehandle: I found nginx easier to configure than apache; I've never pushed either one far enough to worry about their performance
<sarnold> acmehandle: I really don't like the debian style of having the apache or nginx process owned by user www-data --- the name encourages people to set the owner of their web contents to www-data. But you don't want the web server to have write access to anything, beyond its log files and maybe a database / fcgi socket ...
<sarnold> acmehandle: I wish the web server ran with a username like www-exec or www-prog or something that didn't scream "chown all your files to me"
<teward> sarnold: and, in the case of dynamic PHP apps like forums, the forums' cache folder, is sometimes ok to write to.
<acmehandle> Yes, thus far thats what I hear quite often.  Only thing that bothers me is I spent time on figuring out the proper settings I need for apache on one vps and somehow by magic all my settings were rolled back.  So now I'm in the process of transfering to another vps and am starting from scratch, so to speak.  At least this vps runs ubuntu 14 whereas the other one was 10.04.
<sarnold> teward: ahh, yes, I always forget about php. (It's not like I _try_, I just don't think of it often. :)
<sarnold> acmehandle: yikes and yikes :)
<sarnold> acmehandle: that can sometimes happen when they've got some helper frontend like cpanel or whatever. blech.
<acmehandle> sarnold: with regards to www-data.  Isnt it user: apache if compiled from source?
<sarnold> acmehandle: or httpd or something, yeah
<sarnold> acmehandle: this is a failing in debian policy, a failing ubuntu has inherited.
<acmehandle> Ah right.
<acmehandle> The thing that bothers me mostly about nginx is its thin license.
<acmehandle> I get this sense like they can yank the public license at any time
<acmehandle> then all those big fancy lovely websites running on nginx would be the only ones who could afford nginx
<Patrickdk> heh?
<Patrickdk> why would that matter?
<Patrickdk> the older releases would still be available
<Patrickdk> and can be forked
<sarnold> a great many projects have contributor license agreements that allow relicensing to e.g. BSD or MIT -- which amounts to much the same thing
<grendal_prime> I got docmgr up and working but it will not index word documents
<faraway> hi, I installed ruby2.0 on my 12.04 server using the brightbox but currently those a keep back from upgrade as there seems a dep issue âruby2.0 : Depends: ruby (>= 1:1.9.3.1)â  is anyone here also using brightbox?
<lordievader> Good morning.
<adac> ubuntu saves the data in:  /var/lib/postgresql/9.3/main  what exactly happens when there comes postgres version 9.4?
<adac> would then change the data directory too?
<pmatulis> morning
<lordievader> Hey pmatulis, how are you doing?
<pmatulis> lordievader: tired, i need some ginseng
<lordievader> Not coffee?
<ObrienDave> coffee 1st
<K4k> Is there a way in apt to set an alternate mirror for a repository should the primary one be unavailable for some reason? What I'm trying to do is force clients to use our internal package repo when onsite but still be able to get updates offsite since the internal mirror will not be facing outside the firewall.
<jpds> K4k: Yep, just have another 'deb' line for the repo in sources.list.
<jpds> K4k: apt ignores the things it can't get to.
<K4k> Is there a way to set a priority on the deb entries or does it just pick the one that's listed in the file first?
<jpds> K4k: It takes what it can.
<K4k> For example, could I use two different sources.list.d files with 01-internal and then 02-external as the source file names?
<genii> !pinning
<ubottu> pinning is an advanced feature that APT can use to prefer particular packages over others. See https://help.ubuntu.com/community/PinningHowto
<K4k> genii: thanks!
<genii> K4k: Yer welcome :)
<jpds> K4k: Pinning is something different.
<jpds> K4k: If the repos have the same packages, it doesn't matter.
<genii> jpds: It's usual usage is to freeze a file at a particular version or to only use one from a particular repository. But it is more flexible than people think.
<K4k> jpds: yeah, was just reading that... it can set priority but doesn't look like you can pin priority based on repo, only per package.
<jpds> K4k: Another thing you can do is a DNS hijack.
<K4k> Would have to be on the client side using dnsmasq... which sounds ugly and error pron
<jpds> K4k: Have like; gb.archive.u.c go to an internal IP as opposed to the real one.
<jpds> What's wrong with dnsmasq?
<K4k> Having to muck with DNS resolution client side just seems like a bad idea to me
<jpds> Well, It Works.
<K4k> How would I do that anyway. I would need some sort of conditional based on their interface IP?
<jrwren> does apt-cacher-ng help achieve your goal?
<jpds> apt-cacher-ng is so unreliable.
<jpds> squid-deb-proxy++
<K4k> Was looking at approx, apt-cacher-ng and apt-proxy(?) and none of them seem to do what I need the way I need to do it. They all do some part of it though
<jpds> K4k: You tell dnsmasq: if you see a request for; archive.ubuntu.com, give it this A record -> 10.0.0.2, etc.
<jpds> Where that A record is your internal mirror.
<K4k> and when they're not on the internal network, how would it fall back to using the actual archive.ubuntu.com address?
<jpds> K4k: Yes.
<jpds> K4k: You set that on your LAN's DNS server.
<jpds> K4k: Nothing special on the clients.
<K4k> I don't have control over the LAN DNS unfortunately :(
<K4k> Well... let me rephrase that
<K4k> It's a windows DNS server. I'm not sure if it can do that
<genii>  Hm. Conceivably you could just have a post-up directive  for the ethernet adapter which decides where it's connected, and sets the Dir::Etc::sourcelist "sources.list";  variable to something appropriate
<jrwren> if only upstart had a network-changed event you could toggle between sources.list files using it.
<jrwren> what genii said.
<jrwren> I forgot about post-up
<K4k> some sort of client side resolution timeout would be all I'd need really. `if archive.ubuntu.com; then go 10.0.0.2; redirect after 30s back to archive.ubuntu.com proper`
<K4k> but I'll investigate all of these possibilities. They all sound good.
<genii> K4k: Apologies for not properly understanding your original question, had to go back up and carefully read it first :)
<jpds> K4k: Could you do a transparent proxy on the LAN?
<K4k> jpds: I don't think so, not easily.
<NigeyS> afternoon :)
<NigeyS> can anyone recommend a way to get a file from server1 to server2 using scp as root without hardcoding the password into the script that runs it?
<jpds> NigeyS: SSH key.
<K4k> pubkeyauth?
<jpds> NigeyS: And whatever you do, use a forced command: http://binblog.info/2008/10/20/openssh-going-flexible-with-forced-commands/
<NigeyS> jpds we use ssh keys currently .. if i use ssh key via a bash script, and it prompts for a password does that interrupt the script at all ? .. trying to scp apache configs to server2 after creating them on server 1 but dont want to use a hardcoded password in the script, or paswordless ssh keys, work will fire me for that !
<jpds> NigeyS: The SSH key has a passphrase?
<NigeyS> no, not by default on AWS instances, if i enable it it enables passwords for all users right ?
<jpds> NigeyS: You're talking about two different things.
<NigeyS> oh sorry see what you mean, keyphrase on the key itself
<K4k> NigeyS: for that purpose I typically use Git, actually
<jpds> NigeyS: If the key has no passphrase, it shouldn't prompt for one in the script.
<NigeyS> currently it doesnt no, i could add that to server 2's ubuntu user, but how do i sudo to get that file in /etc/apache2 within the script ?
<K4k> you can do the transfer with a non-root user and then use a git-hook to put the file from the local git repo in to the web directory using root locally on the system
<NigeyS> oh, thats something i havent heard of before
<NigeyS> i guess the other option is to put configs in a dir that doesnt require root access
 * jpds wonders why system1 should be poking with server2's apache config.
<K4k> Others may have a different opinion on that but that's how I manage all of my websites so that I don't have to deal with sftp or scp when I update site content
<NigeyS> jpds cluster of web servers, configs have to be kept in sync
<K4k> or you could configure ACLs for limited access to the directory by an unprivileged user
<jpds> NigeyS: Well, use something like Puppet for that.
<K4k> ^^^
<NigeyS> cant have test.com exist on server1, and not server2 as theyre load balanced.
<K4k> puppet
<jpds> NigeyS: Puppet, Chef, salt, ansible, are all built for this kind of thing.
<NigeyS> thats a bit overkill for something thats only going to happen a few times amonth at the most.
<jpds> Your life will be a happier place than having root run around with shell scripts.
<NigeyS> thats a fair point
<NigeyS> ideally i like the config on the nfs mount and they dont have to be copied anywhere but dammed if i can find how to tell apache to look there for them, on ubuntu at least.
<K4k> symlink?
<jpds> NigeyS: Yeah, and there's the NFS server dying.
<jpds> NigeyS: And your HA cluster going along with it.
<NigeyS> i really dont want to symlink to nfs for that very reason
<K4k> Just HA all the things
<jpds> Automate all the things.
<NigeyS> so far everything but this is automated :)
<K4k> soooo... then we're back to puppet jpds?
<K4k> :P
<jpds> Why not.
<NigeyS> lol ok! i'll go look at puppet :)
<K4k> If not puppet then, personally, I'd use the git-hooks but even that's kind of iffy
<jpds> NigeyS: And with puppet, you can tweak a lot more than just Apache.
<NigeyS> thats true, i will go read :) thanks for the advice
<NigeyS> while i'm here, any of you ever had a situation where your gss.d and statd logs were filling up with lines of "y" to the point where it uses 30GB in a few hours ?
<K4k> Is anyone here using foreman? I am working on our package management systems, since we have to re-vamp everything for RHEL7 anyway, and saw that Foreman can manage both Redhat and Ubuntu packages but some material was talking about using Katello as well, is that something that works with Ubuntu or is that soley a RHEL thing?
<K4k> And how do you like foreman if you are using it?
<jpds> I've been meaning to try it but haven't had time to do so yet.
<Ameurux> hi
<Ameurux> anyone know if  pxelinux.0  is added on the FIX?
<jpds> Ameurux: FIX?
<Ameurux> it's a bug
<jpds> Which bug?
<Ameurux> pxelinux.0 is missing on 14.10
<jpds> Ameurux: Erm, no.
<jpds> Ameurux: pxelinux.0 is a file you're suppose to create for your PXE server.
<Ameurux> ok, thx, Im just trying to get PXE server working on 14.10
<Ameurux> will give it a try
<Ameurux> thx
<K4k> genii: Looks like post-up.d script will do what I need. I can have it try to resolve the address for our internal mirror and if successful I can set a line in /etc/hosts to re-point archive.ubuntu.com to our internal server
 * jpds really doesn't like the sound of network stuff poking files in /etc.
<K4k> * or set up something in dnsmasq
<jpds> One day you'll wake up and find your /etc/hosts file is empty.
<K4k> heh... yeaaahhhh
<K4k> PUPPET!
<K4k> :P
<NigeyS> Warning: Do not use this module on an existing Apache setup. It will purge any Apache configurations that are not managed by Puppet.
<NigeyS> thats not very good of puppet..lol
<jpds> NigeyS: It is.
<jpds> NigeyS: If it's not managing it, it shouldn't be there.
<NigeyS> but i have already set up and installed apache..
<jpds> It's too avoid config conflicts.
<jpds> NigeyS: Last thing you want is to have "www.test.com" by hand.
<jpds> NigeyS: Then add a vhost in Puppet for "www.test.com".
<jpds> NigeyS: And then Apache dying as there's two configs for that domain.
<NigeyS> yup, there's that !
<K4k> It's fairly straight forward to tell puppet "deploy this config file". Though it is proper to use the Apache modules you can just say "put this file here"
<K4k> If all you're using it for is to deploy a couple of configs to two different systems, that's going to be the path of least resistence to get it working and then you can worry about migrating to the "proper" way later
<jrwren> NigeyS: chown the config files you want to copy to some non-root sentinel account and scp using that?
<jpds> jrwren: ...
<K4k> XD
<jrwren> NigeyS: are you using an ssh-agent?
<K4k> OH! You don't need a puppet server to do what you want. You could put the puppet manifest that manages the config file on an NFS share and then there is a flag for puppet-agent you can use on the client to just read from that "local" manifest file
<K4k> I just remembered that
<NigeyS> sorry just got back.. let me read up :)
<NigeyS> jrwren good idea, turns out this script ive been writing doesnt want to work properly anyway lol maybe thats a sign ;)
<NigeyS> anyone care to take a look and see why im getting some funky errors? http://pastebin.com/HL36G0Tp
<NigeyS> ./Test2.sh: 10: ./Test2.sh: function: not found
<NigeyS> ./Test2.sh: 13: [: =: unexpected operator
<NigeyS> ./Test2.sh: 21: [: =: unexpected operator
<patdk-wk> not really
<patdk-wk> but likely cause the script was written in bash and not dash
<NigeyS> well,it works fine without my new $restartapache commands, but theyre just a duplicate of $needdb .. so i dont get why it doesnt work
<jrwren> NigeyS: bash v. dash?
<NigeyS> wouldnt that cause it to not work at all in bash though?
<acmehandle> How can I find out if openssl was built with tls compression enabled?
<jrwren> NigeyS: no.  anyway, I think you want function createsite() {.. }
<acmehandle> Sorry if this sounds like a stupid quesiton
<NigeyS> jrwren okies, ill keep fiddling
<NigeyS> jrwren works fine i removed #!/bin/bash by mistake
<jrwren> NigeyS: :)
<NigeyS> but just realised that script will cause apache to fail
 * NigeyS needs more coffee
<patdk-wk> acmehandle why does it matter?
<jpds> NigeyS: http://paste.ubuntu.com/9355999/
<jpds> NigeyS: That was easy.
<NigeyS> jpds legend! lol
<acmehandle> Because I dont want RC4 enabled on my server.
<patdk-wk> what does compression have to do with rc4?
<NigeyS> but theres a few extra things id have to get puppet to do aswell, like insert the user data to the auth database etc
<jpds> NigeyS: Though, I've not tested it, and you'll probably need to load a CGI module.
<NigeyS> acmehandle try openssl version -a
<acmehandle> patdk-wk: it is similar in nature.
<patdk-wk> heh?
<patdk-wk> rc4 is cipher
<patdk-wk> compression is well, compression
<patdk-wk> totally different in nature
<NigeyS> jpds i need to chage that script quite a bit as far as the vhost settings go, we dont use cgi anymore for example, and i dont think all those options work with 2.4
<acmehandle> patdk-wk I'll admit I'm not an expert but:  https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what
<patdk-wk> I can understand rc4, it's not very secure anymore
<acmehandle> In the System Administrators section
<K4k> jpds: It looks like dnsmasq, using the -y flag, can select an IP from /etc/hosts for a given hostname that is on the same subnet. That might work for what I was trying to do earlier.
<patdk-wk> acmehandle, yes, but that website is talking about scope
<patdk-wk> the only tls compression attack is crime
<patdk-wk> and that requires you to send repeated data at the start of the session
<patdk-wk> it doesn't apply to openvpn
<RoyK> hi all. I have a wee problem here, not really related to ubuntu server, but I hoe it's not too offtopic. I login to this host, call it A, and I run xfreerdp from there and to a windows server on a closed-off network
<RoyK> now, xfreerdp and xquartz aren't good friends, so it the keyboard doesn't work. I can't use rdesktop, since the windows servers require crypto not supported by rdesktop. I don't have a linux machine here atm, so wonder if it's possible to do this with some ssh tunnel magick
<RoyK> the host A is heavily firewalled and only answers to 22/tcp. From there on, it's fairly open
<patdk-wk> sure as long as they didn't disable ssh tunnels/forwarding
<RoyK> patdk-wk: I didn't :P
<patdk-wk> it's common for me to disable those now :)
<patdk-wk> had too many people abusing them
<RoyK> patdk-wk: not many have access to this box
<patdk-wk> I had some users passwords get compromised
<patdk-wk> and the new *owners*, used ssh to portforward and attack other systems
<RoyK> patdk-wk: it requires both key and password, so it's a bit hard that way
<RoyK> patdk-wk: and company policy is to require password protected keys
<jrwren> RoyK: ssh -n -N -L 3389:windows-server:3389 A ; remote desktop to localhost
<patdk-wk> if you use remmina, it has an option under ssh to do it for you :)
<grendal_prime> ok soooo after i got this thing up and running and everything seems to be working right, I transfered the vm to the production server and although it seems to be up and working correctly i cant log into the web interface.
<grendal_prime> ip address is differnt, is there something i need to change ...listening address or such on the alfresco server?
<hadifarnoud> I have never setup an email server. can someone see this tutorial and tell me how I should setup outgoing server on my Mail client? http://www.krizna.com/ubuntu/setup-mail-server-ubuntu-14-04/
<hadifarnoud> I used standard default setting (port 25 with password auth)
<grendal_prime> ok...dont know why but it just...started working
<bekks> hadifarnoud: USe this one: https://help.ubuntu.com/community/Postfix
<grendal_prime> is it possible to connect this to an existing filer?  Whe have a samba based cifs server that already has a bunch of document on it.
<jamespage> tyhicks, kirkland: have you seen this bug ? https://bugs.launchpad.net/ecryptfs/+bug/1328689
<uvirtbot> Launchpad bug 1328689 in ecryptfs-utils "ecryptfs-utils does not work with Ubuntu 14.04.1" [Undecided,Confirmed]
<tyhicks> jamespage: I've seen the bug report but haven't had a chance to look into it
<hadifarnoud> bekks: my postfix config for smpt is "submission inet n       -       -       -       -       smtpd"
<hadifarnoud> not sure what "chroot" is for but it is not set to "n"
<hadifarnoud> what is starttls in postfix? right at the end of this tutorial, there is an example conf for mail client. I have no option for "STARTTLS" on OSX Mail.
<teward> hadifarnoud: might be 'SSL/TLS' or just 'TLS'
<teward> (at least in OSX mail)
<hadifarnoud> teward: I've got 'Use SSL' next to port and 'TLS (External client certificate)' in authentication.
<hadifarnoud> bit confused. that means I have to provide a certificate to OSX Mail?
<patdk-wk> no idea
<patdk-wk> funky osx
<hadifarnoud> teward: also, there is an option for TLS certificate.
<hadifarnoud> bloody OSX Mail
<hadifarnoud> I guess SSL check box next to port is sort of TLS.
<hadifarnoud> fault might be with my server setup
<tyhicks> kirkland: re: bug #1328689> When running the adduser --encrypt-home command, it proceeds to try to mount the home directory before prompting for the user's password
<uvirtbot> Launchpad bug 1328689 in ecryptfs-utils "ecryptfs-utils does not work with Ubuntu 14.04.1" [Undecided,Confirmed] https://launchpad.net/bugs/1328689
<tyhicks> kirkland: so a valid auth tok obviously isn't in the kernel keyring yet
<hadifarnoud> seems like my sever blocks connection from other IPs. I get this error in syslog "SSL_accept error from unknown[31.159.97.167]:"
<abrams> hello :)
<pmatulis> hello there
<abrams> guy's I have a problem with Unity desktop
<abrams> i can't find resolution
<pmatulis> abrams: try #ubuntu , this is the channel for ubuntu server
<pmatulis> see topic â
<abrams> When I try to drag and drop icon from unity to desktop
<NigeyS> anyone know if i put an IncludeOptional into apache2.conf and it points to vhost configs, do i still have to run them through a2ensite?
<abrams> ok
<abrams> sory :)
<pmatulis> abrams: is ok
<kully3xf> what's up all. How can I compare many text file's contents in two directories?
<kully3xf> diff -r dir1 dir2?
<kully3xf> will that compare the file's contents or just if the file exists
<elliotd123> anyone know if there's software out there that can basically let me run proccesses with the GPU instead of the onboard CPU?
<genii> Probably the closest thing would be anything compiled using CUDA, but you'd also need an NVidia for that
<elliotd123> that's ok, so I'm not familiar with CUDA, is that a compiler?
<genii> elliotd123: It's a parallel-processing library from NVidia. It uses the cores of their GPUs
<genii> elliotd123: If an app is compiled from source with CUDA enabled, it will use the NVidia card to run them on.
<elliotd123> Sounds intriguing. I'll look into that. Thanks, genii
<acmehandle> Is there a difference if I install something using just apt-get versus something from ppa?
<acmehandle> I often see suggestions to install someting using PPA and I am wondering how necessary that might be
<Patrickdk> it is the same thing
<Patrickdk> just ppa normally means, not maintained by ubuntu
<genii> Some PPA are more trusted than others, like for instance xorg-edgers
<Patrickdk> I trust my ppa a lot
<mapleton> I have a problem with Bind9.8 and Samba4(latest git) on Ubuntu Server 12.04.5LTS.  I'm trying to get DNS_DLZ working.  The DNS server was starting without the dynamic zones, and doing lookups fine, but integrated it hasn't started;  AppArmor is throwing a permissions error on /usr/local/samba/private/dns/sam.ldb (just wants r.)  I see the line for that file in /etc/apparmor.d/local/usr.sbin.named  (named is the bind user accoun
<TechIsCool> how do I give a different user access to a single file
<TechIsCool> I still need to allow the access to the file from the origingal group and user
<Patrickdk> make a new group
<Patrickdk> enable and use acl's?
<sarnold> mapleton: you were cut off at "bind user accoun"
<sarnold> mapleton: if you have a line /usr/local/samba/private/dns/sam.ldb r,   in your /etc/apparmor.d/local/usr.sbin.named file and your main /etc/apparmor.d/usr.sbin.named file has an #include <local/usr.sbin.named> line, then you just need to reload the profile; apparmor_parser --replace /etc/apparmor.d/usr.sbin.named   should do it
<mapleton> thanks, sorry.
<mapleton> was basically complete.. gonna give that a shot
<mapleton> okay... got a little further.   "could not create /var/run/named/session.key"  I'm guessing its a permissions issue, since I'm no longer running bind as the default.  The samba wiki mentions (for the zone files) to chown named:named and chmod 640.  Does that apply here?
<sarnold> mapleton: sorry, dunno there; it could be apparmor again.
<sarnold> mapleton: check again for more DENIED lines in dmesg
<mapleton> No Apparmor DENIED now, just a couple of permission errors, both in that directory.  Is it safe to add the chown and chmod 640 permission to /var/run/named/?
<sarnold> mapleton: it's probably safe
<sarnold> .. I'm not an expert on either one, but some user account has to own them, and it could either be bind or samba, depending upon how they are modified..
<mapleton> one more thing, I guess:  how do I find the current ownership and permissions stats of a file
<sarnold> mapleton: ls -l is the easiest
<sarnold> mapleton: stat /path/to/filename can also show you
<keithzg_> Hrmmm, does postfix filter relay recipients only during an actual connection to the relay?
<mapleton> many thanks for your help, btw.. sarnold.. its my second day on ubuntu
<sarnold> mapleton: welcome aboard :)
 * keithzg_ is seeing a server just deferring mail to addresses that in theory should be filtered out by our relay_recipients
<sarnold> mapleton: could you file a bug against apparmor (ubuntu-bug apparmor) once you've gotten it sorted? we may want to add the rules you needed to the default profile
<mapleton> will do, thanks
<mapleton> although I do feel a bit of a 'computer user, non-technical' so was thinking its more user error than anything ;)
<sarnold> mapleton: hehe, not a bad first instinct, but it could be the others who have done this setup before you didn't report bugs either, hehe :)
<mapleton> screw it... chmod 666 -r /
<sarnold> hehe
<mapleton> okay.. I've exhausted the troubleshooting steps I could guess at.  I even added (and reset) the directory to apparmor (** rwk) in case...  "Could not open '/var/run/named/named.pid',"could not create /var/run/named/session.key"  I used stat, and not entirely sure I know what I'm looking for, but its chmod is 664
<mapleton> I changed ownership to named.  I assume the error "named[1913]" means thats the executable context (the daemon named)
<sarnold> mapleton: correct, the 'named' comes from the process's "comm" field (first 16 bytes) and the 1913 is the pid of the process
<mapleton> chown -r named /var/run/named did it.  one more error, but hey.. probably similar
#ubuntu-server 2014-12-04
<Ironlenny> I am trying to setup a license server. My problem is, the server deamon is hard coded to look for mac address at eth*, but they are enumerated as em*. Thus the deamon cannot find the mac address and refuses to boot. I have tried changing udev rules, but it either doesn't take affect or does and I lose network connectivity. I have also tried setting biosdevname=0. This again works (the nics are enumarted as eth*), but I lose
<Ironlenny> network connectivity. Does anyone have any suggestions?
<sarnold> Ironlenny: try "sudo ip link set dev em<n> alias eth0"  ?
<Ironlenny> sarnold: sudo ip link set dev em4 alias eth0
<Ironlenny> ifconfig: em4
<mapleton> so.. playing a little with permissions, it seems that I'd need to do 777s all down the line backtoward /   so, I'm assuming using ACLs is the answer (if I want to leave the directories as user root.root) but give access to a particular user
<sarnold> Ironlenny: no luck? :(
<Ironlenny> sarnold: nope
<sarnold> mapleton: yeah, anytime the solution looks like 777 it's probably not a great solution :)
<sarnold> mapleton: what's still busted? it sounded like you were close before
<mapleton> Sorry.. wife aggro.  It was "Failed to connect to /usr/local/samba/private/dns/sam.ldb", figured it out by noticing I couldn't change directory INTO the private and DNS directories
<mapleton> as a regular user... of course not normally a prob because bind normally runs as root, but I don't run anything as root if I can help it
<sarnold> mapleton: was that from bind or samba? did any other log messages say why it couldn't "connect to" the file? (that is a file, right? not a socket?)
<mapleton> I'm guessing bind since samba is still root
<mapleton> Yeah, now adding execute to those (but not 777) the message is "samba_dlz: ldb: module partition initialization failed : insufficient access rights," so just learn how to ACL and apply those and sounds like I should have this figured out
<rsully> Is there any difference between https://cloud-images.ubuntu.com/releases/trusty/release/ and https://cloud-images.ubuntu.com/releases/14.04.1/release/ ?
<jrwren> rsully: nope.
<rsully> ok just needless duplication :/
<jrwren> pretty sure its symlinks under the hood
<rsully> ah ok - if it did it on the frontend it would be much less confusing
<jrwren> rsully: you can always look at the SHA256SUMS files and see if they match
<rsully> not reasonably with my current internet speed :p
<rsully> ah i see - the actual files
<jrwren> right.
<D3V> does anyone have a copy of webmin deb the sourceforge for it is down
<LinStatSDR> Sourceforge is down D3V?!?
<D3V> yeah LinStatSDR
<LinStatSDR> This is not good.
<sarnold> both apt repositories listed at http://www.webmin.com/deb.html are alive and well; please reconsider if you really want to use webmin or cpanel or other similar tools; they are often easily hacked.
<sarnold> if you don't mind sharing your computer with the russian mafia or the chinese military or the NSA, knock yourself out :)
<LinStatSDR> um what sarnold?
<Patrickdk> :)
<Patrickdk> ya, they so wanted to install new *management* software to run everything here
<Patrickdk> user accounts, billing, ...
<Patrickdk> I installed it
<Patrickdk> took 4 hours
<LinStatSDR> System Center 2012
<LinStatSDR> Go go!
<Patrickdk> found out the *admin* password is md5 hash, no salt
<Patrickdk> filed a bug report, they never fixed the issue, we never used the software
<LinStatSDR> don't tell me, the plaintext was admin1234
<LinStatSDR> or password
<Patrickdk> plaintext doesn't matter
<Patrickdk> I could have been an extreemly good password
<Patrickdk> doesn't help against rainbow tables
<LinStatSDR> Yeah, this isn't a skiddles commercial where tasting the rainbow is a good thing.
<LinStatSDR> skittles
<acmehandle> Is rsync being installed a security risk?
<Patrickdk> depends
<Patrickdk> a computer even existing, is a security risk
<Patrickdk> having any employees, including yourself, is a huge security risk
<acmehandle> Right now when I run service --status-all rsync has a minus next to it.  But I want to be sure it is completely disabled.
<acmehandle> I received a logwatch email and one of the packages recently installed is rsync.  So I'm looking over the packages and I'm trying to determine how much I need to have rsync
<jrwren> a good password does help against rainbow tables. that is the whole point.
<Patrickdk> jrwren, no
<Patrickdk> a good password hopefully hasn't been rainbowed yet
<Patrickdk> but salts are what helps, cause it makes the rainbow tables that much larger
<jrwren> Patrickdk: yes. :)
<jrwren> Patrickdk: rainbow tables have probably grown since I last looked.
<jrwren> Patrickdk: do they go to 20+ character of [a-zA-Z0-9!@#$%^&*()-_=[]{}\|;;"',<.>/?] yet?
<Patrickdk> they have for awhile
<Patrickdk> ones you can order
<Patrickdk> I'm sure peoples personal collections are larger
<jrwren> Patrickdk: ouch.
<acmehandle> On a different note, I am going to run nginx -> gunicorn -> django
<acmehandle> According to gunicorn docs:  http://docs.gunicorn.org/en/latest/run.html#django
<acmehandle> It suggests one way to run gunicorn and django.  But nothing that correlates with how ubuntu seems to have implemented gunicorn
<acmehandle> I have a gunicorn-django command and I dont know that I should use it.
<acmehandle> I have a gunicorn.d directory in etc for the config files.
<acmehandle> But again, no reference near as I can tell in the docs.  Unless I missed something,.
<jrwren> acmehandle: i don't know gunicorn, but if debian does things to it like they do it uwsgi, its a debian/ubuntu thing. i think that is what /etc/dunicorn.d is all about.
<jrwren> acmehandle: did you read the README.Debian file from gunicorn pkg?
<acmehandle> jrwren, I have not.
<acmehandle> How do I read the README file?
<jrwren> acmehandle: dpkg -L gunicorn
<jrwren> acmehandle: its probably a file in /usr/share/doc/gunicorn
<acmehandle> It appears there are examples to go by in /usr/share/docs/gunicorn/examples
<acmehandle> But no README with any relevant info.  Just a brief list of django versions
<acmehandle> and dpkg -L yields a longer list.
<xibalba> any tshark ninjas in here? i need some help dumping the data going across http
<xibalba> this is what i've got so far, tshark -i en0 -f "port 3000" -d tcp.port==3000,http -Y http -e http.response -T fields -e ip.host -e tcp.port -e http.request.full_uri -e http.request.method -e http.response.code -e http.response.phrase -e http.content_length -e data -e text  -o "ip.use_geoip:FALSE" -V
<xibalba> though it displays the TCP data too (headerS) which i doont care for. i just want to see the post/response data o my http server
<pmatulis> what's a tshark?
<xibalba> wireshark cli
<pmatulis> dunno, i use tcpdump
<xibalba> i do too usually
<xibalba> tshark can go a little further
<pmatulis> how so?
<xibalba> protocol decoding
<pmatulis> will study thx
<xibalba> how would you spew out the http traffic in tcpdump?
<xibalba> w/out all the hex, i know you can use -X
<lordievader> Good morning.
<whatupx> load the tcpdump file in wireshark
<whatupx> https://stackoverflow.com/questions/19597903/how-to-capture-remote-system-network-traffic
<Kartagis> whatupx: can tcpdump listen to a wireless network? if yes, should I listen to wlan0?
<tiny> mounting NFS share takes to long. If I mount from debian box NFS share instantly mounted. Enabling NEED_GSSD=YES didn't solve the problem. Tips welcomed.
<tiny> this is a client issue since others can mount and mount fast
<tiny> I've enabled debug nfs on client and I'm not seeing other issues except:
<tiny> Dec  4 10:04:58 arhiv kernel: [   77.092159] RPC: AUTH_GSS upcall timed out.
<tiny> Dec  4 10:04:58 arhiv kernel: [   77.092159] Please check user daemon is running.
<tiny> Just fyi,  someone should fix captcha on "create new account" for bug reports. I tried to fill in one but failed.
<tiny> This is clearly an issue with latest LTS server. Other reporting.
<wildwind> Please point me to some good guides on setting up PXE environment. I want to have several Linux images on the server (different distros, releases, archs etc.) for testing purposes and clients on the network able to quickly boot any of them. For client, it should be the same experience as booting LiveCD.
<erhuio> hello anyone there ?
<Thumpxr> hey, i have a root with ispconfig for managing my website. this stores the website-files/folders in /var/www/xyz.   but as i have 2 partitions (/home and /) i run out of space in "/". is there a way to store the files in /home/www/xyz but make them usable as if they are in /var/www/xyz ?
<mardraum> Thumpxr: move the files and change the relevant configuration in your web server
<Thumpxr> mardraum: i thought about this. but will php etc still compile ?
<Thumpxr> mardraum: or suexec ?
<mardraum> I don't think they have any relation to where you locate files for your web server to serve
<wildwind> Thumpxr: if you maintain access rights on those files the same, everything should work as before. Also don't forget to change paths in ALL config files involved.
<Thumpxr> ok
<NigeyS> morning :)
<caribou> is there an 'easy' way to get cloud images into the local uvtools repository when they're not in cloud-images.ubuntu.com/daily
<caribou> I mean, I want to add a vivid image to my synced repo
<caribou> should I create my own local simplestream repo for those ?
<caribou> nevermind; I found what I needed : --source http://cloud-images.ubuntu.com/daily
<Kartagis> can tcpdump listen to my wireless network? if yes, should I listen to wlan0?
<caribou> Kartagis: just try it & see if you see packets go by : tcpdump -i wlan0 (or is it -I)
<Kartagis> -i
<caribou> Kartagis: tcpdump -i wlan0 works for me
<caribou> well, sudo tcpdump
 * smb pokes hallyn again (qemu in vivid missing to create kvm-spice symlink)
<nivv> Hey! My ubuntu 12.04 server running nginx have some problem. I asked tech support and they said there might be a botnet and or root kits on my server
<nivv> Problem is that some process is hogging all of the network bandwidth so I can barely SSH into it
<nivv> He gave me this log: http://paste.jesse-obrien.ca/1ber
<miccheck> hi there. i'm trying to scp from a local mac to a remote ubuntu vps. it keeps asking for my user password for the vps account. can i include the ssh private key in the scp call so that i don't have to provide a password?
<Pici> iirc, use the -i argument: -i /path/to/keyfile
<miccheck> ok, so that works with any command then?
<miccheck> another question. if i wanted to setup an autobackup cron on the vps to scp stuff back to my mac, i would have to have a static ip address, right?
<nivv> Is PID always the same for a process?
<miccheck> or is it doable another way?
<nivv> No ideas?
<Pici> nivv: PIDs are static for the entire lifetime of a process. Of course if the process is run again, it will be assigned a different PID
<nivv> Pici, ok, thought so.
<nivv> Pici, what am I supposed to do if a bogus process is using up bandwidth?
<nivv> The process was run as root accroding to the tech support
<nivv> Problem is, it is really hard for me to check during the "attacks" because the only way I can reach the server is via SSH
<nivv> Pici, does this say anything to you? http://paste.jesse-obrien.ca/1ber
<nivv> full message: http://paste.jesse-obrien.ca/1bfK
<Elion> hi, i'm on ubuntu server 14.04 x86_64 on a 4GB(4*1GB) RAM server, but in linux i only see 2G with free, how can i use the all 4GB ?
<Elion> (with dmidecode -t 17 i found 4*1GB)
<lordievader> Elion: 32bit os?
<Elion> lordievader: x86_64 => 64bit
<lordievader> Ah missed that, haven't said a thing ;)
<Elion> lordievader: no problem :)
<LinStatSDR> Hello all.
<lordievader> Elion: Could you pastebin your "free -m" output?
<Elion> fail : it's actually a debian server XD
<Elion> lordievader: https://gist.github.com/Nox-404/5e6d8d078a14e391492b
<lordievader> Well, ain't that odd...
<pmatulis> Elion: dunno, maybe try a debian channel
<Elion> pmatulis: j'y suis :)
<pmatulis> Elion: merci
<Elion> pmatulis: XD i answered in french
<pmatulis> Elion: moi aussi!
<acmehandle> I'm installing postgresql on my ubuntu-server and it says processing triggers, does it normally take a long time to do that?
<pmatulis> acmehandle: how old is your hardware? :)
<acmehandle> 4 core xeon.  But it seems to have finished.  I was just worried it was hung.
<acmehandle> apt-getting postgresql-contrib now and thats processing triggers.
<acmehandle> Looks like its taking longer than just postgresql
<JayJ> tftpd-hpa is listining only on udp6:69 not on udp IP4. Can anyone tell me why it doesn't listen on udp ipv4? This is on Ubuntu 14.04
<patdk-wk> I don't know what a udp6 is
<patdk-wk> what does it *actually* say?
<JayJ> udp6       0      0 :::69                   :::*                                997/in.tftpd
<JayJ> patdk-wk: ^^^
<JayJ> that's the netstat -anlp output
<JayJ> patdk-wk: That's instead of just "udp" it is listning on "udp6"
<patdk-wk> that doesn't mean ipv6 only though
<patdk-wk> what does, sysctl net.ipv6.bindv6only, say
<JayJ> net.ipv6.bindv6only = 0
<patdk-wk> so anything that binds to ipv6 ::, also binds to ipv4
<patdk-wk> cause ipv4 is mapped inside of ipv6 space
<JayJ> Oh I see..
<JayJ> I did a strace on tftpd, the requests are not even reaching the service. Server seem to be sitting in select call
<JayJ> patdk-wk: ^^^^
<patdk-wk> heh?
<JayJ> patdk-wk: Any idea how do I debug this?
<patdk-wk> and tcpdump shows them?
<JayJ> patdk-wk: Basic PXE setup with dhcp, tftp
<patdk-wk> not sure what pxe/dhcp/tftp have to do with tcpdump
<JayJ> patdk-wk: I mean, I ran /usr/sbin/in.tftpd with strace. Its sitting in select system call. Client request does not seem to reach it
<patdk-wk> yes, and I said, what does it have to do with testing using tcpdump?
<patdk-wk> I asked about tcpdump, not in.tftpd
<JayJ> patdk-wk: Sorry maybe some confusion. I am trying to debug why tftp server is not serving the pxelinux.0 files.
<patdk-wk> and I said
<patdk-wk> did you test using tcpdump yet?
<patdk-wk> you have to start at debugging step 1
<patdk-wk> before you move to step 2
<JayJ> patdk-wk: On it now :)
<JayJ> patdk-wk: 13:11:11.047542 IP 172.16.2.25.34149 > puppet.tftp:  22 RRQ "pxelinux.0" netascii
<JayJ> patdk-wk: The packets are reaching  tftp server
<JayJ> patdk-wk: http://pastebin.com/PWt9pTg3
<lordievader> JayJ: Lots of bad checksums...
<acmehandle> Whats the difference between .bashrc and .bash_profile?
<lordievader> acmehandle: When and where they are loaded.
<lordievader> acmehandle: http://stackoverflow.com/questions/415403/whats-the-difference-between-bashrc-bash-profile-and-environment
<acmehandle> HHhm, so I created a user where I want it to default to python3 virtual env but the log in is always over ssh
<acmehandle> No, sorry wrong.
<acmehandle> It could also be sudo user
<acmehandle> I guess .bashrc
<patdk-wk> jayj, heh? what is up with the bad checksums?
<patdk-wk> I can understand if you did a tcpdump on the sending machine
<patdk-wk> is this a kvm source or something?
<patdk-wk> or xen?
<patdk-wk> did you not disable checksum offloading on the nic?
<acmehandle> If I install libpq-dev and python-dev how will I know they are good for python3?
<jrwren> libpq-dev has nothing to do with python, its just C
<jrwren> acmehandle: python3-dev is what you want for python3, IIRC
<JayJ> patdk-wk:  host puppet (172.16.2.4) is a dhcp/pxe server which is a KVM guest. I'm teting it from 172.16.2.25 which is a baremetal. Ran the tcpdump again http://pastebin.com/cNw2yAu2
<jazzzu> hi, im trying to set up postfix to forward email for a couple of (2 for now) websites. Am i correct in my understanding that i should first configure a 'canonical domain' for the whole machine (a vps) and then add virtual alias domains for the different websites?
<patdk-wk> hmm
<patdk-wk> no, the packet from 172.16.2.25 is bad, bad checksum
<patdk-wk> that should never be the case
<patdk-wk> I could understand if something FROM the machine running tcpdump is badchecksum if the checksum was offloaded
<patdk-wk> but incoming packets should never have badchecksums ever
<patdk-wk> that is why you don't see anything in tftp, cause bad checksums are dropped
<patdk-wk> once you figure out the bad checksum problem, your probably be good
<patdk-wk> try tcpdump on the host? instead of from within kvm?
<keithzg_> Arghhh my day is not looking good. DNS lookup is taking an eternity on the local network, and to top it off, svn commits are telling folks that the post-commit script is failing with error 255 (no output), but the permissions look kosher and the script works fine when invoked manually . . .
<YamakasY> do we need multiverse and restricted on servers ?
<sarnold> YamakasY: maybe; the intel microcode update mechanism is in multiverse (now) and moving to restricted (real soon now)
<YamakasY> sarnold: which mean, we need to pay ? :P
<sarnold> YamakasY: no, just that the results aren't necessarily free software
<YamakasY> ok, I'm checking my sources as my internal mirror has normal packages but fails on stuff, also on i386 which is odd
<YamakasY> sarnold: do you have an idea on that or did we discuss that earlier ?
<sarnold> YamakasY: once you said it, it sounded familiar, but I can't recall any details at this point
<sarnold> YamakasY: I think I recall suggesting adding some [arch=amd64] lines to your APT sources lines or something like that, but left before I found out if that helped anything
<YamakasY> sarnold: I think you were drunkk! :P
<YamakasY> sarnold: you remembered well indeed
<YamakasY> deb-src is not needed on servers which I provision is it ?
<ej> hello
<ej> my gateway isn't being set, I have to do route add default gw 1....
<ej> how can I fix that?
<sarnold> YamakasY: probably not; the deb-src lines are only needed if you want apt-get source to work
<YamakasY> yeah don't need it
<sarnold> ej: check /etc/network/interfaces for details
<YamakasY> and I don't have them locally
<ej> sarnold: I have gateway set in there
<sarnold> ej: and is the gateway reachable with the IP / netmask selected in the same stanza?
<ej> sarnold: yes, iface wlan0 inet static
<ej>         address 192.168.0.2
<ej>         netmask 255.255.255.0
<ej>         gateway 192.168.0.1
<YamakasY> wlan ?
<YamakasY> oh that might be the issue
<YamakasY> which card ?
<ej> some usb adapter
<ej> it works if I set route add default gw...
<YamakasY> and if you set all to dhcp it works I guess
<sarnold> interesting, that looks like it ought to have worked. are there any errors in the logs?
<YamakasY> I have had that once... it sucked on a laptop
<mapleton> I get really suspicious when I don't see an error in the syslog
<mapleton> "its working too well"
<sarnold> mapleton: yes :)
<bananapie> Hi, I have my vm server ( kvm + libvirt + qemu ) which has a load of 25, but top says that the CPU is 90% idle
<bananapie> How is the load average so high if the cpus are all sleeping ?
<sarnold> bananapie: is the system actually unresponsive?
<bananapie> it's randomly slugish and virsh isn't responding to anything
<bananapie> but the vms are stable and not slugish
<sarnold> bananapie: try running 'vmstat 1' -- look for the bi, bo, si, so columns, those show block in, block, swap in, swap out traffic; it might be slow disks or insufficient ram or both
<bananapie> http://pastebin.com/M9LyrDBe
<bananapie> bo is between 60 and 1500
<sarnold> hmm, there's that theory shot :)
<bananapie> bi is between 1 and 150, but I don't know what normal values are :|
<sarnold> interrupts and context switches feel high, but I've not looked on a machine busy multiple busy VMs before, I'm not sure if those values are unreasonable or not
<sarnold> bananapie: I -think- those are 1k "blocks", 152kBps is nothing to worry about :)
<bananapie> ok I killed the only vm server that has any significant amount of network traffic, bi seems lower, bo is still high
<bananapie> also, I just tried to kill -9 libvirtd -d, and nothing happened. It didn't exit.
<sarnold> bananapie: if you're curious you could use the fatrace program to figure out where those writes are going to
<sarnold> but really, those rates aren't going to be the issue...
<sarnold> bananapie: oh, interesting..
<bananapie> I suspect the libvirtd daemon is screwed.
<bananapie> actually, I did kill -9 9660 where 9660 is the process id of libvirtd*
<sarnold> bananapie: try this.. ps o pid,stat,comm,wchan -e
<sarnold> the 'wchan' reports where the process might be asleep in the kernel..
<bananapie> http://pastebin.com/gTZ5KfSq
<bananapie> futex_wait_queue_me
<sarnold> bananapie: ooh looks like a nice computer :) hehe
<bananapie> :P
<bananapie> is it normal to have libvirtd -d twice ?
<sarnold> I only have one libvirtd process
<sarnold> ... but currently no VMs running.
<sarnold> lets start two vms and find out..
<bananapie> ok, on my dev machine only one libvirtd
<sarnold> yeah, only ever one libvirtd process
<bananapie> and I have 4-5 vms.
<bananapie> so I have one unkillable libvirtd and one that is now "defunct"
<sarnold> can you kill its parent? that should reparent it to init, and init should clean up after it
<bananapie> I've also about 30 defunct sshd and two defunct kvm
#ubuntu-server 2014-12-05
<bananapie> this is bad, all the defunct processes have parent process id of 1...
<bananapie> and two /sbin/init running
<sarnold> ...
<bananapie> something has gone terribly wrong on this server.
<sarnold> hmm, the second init might be a user session thing, I've got one of those too: init --user --restart --state-fd 25
<Ironlenny> I have a kvm vm that is using a macvtap bridge, but I cannot get an ip address from my network dhcp server. I'm running 14.04
<bananapie> I rebooted the server. :(
<bananapie> this server has the worst uptime
<bananapie> 267
<bananapie> 267 days*
<Ironlenny> I have a kvm vm that is using a macvtap bridge, but I cannot get an ip address from my network dhcp server. I'm running 14.04
<nivv_> hey guys, how do I block this "user" to do stuff? root@databeredning
<nivv_> what does the @ mean?
<lordievader> Good morning.
<lordievader> nivv_: The 'databeredning' is the hostname of the machine.
<nivv_> ah ok,
<nivv_> When I try to do "iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" I get "iptables: No chain/target/match by that name."
<nivv_> how come?
<nivv_> the input chain is present
<lordievader> nivv_: Your kernel knows conntrack?
<lordievader> Ubuntu kernels should by the way...
<nivv_> lordievader, no idea,
<nivv_> Do I need to install it?
<lordievader> nivv_: What does "sudo lsmod|grep conntrack" return?
<nivv_> lordievader, hold on, I'll check. The tech support says that my server is being hacked
<nivv_> using up loads of network bandwidth so I can barley ssh into the machine
<nivv_> not seeing anything on nethogs or iftop
<nivv_> lordievader it returned nothing, blank line
<lordievader> nivv_: Do you run the default Ubuntu kernel?
<nivv_> "Welcome to Ubuntu 12.04.5 LTS (GNU/Linux 2.6.32-042stab062.2 x86_64)"
<nivv_> Don't know if it's the default
<lordievader> !info linux-image-generic precise
<ubottu> linux-image-generic (source: linux-meta): Generic Linux kernel image. In component main, is optional. Version 3.2.0.72.86 (precise), package size 2 kB, installed size 32 kB
<lordievader> nivv_: It ain't.
<nivv_> it's a hosted vps
<lordievader> nivv_: Your kernel either does not have conntrack compiled in or loaded as a module.
<nivv_> ok, i tried doing "sudo apt-get install conntrack"
<nivv_> but still get nothing when doing sudo lsmod|grep conntrack
<nivv_> if I do conntrack -L
<lordievader> nivv_: What happens when you run "sudo modprobe nf_conntrack"?
<nivv_> i get conntrack v1.0.0 (conntrack-tools): Operation failed: Connection refused
<nivv_> WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/.
<nivv_> FATAL: Module nf_conntrack not found.
<lordievader> As I figured.
<lordievader> Hate to break it to you, but custom kernels are not supported here. Running the default Ubuntu kernel solves your problem. However a workaround would be to use something other than conntrack.
<nivv_> lordievader, thanks anyways! I really appreciate it. I don't even know what "sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" means
<lordievader> nivv_: Then it might be a good idea to learn that first ;)
<nivv_> of course. But at the same time I'm being "hacked" according to the tech support
<nivv_> so I don't really have much time
<nivv_> :(
<lordievader> nivv_: Drop everything but port 22?
<nivv_> Yeah, I'm trying to implement this
<nivv_> http://paste.jesse-obrien.ca/1c5S
<nivv_> but I'm stuck on the first one
<lordievader> nivv_: Do you have a backup way in, if ssh fails?
<nivv_> no
<nivv_> not that I know of
<lordievader> nivv_: Since firewalls can lock you out very easily ;)
<nivv_> maybe that's a good thing...seeing how clumsy I seem to be
<lordievader> nivv_: You can skip the first line, it will make your firewall slower but for 3 rules you won't notice it.
<nivv_> oh sweet
<nivv_> here goes nothing then
<nivv_> lordievader, this is the info I got from tech support, does it tell you anything? : http://paste.jesse-obrien.ca/1c6d
<nivv_> wtf is "lrwkqgjsb"
<lordievader> Could be an exploit, is it still running? If so, kill it right now!
<nivv_> how do I find it?
<lordievader> nivv_: "ps aux|grep lrwkqgjsb"
<nivv_> got this "albin     1103  0.0  0.0   9516   948 pts/4    S+   10:27   0:00 grep --color=auto lrwkqgjsb"
<nivv_> now I can't do "sudo apt-get update"
<nivv_> can't connect to the repos
<lordievader> nivv_: Ok that is good. But still. Take a look at the other processes.
<lordievader> nivv_: Did you also drop outgoing connections?
<nivv_> https://www.dropbox.com/s/n2xgxdq605gl8qy/Sk%C3%A4rmklipp%202014-12-05%2010.29.17.png?dl=0
<nivv_> dump of the "sudo iptables -L -v"
<nivv> lordievader, sorry got disconnected
<nivv> did you see anything wrong in the iptables?
<lordievader> nivv: No, outgoing connections should be fine.
<nivv> i flushed the iptables again and now it's working.
<nivv> And when I add the rules again I can't connect to archive.ubuntu.com
<lordievader> nivv: That doesn't make any sense...
<nivv> found this: http://serverfault.com/questions/121309/how-to-configure-iptables-to-use-apt-get-in-a-server
<nivv> see the top answer
<nivv> maybe has something to do with not using the first line?
<lordievader> Can you still perform dns lookups?
<lordievader> nivv: You don't have a drop policy on the output chain.
<nivv> When I add sudo iptables -A INPUT -j DROP it stops working
<lordievader> I do hope you have your "allow ssh" above it...
<lordievader> Anyhow can you answer my question?
<nivv> i do it in this order
<nivv> http://paste.jesse-obrien.ca/1c7c
<lordievader> Can you do dns lookups?
<nivv> sorry for being ignorant, but how do I do that?
<lordievader> nivv: "nslookup www.ubuntu.com"
<nivv> -bash: nslookup: command not found :D
<lordievader> nivv: sudo apt-get install dnsutils
<lordievader> IIRC
<nivv> yup! thanks
<lordievader> nivv: Does "sudo iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT" fix your apt problem?
<nivv> hold on, im on the phone with tech support
<nivv> :)
<JediMaster> hi, can anyone recommend any file change monitoring services? A client has recently had a wordpress installation breached and it wasn't obvious that it had been. The files were quite expertly altered, both PHP and javascript files.
<nivv> lordivader, the tech support says that our server uses a massive amount of network bandwidth. Wouldn't I see that when looking on the activity in nethogs?
<nivv> lordievader ^
<lordievader> nivv: iftop would show you.
<JediMaster> The files were altered in such a way that the timestamp on the files did not change (I'm still not sure how they pulled that off in PHP), and the commands were hidden within multi-line comments that already existed and enough spaces added to the end of the line to hide it from common command line text editors
<lordievader> JediMaster: Zabbix can alert you of file changes, but I'm not sure if it will recursively parse through a directory if you give it one.
<JediMaster> So really we're interested in monitoring only a subset of file changes, not timestamp based detection but maybe md5sum checks and only for certain file types, e.g. php, javascript
<JediMaster> lordievader, May the force be with you!
<lordievader> JediMaster: That's what zabbix does ;)
<JediMaster> ohh shiny, I already have zabbix clients on all the servers
<JediMaster> I wasn't awear it could monitor file changes
<lordievader> JediMaster: https://www.zabbix.com/forum/showthread.php?t=23061
<JediMaster> a quick glance over that seems to suggest you need to specify files, there would be tens of thousands of PHP files to monitor
<lordievader> JediMaster: Like I said, I'm not sure if there is folder support...
<lordievader> But there might just be ;)
<nivv> lordievader, just hung up on the tech support of our hosting prodivder....they CONFUSED our IP with another scumbags IP
<nivv> our server was never affected, it was another one in the same cluster
<JediMaster> the other problem is that we do updates to files nearly every day, so it'd be good if there was some way we could update the md5sums when doing an git pull/svn update
<lordievader> JediMaster: You could write a script that checks "git status" output ;)
<lordievader> nivv: Doesn't take away that it is a good idea to have a firewall running.
<nivv> lordievader, exactly
<JediMaster> well interestingly, the way we found it was an svn status
<nivv> so I'm still gonna see to that, soonâ¢
<lordievader> You could even write a cronjob that simply makes sure that there are no uncommitted changes... ofcourse if an attacker notices this he (or she ;) ) will simply commit the changes ;)
<JediMaster> that had occured to me
<JediMaster> both points
<lordievader> I suppose you could block commits being made on production machines.. but that would likely be a hassle.
<JediMaster> ah, I forgot about tripwire, but I think that'll have the hassle of warning me about every legitimate change we make
<lordievader> A very ugly solution: put it in puppet :P
<jamespage> gnuoy, "python-logutils	Liam Young <liam.young@canonical.com> (James Page <james.page@ubuntu.com>)" is showing up on my merge report - want to take care of that and I'll sponsor it for you?
<jamespage> semiosis, I also see glusterfs on the list of merges - are you going to pull in the version from Debian experimental this cycle?
<jamespage> semiosis, I'm guessing that might fixup alot of the feedback from the MIR review in 14.04
<gnuoy> jamespage, sure, thanks
<acmehandle> Does anyone know if stackless python is in apt repositories?  I tried searching apt-cache and it doesnt seem so
<lordievader> acmehandle: Stackless Python, what is that?
<acmehandle> http://www.stackless.com/
<lordievader> Apt says about 'python3-greenlet': The greenlet package is a spin-off of Stackless
<lordievader> !info python3-greenlet
<ubottu> python3-greenlet (source: python-greenlet): Lightweight in-process concurrent programming (python3). In component universe, is extra. Version 0.4.2-1ubuntu1 (utopic), package size 12 kB, installed size 64 kB
<acmehandle> Excellent.
<acmehandle> Didnt know what to look for.
<acmehandle> Its not going to replace the python3 I already have right?
<lordievader> acmehandle: It doesn't conflict with it.
<acmehandle> Ok, now that I installed it how do I invoke it?
<lordievader> acmehandle: No idea...
<acmehandle> is it now part of python3 then?
<lordievader> acmehandle: No idea ;)
<acmehandle> Where can I find the readme for it?
<lordievader> acmehandle: I thought you knew the stackless thing ;) Anyhow apt-file will probably tell you what files it provides.
<acmehandle> Nope, just discovered it.
<acmehandle> whilst searching for an asynchronous webapp solution.
<acmehandle> ghetto gang banging rap music at 7am.  thats class.
<acmehandle> No, python3-greenlet is not stackless.
<acmehandle> greenlet is a module
<acmehandle> Its not a python interpreter
<acmehandle> No, thats not at all what I want.
<nivv> lordievader, you still here? :)
<nivv> Anyone know of any alternatives to iptables?
<mardraum> there are lots of them. Do you need them to work on ubuntu or not? :p
<nivv> hehe yea, my kernel doesn't have conntrack, and when I add some rules the dns lookup stops working :S
<nivv> marrdraum https://www.dropbox.com/s/3ge0czq84fbllgm/Sk%C3%A4rmklipp%202014-12-05%2013.55.48.png?dl=0
<nivv> thats my rules right now
<nivv> and if I try a nslookup I get nothing :S
<mardraum> perhaps you need an OUTPUT rule, like eg iptables -A OUTPUT -m state --state NEW,RELATED,ESTABLISHED -j ACCEPT
<mardraum> I hate firewalling with iptables though, I would always replace it with something else if that were the purpose.
<nivv> ah, I found the problem. I needed to add the following rule: iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
<mardraum> yeah, you do need that
<nivv> :))
<nivv> mardraum the guide I was following was using conntrack, my kernel didn't have that so it threw an error
<nivv> hey mardraum, now I can't access the server via SSH
<nivv> wtf
<nivv> nevermind
<nivv> works now
<nivv> phew
<lordievader> nivv: So my guess was right ;)
<nivv> lordievader, what were your guess now again? ;)
<lordievader> nivv: By the by, it is better to put the RELATED rule as the first in the chain, not as the last.
<nivv> you mean "sudo iptables -I INPUT 1 -i lo -j ACCEPT" ?
<lordievader> From earlier: "nivv: Does "sudo iptables -I INPUT 1 -m state --state RELATED,ESTABLISHED -j ACCEPT" fix your apt problem?"
<nivv> ah shiet, I missed that lordie!
<nivv> https://www.youtube.com/watch?v=l1dnqKGuezo
<lordievader> No ^ that rule, that command puts it as the first rule.
<nivv> ah
<nivv> this is the rules I'm using now, in that order
<nivv> https://gist.github.com/nivv/de0cf110131f830e37fc
<nivv> should I change anything from that?
<lordievader> nivv: That is allways a difficult question to answer as I have no idea what your requirements in terms of service or security are.
<nivv> I mean the order of the lsit
<nivv> list
<lordievader> nivv: Line 6 could be replaced with a policy drop (-p DROP). But further more, I guess it is allright.
<nivv> like this "sudo iptables -A INPUT -j -p DROP" ?
<lordievader> nivv: "sudo iptables -p INPUT DROP" But make sure you allow your services first ;)
<nivv> yea :) what's the difference between -p and -j ? (sorry again if I'm being stupid)
<lordievader> nivv: man iptables ;)
<Guest87920> guys, anyone have any idea how is it even possible that ubuntu/other distros doesnt have smething like mageia control center?
<nivv> ah thanks, lordievader, really appreciate your help!
<mardraum> Guest87920: maybe it sucks? what is it.
<lordievader> Guest87920: Mageia control center?
<Guest87920> this http://doc.mageia.org/mcc/3/en/content/mcc-hardware.html
<lordievader> Blegh gui's...
<lordievader> You have a command line, what's more to want?
<Guest87920> lordievader: yea your grandmother is a perl monk to i suppose?
<lordievader> You suppose wrongly.
<Guest87920> mardraum: how can you assume something sucks if u dont even know what it is
<nivv> Guest87920: he said maybe Â¯\_(ã)_/Â¯
<Guest87920> nivv: mkay :D
<Guest87920> nivv: all i meant to express was that if he saw word mageia ot doesnt mean it have to suck. Maybe its actually just the opposite. Who knows .. :D
<lordievader> To each his own, eh ;)
<nivv> I think he was trying to point out that it was impossible for us to know what you're talking about without a description of the software, which you gave immediately afterwards :)
<Guest87920> :D
<JediMaster> lordievader: ever come across "aide" looks something like what I want, but not quite
<lordievader> JediMaster: Never heard of it.
<Guest87920> so nobody got even a slight speculation why it could be so that MCC havent already been ported to any other distro?
<Patrickdk> heh?
<Patrickdk> this channel is about ubuntu-server, how would we know about other distro's? or about mcc?
<Patrickdk> I would ask the #mcc channel about it
<jamespage> zul, coreycb, gnuoy: can I get a +1 for inclusion of openvswitch 2.3.0 in the kilo CA please?
<jamespage> ditto for ceph giant once I have it in vivid
<zul> jamespage:  yes go ahead
<lordievader> Guest87920: (Linux-)Server guys don't like gui's for configuring their servers...
<Guest87920> oh right
<lordievader> Generally at least.
<Patrickdk> windows server guys too :)
<Patrickdk> why we have core-server for windows now :)
<lordievader> The Windows admins I know still like to click around ;)
<Patrickdk> yuk
<samba35> is it possible to add ethernet card to system (want to add 1 more nic to system)
<Guest87920> not on newer versions of it i suppose.. :D
<Patrickdk> we have deployed core server for most things, but a *few* apps still need the gui :(
<Patrickdk> samba35, only if you have some place to plug it in
<samba35> yes i have some free pci slots are there
<Patrickdk> then just pick one with a sane driver then :)
<Patrickdk> most cards will work
<coreycb> jamespage, +1
<samba35> Patrickdk: can you please tell me which card do you recommand
<Patrickdk> intel and stuff will be painless, broadcom will be more painful
<samba35> ok thanks
<samba35> bye for now
<coreycb> zul, jamespage: ceilometer 2014.2.1 is ready for review - https://code.launchpad.net/~corey.bryant/ceilometer/2014.2.1/+merge/243799
<zul> coreycb: cak
<coreycb> zul, too early for cake
<zul> its never too early for cake
<coreycb> zul, jamespage: cinder 2014.2.1 ready for review - https://code.launchpad.net/~corey.bryant/cinder/2014.2.1/+merge/243803
<zul> coreycb: lemme know when they are all ready for review and ill do it
<coreycb> zul, k
<acmehandle> I'm trying to install a deb pacakge using dpkg -i and am getting the following error:  unable to open file '/var/lib/dpkg/tmp.ci//control': No such file or directory
<acmehandle> Please advise
<jrwren> acmehandle: sounds like it is not a deb package?
<acmehandle> jrwren: Its this:  http://www.stackless.com/wiki/Download   In the binaries section
<acmehandle> The 3.2 version installed.  Whereas me trying to install the 2.7 produced the above error
<jrwren> acmehandle: did you check the md5 ?
<acmehandle> jrwren: md5sum checks out
<acmehandle> I did a dpkg-deb -R went in to DEBIAN, apparently the control file is a ln -s to a non existent file.
<acmehandle> Whereas when compared to the 3.2 package the DEBIAN/control file is its own file, not a link
<lordievader> acmehandle: Is the package made for Ubuntu?
<acmehandle> Dont know, its made for debian.  I installed the 3.2 version but it required tcl and tk dependencies to be resolved
<acmehandle> Still, 3.2 installed without trouble
<lordievader> acmehandle: Then get one made for Ubuntu. Debian and Ubuntu are similar and yet they are different ;)
<acmehandle> I dont think there is a stackless python made for ubuntu, only the derivative stackless module.
<acmehandle> Not what I want.
<mardraum> so use debian
<lordievader> Or compile from source.
<acmehandle> Sounds like I'll be compiling from source then
<lordievader> Create your own package and throw it on launchpad.
<acmehandle> Ok, I'll compile, how would I create my own package though?
<acmehandle> I've compiled before using configure
<acmehandle> just never created a package.
<lordievader> Err, I've only made packages to distibute code. Not binary packages... But google probably knows ;)
<acmehandle> Indeed, the internet knows everything
<jrwren> acmehandle: maybe they have a source deb?
<jrwren> acmehandle: nope, I don't see a source deb :(
<jrwren> acmehandle: depending on why you want stackless, pypy may be an option.
<acmehandle> its stackless mode, but not stackless
<zul> jamespage:  craaaap http://paste.ubuntu.com/9383355/
<jamespage> zul: love it -https://launchpad.net/ubuntu/+source/ceph/0.87-0ubuntu1
<jamespage> first time that's ever happened to me with ceph...
<zul> jamespage:  no problems
<zul> ?
<samba35> how do i add psi-passtroth on ubuntu 14.04.1 with kvm
<teward> who has primary control over the serverguide documentation?
<teward> server team or doc team?
<lakin> Good morning folks, I'm running into some difficult to reproduce on command, but regular (a couple an hour) segfaults/aborts with apache2 on Ubuntu 14.04. I have some backtraces generated from core dumps, all seem to be crashes in libssl - I am fully up to date as of last night. How would I go about figuring out the cause of it?
<lakin> stack traces are here: http://apaste.info/OBl http://apaste.info/FiK http://apaste.info/ptl http://apaste.info/q8X http://apaste.info/tjh http://apaste.info/Lc7
<jcastro> gaughen, ping!
<gaughen> jcastro, pong
<jcastro> hi!
<jcastro> we got a bunch of new questions on openstack and the charms: http://askubuntu.com/questions/tagged/openstack?sort=unanswered&pageSize=50
<jcastro> can you ask people to take a look? I've tacked on some bounties as well
<jcastro> roaksoax, there are maas questions piling up too
<roaksoax> jcastro: haha :)
<sarnold> lakin: has anything else been segfaulting? since the crashes are all over the place I kinda wonder if you've got some bad memory or something similar
<sarnold> lakin: I don't know the openssl internals well enough to know if the presense of ssl3 in all those methods means actual ssl3 or if they just never got around to renaming functions for TLS; it might be worth rechecking that you've got ssl2, ssl3 disabled if you can
<sarnold> .. details on turning off ssl3 here: http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566
<uvirtbot> sarnold: The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566)
<lakin> sarnold: I believe we have turned off ssl3
<lakin> but double checking now
<lakin> Confirmed, SSLProtocol All -SSLv2 -SSLv3 is in our configuration
<lakin> sarnold: thanks for your help, I have to leave but I'll be back once I'm at the office
<hariom> What is the best way to transfer files (size less than 150 kb) to another server in secure and fastest possible way? As soon as file comes on Server A, I want it to send to Server B in secure way
<sarnold> hariom: there's a lot of options, you'll have to constrain the space a bit to get good answers. how many files per second? how far apart are the servers? why do you want the copies, what will the copies achieve?
<hariom> sarnold: I need to send each file separately. Anywhere between 100 to 200 files per second (the max I can think I can get from clients). Servers are on LAN in a data center
<hariom> sarnold: Each file is unique and not made available before
<hariom> sarnold: Can NFS achieve that securely? or SCP/rsync etc?
<hariom> sarnold: Are you there?
<sarnold> hariom: scp or rsync would have extreme trouble keeping up with 100 per second. NFS ought to be able to do that, as could ceph
<hariom> sarnold: Can NFS be secured?
<ikonia> depends on your issues
<hariom> ikonia: like what?
<ikonia> like why you think it's not secure, what your limitations are
<hariom> Ceph may have a learning curve. Never heard it before but seems very interesting
<hariom> ikonia: Sniffing
<ikonia> sniffing what ?
<sarnold> it'd be worth spending two hours reading about ceph regardless if you ever use it or not, it's neat stuff
<sarnold> hariom: you could run nfs / cifs / ceph / whatever over IPSec or openvpn or something else if you wished; I don't believe NFS has any real privacy controls..
<LinStatSDR> Hello all.
<hariom> sarnold: What if I create a socket client and server. As soon as I get a file, I read and send it to server. Socket server can have SSL
<hariom> I suppose this will be quick, fast and secure?
<sarnold> hariom: the trick is that you'd need some protocol of some sort to identify filename, file size, build in recovery mechanisms if the connection stalls, etc.
<sarnold> hariom: it sounds simple at first but getting it right will take some effort
<hariom> sarnold: I don't need file name and size as they are saved in db so remote server can access it from there.
<sarnold> hariom: but you need to know when one file stops and another file starts, right? :)
<hariom> hmm... got your point
<hariom> sarnold: base64 encode and send json string with filename :)
<hariom> Overhead of encoding
<sarnold> hariom: hehehe, oof :) but that does sound like an option
<sarnold> hariom: maybe something like 0mq or protobufs can handle this; I really haven't looked at moving larger objects with those systems but they might be well-suited
<keithzg_> Hmm, how do I tell where dnsmasq is getting its responses from? Trying to figure out exactly what's responsible for annoyingly long DNS reply lag on my network.
<keithzg_> ex. any ping immediately resolves the correct address, but then pauses for a very long time before actually getting replies, presumably taking forever to perform the reverse lookup if I'm understanding it correctly.
<guntbert> keithzg_: *if* you have nm-tool:   nm-tool|grep -i dns
<keithzg_> guntbert: hrmmm, that's interesting, nm-tool returns an IP address that is the expected DNS server, and running dig on arbitrary internal hostnames returns pretty much instantly, but pinging still has a long suspicious delay . . .
<keithzg_> I swear I was getting a long delay with dig when not specifying a nameserver earlier, but that appears to have vanished as a symptom now.
<guntbert> keithzg_: never heard of ping doing reverse lookups
<keithzg_> guntbert: I'm probably getting the nomenclature wrong, but it's worth mentioning that there's no delay if I add -n as an argument
<keithzg_> " -n     Numeric output only.  No attempt will be made to lookup symbolic names for host addresses."
<guntbert> keithzg_: you may be right, but as I said, I've never heard about that
<keithzg_> guntbert: fair enough.
<keithzg_> Hmmm and weirdly one of the suspect servers is responding to pings as hostname.local rather than just hostname or hostname.our.fqdn.
<Logos01> keithzg_: What distro?
<Logos01> Oh. ubuntu.
 * Logos01 needs to make a note of how many channels he's in
<Logos01> keithzg_: regarding dig and not specifying a nameserver -- IIRC there was a bugged version of dnsmasq that had that problem.
<JediMaster> lordievader: I couldn't find something that did exactly what I wanted to monitor the website files for changes, and in the end I wrote a program to do it for me =)
<keithzg_> Logos01: Huh, that'd be quite the unfortunate coincidence, heh.
<Logos01> JediMaster: inotifywait
<JediMaster> Logos01, not realistic with half a million files
<JediMaster> possible but silly
<Logos01> Depends, really -- it works on system calls in the filesystem...
<JediMaster> it'd take 0.5GB of ram to monitor that many files
<JediMaster> and it's non-paged kernel memory too
 * Logos01 shrugs -- that's not a huge investment tbqh
<JediMaster> true, but this only took an hour or so to write
<acmehandle> Is there a way to reverse an apt-get install with its dependencies?  For example if I installed tcl8.5 and its dependencies is there a way to reverse that?  So I dont keep dependencies I dont want until I really need them
<Logos01> JediMaster: There's already shell utilities that operate on that syscall so you'd be able to do something similar in about that much time.
<JediMaster> lordievader: it catalogues all the files of certain types (e.g. .php, .js etc.) md5sum's them all, checks against the previous run, looks for files that are new, files that have been deleted and changes. It then checks if they're in SVN, if so it shows an SVN diff if they're not just updated
<Logos01> I mean, what did you do in lieu?
<JediMaster> Logos01, I did try some of them out, they all failed after the OS'es default 8k monitor limit, easily changable of course, but it couldn't do all of the above with svn integration etc. so figured I might as well do it myself
<JediMaster> they also had limits such as not being able to monitor certain file types recursively through a tree
<JediMaster> I did it in 67 lines of code (with comments) in the end, so not too worried =)
<JediMaster> probably more like 30 lines in total
<Logos01> "not being able to monitor certain file types recursively through a tree" <-- curiously I didn't experience the same when I had to work with the realtime transfer of newly created pdf and xml files (but not any other filetypes)
<Logos01> Granted I had more lines than that, but I also did more things than just transfer the files...
<JediMaster> Logos01, what did you use in the end? 30 lines includes all the monitoring too
<JediMaster> of course, it does mean running md5sum over all the files each time it's run, but it's suprisingly fast, only takes 2 seconds to run
<Logos01> inotifywait.
<JediMaster> I also didn't fancy keeping a script running all the time for inotify to tell it something had changed
<qman> Large scale inotifywait works really well IME
<qman> I recently wrote a script as a bandaid to netatalk permission failure on a massive web directory
<qman> I had to increase the limits in sysctl, but it works great
<JediMaster> still rather think that the kernel memory could be better used than 0.5+GB being used for it though
<JediMaster> also, I didnt' really want to have an email sent out each time it was triggered, as we often upload 100+ files in one go via svn/git update
<JediMaster> at least with running the script every 5 minutes it catches it in one bulk email, and if it's comitted changes it's a lot less verbose
<JediMaster> I'm sure if you need instant notifications it's much better
<qman> In my case it runs a chmod and chown every time a file is created/modified
<qman> Because despite netatalk having parameters for that sort of thing, they don't actually work
<JediMaster> yeah so effectively one or only a few lines of scripting needed
<JediMaster> this needed a fair bit of logic to decided if to bug people about changes
<Logos01> JediMaster: In my case I needed to set up a realtime file transfer process.
<Logos01> My whole script is only about 55 lines and I introduced some extra logic on top of that.
<Logos01> My fileset is only in the mid 4 digits low 5 digits though.
<xcyclist> Cannot find doc on the two zeros at the end of:  192.168.X.X:/path/to/nfssharefolder             /media/nfs-foo     nfs     _netdev,defaults,user,auto,noatime,intr   0 0
<xcyclist> in this example fstab line.  I just need to find the right doc.  man fstab doesn't do it.  Perhaps an online doc I have not yet gotten to.
<sarnold> xcyclist: man 5 fstab, look for fs_freq and fs_passno
<xcyclist> Never mind.  I got it on the wiki.  Sorry guys.
<Logos01> xcyclist: Oh. Those deal with the frequency at which a filesystem is fscked, and when it is fscked, upon boot.
<Logos01> As sarnold said, fs_freq and fs_passno in fstab are your keywords. :)
<xcyclist> Thank you.
<xcyclist> I don't see addr= as an option in any of the documention, but my spec uses it.  Is this just a mistake, or am I looking at the wrong docs?
<xcyclist> I do see clientaddr=, but not addr=
<sarnold> xcyclist: you may only see errors if you try "mount /media/nfs-foo" and let mount look it up from fstab..
<sarnold> xcyclist: .. and even then you may only see errors in the logs rather than at the terminal
<xcyclist> I found something about it in this doc:  http://wiki.linux-nfs.org/wiki/index.php/NewMountDesignSpec, but pretty weak.
<xcyclist> sorry sarnold.  I am sure that will help me, but I am still rather weak myself in context on this.  Any elaboration you can make would be appreciated.
<sarnold> xcyclist: interesting; addr= is clearly documented there, but they never say what it does or why. that's annoying.
#ubuntu-server 2014-12-06
<gaughen> jcastro, a bit of a delayed response here but yes I've pointed the team to the list and we'll try to tackle some of that list.. it's quite a backlog!
<lakin> sarnold: was it you who helped me earlier? If it was, we switched from mod_wsgi to mod_proxy + gunicorn and the issue went away
<lakin> I suspect we misconfigured mod_wsgi somehow
<sarnold> lakin: excellent, thanks :)
<sarnold> bugger about mod_wsgi; if you've got time / inclination, a bug report might be nice.
<lakin> If I can find time, I'll see what I can figure out about why it wasn't working. I've had good luck with mod_wsgi before
<sarnold> great, thanks
<sarnold> I've only ever dealt with it in test suites where it was bloody frustrating, but I can't pin that entirely on mod_wsgi; at least django and apache share some blame there. hehe. :)
<lakin> sarnold: yes, yes they do
<lakin> If only we lived in world with perfect tools
<sarnold> lakin: then we could spend all our time sipping tasty beverages on the beach!
<sarnold> while our computers do all the work! haha!
<lakin> exactly
<sarnold> oh well, glad you guys figured out how to move forward )
<lakin> Yeah, it's been a fun few days
<Patrickdk> it seems like apache is moving to using mod_proxy more, than mod_wscgi/fcgi/...
<Patrickdk> now if I could figure out this rabbitmq bit :)
<Patrickdk> (people haven't emailed me the login or hostname info to locate it yet)
<sarnold> more leafy greens, I think rabbits like those :)
<lakin> I've used RabbitMQ to pretty good effect recently
<Patrickdk> and for some reason it's running on windows, and I don't have login info for that either
<lakin> Having a distributed task queue system setup in your env can be quite good
<Patrickdk> I'm lazy :)
<Patrickdk> I use mysql tables for that :)
<lakin> Using MySQL at this point in my career always sounds like the option with more work
<Patrickdk> depends :)
<Patrickdk> my needs are simple
<Patrickdk> and I need mysql for other things
<Patrickdk> seems pointless to setup something else, learn it, and then only use 2 queues on it
<lakin> There is definitely something to be said about separating out your app code from your battle-tested front-facing web server.
<Patrickdk> and then have to maintain it
<lakin> It's much more likely you made a mistake than it is
<Patrickdk> heh?
<Patrickdk> front facing web server?
<lakin> That's a good part of the reason why people move to mod_proxy
<Patrickdk> what does this have to do with a webserver?
<lakin> Apache2 + mod_proxy as your front end server
<Patrickdk> oh, that
<lakin> in a separate process/memory space
<lakin> Sorry, two conversation
<lakin> s
<Patrickdk> ya, I got 3 layers going on like that :)
<Patrickdk> apache proxy/mod_security -> apache/fcgi/....
<Patrickdk> use the front one for loadbalancing/failover/security checks
<Patrickdk> and then the backends
<Patrickdk> or guess, middleware
<Patrickdk> whatever the current term is :)
<lakin> I thought your needs were simple?
<lakin> ;)
<Patrickdk> those where *customer* needs, not mine :)
<lakin> *grin*
<Patrickdk> we get payed more by overengineering it
<lakin> in any case, thanks again. Later.
<Quoexl> Hi guys, got a strange thing going on, I have an Amd x2 machine with both a nvidia network card and a marvell network card, neither will catch dhcp on install of 12.04 server, just to test the network cards I installed windows and both work properly. this machine ran 12.04 server unattended for the last 4 months at my shop now I bring it home and nuttin
<pmatulis> Quoexl: are you installing using the exact same ISO as before?
<Quoexl> well I dont really know, I pulled it down from ubuntu
<Quoexl> could the 12.04.5 be doing this to me?
<pmatulis> Quoexl: could be a regression, yes
<pmatulis> Quoexl: try using an older 12.04 ISO
<pmatulis> Quoexl: stupidly, the original one is no longer found on the main mirrors.  the last time i checked you could only get it from oldreleases.ubuntu.com or whatever it's called
<Quoexl> pmatulis: download already in progress, I KNOW this is the problem
<Quoexl> I was trying to install 12.04.5
<pmatulis> Quoexl: ok good.  lemme know what happens
<Quoexl> itll be about half an hour if youre still around
<pmatulis> Quoexl: i'll be here
<sarnold> the original 12.04 has been moved off the main mirrors? annoying..
<pmatulis> sarnold: indeed, especially for a supported ISO, until 2017
<sarnold> pmatulis: yeah, that's the only way to get e.g. virtualbox to work on 12.04; it shouldn't be so hidden..
<pmatulis> sarnold: mentioned it, got a shrug
<sarnold> gah..
<Quoexl> this just in 12.04.5 dropped the drivers for my network cards
<pmatulis> Quoexl: tested already?
<Quoexl> google
<pmatulis> k
<pmatulis> Quoexl: nvidia and marvell on a server?
<Quoexl> the cards are good, I installed winders and they work
<Quoexl> its a kinda sorta server
<pmatulis> ha ha
<Quoexl> its got 4tb raided in it, so fileserver duty it is
<Quoexl> which is actually 8tb
<Quoexl> thinking of putting owncloud back on it
<Quoexl> ok going to test the theory now
<pmatulis> s/theory/hypothesis
<pmatulis> ;)
<Quoexl> there's a knot in my string theory
 * pmatulis listening
<Quoexl> still no dhcp on either card
<pmatulis> hmm, check the status of the cards by getting into a console
<sarnold> nuts, I liked that theory^Whypothesis :)
<Quoexl> I'm just trying to install, it crashes at apt
<Quoexl> this is driving me to drink
<Quoexl> I'm about to go at the innerds of this computer with hedge clippers
<samba35> i am trying to configure ethernet card with pci passthrough on kvm when i try to detach card i am geting this message/error   -------error: Failed to detach device pci_0000_07_02_0
<samba35> error: Operation not supported: neither VFIO nor KVM device assignment is currently supported on this system
<hamnstar_> hello server folk
<hamnstar_> I'm having some issues updating slapd due to some custom objectClass / attributes... the postinstall script fails specifically.  anyone here handy? (the #openldap people seem dormant tonight)
<pmatulis> hamnstar_: best is to pastebin details of these custom objectClasses and their attributes, and related schemas
<hamnstar_> pmautils: thanks, i did mange to get it working by copying over all of the slapd.d contents into a new install
<lordievader> JediMaster: Sounds like fun, but it ain't too obvious from an attackers POV?
<JediMaster> lordievader: it's just yet another php script running in cron, and it runs every 5 minutes, so it's unlikely it would be noticed, at least in time for it not to notice that the files had been comprimised
<JediMaster> also doesn't need to be run as root
<Remie> Somebody available to help me with dspam?, running 14.10 server and i cant install it, I looked at launchpad and it says status deleted, why?
<lordievader> Remie: Perhaps because there is no upstream?
<lordievader> Remie: There is a utopic bzr though: https://code.launchpad.net/~ubuntu-branches/ubuntu/utopic/dspam/utopic
<derrum> Hello, i can not boot onto my server anymore but i can access the server over a rescue system. I have to switch grub back to a working kernel how can i do that when the system is offline so iu can not use update-grub?
<Patrickdk> heh? changing kernels has nothing to do with update-grub
<Patrickdk> you just select the other kernel from the grub boot meneu
<derrum> There is no grub boot menu
<Patrickdk> if there isn't, then changing the kernel won't do any good
<Patrickdk> cause you can't do that, till you get to the grub menu
<Patrickdk> so you need to fix grub first
<Patrickdk> so your issue is probably not the kernel
<derrum> The system is offline i work on it over a rescue system. I need to change a grub setting on the offline system and it needs to take the setting over when i bring it online again
<Patrickdk> that makes no sense
<Patrickdk> settings?
<Patrickdk> changing grub settings won't help at all
<Patrickdk> if you don't get the grub menu
<Patrickdk> no settings are required to get the grub menu
<Patrickdk> and all settings can be changed from the grub menu
<Patrickdk> therefor, your diagnostic conclusion of the issue, is incorrect
<derrum> There is no grub boot menu where i could change anything
<Patrickdk> if there isn't changing things in grub won't help or solve anything
<Patrickdk> cause grub isn't starting
<Patrickdk> if grub doesn't start, what help does changing it's settings do?
<derrum> It is starting but its starting without showing a menu. It loads a kernel just a wrong one because the option says so.
<Patrickdk> so the grub is starting and the menu does come up then?
<Patrickdk> well, just boot it, adjust it, and continue on with life
<Patrickdk> just change the settings in the menu, done
<lordievader> Good afternoon.
<cpined> help.  I have an asus laptop.  I installed Unity desktop and everything was good.  I then decided to re-install ubuntu server on it instead and install the gnome desktop which I like but now my internet access fails after a minute or so.
<cpined> The same server install on my desktop with a different GUI works fine.
<lordievader> cpined: How was the internet before you installed Unity?
<cpined> when I first installed unity months ago the internet access worked.  Yesterday I installed gnome and internet access fails.
<cpined> But months ago I installed the normal Unbuntu desktop, yesterday I installed the Unbuntu server.
<cpined> I really don't want to revert to the Ubuntu Desktop.
<JanC> that is not really a server question; so beter ask it in the regular support channel, you'll find more people there to answer...
<cpined> ok, thanks.
<lordievader> cpined: If you installed the ubuntu-desktop package then there is no difference between what you have and the Ubuntu Desktop.
<tomstorey> hi all, wonder if someone can help me ... i am trying to work out why my configuration in /etc/network/interfaces is seemingly being "ignored"
<tomstorey> ubuntu 14.04 server
<bekks> So pastebin your /etc/network/interfaces please
<tomstorey> http://pastebin.com/7srXgV4X
<tomstorey> primarily i am concerned with the ipv6 address
<tomstorey> it doesnt seem to be configuring
<bekks> Sorry, no clues about IPv6 here, I'm still happy with IPv4 :)
<tomstorey> ok, so maybe you can help me a little still
<tomstorey> the original version of my config had .1 as the ipv4 address
<tomstorey> as a test i tried changing it to .2 as you see in the pastebin
<tomstorey> but after doing an ifconfig down and ifconfig up it didnt change to .2
<tomstorey> stays as .1
<teward> you might need to reboot - i noticed that being the case on two 14.04 VMs which had their static addresses changed
<teward> (shouldn't be the case, but sometimes is o.o)
<bekks> ifdown, ifup, not ifconfig.
<tomstorey> ifdown gives me "interface not configured"
<bekks> Because it isnt.
<bekks> Somethings wrong, thats why it isnt configured.
<tomstorey> but it shows up when i run ifconfig? or do i misunderstand what configured means :)
<bekks> ifconfig -a show all interfaces, regardless of their configuration state. ifdown/ifup will actually use the configuration given for shutting down/configuring an interface.
<tomstorey> hmm ok
<tomstorey> so i commented out all of the ipv6 config, and now it seems that ifdown/ifup work, and my new ip has taken effect
<tomstorey> so its something related to the ipv6 config i guess
<tomstorey> i think i may need to reboot this :-/
<tomstorey> this isnt windows 95!
<lordievader> tomstorey: Do you want to read a rant on why you shouldn't use ifconfig?
<tomstorey> no? :)
<lordievader> http://inai.de/2008/02/19
<tomstorey> sorry i thought you were going to write one here :)
<tomstorey> ive just discovered ip addr *
<tomstorey> and i think i have managed to resolve my problem
<tomstorey> using ip addr show i saw that the ipv4 address i was trying to configure was already configured
<tomstorey> used ip addr del to remove it
<tomstorey> ipv6 working :)
<tomstorey> so i think it was getting stuck up trying to reconfigure an ip that was already in use, and just never getting to the ipv6 portion of it
<lnxmen> hello
<lnxmen> I have two servers - master and slave.
<lnxmen> When I try to connect to MySQL database from master to slave, I get:
<lnxmen> mysqli_connect(): (HY000/2013): Lost connection to MySQL server at 'reading initial communication packet', system error: 0
<lnxmen> I added appropiate IPs to /etc/hosts.allow
<lnxmen> And restarted network daemons.
<bekks> And how did you configure the replication?
<lnxmen> I used PHPFox - it has support for replication.
<lnxmen> Sorry, for delay.
<lnxmen> It's strange, because it worked properly yesterday.
<lnxmen> Disk is full, that causes the problem.
<lvmer> for /etc/network/interfaces  how many dns-nameservers can you specify?
<bekks> lvmer: As many as you want, but more than three is pretty much pointless.
<lvmer> had set it up with 8.8.8.8 years ago, but it seems really slow nowadays. pings at ~17ms, but the first ping takes like 5,000-10,000ms
<lvmer> bekks thanks :)
<bekks> ping is not a dns request :)
<lvmer> true
<lvmer> how is 14.04 and 14.10?
<bekks> Good.
<bekks> For a server, alsways use a LTS release.
<lvmer> That's a good idea. I'm running 13.10 now. I just got the upgrade bug lol. Threw my bond0 out of loop lol. Should've stuck with 12.04 and gone straight to 14
<lvmer> this way about a year ago lol
<lvmer> or 6months? who knows
<lvmer> I think I'm still on samba 3.6 or something, But smb4 was out like 2 years ago now right? I should upgrade?
<bekks> You should update to s supported Ubuntu release, in first place.
<lvmer> ^^ true.
<lvmer> it's scary though. Isn't it?
<bekks> Whats scary?
<lvmer> I'm sorry, might come across as weird. But I'm a huge ubuntu noob. I learned it all like 2-4 years ago. Built a server and then let it pretty much coast. Naturally, as I don't work in IT, I forgot most of it
<lvmer> :(
<lvmer> I guess just run apt-get distro-update or something. Shouldn't I check like library or something first?
<lvmer> you know, probably just link me a tutorial. I'll do it. why not.
<bekks> !eolupgrade
<ubottu> End-Of-Life is the time when security updates and support for an Ubuntu release stop, see https://wiki.ubuntu.com/Releases for more information. Looking to upgrade from an EOL release? See https://help.ubuntu.com/community/EOLUpgrades
<bekks> And backup first:
<bekks> !backup
<ubottu> There are many ways to back your system up. Here's a few: https://help.ubuntu.com/community/BackupYourSystem , https://help.ubuntu.com/community/DuplicityBackupHowto , https://wiki.ubuntu.com/HomeUserBackup , https://help.ubuntu.com/community/MondoMindi - See also !sbackup and !cloning
<lvmer> oh yah lol that's why I never did it
<lvmer> backing up. haha. Cause I'd have to test restore first. ah O.O
<bekks> What are you talking about, exactly?
<bekks> Did you even read the articles given?
<lvmer> reading.
<lvmer> Was talking about testing the backup. I read you always should test a backup
<lvmer> before trusting it
<lvmer> as in "restoring"
<lvmer> sorry for not being clear
<lvmer> got to be honest, this community rocks. I've fixed a lot of problems reading these tutorials. Really well written.  Wish I had a partner in person or on raidcall/mumble and didn't have to read as much, but heck they are good.
<lvmer> before I upgrade I wanted to test 1 more thing cause I received a disk error a week ago. What would be the best way to check a software raid 10 disk volume and possibly repair minor errors?  All information stored on the raid10 array is redundant. So just want to make sure any possible sectors are repaired. Losing small amounts of date during a repair is ok.
#ubuntu-server 2014-12-07
<lvmer> so which "local_automated" backup method do you like the best
<bekks> Doesnt matter what I like, only matters what fits your requirements.
<acmehandle> Stupid question, what is TUN/TAP and if my vps offers it should I enable it?
<ikonia> it's for virtual networking
<ikonia> do you need that ?
<ikonia> and what do you mean enable it ?
<acmehandle> The vps I'm on, they offer TUn/TAP to be enabled in the control panel.
<acmehandle> As far as whether I need virtual networking, I dont know.  Will it make my connection more secure?
<acmehandle> Rather, my network connection to my vps secure
<ikonia> control pannel ???
<ikonia> that seems really odd
<ikonia> acmehandle: don't use it
<acmehandle> Right, the VPS I'm on.
<acmehandle> No?
<ikonia> if you don't know what it is, you don't need it
<acmehandle> ikonia: That is a ridiculoulsy unsatisfactory answer.
<ikonia> acmehandle: in what way ?
<lvmer> Allow me to mediate, he probably is saying that because your answer does not contain any new information.  And acme, ikonia is saying no new information because he doesn't want to be your google buddy.
<lvmer> everybody wins. yeah :)
<ikonia> not really
<acmehandle> Thats fine.  I'll bow out and accept the answer as it is.
<ikonia> I'm saying if you don't have a need for virtual networking and don't really know what tun/tap is, don't need it
<ikonia> don't enable it
<ikonia> why enable something you don't need, nor do you understand
<acmehandle> Sorry, I binged on security tls/ssl videos and the nsa that I'm a little bent out of shape on how they transgress privacy today
<ikonia> I'm more concerned about how a control pannel can enable/disable them, that sounds like a terrible
<ikonia> terrible coniguration
<ikonia> acmehandle: and yet you let a web server handle your config
<acmehandle> Its the interface for tun/tap only.  But I havent enabled it.  But yes.
<acmehandle> Its a fools errand at the end of the day anyway
<ikonia> ?
<acmehandle> Meaning, if the nsa has access to most security keys in the first place it doesnt even matter anyway.
<ikonia> please, not more security crap
<ikonia> half the people making these youtube videos and articles have no idea what they are saying and are parroting other less informed people
<ikonia> just apply logic and your machines will be fine as will your privacy
<acmehandle> There was a specific video that was made at a security conference, and another was by glen greenwald
<ikonia> not really interested
<ikonia> up to you what you believe
<acmehandle> Logic and reality have nothing to do with one another.
<acmehandle> Anyway, I'm bowing out like I said before.
<acmehandle> Is there a benefit to using sudo su versus just plain su?
<ScottK> acmehandle: https://help.ubuntu.com/community/RootSudo
<blackyboy> Hi anyone there to help me to solve my unbound server issue ? I have setup a caching DNS resolver using unbound, In client machine i have added mu unbount server IP as DNS server now while i accessing some website from client side i can't get any web pages..
<Patrickdk> well, atleast post your unbound config file
<blackyboy> Patrickdk: ok one sec sir
<blackyboy> Patrickdk: http://paste.ubuntu.com/9406618/
<blackyboy> My Cache DNS server IP was 192.168.0.50
<munsterman> somehow i have 2 ip's with one NIC. I have done nothing to set up 2 ip's. my interfaces file is set up for static. where is this second ip coming from? any google search comes up with how to get 2 ip's going, and none of my fikes look that way. im so lost. and green, be gentle. any help?
<Patrickdk> your access-control lines are screwed
<Patrickdk> oh, not really, that was allow all, I misread
<blackyboy> Patrickdk: sir just now i have flushed the IPtables and working :D
<Patrickdk> ah :)
<blackyboy> Appreciate for your time
<Patrickdk> you might want to change your allow to allow_snoop though
<blackyboy> Thank you
<Patrickdk> snoop makes things like *dig* work :)
<blackyboy> oh ok let me look at it thank you
<blackyboy> Cool
<lordievader> Good morning.
<lnxmen> I tried to create Slave MySQL database.
<lnxmen> I have PHPFox od productive server and other VPS
<lnxmen> I followed this tutorial: http://unity.moxi9.com/kb/article/436/how-to-get-mysql-replication-up-and-running
<lnxmen> But step 5 fails.
<lnxmen> There is no database and records in slave database.
<lnxmen> Could anyone help?
<RoyK> lnxmen: perhaps someone in #mysql?
<lnxmen> Okay.
<lnxmen> Sorry, for asking here.
<RoyK> lnxmen: no worries - just think they may know more about it there
<lnxmen> RoyK: hmm, I added line `mysqld: masterIP` to /etc/hosts.allow
<lnxmen> And /etc/init.d/networking restart
<lnxmen> gives me
<lnxmen> stop: Job failed while stopping
<lnxmen> start: Job is already running: networking
<acmehandle> If I completely uninstall sudo off my server will there be any adverse affects?
<acmehandle> I dont want sudo on my machine.
<bekks> acmehandle: Without sudo, you will be unable to gain root privileges.
<ScottK> Unless you setup the root account first.
<acmehandle> Yes, I have a root account set up already.  So thats not a problem.  So if I uninstall sudo entirely there shouldnt be any adverse affects to the direct functionality of the machine.
<acmehandle> its not like the network card is going to bust a transistor or something.
<ScottK> Shouldn't.
<acmehandle> what is the difference between python3 and python3m
#ubuntu-server 2015-11-30
<rbasak> teward: sorry, I was out last week. What's up?
<rbasak> caribou: why is bug 1464227 Invalid? /var/log/dmesg is out of date on my system. Or has systemd saved it in the journal somehow?
<ubottu> bug 1464227 in rsyslog (Ubuntu Vivid) "kernel messages are not saved when rsyslog is started" [High,Won't fix] https://launchpad.net/bugs/1464227
<rbasak> cpaelzer__: I don't see any tags in your NIS git branch. Did you push them?
<caribou> rbasak: pitti told me that those were saved in the journal so I removed the systemd equivalent job of the upstart one when I merged the rsyslog package
<rbasak> caribou: ah, if it's in the journal then that's fine with me. Thanks.
<cpaelzer__> rbasak, tags now uploaded
<cpaelzer> rbasak: there was so much confusion on friday for the first LP git upload that I missed them
<cpaelzer> rbasak: now they should be good
<caribou> rbasak: journalctl --dmesg has it
<rbasak> caribou: aha. Works for me. Thanks again!
<caribou> rbasak: np
<rbasak> cpaelzer: I see them now. Thank you!
<davegarath> Hi all. I would like to logging scp session from my server ( what are downloaded/uploaded ). I tried to configure /etc/sshd_config with "Subsystem sftp /usr/lib/openssh/sftp-server -l INFO" but scp session aren't logged
<davegarath> I just can see connection and disconnection in the auth.log file
<rbasak> Does scp actually use sftp
<rbasak> ?
<rbasak> Or does it just run an scp at the other end like rsync does?
<davegarath> mmm I don't know maybe not
<rbasak> If you're logging for auditing purposes then you can't rely on any logs if you permit shell access.
<davegarath> mh ok
<maswan> rbasak: scp does not use sftp
<davegarath> so I can't log scp activities...
<rbasak> You could provide some kind of restricted shell and wrap the scp command I suppose.
<rbasak> It would be rather hacky though.
<maswan> scp is very very close to cat $name | ssh fooo "cat > $name"
<davegarath> ok. I'll think some wrapper
<rbasak> It might be better to eliminate scp from your workflow entirely.
<rbasak> It's handy for ad-hoc stuff but less useful for workflow things.
<rbasak> If I were to set up something where I need an audit trail of what happened to a bunch of files changing, I'd use git and a hook to update it when required.
<rbasak> Possibly with git-annex if large file support is required.
<davegarath> I don't want eliminate scp to break some functionality on the server that could use it. I just want  to know if someone use scp for normal operation and watch for what.... I don't know what run on this server
<forme> If I want to run Plex server on a headless Ubuntu server installed on an usb stick will I have performance issues with the plex server? The media is stored on a nas, so the locations are network based for read/write.
<rbasak> cpaelzer: first draft. Maybe I need to tone it down a bit? Feedback appreciated. http://paste.ubuntu.com/13576789/
<cpaelzer> rbasak: tone down a bit in paragraph #3
<cpaelzer> everything else is totally fine, non-offensive and asking what we like to understand "why special"
<jeroentbt>  Hey, I just installed an ubuntu server (14.04.3) and would like to connect it to an IPsec VPN. This server needs to be the client in this connection. Which application would allow me to set this up? (a walkthrough would be great too!)
<hateball> !vpn
<ubottu> For more information on vpn please refer to https://wiki.ubuntu.com/VPN
<jeroentbt> hateball: thanks, that page does specifically mention IPSec VPN is not covered though..
<TJ-> jeroentbt: you actually want it to operate in tunnelling mode, or just 'plain' IPSec encapsulation ?
<jeroentbt> TJ-: You've got me there (noob... :/) I want a VPN connection to connect to some specific servers, All other connections should not use the VPN
<jeroentbt> If that was what you were asking.
<TJ-> jeroentbt: yes, IPSec and VPN terms are used incorrectly at times. 'standard' IPSec is 'just' transport security (encrypting packets between hosts). 'on top' of that you can do tunnelling, which is where the 'virtual network' sub-net 'tunnel' comes in
<jeroentbt> Then I would need option 2, tunneling. thanks for the clarification!
<TJ-> jeroentbt: the usual package for doing it is openswan
<jeroentbt> TJ-: Thank you, I'll look in to that
<TJ-> jeroentbt: there's a reaonably easy-to-understand overview here: http://clauseriksen.net/2011/02/02/ipsec-on-debianubuntu/
<jeroentbt> TJ-: Thank you!
<teward> when's the next server team meeting?
<beisner> coreycb, confirming:  is kilo: oslo.concurrency/nova is ready to promote to trusty-kilo-updates today?
<beisner> coreycb, also kilo: python-novaclient g2g?
<coreycb> beisner, not yet because they're not in vivid-updates yet.  and that's blocked on a dep8 regression that I'm working on fixing.
<coreycb> beisner, I'll keep you posted, thanks
<beisner> coreycb, ack, thx.  i'll watch the cards for updates.
<rbasak> cpaelzer: I'm struggling to understand how to tone down the third paragraph. Which bit of it should I focus on?
<teward> rbasak: hello!  hope you enjoyed holiday/vacation/etc., just an FYI the libuuid1 headaches broke my sbuilds, so i couldn't test merges, that's back on track now and i'm getting real close to a merge
<teward> (for nginx)
<teward> just wanted to give you the heads up
<rbasak> teward: OK, no problem.
<vahid> Hi, I want to make a custom Ubuntu server image to install in every virtual machine, That ISO should contain some files. Is there any way ? I can make ISO with selected packages but not files.
<teward> vahid: you could make the virtual machine, then make clones of the VM for new virtual machines (changing network setups, hostnames, IPs, etc.)
<teward> just an option :)
<teward> (I haven't found a way to ship separate files on the ISO, myself)
<vahid> I should Install on VPS.
<danawar> Hey ubuntu server i have an issue i ran a python script on my server at work which edited the /etc/fstab file to mount some smb shares on startup problem is there is an issue with it and now the server wont boot up so i can SSH into it. Is there any way i can recover this machine without getting physical access to it?
<sarnold> danawar: use serial or ILO or ivkm or whatever your system has to add "single" or "shell=/bin/bash" to your grub kernel command
<sokoll>  I'm trying to configure a this module https://confluence.atlassian.com/doc/configuring-apache-to-cache-static-content-via-mod_disk_cache-295305963.html. But, there is no /etc/httpd/conf/httpd.conf directory/file on Ubuntu. This page gives details on the Apache config files in ubuntu https://help.ubuntu.com/lts/serverguide/httpd.html, but I'm just not quite clear on which file I need to edit
<sokoll> in order to load the cache mod.
<sarnold> sokoll: iirc it'd be in /etc/apache2/ somewhere -- grep -r for LoadModule and see if that helps you find anything
<sokoll> sarnold: what's the correct command for that?
<sokoll> grep -r LoadModule?
<sarnold> sokoll: yeah, once you're in the apache configuration directory
<sokoll> ah ok
<sokoll> bear with
<sokoll> I have mods-available/cache_disk.load:LoadModule cache_disk_module /usr/lib/apache2/modules/mod_cache_disk.so
<sokoll> but no conf file
<sarnold> sokoll: nice; that looks like you ought to be able to do a2enmod cache_disk  to enable to module, and then add the <ifmodule> block from https://confluence.atlassian.com/doc/configuring-apache-to-cache-static-content-via-mod_disk_cache-295305963.html  to wherever your virtual host configuration is stored, probably a symlink from sites-enabled/ to a config file in sites-available/
<sokoll> ok lemme give that a bash (no pun intended ;) )
<sokoll> How do I know if it's working or not?
<sarnold> hopefully apache will pass through some headers that you can spot in curl or wget output
<sokoll> hmm, I'll fiddle about with it. thank you so much sarnold
<sokoll> :)
<sarnold> cool :) have fun sokoll ;)
#ubuntu-server 2015-12-01
<francis_> Hi! Can SMART Extended scan detect bad sectors on hard disk?
<lordievader> Good morning.
<melbaa> Hello, i have a question about my virtual ubuntu server that is running on my Windows 10 with hyper-V. Is it possible that the virtual ubuntu reads my Windows 10 storage so i can access it in the virtual machine?
<eahmedshendy> Hi, anyone here
<eahmedshendy> I have issue related to apparmor, anyone could help?
<jjohansen> eahmedshendy: what's the issue
<eahmedshendy> http://paste.ubuntu.com/13596640/
<eahmedshendy> I tried to uninstall mysql 5.5, then install 5.6 and till now I can't install mysql
<eahmedshendy> jjohansen
<jjohansen> eahmedshendy: you need to add a rule to the mysql profile
<jjohansen> eahmedshendy:  look for the file /etc/apparmor.d/usr.sbin.mysqld
<jjohansen> well or something close to that
<jjohansen> you need to add the rule
<jjohansen>      /etc/mysql/my.cnf.fallback   r,
<jjohansen> the rule will need to go into the mysqld profile
<jjohansen> it will likely look like
<jjohansen> /usr/sbin/mysqld {
<jjohansen>   # some comments
<jjohansen>   .. rules ..
<jjohansen> }
<jjohansen> you should be able to insert an new line in the block of rules (beginning or end are good choices)
<T3DDY> /leave
<jjohansen> and save the file
<jjohansen> eahmedshendy: then do
<jjohansen>   sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld
<jjohansen> (or what ever the file name the profile was in)
<eahmedshendy> I do not understand this step:
<eahmedshendy>  /usr/sbin/mysqld {
<eahmedshendy> jjohansen
<eahmedshendy> I jsut added this: /etc/mysql/my.cnf.fallback   r, to  /etc/apparmor.d/usr.sbin.mysqld
<jjohansen> eahmedshendy: okay, the profile file has format
<eahmedshendy> what do you mean by the profile file?
<eahmedshendy> jjohansen
<jjohansen> yes, but you need to add it within the profile rule block
<jjohansen> the profile within the file, will start like
<jjohansen>   /usr/sbin/mysqld {
<eahmedshendy> Ok
<jjohansen> or
<jjohansen>   profile mysqld /usr/sbin/mysqld {
<eahmedshendy> "/usr/sbin/mysqld {" .. I found it in  /etc/apparmor.d/usr.sbin.mysqld
<jjohansen> you can insert the rule on almost any new line between the start { and end }
<eahmedshendy> jjohansen: that is it?
<jjohansen> that defines the profiles rules
<eahmedshendy> yes jjohansen I did that first
<jjohansen> okay.
<jjohansen> once you have that saved use
<jjohansen>   sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.mysqld
<jjohansen> to compile the changed profile and load it into the kernel
<jjohansen> you should then be able to try installing mysql again
<jjohansen> you could get another denial
<eahmedshendy> do remove then uninstall or just dpkg-reconfigure -a?
<eahmedshendy> jjohansen
<jjohansen> if you want you could put the profile into complain mode, where it will allow all accesses but complain about those not in the profile
<jjohansen> eahmedshendy: err, I think you should be able to get away with dpkg-reconfigure
<jjohansen> but it does depend on how the package has done the apparmor integration
<eahmedshendy> jjohansen: I did not understand your sentence at all :), I did that apt-get purge --auto-remove mysql-server-5.6
<eahmedshendy> I will install it again
<jjohansen> eahmedshendy: sorry, what I was trying to say, is it is possible apparmor will deny other things
<eahmedshendy> jjohansen: mmm, ok
<jjohansen> one way to deal with this is put the profile in a complain or learning mode
<jjohansen> that way the profile won't deny anything, but you will get messages like from your pastebin in your logs, except that they will have
<jjohansen>   apparmor="ALLOWED" instead of
<jjohansen>   apparmor="DENIED"
<jjohansen> you would then use those messages just as we have done for the denied message
<eahmedshendy> jjohansen: http://paste.ubuntu.com/13596948/
<jjohansen> complain mode is a big help when developing profiles, as you don't have to deal with denial messages one at a time
<eahmedshendy> the line you told me to add in apparmor is gone, I will add and use dpkg-reconfigure -a rather than purging it
<eahmedshendy> jjohansen
<jjohansen> eahmedshendy: hrmmm, you profile hasn't been updated, can you paste bin it?
<jjohansen> eahmedshendy: got it, dpkg-reconfigure reinstalled the profile, wiping out your change
<eahmedshendy> jjohansen: http://paste.ubuntu.com/13596977/
<eahmedshendy> so?
<jjohansen> hrmmm, actually you did a purge and then a reinstall. correct?
<jjohansen> in that case it would have deleted the installed profile file
<eahmedshendy> yes
<eahmedshendy> I got what you need, just paste it now
<eahmedshendy> jjohansen: http://paste.ubuntu.com/13597005/
<eahmedshendy> That is OK, right?
<jjohansen> yeah that looks good
<eahmedshendy> jjohansen: So now I should move and try to fix the other issue of mysql, right?
<eahmedshendy> apparmor, is clear?
<jjohansen> eahmedshendy: yep, unless you start hitting new denial messages
<eahmedshendy> jjohansen: I forgot to told you that, mysql-server-5.6 was working fine yesterday, untill I did restart, mysql goes down again
<jjohansen> eahmedshendy: did you switch to systemd?
<eahmedshendy> jjohansen: This server is new for me, I just removed a database called cassandra that was running yesterday
<jjohansen> systemd handles restart as stop/start, instead of having a dedicated restart action like upstart or sysv init scripts
<jjohansen> this has broken more than a few usage patterns, and has become the first question I ask when someone says something stopped working on restart
<jjohansen> of course it depends what you mean by restart
<eahmedshendy> there is a file called:  /etc/init/systemd-logind.conf, does that means systemd is installed?
<eahmedshendy> jjohansen: just execute the command reboot
<jjohansen> ah, well that wouldn't be the problem then
<jjohansen> I'm not sure why mysqld would fail on a reboot
<eahmedshendy> jjohansen: How to know that admin that was here made a switch to ssytemd
<jjohansen> eahmedshendy: unless you are using systemctl restart, I wouldn't chase that path
<eahmedshendy> No I don't have this command "systemctl"
<eahmedshendy> on my current system
<jjohansen> eahmedshendy: but if you want to know,
<jjohansen>   ps aux | grep systemd
<jjohansen> should return with pid 1 as systemd
<eahmedshendy> jjohansen: http://paste.ubuntu.com/13597160/
<jjohansen> eahmedshendy: nah
<jjohansen> eahmedshendy: actual
<jjohansen>   pstree
<jjohansen> might be easier
<jjohansen> systemd shows up as the root of the tree
<eahmedshendy> It is just init
<eahmedshendy> jjohansen
<jjohansen> right
<jjohansen> you just have a few cherry-picked "systemd" services
<eahmedshendy> jjohansen: That is not what you afraid off?
<jjohansen> eahmedshendy: if it says init you don't have systemd
<eahmedshendy> jjohansen: yes, so this is fine
<jjohansen> yep
<jjohansen> so the systemd change I mentioned before is not the reason mysqld is failing
<eahmedshendy> jjohansen: sorry for bothering you, and thank you so much for help, God bless you :)
<eahmedshendy> jjohansen: yes
<eahmedshendy> Is t here anyone can help with mysql-server 5.6 upgrade from 5.5 issue, or even help me to get back to 5.5.
<eahmedshendy> http://paste.ubuntu.com/13597397/
<rbasak> eahmedshendy: why do you have a PPA enabled?
<rbasak> You're getting mismatched versions of the packages which can't help.
<eahmedshendy> rbasak: I came here and found it like this
<eahmedshendy> Should I do another thing, I am just beginner in administration
<rbasak> You can probably repair it from where you are, but I don't have the time to go through that with you, sorry.
<rbasak> This channel is the right place to ask for help though. Maybe somebody else will come along.
<eahmedshendy> rbasak: no problem sir, I think try and do it, thank you very much for pointing me
<eahmedshendy> :)
<eahmedshendy> btw, you mean that I can update the PPA for a package that is suitable for 14.04.3
<eahmedshendy> I have the same issue like this guys http://askubuntu.com/questions/699942/updating-to-mysql-5-6-27-fails-but-why
<eahmedshendy> exactly
<eahmedshendy> I think I am stuck with this problem
<rbasak> It looks like it is because the archive has been updated ahead of the PPA in a way that makes the PPA break things.
<rbasak> I don't understand why the PPA exists in the first place.
<OerHeks> i just went trough http://paste.ubuntu.com/13597397/ and found mysql-server_5.6.25-3+deb.sury.org~trusty+1_all.deb == https://launchpad.net/~ondrej/+archive/ubuntu/mysql-5.6/+sourcepub/5377389/+listing-archive-extra   so you did install a ppa ....
<rbasak> I trust ~ondrej has a good reason for creating it
<rbasak> But perhaps it's not needed now that trusty-updates has 5.6.27?
<eahmedshendy> OerHeks: this is your procedures? so you faced a problem like me
<OerHeks> eahmedshendy, your issue seemed curious, but it is not, why did you not mention that PPA in the 1st place?
<OerHeks> such info is very important.
<eahmedshendy> OerHeks: I didn't change any PPA at all
<eahmedshendy> OerHeks: rbasak just told me about it
<eahmedshendy> I didn't do manaul change
<OerHeks> no, that was before rbasak named ppa. you have added that ondrej ppa before.
<OerHeks> ppa-purge that repo and try to install again ( not from ppa but the original packages)
<eahmedshendy> OerHeks: just today while trying to solve the problem with everyone here, I didn't add it before
<eahmedshendy> OerHeks: what after that .. I just deleted the two files and make apt-get update
<rbasak> cpaelzer: thank you for your feedback! I updated that paragraph and sent the email.
<eahmedshendy> Because I got this error when trying to do it with ppa-purge http://paste.ubuntu.com/13598152/
<cpaelzer> rbasak, thank you - I'm eager to see what the responses will be like
<cpaelzer> rbasak: within dpdk do you know if we just dropped the kernel modules without replacement or if we deliver them with the kernel?
<eahmedshendy> OerHeks: I will try to reset the server repositories to its default
<OerHeks> removing those 2 files does not work well, you should use ppa-purge, with the correct name of the ppa.
<OerHeks> !ppapurge
<ubottu> To disable a PPA from your sources and revert your packages back to default Ubuntu packages, install ppa-purge and use the command: Â« sudo ppa-purge ppa:<repository-name>/<subdirectory> Â» â For more information, see http://www.webupd8.org/2009/12/remove-ppa-repositories-via-command.html
<rbasak> cpaelzer: I'm not sure. smb maybe knows? ^^
<cpaelzer> rbasak: he went offline, will ask him later/tomorrow
<eahmedshendy> OerHeks: I created them manually
<eahmedshendy> OerHeks: http://paste.ubuntu.com/13598538/
<eahmedshendy> ?
<smb> cpaelzer, rbasak, if the question was about the kernel modules. There are two which are usable and shipped with the standard kernel. uio-pci-generic and vfio-pci
<cpaelzer> smb: the question was about the two .ko's that would be build in the dpdk source igb_uio.ko and rte_kni.ko IIRC
<cpaelzer> smb: those are disabled for obvious build and packaging issues, but I wondered if those would be required in some way
<smb> cpaelzer, Ok, yeah. Those should no longer be required (starting with dpdk 2.0) and the kernel ones being used
<cpaelzer> smb: ok because they are still default on thx
<cpaelzer> smb: FYI dpdk 2.2 no more builds with your trick to go to the lowest cpu/sse level
<smb> cpaelzer, That is indeed a bit odd but the recommendation for that also came from upstream sort of
<cpaelzer> smb: that is good to hear that this recommendation to disable them came from there
<cpaelzer> smb: I'll have to search for "the new lowest" denominator that would build
<smb> cpaelzer, hm, the "trick" was to use the machine level option. If that no longer builds ...
<cpaelzer> smb: yeah I saw you configured thr T=..native, but then set RTE_MACHIEN=default
<cpaelzer> smb: the rte.vars for default refer to core2 as the march
<smb> Either they think they fixed online detection
<cpaelzer> smb: and that is now too low as some code needs newer than that cpu features now
<smb> Right the T is just to pick one of the template configs they ship
<cpaelzer> right, but "native" depends on the build environment and is no option
<cpaelzer> so seems core2 as of dpdk 2.2
<cpaelzer> I'll have to search for the new "low"
<cpaelzer> level that is acceptable
<smb> Yes, so if default which is (or was supposed to be) a supported option no longer works it might be time to report them a bug
<cpaelzer> smb: I fully agree, but for that I need to find out what would :-)
<cpaelzer> smb: on the good side with that it fails upstream just as much as in the dpkg build environment
<cpaelzer> smb: so it will be easy to report the bug
<smb> cpaelzer, :) yeah. or play innocent and ask them what goes wrong there :)
<cpaelzer> smb: not now after we wrote on a public channel and then innocent is a decade or more ago :-P
<smb> cpaelzer, Note that I say "play" ;)
<Melbatje> Hello, I need some help with my Ubuntu server, I have a VM running on my Windows 10 PC and would like to share some storage so I access that on my VM. Does anyone have any clue how to do that with Samba and what settings?
<Melbatje> does anyone read this message? xd
<lordievader> Melbatje: What hypervisor are you using?
<Melbatje> Hyper-V
<lordievader> Hmm, wouldn't be surprised if it hase some kind of a folder share function. However I am not familiar with hyper-v.
<Melbatje> lordievader: I'm using Hyper-V
<Melbatje> lordievader: I'm going to check that, thanks :P
<crveni> hi
<crveni> is server 15.10 have graphical environment?
<sarnold> you can apt-get install whatever you want
<crveni> I know, but I don't know how install unity
<crveni> and how to make them startup
<sarnold> apt-get install unity ought to get most of the way there
<ianorlin> I would not recommend it
<ianorlin> as acessing the ui over the network is not the best
<ianorlin> if locally I usually like to run an ubuntu-server virtual machine in just a normal desktop
<crveni> me nead web server local
<sarnold> you don't need a gui for that :)
<crveni> yes i nead gui, bicose i use this laptop for development
<ianorlin> actually gvfs is a quite nice way to transfer things like pictures to a web server
<crveni> i dont know, i love ubuntu :)
<crveni> and trying to meet them very well
<sarnold> crveni: ah. feel free to install the desktop then and just apt-get install the server packages as you need them :)
<sarnold> laptops are funny creatures, it's way easier to get them to work if you just go with the whole desktop thing up front
<crveni> @sarnold I do it last week :)
<crveni> i loveee ubuntu
<crveni> :)
<crveni> Do you everbody know where is Serbia?
<crveni> I from Serbia :)
<simosx> o/
<crveni> Novak Djokovic :) :)
<crveni> We in serbia wery love ubuntu :)
<crveni> ok, nobody will not talk for me :(
<simosx> crveni, I said "hi".
<crveni> hi simosx
<crveni> :)
<crveni> which system simosx you have?
<simosx> I use 'DigitalOcean' for server.
<m1dnight_> Hello guys. I'm in a bit of pickle with duplicity. I have a server `daytona` which serves as the storage for backups from my other machine `testarossa`. Testarossa uses duplicity and backsup via sftp. On testarossa, as root, I can ssh to daytona with the user `backupper`. I can run the duplicity command in the terminal as well. But hwen I put the duplicity command in a bash script (which runs fine as
<m1dnight_> well from the commandline) and run it as a cronjob, I keep getting connection refused errors on the sshbackend of duplicity.
<m1dnight_> Any tips?
<crveni> simosx what is thet :)?
<crveni> that?
<sarnold> m1dnight_: probably your cronjob doesn't use the same ssh agent that your shells use
<simosx> crveni, it's a Virtual Private Server (VPS). You get a server on the cloud (you connect with SSH). It is great to learn about servers.
<m1dnight_> sarnold: how can I fix that, then?
<sarnold> m1dnight_: run ssh-add -l to see if you have keys in your agent..
<m1dnight_> It used to work fine, but when I reinstalled the server it stopped working.
<crveni> simosx that is expensive for me :)
<m1dnight_> Hm, sarnold that gave me that no agent was running, did eval `ssh-agent -s` now and added the private key. ill see what will happen now.
<m1dnight_> Testing the cronjob again.
<simosx> crveni, you are paying as long as the server is active. if you look into it, it's somewhat affordable.
<sarnold> m1dnight_: the cronjob runs in an environment started by cron, seperate from your shells.. if the ssh agent is running, you can give the cron jobs access by adding the right environment variables..
<m1dnight_> `BackendException: ssh connection to backupper@192.168.1.120:22 failed: [Errno 111] Connection refused` still
<m1dnight_> oh can you point me in the right direction then, please?
<sarnold> m1dnight_: oh, you know, connection refused suggests something else is going on.
<crveni> ok simosx
<m1dnight_> sarnold: yes, but the weird thing is that I can ssh to the machine just fine..
<sarnold> m1dnight_: try a cronjob with something like echo "" | nc 192.168.1.120 22
<m1dnight_> And Im using the exact same user..
<crveni> can I install the DNS server and they will charge domain
<crveni> simosx?
<crveni> :)
<simosx> crveni, when you get a domain, they often give you DNS management for free. If you do not get free DNS management, you can use https://www.namecheap.com/domains/freedns.aspx
<simosx> crveni, if you do not have a domain, and you want a free one, you can try out http://www.freenom.com/ (includes free DNS management).
<crveni> no simosx, you dont understand , how can I sell thousend .com domains?
<simosx> crveni, selling .com domains is a job called "Domain Registrar". It's kinda out of the scope in learning about servers.
<m1dnight_> sarnold: where would I find the output of that? dmesg is empty.
<sarnold> crveni: do you just want to host a few thousand domains as a host? or do you actually want to become a registrar?
<crveni> ok simosx. that job interesting for me :) easy mony
<sarnold> m1dnight_: check your mail, cron mails the output to you
<m1dnight_> aha
<m1dnight_> SSH-2.0-OpenSSH_6.6.1p1 Ubuntu-2ubuntu2.3
<m1dnight_> Protocol mismatch.
<m1dnight_> Shouldn't it negotiate for a proper protocol?
<sarnold> m1dnight_: interesting. the echo "" | nc   just sends a blank string to the remot ehost and returns what the remote host's banner was
<crveni> yes simosx, I do to become registrar
<sarnold> m1dnight_: so at least your cronjob can make outgoing connections to that host just fine.
<m1dnight_> Glad you find it interesting :>
<m1dnight_> Using it in the shell shows me the same output.
<m1dnight_> Hmmm
<crveni> I want to become registrar, and don't know how :)
<m1dnight_> aha, dist-upgrade installs some updates to libssl so it seems.
<m1dnight_> Let's see where that brings us
<shauno> I'm not sure I'd call it 'easy money'.  domains strike me as a 'race to the bottom' unless you can parcel it in a wider package
<nat0> Can anyone tell my why preseeding a fresh install of 14.04 fails after searching for dists/trusty-updates/Release, which doesn't even exist on the 14.04 installer DVD?
<simosx> shauno, also DV certificates are likely to follow the same path.
<crveni> shauno I thought to do the all via computer
<crveni> i have to become a hacker :)
<crveni> i love this job :)
<crveni> does anyone know the web development project for free?
<crveni> I have a project and need a worker
<sarnold> there are more ideas than there are developers; in general, developers need to be paid
<crveni> i work for free
<crveni> money arriving later
<crveni> It is an advertising site, I hope it will be members
<shauno> I think you would have enjoyed the dotbomb era, but you're almost 20 years too late.  I can't think of a nicer way to put that.
<crveni> :) shauno
<sarnold> hehe
<crveni> I thought to do the site where it will be distributed, advertised IT projects
<crveni> shere IT job
<crveni> share
<crveni> freelancing site
<sarnold> fivr vworker monster ...
<crveni> i am big deady
<crveni> dady
<crveni> :)
<crveni> nice too meet you everybody
<nat0> Does anyone know why anna, the package installer in debian-installer, requires Release signatures for an update branch even while attempting a fresh install?
<sarnold> have fun crveni :)
<sarnold> nat0: probably to make sure that you're not installing maliciously supplied updates
<crveni> my site is http://www.elvescode.com but is serbish language
<nat0> sarnold: then shouldn't those release signatures be included on the install DVD?
<nat0> Because they'
<nat0> re not, preventing me from installing anything.
<sarnold> nat0: the Release files are periodically updated, see e.g. http://mirrors.kernel.org/ubuntu/dists/trusty-updates/Release   "Date: Tue, 01 Dec 2015 12:00:33 UTC
<nat0> I'm pxebooting 14.04.3's DVD1.  It loads the kernel and squashfs image fine.  The preseed file correctly repartitions the drive.  Then it verifies the release signatures, and 404's on dists/trusty-updates/Release.
<sarnold> nat0: because the Release files are updated periodically, their signatures can't be burned onto an install media
<sarnold> nat0: which mirror?
<nat0> It's a local mirror I've manually created by essentially rsycing the contents of 14.04.3's DVD1 image onto a local filesystem served over HTTP.
<teward> well there's one of the issues there - the release files are updated periodically and don't exist on the DVD images then
<sarnold> nat0: ah; then either also grab the trusty-updates tree off a mirror too, or figure out how to tell the installer that it shouldn't update packages during the install
<sarnold> nat0: .. of course you'll want to apply the updates immediately after you're done if you don't update the packages during the install
<nat0> sarnold: Thanks.  I thought I'd done the latter by setting the pkgsel/update-policy to none.
<nat0> In the preseed file that is.
<crveni> have fun geeks :) i get out
<sarnold> hmmm that might be worth a bug report then :)
<nat0> ugh
<nat0> I might just remove ubuntu as an option from this provisioning server.
<sarnold> are the updates really too difficult to mirror?
<teward> nat0: better question, why not run a local repo mirror for that release and put 1TB of space for each, or twice that much if you want to support two different releases
<nat0> sarnold: clients will not be using this server to update their own packages, so it's unnecessary to include them.
<sarnold> nat0: ahh
<nat0> tweard: again, I don't need to update machines from this server, and using 2TB of space to mirror one release is a bit absurd.
<sarnold> I think the archives are something like 900gigs total for all currently supported releases
<nat0> This server will only be provisioning new clients, on an airgapped network, from a series of local mirrors made directly from distribution release images.
<teward> sarnold: eesh, so i'll have to build a 5TB RAID array in my next private-mirror server
<teward> maybe my workplace will let me use their bandwidth to download the files on that server
<sarnold> teward: I'm looking at building one myself, and went looking through our NFS mounted archive the other day.. I came to the conclusion that it'd probably be a bit more than one TB once we have a third supported LTS release again, and a bit more than that once the 'newest releases' aren't also LTS releases..
<sarnold> teward: so 2tb sounds like a nice plan, if I've checked the right things :)
<m1dnight_> sarnold: looks like it is fixed with the upgrade..
<m1dnight_> Knock on wood
<sarnold> m1dnight_: woot!
 * m1dnight_ knocks on his head
<m1dnight_> *ha ha*
<sarnold> m1dnight_: granted, it doesn't make -sense- to me, but hooray for a fix.
<m1dnight_> Yep worked fine. Cronjob finished..
<sarnold> m1dnight_: crazy.
<teward> sarnold: true, but i also need a Debian mirror
<teward> because i have four debian vms
<teward> so that's what, another 1TB maybe?
<sarnold> teward: hmm, dunno, I don't know a quick way to measure that
<teward> sarnold: indeed.
<teward> 5TB array of disks should be fine though
<hackeron> anyone has any ideas what could be causign this boot problem with Kernel 4.2? < https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1521749
<ubottu> Launchpad bug 1521749 in linux (Ubuntu) "NUC NUC5CPYH Does not boot on 4.2.0-19 (Ubuntu 15.10)" [Undecided,New]
<sarnold> hackeron: how about /var/log/syslog.0 or similar rotated files?
<sarnold> hackeron: how about systemd's journals?
<teward> hackeron: also consider there's a request for *more information* in the bug
<teward> either run apport-collect 1521749 or if you actually can't boot as such comment accordingly on the bug and change the status to Confirmed
<hackeron> sarnold: /var/log/syslog.0 shows yesterday's log - /var/log/syslog shows a successful boot (3.19), then shows a gap where all the failed boots are (4.2.0), then shows the next successful boot
<sarnold> hackeron: ouch :(
<hackeron> sarnold: just checked journalctl - also nothing
<TJ-> hackeron: try editing the kernel command-line, add "systemd.unit=emergency.target" see if you can get that far
<hackeron> teward: that wasn't there a second ago, heh - trying
<hackeron> TJ-: If I select "Ubuntu, with Linux 4.2.0-19-generic (recovery mode)" from the list - it boots into the recovery console, so I am guessing yes
<TJ-> hackeron: I'd look at the various targets systemd goes through on its way to multiuser.target, and boot to each in turn until you hit the issue
<TJ-> hackeron: or, do a bisect on the list of targets
<TJ-> hackeron: it looks like the local-fs-pre us good, so do "grep -rn 'local-fs-pre' /lib/systemd/*" and then try to get to "local-fs.target"
<hackeron> TJ-: ah, that's a good idea - I will try that
<TJ-> hackeron: unfortunately systemd doesn't make it too easy (like sysv-init) to figure out the order so you have to dig
<hackeron> TJ-: is there anyway to get a list of what runs after the emergecy.target in order? - looks a bit of a maze otherwise
<hackeron> TJ-: ah, ok, that answers that question, heh
<TJ-> You've got 'targets' which I think of as groups of 'services', and you've got 'wants' which targets/services declare as their dependencies
<hackeron> TJ-: thank you, will play around in a little bit, just going for a quick job. Hopefully will be able to narrow it down. It seems the next target after the one it reaches is Bluetooth, hmmm
<hackeron> jog*
<TJ-> hackeron: I found "systemd-analyze critical-chain" will provide the list you need
<teward> hackeron: thoug that apport-collect should be run under the affected kernel
<teward> and if you can't boot to that then...
<smackusrevival> how do i know whether a server has experienced a dos attack?
<bekks> smackusrevival: you will notice it by not being able to reach the service.
<bekks> DoS == Denial of Service.
<smackusrevival> what if access is super-slow but does eventually respond?
<hackeron> teward: TJ: Ah, correction, it does not boot into the recovery console either - or rather it seems intermittent -- sometimes it boots, most of the time it does not :( (with kernel 4.2 -- boots fine with 3.19)
<smackusrevival> also, notices a large spike in traffic at one point yesterday which took entire allocated memory of server to maximum during this time.
<bekks> smackusrevival: those are symptoms of a DoS.
<smackusrevival> bekks: thanks, i think so. problem is, server is still slow, yet everything still intact. i am not too sure what to do next. i have taken server offline until i can resolve.
<teward> hackeron: make sure that's noted in the bug
<hackeron> teward: yeh, I updated the description - I managed to get into the emergency console by adding systemd.unit=emergency.target -- but as soon as I try to do anything, like start apport for example - it freezes :/ - added a screenshot to the bug report too
<smackusrevival> bekks: just performed security scan on entire server data. found nothing suspicious.
<bekks> smackusrevival: Thats because a DoS attack happens from outside your computer.
<smackusrevival> bekks: so why would it still be really slow?
<bekks> Thats what you have to investigate. There are a gazillion of possible reasons, like excessive swap usage, excessive memory usage, etc.
<smackusrevival> memory usage at normal and swap is 0%.
<smackusrevival> all resources seem normal.
<smackusrevival> this is either an external network provider issue beyond our control, or an sql issue. i believe the former.
<bekks> Since you took it offline, it isnt.
<smackusrevival> should a wordpress page load when loading with localhost
<smackusrevival> ?
<bekks> Depends on your webserver configuration.
<smackusrevival> if sql was corrupted, would this be a sign of an attack on the actual sql db?
<bekks> Not necessarily.
<smackusrevival> bekks: what would i be looking for?
<bekks> Logs, reasons for the sql db being corrupted, things that appear in your webserver logs, things that appear in the system logs, etc.
<smackusrevival> ok, i know what i will be doing today. reading logs. :-(
<quantic> smackusrevival: infosec 101. welcome to my world.
<smackusrevival> lol, why do we do this job.
<teward> smackusrevival: because if we don't do it nobody will and everything dies
<bekks> Because we didnt listen to our parents and didnt get another job :P
<teward> smackusrevival: that said, if this is a place where you can add hardware to the infrastructure, a IDS/IPS would be nice
<teward> (adding one can help protect sometimes against some DoS vectors)
<smackusrevival> yeah increased security hardware is something our company will be looking at. hopefully sooner rather than later...
<smackusrevival> odd, apache logs show nothing at the time of the alleged attacks.
#ubuntu-server 2015-12-02
<smackusrevival> possible attack!
<bekks> So maybe it want the webserver which was under attack.
<bekks> *it wasnt
<genii> Maybe check the auth log for bruteforce password attempts
<teward> ^ that
<teward> smackusrevival: your company isn't stupid enough to have your DB servers listening on public internet addresses for traffic from everything is it?
<smackusrevival> hold, i think i found problem.
<smackusrevival> got it. hardware issue. router somewhere had changed ip address routes. reverted back and everything good now.
<quantic> smackusrevival: what have we learned?
<smackusrevival> check this first next time.
<quantic> smackusrevival: more generally - unless you have evidence pointing to an attack, malfunctions or misconfigurations are far more likely.
<teward> agree with quantic there, smackusrevival :)
<smackusrevival> thanks for the help. but it doesn't discredit the fact there was major traffic at one point which made server ram 100% during this time.
<keithzg> The old saying "cockup before conspiracy" ;)
<teward> smackusrevival: how are you determining RAM usage?
<teward> smackusrevival: if your system shows 100% but `free -m` shows a lot free with the '+/- buffers/cache' line, then it's not really using all the RAM like you think
<teward> (caching is at play, and that's not really 'in active use')
<smackusrevival> like this. http://imgur.com/uCqzGuP
<smackusrevival> my mistake, not 100% but close. red in graph is ram in use. almost maxed out.
<smackusrevival> green is cached.
<smackusrevival> graph pulled for monitorix.
<bekks> So basically cached memory increased.
<teward> smackusrevival: so your cached memory increased, but active usage didn't increase
<teward> smackusrevival: that's not uncommon
<teward> and you don't really need to be worried about cached memory being consumed up to the max on your RAM
<teward> though if that were entirely RED that'd be a different story
<teward> i had a rogue ruby utility that did that once
<ponyofdeath> hi, what calles dhclient on ubuntu server 12.04 what is the init script
<smackusrevival> why only at this one time during the day though?
<sarnold> ponyofdeath: /etc/network/interfaces configures the interfaces; called via the /etc/init/networking.conf upstart script or /etc/init.d/networking sysv-init script..
<bekks> smackusrevival: look at the logs.
<teward> smackusrevival: logs are your friend
<teward> read them
<smackusrevival> yeah ok. fair enough.
<sarnold> backups? updatedb?
<teward> smackusrevival: also, don't worry if mostly green/cached is taking up a lot of RAM
<teward> smackusrevival: http://paste.ubuntu.com/13609973/
<teward> granted this is my Ubuntu laptop
<bekks> smackusrevival: http://www.linuxatemyram.com/
<teward> but point not withstanding, the site bekks gave is important, AND...
<teward> you can see most of the 'memory' is used on mine with buffers/cache, not active use
<teward> (only about 2.4 GB is in use, which is usual for this system since I do a lot of resource-eating stuff)
<smackusrevival> performing manual backup of server as i write this, as precaution.
<teward> smackusrevival: 99.999% sure the RAM usage is not a concern :)
<bekks> smackusrevival: that backup is mostly worthless, since you cant tell for sure wether it is compromised or not.
<teward> AND bekks is right
<teward> if you can't tell if your machine is compromised, chances are it may be
<teward> so a backup won't help you
<teward> and if you aren't already doing regular backups you should have been
<bekks> For further investigation purposes, that backup may be helpful, but you should strongly consider setting up that server from scratch.
<bekks> And - literally - document every change you are doing to that new server.
<teward> ^
<smackusrevival> teward: yeah we have many backups. this was only precautionry, but regular backups are made all the time
<teward> 'this was only precautionary' is wrong
<teward> smackusrevival: if your server *was* compromised then it's not precautionary
<teward> it's recklessly
<quantic> The only good taking a backup will do is to have an image to analyze later, and taking a normal backup to do so is useless. You need a bit-level image of the system for proper forensics.
<smackusrevival> looking through /var/log/auth.log there has been MANY unauthorized login attempts.
<quantic> smackusrevival: Is the system connected to the internet?
<bekks> The only purpose of that backup *may* be restoring files which have changed since the last know not-compromised backup AND known to be not altered by an attacker.
<bekks> *known
<teward> smackusrevival: is the system internet-connected, and do you do any hardening on your servers?
<smackusrevival> quantic: yes
<teward> (such as disable pure password auth, etc)
<quantic> smackusrevival: Then yeah, you're going to have login attempts. Get used to it.
<quantic> smackusrevival: You should be looking for login SUCCESSES, not attempts.
<teward> ^ that
<teward> but you should also be considering hardening your servers a little if you haven't already, such as disable password-based authentication and enforce SSH Key authentication, etc.
<smackusrevival> quantic: ok, usually ignore logs unless something like this happens. but need to start paying more attention i think.
<smackusrevival> teward: ok thanks.
<teward> smackusrevival: NEVER IGNORE LOGS
<teward> they're IMPORTANT
<teward> REALLY important
<bekks> and - for the sake of reducing the amount of failed attempts - chaning the default ssh port.
<teward> ^ that
<teward> bekks: though I just IP-restrict SSH xD
<teward> bekks: in some cases changing the defaults won't help, but yes
<bekks> teward: that helps too :D
<teward> I also have Duo Security 2FA enabled so...
<teward> that PAM layer adds additional authentication reqs to get in
<sarnold> ... and don't forget, logs are often scrubbeds after systems are compromised
<teward> indeed
<teward> sarnold: even better reason to have a syslog server that receives all logs from the server
<bekks> log time inconsistencies. great thing to script :)
<teward> so even if they're scrubbed locally
<teward> they're not necessarily scrubbed at the syslog location xD
<sarnold> teward: yeah
<teward> at the *real* syslog location
<bekks> rsyslog ftw :)
<teward> sarnold: speaking of which, know any good Ubuntu syslog solutions that make it nice and readable and searchable, etc. including colorcoded by severity levels and stuff?
<bekks> which reminds me to setup that for a bunch of server regularly used by other employees.
<sarnold> teward: I keep hearing things about kibana and elasticsearch and on and on but i've never been too impressed with what I see, compared to just tail -F :(
<sarnold> teward: there's some tool named something like czze that apparently does termina-based log coloring
<teward> i mean with a syslog server and such included in the list
<teward> because i want one location NOT on the servers themselves
<teward> but meh
<teward> sarnold: i've heard kibana/elasticsearch too but dislike it
<teward> splunk's always an option, but meh
<teward> i'll go do more research xD
<bekks> teward: keep me informed on your proceedings please :)
<teward> bekks: probably will do so once I poke my other workplace again xD
<bekks> ;)
<smackusrevival> gotta go guys. thank you all so much for your help. a sys admin is never alone when he has irc. ;-)
<teward> smackusrevival: that's why we're here :p
<sarnold> :)
<ponyofdeath> sarnold: thanks!
<sarnold> ponyofdeath: got everything sorted? :)
<ponyofdeath> sarnold: yup :)
<sarnold> woohoo :)
<jvwjgames> I am needing my network interface persistence file fixed or regenerated
<jvwjgames> Cause I have no network connectivity on that server
<jvwjgames> Can anyone please help
<tsimonq2> jvwjgames: the people in #ubuntu could probably provide help with that
<jvwjgames> Ya but it is a Ubuntu server witch is why I am here
<sarnold> have you figured out what config options need to change to get the connectivity back?
<rbasak> jvwjgames: it's in /etc/udev/rules.d/70-persistent-net.rules on 14.04 I think.
<rbasak> I believe that if you delete it it'll get regenerated on next boot, but don't rely on my knowledge if it'll break your server - test first.
<jvwjgames> I know it is but it is messed up is there a way to regenerate it
<sarnold> rbasak: ahhh that hting I forgot all about it :)
<rbasak> It has changed since 14.04 and I am no longer up to date with the current stuff.
<JakeTheAfroPedob> hi guys
<JakeTheAfroPedob> need some help regarding manaual installation
<JakeTheAfroPedob> on 14.04
<JakeTheAfroPedob> LTS that is
<orogor> hi
<orogor> anyone here use/know dell open manage essentials ?
<OerHeks> orogor, i read about it, but have no  PowerEdge Server, the repo instructions is here http://linux.dell.com/repo/community/ubuntu/
<lordievader> Good morning.
<hackeron> Anyone has any ideas about this boot issue and how to diagnose further? < https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1521749
<ubottu> Launchpad bug 1521749 in linux (Ubuntu) "NUC NUC5CPYH Does not boot on 4.2.0-19 (Ubuntu 15.10)" [Undecided,Confirmed]
<TJ-> hackeron: did the systemd analysis not help narrow it down?
<hackeron> TJ-: I added comments about that in the bug. I tried starting various services just 1 by 1 after getting into the emergency.target - I can start networking, I can start several random things - but as soon as I start something like ssh or even apport, I see this and it freezes: https://www.dropbox.com/s/gmpse7bx0c70e4v/IMG_1479.jpg?dl=0
<TJ-> ahhh, I still had the bug open from yesterday so couldn't see the updates!
<TJ-> hackeron: can you add to the bug report a dmesg captured from a 4.2 emergency.target boot? probably need to copy it off to a USB device manually mounted
<TJ-> hackeron: also, have you tried booting it with 4.2 when *all* USb devices are disconnected?
<hackeron> TJ-: sure, let me do that
<hackeron> TJ-: yes, I have
<TJ-> hackeron: so we can rule out udev stuck due to external devices?
<TJ-> I notice the iwlwifi firmware isn't found for 3.19... I wonder if 4.2 gets stuck due to that not being available - unlikey, but in the absense of any other evidence...!
<hackeron> TJ-: yeh, I noticed that as well, but seems unlikely as I can bring networking up without problems
<TJ-> hackeron: OK, that's the only thing that stands out from the 3.19 logs
<hackeron> TJ-: I downgraded to ubuntu 15.04 (well, installed from scratch) - I have another unit here, just trying to install 15.10 on it now
<rbasak> cpaelzer: I've pushed some suggested changes to the nis merge in https://git.launchpad.net/~racb/ubuntu/+source/nis. Please could you check that you're happy with them?
<rbasak> cpaelzer: I presume you've re-tested the upgrade paths? If so I'm happy to upload this.
<rbasak> cpaelzer: my changes are only really minor or couldn't be anticipated by pitti's upload though. I'm completely happy with your solution for the upgrade path - good job on that.
<hackeron> TJ-: ah! - it seems the older bios does in fact boot on the NUC - but the latest does not, so will check the changelog what Intel changed in the latest bios
<cpaelzer> rbasak - I tested the upgrade paths, with the new version it continued working
<cpaelzer> rbasak: no more config file fallout
<rbasak> Great!
<cpaelzer> rbasak: let me look into your upload, but I'm generally happy :-)
<cpaelzer> rbasak: damn I knew I missed the ~ in that version check, but I couldn't find where exactly in the version string to add it - thanks for fixing
<cpaelzer> rbasak: thanks for fixing my typos and whitespace :-/
<cpaelzer> rbasak: about the Tabs I had spaces, but took tabs as the rest of the file had tabs
<cpaelzer> rbasak: but I'm totally fine with that
<cpaelzer> rbasak: so as predicted - yes I'm happy
<rbasak> Tabs are fine, but if you want hanging indent to align with something on the previous line, then leading tabs need to match the upper line's tabs and the rest has to be spaces.
<rbasak> Otherwise it doesn't match up visually unless you match the tab size setting. And since less and "git diff" uses eight space tabs, it all looks wrong immediately to me :-/
<rbasak> OK, thanks. I'll upload!
<rbasak> Oh, I didn't fix all the version comparisons. I'll do that now.
<TJ-> hackeron: interesting... did you do a complete factory reset of the BIOS config?
<rbasak> [ubuntu/xenial-proposed] nis 3.17-34ubuntu3 (Accepted)
<rbasak> cpaelzer: ^^ do you get that email, out of interest?]
<cpaelzer> rbasak: no I don't
<cpaelzer> rbasak: I'm not yet subscribed to all lists that I could be to keep the inbox manageable
<cpaelzer> rbasak: should that have come through https://lists.ubuntu.com/mailman/listinfo/ubuntu-release?
<cpaelzer> rbasak: or just because my commits are in there?
<rbasak> cpaelzer: I just get that email after a dput. I guess it gets sent to the package signer only.
<rbasak> I thought it might also be copied to you as you're the "uploader" but I guess not.
<hackeron> TJ-: I didn't reset bios, but this is a brand new unit out of the box - trying now
<hackeron> TJ-: Not sure if it helped - I rebooted 5 times, 3 of those times it froze, 2 it booted
<TJ-> hackeron: sounds like a race condition
<hackeron> TJ-: with 3.19 it reboots every time - I tried via ssh on a loop to reboot 50 times
<TJ-> hackeron: if you can capture a dmesg when it boots with 4.2
<rbasak> cpaelzer: I've pushed the nis git branch to ~ubuntu-server-dev/ubuntu/+source/nis for the next merge. I've deliberately not pushed the previous reconstruct and logical tags though as they were mismatched. We shouldn't need them for a future merge anyway, as the current master branch has the logical changes (not fully squashed though).
<rbasak> It should be enough to transfer forward to the next merge without losing anything or duplicating work I think.
<cpaelzer> rbasak: I agree, thank you
<Raboo> Does anyone know if QLogic 57840S is included in the kernel for ubuntu 14.04?
<Raboo> I'm guessing it's bnx2x
<TJ-> Raboo: you can search for its PCI ID in /usr/share/misc/pci.ids and then check for a modalias that matches under /lib/modules/<VERSION>/*
<Raboo> TJ- thanks
<urthmover> I have been tasked with creating a redundant openstack environment that utilizes docker containers.  I do not have physical machines, but I do have a vmware 5.5 environment that I intend to use for the controller and compute nodes.  I DO NOT have shell access to the vmware hosts though.  What should I install first? What software should I skip because I'm not using physical openstack servers?  I did create a ubuntu autopilot env
<thomaslnx> hi everyone...
<thomaslnx> what should I worry when setting up ubuntu server secure?
<thomaslnx> any suggestions?
<sarnold> #1 don't use ssh passwords, require ssh keys   #2 a firewall is nice to make sure you only expose what you intend to expose
<genii> Make sure to set up fail2ban, move remote login things to other ports
<sarnold> get those two right and the rest gets a lot easier
<thomaslnx> thanks sarnold and genii
<jcastro> roaksoax: this one's for you guys! http://askubuntu.com/questions/687325/maas-integration-with-ipam-solution
<foo> I want to change my system time. By default, server is in New York, so all system time is in EST. However, I'm in PST timezone. If I change system timezone to PST, I imagine I shouldn't have any problems since *everything* should change (as opposed to only changing mysql timezone and leaving system in EST). Is this correct?
<genii> Going forwards in time is fine. When you go backwards the system sometimes becomes confused that some files are from the future
<sarnold> and don't sleep with or kill your grandparents
<sarnold> foo: the kernel keeps track of time by counting the number of seconds since jan 01, 00:00:00 1970, in UTC
<sarnold> foo: the "timezones" are just some libraries that convert those seconds to friendly human display
<sarnold> foo: different applications have run in different timezones without issue
<foo> sarnold: thought so, so if I change local timezone, and I have time sensitive software, 3pm will just change to 2pm in both mysql timezone fields and in the software checking against these fields.
<foo> sarnold: eg. nothing should break, am I understanding this correctly?
<sarnold> foo: you might run into some poorly written software that doesn't follow the rules, but I can't name any off-hand
<foo> sarnold: I wrote it all, it's just a matter of using local time from PHP to compare against timestamp in mysql field, so if this all changes, I think I'm good. Oh, and Drupal, but I doubt that'll have any issues (nothing time sensitive there)
<sarnold> foo: last I looked at sql times I think they either store times via utc or combined with a tz offset..
<foo> sarnold: yup, tz offset. I set local time, restarted mysql, and I'm golden. Thank you
<sarnold> foo: woot ;) nice work :)
<foo> sarnold++
<pvl> hey all. im stuck. trying to install 15.10 from usb (which i DD'd), and i keep getting an error that isolinux.bin isnt found
<pvl> or corrupt
<keithzg> pvl: I'd suggest using usb-creator or mkusb instead of directly DD'ing it, see if that works for you.
<sadmin> Hey, is there a security/software update schdule? I want to create a patch policy and a schedule
<bekks> there is no schedule, no.
<bekks> Patches are released whenever they are released.
<bekks> Basic schedule might be: patch your systems once a week, on saturday.
<bekks> At least thats how I am patching things.
#ubuntu-server 2015-12-03
<keithzg> Yeah, I try to stay on top of news and otherwise check whenever I have downtime and don't think it'll disrupt anyone, and as well check on weekends.
<keithzg> Today everyone at the office has emptied out quite early, for instance, so it's time for some updates :D
<bekks> Unless we're talking about kernel updates, users most likely dont even notice non-downtime patches.
<keithzg> True true.
<keithzg> It does depend on the role of the system though; on our Subversion server, for instance, if either subversion, apache2, or sshfs were updated while a commit was being made it *might* cause issues.
<keithzg> Conversely, with our bugtracker they'd pretty much have to be hitting submit on something at the *exact* wrong time.
<keithzg> Time for kernel updates today anyways, thanks to the security fixes.
<keithzg> (is there a bot for referencing security notices in this channel? I guess I can just paste the URL: http://www.ubuntu.com/usn/usn-2823-1/ )
<samy1028> Does anyone have a pointer on best practices when increasing allocated HD in an Ubuntu Server VM using LVM?  For server 2012r2 I can dymaically increase the space in ESXi / vCenter and then just extend the volume in the still running server 2012r2 VM.
<samy1028> Can this be done in Linux / Ubuntu-Server?
<quantic> samy1028: insufficient data. How is the space presented to the VM?
<samy1028> quantic, sorry for the delay, was off reading docs.
<samy1028> quantic, I want to setup 2 HD's for an ubuntu server VM.
<samy1028> 1st HD has 40GB (operating system)
<samy1028> 2nd HD has 5TB (mounted under /var/logs/devices)
<samy1028> In the future I will probably need to increase this to 8TB or even 10TB.
<samy1028> Can I increase this 2nd HD allocation to 10TB and have Linux see it without a reboot like Windows can?
<payload> why are the package servers so slow
<sorin-mihai> anyone can guild me to get a maas installed corectly?
<sorin-mihai> er, guide
<sorin-mihai> so... nobody using maas?
<jpds> sorin-mihai: sudo apt-get install maas maas-dhcp maas-dns
<jpds> sorin-mihai: Then go to the web UI and setup your networks
<jpds> sorin-mihai: And that's pretty much it
<sorin-mihai> not really...
<jpds> sorin-mihai: And why not?
<sorin-mihai> one sec
<sorin-mihai> so i have already a maas-ens3 network, auto created...
<jpds> sorin-mihai: OK
<sorin-mihai> jpds, so, i added network...
<sorin-mihai> but i still have the error "Boot image import process not started. Nodes will not be able to provision without boot images. Visit the boot images page to start the import."
<sorin-mihai> and pressing Import images does nothing.
<jpds> sorin-mihai: Check tcpdump
<jpds> sorin-mihai: Those boot images aren't small
<sorin-mihai> i see nothing else than the ssh connection
<Luke> hey guys. I want to set up a shared dir but use ACLs to enforce that the group and group permissions are always preserved
<Luke> anyone know a good guide for that?
<sarnold> Luke: normally it's sufficient to set the setgid bit on the directory
<sarnold> Luke: do you have apps or users that violate that agreement?
<Luke> not sure
<Luke> sarnold: it's mercurial is the app
<Luke> i want multiple users to be able to push to the mercurial shared folder as their own users via ssh
<sarnold> Luke: I'd try the setgid directory first and see how that works out
<Luke> ok thanks
<Luke> i
<Luke> i've never set this up myself before. in the past we had IT professionals do it and we always had problems even with setguid
<Luke> not sure why exactly
<Luke> i want the user to be always set to a generic user as well
<Luke> so like hg:hg user:group would always be all files recurisvely in the folder
<Luke> even if I push as luke:hg
<sarnold> ahh, that part probably requires having a daemon on the system do all the work on behalf of users
<Luke> then the hg group is what gives the full permission
<sarnold> or all the users sharing a single userid, which is somewhat gross to think about..
<Luke> mercurial doesn't use a daemon. it just runs as the user on demand
<sarnold> and no one's written a daemon wrapper?
<Luke> well i guess even if the files were all owned by different users but the group is enforced, that may be fine
<Luke> sarnold: no. what would that look like?
<Luke> ssh is the daemon in this case
<sarnold> Luke: it might be a wrapper around the hg binary on the server..
<Luke> and do what?
<sarnold> eww
<sarnold> I just thought of something a bit gross but might accomplish this
<Luke> hg is a program just like cat or mv so it doesnt make sense to daemonize it
<sarnold> are there usrs on the server that shouldn't have access?
<Luke> yeah probably
<Luke> though not currently
<Luke> all the necessary users have access via a group
<sarnold> alright, then the complex method.. set the hg executable to hg:hg, set the setuid and setgid bits on the executable so it runs with that user and group. But the trick is to store the hg executable in a directory that is only accessible to members of the allowed group.
<Luke> hmm isee
<sarnold> so stuff it in /usr/local/sarnoldsuglyhack/bin/hg
<Luke> right
<sarnold> set /usr/local/sarnoldsuglyhack to root:lukesproject  750
<Luke> it seems like i should be able to leave hg bin alone and just have the files themselves always be owned by the same user and group recursively
<sarnold> then users not in lukesproject group can't traverse the directory to the setuid / setgid hg executable
<sarnold> Luke: owner is the tricky bit. unix isn't really set up to make that easy.
<Luke> what about just group?
<Luke> all the files can be owned by whatever user randomly created the file but the group would be the shared group with 7 permissions
<sarnold> for group, there's the setgid bit on directories, but processes are free to set the gid on any file they have permission to modify, so they could change it. and probably some do.
<Luke> as long as mercurial doesn't setgid on it we're fine
<Luke> i'll have to mess aroudn with these ideas. thank you
<sarnold> have fun :)
<ponyofdeath> hi, do I need to re-compile the apache2 deb to get fips support in 12.04?
<hallyn> dannf: (i assume answer is no, but) have you by chance looked at all into enabling seccomp in qemu on other arches?
<hallyn> just asking since you did the version loosening patch :)
<beisner> coreycb, o/
<Rar9> hi can some help me with this error
<Rar9> adduser: Warning: The home directory `/var/lib/zookeeper' does not belong to the user you are currently creating.
<Rar9> update-alternatives: using /etc/zookeeper/conf_example to provide /etc/zookeeper/conf (zookeeper-conf) in auto mode
<Rar9> Setting up zookeeperd (3.4.5+dfsg-1)
<Rar9> what do i need to change ?
<tarpman> Rar9: where is the error?
<coreycb> beisner, o/
<Rar9> when i enter sudo apt-get install zookeeperd
<bekks> Rar9: And where is the error?
<Rar9> so is the process running now or do i have to do something to the directory owner?
<beisner> coreycb, sanity check on http://paste.ubuntu.com/13651987/  for Juno proposed --> updates plz
<bekks> Rar9: Did the command finish?
<Rar9> adduser: Warning: The home directory `/var/lib/zookeeper' does not belong to the user you are currently creating.
<Rar9> last line is "zookeeper start/running, process 1744"
<bekks> Rar9: Did the command "sudo apt-get install zookeeperd" finish - yes or no?
<tarpman> Rar9: "Warning" is not an error.
<Rar9> sorry IÂ´m a windows user :-(
<Rar9> I just want to setup Basic Auth for Solr 5.3.1
<Rar9> and are struggling with zookeeper already
<coreycb> beisner, looks like glanceclient was already promoted but looks good other than that
<bekks> < bekks> Rar9: Did the command "sudo apt-get install zookeeperd" finish - yes or no?
<Rar9> bekks the command finished... just with the warning.
<beisner> coreycb, looks to me like python-glanceclient | 1:0.14.0-0ubuntu1~cloud1 from proposed will supersede 1:0.14.0-0ubuntu1~cloud0 in updates.  unless my report needs +1hr that is.
<bekks> Rar9: So without errors. And zookeeper was installed.
<Rar9> how do i check if its now running?
<bekks> ps -ef | grep zookeeper
<bekks> If it isnt running, start it.
<Rar9> ok. looks like it started
<coreycb> beisner, sorry, you're right.  the cloud archive report is showing it green for some reason, threw me off.
<beisner> pesky colors anyhow
<Rar9> so i donÂ´t have to worry about the user permission for zookeeper?
<beisner> coreycb, ok juno proposed pushed to updates.  thanks for your work on all that!
<coreycb> beisner, thanks!
<Rar9> Now for Solr Basic Authentification how do i create Usernames and passwords (as a sha256(password+salt) hash)  ??
<trippeh> huh. qemu security update restarted my VMs.
<trippeh> that must be new :P
<Sling> my vm's restart themselves when they get kernel updates :)
<Sling> unattended-upgrades ftw
<trippeh> of course VMs without the start-at-boot flag set didnt start :P
<trippeh> ah, libvirt-bin updated around the same time, for a minor apparmor profile change looks like.
<trippeh> I wonder if it rebooted vms before or after qemu got its fixes.
<trippeh> *checks*
<trippeh> after, lookslike
<trippeh> lucky.
#ubuntu-server 2015-12-04
<Rar9> morning who can help me with installing basic auth for solr 5.3.1?  Zookeeper is running, but IÂ´m stuck in creating a Security.json.
<cmouse> hi!
<cmouse> any ideas how to fix this:
<cmouse> https://pbs.twimg.com/media/CVXJaLGXIAAcJsO.jpg:large
<cmouse> it's ubuntu 14.04.3 server
<cmouse> and trying very much to reboot after ctrl+alt+del
<cmouse> so. why do I need to have 'splash' in my kernel cmdline to actually be able to boot my server?
<lordievader> Good morning.
<Rar9> hi who can help me with installing basic auth for solr 5.3.1?  Zookeeper is running, but IÂ´m stuck in creating a Security.json.
<hackeron> Anyone has any ideas about this boot bug? < https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1522201
<ubottu> Launchpad bug 1522201 in linux (Ubuntu) "NUC NUC5CPYH Does not reboot on Ubuntu 15.10 (linux-image-4.2.0-19)" [Undecided,Confirmed]
<rbasak> stgraber, hallyn: triaging https://bugs.launchpad.net/ubuntu/+source/tgt/+bug/1518440. Not sure how to deal with it. Do you want a task or shall I subscribe ~ubuntu-lxc or something?
<ubottu> Launchpad bug 1518440 in MAAS "tgt fails to install in LXD" [Medium,Triaged]
<Rar9> anybody here to help with zookeeper ?
<rbasak> Rar9: I suggest you just ask your question and find out.
<Rar9> rbasak i would like to know how to add a security.jon file to zookeeper as i would like to add basic auth to apache solr. 5.3.1
<ubuntu-server123> Hello. I'm setting up some very locked down boxes from a PXE server for use as kiosks. I would like all set up to be as similar as possible to each other. At the moment I'm trying to use 'apt-get install -y curl=1.32' to do this. But I'm worried I'll forget to specify a version somewhere. Is it possible to set something like 'Install the newest version available by this date' instead?
<mdeslaur> ubuntu-server123: why do you need to specify a version? just do apt-get install -y curl
<mdeslaur> ubuntu-server123: do you not want security updates?
<ubuntu-server123> mdeslaur: Not really. I'd rather have them all be the same.
<mdeslaur> ubuntu-server123: in that case, I'd probably disable -updates and -security in your apt config and just install whatever was in the release pocket
<mdeslaur> ubuntu-server123: the archive only generally contains two versions of each package: the one it was released with, and the latest update
<mdeslaur> ubuntu-server123: so specifying any sort of version there is likely to break as soon as a newer version is available
<ubuntu-server123> mdeslaur: I didn't know that. I assumed curl=1.32 would always work? They don't keep previous version in the repos?
<mdeslaur> ie: if you specify curl=1.32-1ubuntu14 and then 1ubuntu15 comes out, it won't workanymore
<mdeslaur> ubuntu-server123: nope, no previous versions
<mdeslaur> here's a concrete example: https://launchpad.net/ubuntu/+source/curl
<mdeslaur> trusty has 7.35.0-1ubuntu2 and 7.35.0-1ubuntu2.5
<mdeslaur> because it released with -1ubuntu2 and got a bunch of updates all the way to -1ubuntu2.5
<ubuntu-server123> mdeslaur: I think ideally. If we know there's a big security issue, or it's been a long time, we'd update a machine fully. Test it a lot. Then update them all in the same way. But I would rather not have 100 machines each with slightly different versions based on when they were originally set up.
<mdeslaur> ubuntu-server123: if that's what you are looking to achieve, you should either install from a local repo where you control versions, or you need to use some sort of image based installation process
<ubuntu-server123> mdeslaur: Oh. I didn't know that at all. That kind of sucks.
<ubuntu-server123> Ok. That makes sense.
<mdeslaur> well, there's not a lot of people who don't want to install security updates :)
<ubuntu-server123> Are they only security updates that are received? On desktop ubuntu at least. I'm sure updates for Firefox for example were far more than just security updates?
<mdeslaur> ubuntu-server123: the only thing you can do with the real archive if you want them to be all the same is to disable -updates and -security, and only use the release pocket
<mdeslaur> -updated gets bugs fixes, -security gets security updates only
<mdeslaur> s/-updated/-updates/
<mdeslaur> but firefox is a special case, it gets new versions as security updates
<ubuntu-server123> Ok. That would probably be good.
<ubuntu-server123> mdeslaur: And that's kind of my issue with security updates or bug fixes. They do seem to occasionally break things.
<mdeslaur> well, fortunately that doesn't happen often. Ideally you'd test them on a test machine, and then would push them out to your deployed machines
<mdeslaur> once you've made sure nothing in your particular environment has regressed
<ubuntu-server123> I was kind of hoping there would be an easy 'lock at this exact version' functionality. But that was very helpful. I'll see if initial releases will work or perhaps a mirror of the repo.
<mdeslaur> if you're going to deploy these kiosks in different areas, I'd strongly suggest running your own repo mirror
<ubuntu-server123> mdeslaur: Yes. That's what I'd like to do. But if I set up a new machine from PXE each week, I don't want to be doing full testing each time.
<mdeslaur> that way to can hold back updates, etc.
<ubuntu-server123> Thank you. You're been very helpful and have given me a lot to think about.
<mdeslaur> yw
<hackeron> TJ-: Btw, I got a bit further with the issue. If I downgrade the bios version from Intel, it boots, but does not reboot. Created another issue with all relevant logs:https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1522201
<ubottu> Launchpad bug 1522201 in linux (Ubuntu) "NUC NUC5CPYH Does not reboot on Ubuntu 15.10 (linux-image-4.2.0-19)" [Undecided,Confirmed]
<TJ-> hackeron: sometimes you have to wonder what the firmware writers actually learned at school!
<hackeron> TJ-: don't know, but it works without issues with 3.19 so evidence still points to a problem with kernel 4.2.0?
<TJ-> hackeron: My suspect would be the ACPI implementation, specfically the DSDT, in the firmware. That's where those kind of problems usually stem from.
<hackeron> TJ-: hmm, why would it affect 4.2.0 but not 3.19? - should I report this to Intel do you think?
<TJ-> I've done a lot of work on ACPI over the years; usually its that the kernel implementation gets more comprehensive and closer to the specification, which then provokes bugs in sloppy firmware
<hackeron> TJ-: ah - I did notice Intel are struggling with this. The first NUC generation would not even switch on with a SATA hard drive plugged in without updating the BIOS.
<hackeron> TJ-: you'd think Intel would get this right...
<TJ-> hackeron: can you " sudo -u \#0 acpidump -bn DSDT;  iasl -d dsdt.dat " and then attach the dsdt.dsl to the bug report ?
<stgraber> rbasak: added a task
<hackeron> TJ-: sure :) - one sec
<hackeron> TJ-: command output shows this: http://pastie.org/10606849 -- attaching the file now
<hallyn> stgraber: seems like a straight out tgt bug to me
<stgraber> hallyn: did you see what's failing? reading through quickly I only saw a ton of lxcfs stuff and then a generic failure.
<hallyn> stgraber: i just reproduced it
<hallyn> in xenial lxd container on xenial vm
<hallyn> (just commented on the bug)
<hackeron> TJ-: added attachment: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1522201/+attachment/4529649/+files/dsdt.dsl
<ubottu> Launchpad bug 1522201 in linux (Ubuntu) "NUC NUC5CPYH Does not reboot on Ubuntu 15.10 (linux-image-4.2.0-19)" [Undecided,Confirmed]
<TJ-> hackeron: right. open that dsdt.dsl file in a text viewer (I use less since it has regexp search) then search for "Windows" and you'll see several if(_OSI(...)) tests ... that's the firmware matching the running OS. The look at the start of Method _INI() and you'll see OSYS = 0x7D0 - a default value used if none of the OSI matches are true. You'll notice that more recent Windows versions assign a
<TJ-> higher value to OSYS.
<rbasak> hallyn: ah, thanks.
<TJ-> hackeron: the OSYS value controls what services the firmware provides to the running OS. So, choose one of the most recent Windows version names - lets say "Windows 2015" would be a good start - and edit your kernel's comand-line via the GRUB boot-loader at start-up, and add (including the quote marks) "acpi_osi=Windows 2015" and boot with that. Test.
<TJ-> hackeron: If that doesn't solve the known issues, or you find other issues, try again with a different "Windows XXXX" value from the list found in that DSDT.
<TJ-> hackeron: that OSI value is directly effecting what ACPI methods are available to your OS.
<hackeron> TJ-: hmm, I see - if for example "Windows 2015" solves the problem - I should report to intel that the DSDT gives the wrong ACPI methods for Linux 4.2?
<TJ-> hackeron: this is a common problem - firmware support for Linux is almost non-existent. When it does recognise "Linux" it usually only assigns the default, lowest, support
<BrianBlaze420> hello everyone
<BrianBlaze420> I installed ubuntu server and never realized I hadthw wrong time zone
<BrianBlaze420> I now switched my timezone and it looks like it worked when i do the date command
<hackeron> TJ-: hmm, but in that case why would 3.19 be ok and 4.2 freeze/not reboot, etc?
<BrianBlaze420> but in my logs they are still in the old time zone, anyone know how to fix that?
<hackeron> TJ-: reboots with acpi_osi="Windows 2015"
<hackeron> TJ-: going to try latest bios now
<TJ-> hackeron: Those Methods defined in the DSDT are actually executed by the ACPI 'vm' inside the kernel. As the kernel code gets more precise to the specs it provokes bugs in the DSDT code.
<TJ-> hackeron: the DSDT is compiled bytecode, rather like Java bytecode
<hackeron> TJ-: no wait, even with old bios boot is still intermittent with acpi_osi="Windows 2015"
<hackeron> trying windows 2013
<TJ-> hackeron: there can be differences between cold (power loss) boot and 'warm' boot (if the +5V standby isn't removed)
<hackeron> TJ-: it seems intermittent with 4.2 - now not booted or rebooted with acpi_osi="Windows 2013"
<hackeron> TJ-: but works 100% reliably with 3.19
<hackeron> TJ-: Failed to boot with warm boot, now booted with cold boot - but I think it's intermittent.
<hackeron> TJ-: failed to shutdown after cold boot (Windows 2013), held power button for 5 seconds to switch off, now booted fine with warm boot
<TJ-> hackeron: intermittent in booting suggests a race condition. how does it fail though, and where in the boot process
<hackeron> TJ-: https://www.dropbox.com/s/fxy4opcqwnmjmwo/IMG_1489.jpg?dl=0 < here
<hackeron> TJ-: this is where it freezes asking to reboot
<hackeron> TJ-: this is where it freezes when booting: https://www.dropbox.com/s/y2c9i87kafvwsq1/IMG_1476.jpg?dl=0
<hackeron> TJ-: this is what is in the log file when frozen asking to reboot: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1522201/+attachment/4528785/+files/syslog-reboot-freeze-PY0043.txt
<ubottu> Launchpad bug 1522201 in linux (Ubuntu) "NUC NUC5CPYH Does not reboot on Ubuntu 15.10 (linux-image-4.2.0-19)" [Undecided,Confirmed]
<TJ-> hackeron: that frozen at reboot (shutdown) is typical of the ACPI issues that can sometimes be solved with acpi_osi
<hackeron> TJ-: doesn't seem to be :( - I tried 3 different ones now, Windows 2015, Windows 2013 and Windows 2009
<TJ-> hackeron: the boot-time freeze does look like a race condition. "Reached target Local Filesystems (pre)" then starts udevd
<hackeron> TJ-: any other ideas?
<hackeron> TJ-: why is this race condition not affecting 3.19 though?
<TJ-> hackeron: the only other thing to do would be to look at the changes in the ACPI code between 3.19..4.2
<hackeron> TJ-: or is this a race condition on the kernel level?
<hackeron> TJ-: but if I boot with noacpi, that should rule that out, no?
<TJ-> hackeron: it could, for example, be the order in which devices are being discovered/reported to udev, or it could be the userspace actions udev triggers as a result
<TJ-> hackeron: no, since most systems rely on ACPI for core functionality so noacpi breaks the system in so many ways its not a useful test
<hackeron> TJ-: :( - I guess I will just downgrade to 15.04 for now - not sure what to even look for in the changelog
<TJ-> hackeron: there are a lot of patches in the drivers/acpi/ sub-tree, over 300 between v3.19..v4.2 for example
<hackeron> TJ-: that's a lot - I posted a bug report to Intel too: https://communities.intel.com/message/356026#356026
<sulfuror> Hey. I'm trying to make an ubuntu server with owncloud. I'm almost finished, but I can't find out what is the problem with the network that I can't connect to the server outside my LAN. I'm using VirtualBox, the network is bridged, I have installed the virtualbox guest additions, I have set up owncloud, I can acces to my owncloud, web with my ip, ssh always that I'm in the same network. What I just want to know if there is any way to access to my
<sulfuror>  server outside my LAN with just the IP address, because eventually I'll add the domain name but I'm just testing right now with the server and making sure everything is working before adding the domain name. Thanks in advance.
<ikonia> sulfuror: it is probably natting to the outside world, but not natting in reverse
<JanC> or the webserver is not configured to be accessed with the IP address
<ikonia> namebased virtual hosting, yes
<sulfuror> But I can access the server with the IP Address always that I'm in the same network. I set an static IP based on my router, forwarded my router to the IP, I have open ports 80 and 22 for ssh... I don't know what else to do or where to keep searching, really. I have searched all the internet and convoked the elders of Google and still nothing. Well, thank you very much for at least respond to my question.
<bekks> Depending on your router, you need to test access from outside your home network.
<sulfuror> I was testing with my mobile, but I can't access to the web page or ssh.
<ikonia> the same network is not the nat
<ikonia> it's not getting natted/routed
<bekks> sulfuror: so on your phone, which IP do you use for testing access?
<sulfuror> bekkis: i used the same ip that i assigned to the server and try it with the external ip and no luck.
<bekks> Using the same IP as you are using in your internal network is futile.
<bekks> sulfuror: did you try the external IP of your router?
<ikonia> what have you setup to map the extenral IP to the internal IP on your VM ?
<ikonia> keep in mind it will need to be external -> hypervisor -> vm
<sulfuror> No, I have assigned the static ip as 192.160.xx.xxx
<ikonia> how do you expect that to work then
<bekks> you can safely tel us the IP since 192.x.x.x isnt publically routed.
<bekks> And obfuscation makes things hard to debug.
<ikonia> how do you expect your public IP to map magically map to that internal IP
<sulfuror> I know, I just don't remember the entire address
<bekks> So look it up.
<bekks> Is that the IP of your owncloud server vm?
<sulfuror> Yes, so I have to set my static ip to the external IP, like checking "whats my ip" in google?
<bekks> No...
<ikonia> no
<bekks> You need to understand what you are doing there, first.
<ikonia> that will just create a non-routeable conflict
<ikonia> that will drop your Vm off your private network
<sulfuror> I though I was understanding what I was doing but now I realize that I have it all wrong all the time.
<bekks> you have IP A, in your local network. Your public IP is B. In your router, you have to create a portforwarding for port 22 (taking ssh as example) to IP A.
<ikonia> sulfuror: do you understand networking basics ?
<bekks> THEN, on your mpbile phone, you need to enter IP B, port 22, for connecting to your ssh on IP A.
<ikonia> or is networking something thats new to you ?
<sulfuror> Well, pretty new, yes. I have configured owncloud in the past but just as a test and in my own network. I do not live or work in this, I'm just trying to do some things for my business and trying to configure all this myself. It's really interesting and I want to keep learning everything I can.
<sulfuror> Anyways, thanks a lot.
<sulfuror> But to answer the question, yes, I do understand that I need to enter to my public IP because my router is redirecting those ports to the IP A. That's what I was doing and is not working.
<bekks> Didyou create the port forwarding as described above?
<sulfuror> Yes, Port Forwarding to the local IP ports 22, 80 and 443
<bekks> To the local IP of the VM, right?
<sulfuror> yes
<bekks> And the VM osnt blocking access?
<bekks> *isnt
<sulfuror> Well, at least the firewall is open to those same ports
<bekks> So did you look at the logs when trying to access it from "outside"?
<sulfuror> I think I just found out what's the problem... I have set up the router I mainly use, but I have not set up the router from my ISP. So yeah...
#ubuntu-server 2015-12-05
<fredricks>  how do you get vf driver for sr-iov to work on ubuntu? i'm using hyper-v gen 2 guest, managed to get everything but sr-iov working.
<fredricks> kind of confused by the kernel changelog, it mentions vRSS working but it also mentions them just adding VF message handling to the driver. Which would mean sr-iov wasn't completely implemented.
<ovrflw0x> how to get list of fastest location of mirrors from my location?
<lordievader> Good morning.
<bigbrovar_> Hi guys. trying to setup koha 3.20.5 but it seems the patron batch creator and batch export is broken?  first am unable to add multiple items to a batch (the select/select all button is missing) http://i.imgur.com/mPPf64t.png also when I try to export a single item. I get this after I click the export button  I get this http://i.imgur.com/qNDdFd8.png  I don't know the issue I am having is related to this bug http://bugs.koha-community.org/bugzi
<bigbrovar_> lla3/show_bug.cgi?id=14739
<bigbrovar_> damn
<bigbrovar_> wrong channel
<bigbrovar_> sorry
<jak2000> bash question: http://pastie.org/10611810   <--- only generate 1 file (in dbs.txt i have 6 lines with valid Dbnames) the file generated(with last db is: "2015_12_05_13_57_32"  i want: db1_2015_12_05_13_57_32  and db2_2015_12_05_13_57_32 and so on...  wich is wrong in my script?
<jtdesigns01> hey guys, how would i forward ports 2300-2400 *through* my DMZed ubuntu server to another machine on my network?
<YamakasY> oh! since when is 5GB not enought anymore for / without var and home ? :(
#ubuntu-server 2015-12-06
<pmatulis_> YamakasY: since you filled it up. srsly, it depends what you're up to
<jvwjgames> Can I rename the files of the network persistence instead of deleting them so that they will regenerate
<lordievader> Good morning.
<Rumbles> can anyone suggest how I would sandbox a rails process, so that a user can connect to a machine and have access to a rails console, but no system commands? I've posted in detail here: http://serverfault.com/questions/741073/forcing-a-user-on-remote-connection-in-to-a-rails-console-and-prevent-them-acc
<YamakasY> pmatulis: heh no I didn't puppet did but kernel management with puppet was a pain last periods with Ubuntu, buggy
<caliculk> Hello, so I seem to have made a slight mistake, and no longer have access to a dns lookup. I am not sure where the problem lies. I have edited my /etc/network/interfaces file to have a DNS of 8.8.8.8 and restarted the network interfaces with 'sudo /etc/init.d/networking restart' but that doesn't seem to apply the new name servers.
<caliculk> I don't want to restart the system, in case it looses it's cache. My end result is that I need to reinstall bind9 and isc-dhcp-server
<bekks> caliculk: You are afraid of losing which cache?
<Capprentice> caliculk: Umm... /etc/resolv.conf?
<Capprentice> Check whats in there!!
<caliculk> SHouldn't resolv.conf be "updated" when reseting the network interfaces
<bekks> No.
<Capprentice> Dont know! But ifdown eth0 && ifup eth0 does that.
<durant> How can you check your network for infected packets
<bekks> durant: What do you mean by "infected packets"?
<durant> I need a way to look for packets
<bekks> Which kind of packets?
 * quantic predicts...
<bekks> What are you actually trying to achieve?
<durant> tcp
<bekks> durant: What is the actual issue behind that?
<bekks> Which problem are you trying to solve by looking at tcp packets?
<durant> Trying to look for malware on my network
<bekks> Then looking at tcp packages will not help you at all.
<ianorlin> durant: patch stuff first
<durant> Is there a way to check for botnets
<bekks> durant: No easy way. You need to monitor and analyze ALL traffic for doing so.
<teward> and that takes time and additional effort, too.
<quantic> you're talking about a NIDS, and that's a complex beast.
<teward> ^ that
<quantic> Like... that's a MAJOR undertaking even for someone that does it for a living.
<quantic> NIDS solutions are the second most-complicated thing that I deploy in client environments.
<bekks> And even more when just looking for "infected packets".
<quantic> Malware identification is one of the most complex parts of a NIDS, which is already a complex system.
<durant> What is a good firewall you can use on linux
<quantic> durant: Gonna be honest, you're asking questions that could be answered with the most cursory of Google searches. :/
<bekks> durant: iptables
#ubuntu-server 2016-12-05
<skinux> I need either a good doc for setting up Apache 2.4 with FastCGI or for setting up nGinx with FastCGI on Ubuntu.
<mozart1893> can anyone help with the configuration of a secondary IP on 50-cloud-init.cfg
<EmilienM> jamespage: http://logs.openstack.org/00/406300/7/check/gate-puppet-nova-puppet-beaker-rspec-ubuntu-xenial/23d92d1/logs/syslog.txt.gz#_Dec_05_09_07_00
<EmilienM> nova-placement-api in UCA has a systemd service, it shouldn't.
<EmilienM> this service only runs in WSGI
<EmilienM> so you can remove /etc/init* and /usr/lib/systemd stuff for this service
<EmilienM> that's why it fails on ubuntu:
<EmilienM> nova-placement-api: error: unrecognized arguments: --config-file=/etc/nova/nova.conf --log-file=/var/log/nova/nova-placement-api.log
<EmilienM> jamespage, coreycb: found more issues with nova-placement-api, its installation doesn't seem idempotent
<EmilienM> it looks like it conflicts with nova-api
<jamespage> coreycb, zul: with regards to EmilienM's placement-api problem
<jamespage> where are we with the sortout the wsgi_script mess from last cycle?
<jamespage> i.e switching things to apache+mod_wsgi as needed rather than using the systemd wsgi_script hack from last cycle
<jamespage> we need to get that in now IMHO
<zul> jamespage: ill see what i can do this week
<jamespage> zul, ta - I think there are some existing reference - maybe designate or barbican from memory
<jamespage> coreycb, would know better but I think he's out today
<cyphermox> powersj: jgrimm: I'm reviewing the MIRs for htop, iotop and cpustat; they all need a team subscriber
<jgrimm> cyphermox, +1 on subscribing ubuntu server, or i can do so
<cyphermox> and from what I can tell they're currently not seeded, you'll want to do that to (as anything we promote to main until they're seeded will be demoted again unless seeded)
<jgrimm> cyphermox, let me know if you want me to do the subscribe.
<cyphermox> jgrimm: I have the things ready so I can do the subscribers
<jgrimm> cyphermox, ack. and thanks
<cyphermox> jgrimm: oops, didn't forsee that I couldn't subscribe for you
<jgrimm> cyphermox, no worries. i'll do it
<cyphermox> ta
<cyphermox> OTOH, you might want to discuss whether you really need top and iotop and cpustat and htop ;)
<cyphermox> as htop and top and cpustat more or less do the same thing; being in the archive is probably all you want?
<jgrimm> cyphermox, iotop, htop, nicstat were the MIRs filed... entirely a nice-to-have request from IS/bootstack folks
<jgrimm> as something they install everytime, thought generally useful
<cyphermox> ack
<ogra_> htop is actually something we should seed evereywhere
<cyphermox> I'm not one to say you shouldn't, just to question whether it makes sense to support all of them and see all of them.
<ogra_> (IMHO)
<cyphermox> ogra_: sure, but maybe not htop AND top AND cpustat, is what I really mean.
<jgrimm> cyphermox, perfectly fair, and something we are debating as well
<ogra_> cyphermox, yeah, i only mean htop ... it is just that top is there by default that kind of makes it a duplication ... but we discussed seeding it already before we had the first N7 images ...
<ogra_> (should be in ubuntu-standard imho)
<cyphermox> it's possible we might want htop there, yeah.
<cyphermox> ogra_: I let you bring it up on @u-devel.
<ogra_> (simply a lot more userfriendly ...)
<cyphermox> meh
<ogra_> heh
<cpaelzer> dannf: hi, I saw you just presented - if you could come by utrerea (out your room and 2nd on the left) afterwards that would be nice
<dannf> cpaelzer: you bet
<coreycb> zul, want to work together on the mod_wsgi switch today?
<zul> coreycb: im still in the middle of updating oslo stuff but later today would be cool
<coreycb> zul, ok let's do that
<zul> coreycb: this is what we have left
<zul> http://pastebin.ubuntu.com/23583574/
<zul> coreycb: doing oslo.utils and oslo.vmware right now
<coreycb> zul, ok i'll start on some of those too
<zul> coreycb: just lemme know what you which one you are doing
<coreycb> jamespage, EmilienM, we'll start on the mod_wsgi work today and nova-placement-api updates
<zul> coreycb: some repos already synched the deps so im catching up now
<coreycb> zul, synced from debian?
<EmilienM> coreycb: thx
<zul> coreycb: got oslo.policy
<coreycb> zul, taking olso.i18n, oslo.log, and oslo.context
<zul> coreycb: ack
<zul> coreycb: got oslo.middleware and oslo.concurrency
<coreycb> zul, taking oslo.config, oslo.reports, and oslo.serialization
<zul> coreycb: k
<zul> cpaelzer: ping ive noticed the python-libvirt havent been updated on zesty yet is there a reason? (its just a sync)
<cpaelzer> zul: it has a dep to newer libvirt IIRC
<cpaelzer> zul: and the merge on that we planned on 2.5 which was released like yesterday
<cpaelzer> zul: I think the newer python-libvirt actually is in sync waiting on the dep atm
<zul> cpaelzer: cool thanks
<cpaelzer> nacc: you looked at that last week - would you check the response https://bugs.launchpad.net/ubuntu/+source/php7.0/+bug/1646739 ?
<ubottu> Launchpad bug 1646739 in php7.0 (Ubuntu) "package php7.0-xml 7.0.13-0ubuntu0.16.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Undecided,Incomplete]
<coreycb> zul, getting taskflow and oslosphinx
<zul> coreycb: gah...you have a faster computer than i do :
<coreycb> zul, it's pegged :)
<zul> coreycb: got debcollector and futurist
<blacknred0> i'm trying to upgrade from 12.04 to 14.04, but when i run sudo do-release-upgrade it says that "No new release found"
<blacknred0> any thoughts on why?
<genii> blacknred0: Check what prompt=     value in /etc/update-manager/release-upgrades is
<blacknred0> genii: "Prompt=lts"
<blacknred0> i've also attempted to flag -d on the upgrade and still same error
<blacknred0> this server is running 12.04.5 LTS
<OerHeks> did you run update before do-release-upgrade ?
<blacknred0> OerHeks: yes
<genii> Maybe pastebin the contents of your sources.list
<SipriusPT> hello guys
<SipriusPT> i have a smart host connected to a remote mail server
<SipriusPT> and it is working fine
<SipriusPT> but i notice that i have tons of errors with
<SipriusPT> Dec 05 12:36:26 auth: Error: od(teste,192.168.1.83,<Io5MiehCoQDAqAFT>): validate response: unable to lookup user record
<SipriusPT> and i really dont know the source of it
<SipriusPT> this client is using outlook 2013 under windows 10
<SipriusPT> anyone?
<SipriusPT> *tons of errors in mail-err.log from dovecot
<zul> coreycb: do you want to take nova and ill take cinder?
<coreycb> zul, sure
<skinux> I need a good doc for setting up nGinx, FastCGI on Xenial.
<zul> coreycb: ci balls should be mostly blue now
<coreycb> zul, sweet
<genii> Hm, blue balls,
<zul> coreycb: ill take swift next
<coreycb> zul, +1
<coreycb> genii, heh
<coreycb> genii, jenkins default i think
<genii> coreycb: Yeah, it just sounds vaguely disturbing :)
<coreycb> genii, agreed!
<Datz> Hi, I can't reach my server from within my local network, and I don't know where to start.
<sarnold> Datz: start at basics -- ping IPs in both directions, see if MACs are in the arp caches, then move up the protocol stack ..
<Datz> sarnold: can't ping either way. The addresses show up in arp -a on either side
<sarnold> Datz: are there firewalls on either system or networking gear between the two that would block e.g. icmp packets?
<Datz> humm, not sure about the default firewall for at&t's new NVG589 they installed
<Datz> I'll try and turn it off, but I had a similar issue with my last netgear router. Only I could still ssh, just couldn't access any web hosted content locally
<Datz> So I figured it was a server configuration issue
<Datz> I didn't mention I can reach it from an outside network
<Datz> It appears to work just fine from outside the local network.
<coreycb> zul, looking at ceilometer and probably aodh after that
<zul> coreycb: ok
<hasenov> hello everyone
<hasenov> i am having trouble installing openstaack lxd containers with conjure-up
<hasenov> it gets stuck on "waiting on machine to start"
<hasenov> at about 5 instances
<sarnold> I don't know much about the process but lxd involves downloading images from the cloudimages server, and then you'll having to install packages in all of them
<sarnold> it might take a while
<sarnold> use a tool like fatrace or iotop or execsnoop or whatever your favorite is ;) to make sure that the programs are actually making forward progress on -something-
<hasenov> sarnold: yeah thats my problem, not sure if theyre stuck or not
<hasenov> i noticed that those five instances did not get automatic ip allocated
<hasenov> so i went in and manually did "systemctl restart networking"
<hasenov> after which the ip came up, but they were also stuck like that
#ubuntu-server 2016-12-06
<GeekMan1222> SO
<GeekMan1222> I might be driving out to kentucky
<GeekMan1222> to pick up some candy
<GeekMan1222> rip
<GeekMan1222> wrong room
<Datz> sarnold: I think I've figured some more out about the local connection troubles I brought up earlier. My laptop is on a 5GHz radio, and I think it's treating it as seperate network.
<Thumpxr> What way would i go to backup a LAMP server with various other services? tar and mysql dump + transfer via sftp ?
<iDanoo> Thumpxr, my goto is usually rsync all live directories nightly to another drive, with configs + dump, then gzip + upload it offsite
<iDanoo> might not be the 'cleanest' but it's pretty effective, then you've got a live backup right there as well as another offsite/online
<rbasak> cpaelzer: http://paste.ubuntu.com/23587332/
<lordievader> Good morning.
<monsune> morning lordievader
<lordievader> Hey monsune, how are you?
<monsune> lordievader hungry :)
<sayan> is there a vagrant libvirt box for ubuntu 16.04?
<Genk1> Hello
<Genk1> I am wondering what is the best way to migrate a MySQL production server to a new one without Downtime ?
<ikonia> Genk1: depends on the database structure and use
<rbasak> Genk1: Ubuntu (and Debian)'s packaging doesn't support that, but it might be possible to arrange it. Maybe a better place to ask would be an upstream venue?
<rbasak> Stuff like Galera may be relevant, but I don't know much about that.
<andol> Genk1: First of all, consider if a short downtime is acceptable or not? Doing a migration with almost no downtime is a lot easier than absolutely no downtime.
<andol> Genk1: Also, is it acceptable to have a window where the database is availible, but only in a read mode?
<Genk1> thank you guys
<Genk1> ikonia, I am using MyISAM as a storage engine
<Genk1> andol, No the server is in production therefore updates and insert are mandatory, no read only mode
<ikonia> Genk1: so you're doing "writes"
<ikonia> not read only
<ikonia> and is it transactional
<Genk1> ikonia, true
<ikonia> Genk1: so you're only real option is multi-master
<ikonia> or have an outage
<andol> Genk1: Without being able to provide you with the actual details I can tell you that this will be non-trivial. Especially if you want to do it in a safer manner.
<Genk1> ikonia, that's what I was told to do
<Genk1> ikonia, thank you for your help
<spidernik84> anyone of you guys/girls running your own enterprise metal? I'm facing some dilemmas. Like, how do you handle your infra services (dhcp/dns/ldap)? Do you run them in VMs, 1 service per VM?
<binia> youprobably could do dhcp and dns off or
<binia> one server*
<binia> errm
<binia> i mean vm
<binia> as i virtualize pretty much all servers, ip's are deployed by virtualizor, using dns provider with ddos protected and white label name servers costs pretty much same as running own dns servers
<binia> i pay 17.50 usd for 4 dedicated IP's and 50 dns zones, including rdns if needed
<ikonia> spidernik84: why don't you just ask the actual question
<ikonia> and in relation to ubuntu context
<binia> maybe he wants all that on ubuntu, hence asking
<binia> heh
<spidernik84> ikonia, that was the question.
<ikonia> it's not a question
<spidernik84> It's not like the general rule "ask the question" applies everytime
<spidernik84> I'm starting a conversation, to get opinions
<ikonia> it does in this case
<binia> to be honest, wouldnt use ubuntu on such vm's with such services
<binia> at least centos
<ikonia> what other people do doesn't matter as it's a usecase for your setup, needs and infrastructure
<spidernik84> ikonia, it matters to me.
<ikonia> it shouldn't
<ikonia> certainly not without the context of your setup
<maswan> spidernik84: I wouldn't put any services *needed* by my virtualisation servers to start up, inside VMs in it.
<cpaelzer> rbasak: I'm through all your notes (not only the ones we talked about) and just pushed to the strongswan MP
<binia> thats another thing
<maswan> resolver, dhcp, ldap, might certainly count for those
<cpaelzer> rbasak: ready for step 4 now (but busy in next room)
<cpaelzer> rbasak: I might quickly come by to sync if you are there again
<binia> should be able to get cheap small server for those
<nacc> cpaelzer: he's still in the other meeting (afaik)
<spidernik84> We have an infra, and we put all our basic services in VMs, even dhcp. All servers use static addresses. VMs are defined in the puppet nodefile of each kvm host we have. This, naturally, is not sustainable.
<spidernik84> I am looking for a different architecture to support our infra. I'm looking into containers, LXD specifically
<cpaelzer> thanks nacc
<binia> LXC i think you mean
<nacc> cpaelzer: np
<spidernik84> nope! LXD :)
<binia> mhm
<spidernik84> it's the "successor", or something like that
<binia> never used really
<binia> openvz then kvm
<spidernik84> based on LXC, but providing a daemon with restful API and better image packaging
<spidernik84> it's kinda sweet
<ikonia> yeah, depending on a project run and managed by canonical is a risk
<ikonia> a project that canonical contribute to, sure, canonical run and own, hmmm
<binia> yeah
<spidernik84> yeah, well, I can't disagree
<spidernik84> Thankfully we are not talking about another unity, upstart or mir
<ikonia> how do you know ?
<binia> well, i run all my important services on ubuntu
<binia> looking into bsd
<binia> damn not ubuntu
<binia> centos
<binia> ubuntu is for not important stuff really
<ikonia> I disagree with that
<spidernik84> Ahah you are in the right channel for such statements :D
<binia> tbh had more problems with ubntu in last 3 months than with debian and centos in last 3 years
<ikonia> it certainly can be, if you go into it with the risks under control
 * ogra_ guesses wikipedia and netflix would disagree too ... or uber ... 
<binia> well, im not calling ubuntu bad OS spidernik84 , just saying theres more stable OS's for things you need to work not break
<ikonia> ubuntu is a stable OS
<ikonia> canonical is not a stable planner
<ikonia> thats the risk
<spidernik84> I agree
<ikonia> it's certainly a risk that can be managed
<binia> yeah, could be that
<spidernik84> They introduced some major changes between 12.04/14.04/16.04
<ikonia> every distro will introduce change
<ikonia> or it's not developing
<spidernik84> changed directories for critical services, modified how networking worked, etc.
<binia> but tis weird doing stupid apt-get update and upgrade afterwards and see things breaking
<binia> heh
<spidernik84> oh yeah...
<binia> never happened on centos, wont say 100% about debian
<ikonia> binia: it won't break if you manage yoru system
<binia> i do manage my system :)
<ikonia> then it wouldn't break
<binia> my network even :)
<binia> gotta admit, servers that has ubuntu have also software that is 3rd party and updating every week
<binia> sometimes they might push some bug by a mistake
<binia> not sure did that happened last time but shit went crazy :D
<ikonia> binia: so again - ubuntu will not break if you manage your system
<ikonia> binia: please don't swear, there isn't a need for it
<nacc> also sounds like FUD, since not running 'ubuntu' then
<binia> dont spank me for not trusting you :D
<binia> sorrry ikonia wont swear
<ikonia> no problem
<binia> sorry*
<binia> but like im saying, i sue ubuntu for some things but refer to use centos if i can really
<binia> use*
<binia> that damn keyboard
<binia> omg!
<binia> check batteries, full load
<binia> yet seems like its lacking powah
<spidernik84> It's a tradeoff. I personally did not enjoy their introduction of the dnssresolver
<spidernik84> but I took time to "understand", and started using it as they expected
<spidernik84> some of my colleagues where not as understanding and started ripping packages apart. Now that is something you don't do with ubuntu
<ikonia> you don't do it with any distro
<ikonia> thats nothing to do with ubuntu
<ikonia> thats to do with your collegues
<sypher> I've not had an issue with Ubuntu LTS, aside from someone trying to dist-upgrade to 14.04 from 12.04 when the 12.04 system hadn't seen updates since 12.04 was released.
<spidernik84> ikonia, don't tell me...
<ikonia> then stop talking about ubuntu as if it's behaving different than other distros
<spidernik84> ikonia, man, did you fall from the bed this morning? Are you always that aggressive? :) I mean't to say "tell me about it..."
<spidernik84> s/mean't/meant
<ikonia> "now that is something you don't do with ubuntu"
<spidernik84> yes yes ok
<ikonia> as if it's something you do with other distros, but you don't with ubuntu because it has problems
<spidernik84> no need to argue about everything ok?
<ikonia> no need to make false statements
<ikonia> ok ?
<spidernik84> oh ffs get a life
<ikonia> you want a discussion, but you make incorrect statements
<sypher> I'm with ikonia on this one. Distro wars are annoying. Aside from package manager, they're all the same.
<ikonia> then get upset when someone calls it out
<spidernik84> I am pro ubuntu, that was not a way to start a distro war
<spidernik84> you missed the point
<ikonia> because you didn't make a point
<spidernik84> I use it everywhere
<ikonia> ....and ?
<spidernik84> and defended it in many occasions, so you're off target
<ikonia> I'm not targeting anything
<SipriusPT> hello guys
<SipriusPT>  i am where with a weird thing at my smart host
<SipriusPT> http://serverfault.com/questions/819032/unable-to-redirect-mail-from-outside-domain-to-outside-domain
<SipriusPT> anyone?
<SipriusPT> I have a smart host working in a MacosX 10.9.5 with Server App 3, and i have notice that i am just able to redirect mail inside of my smart host (Outlook, Mail app and roundcubemail installed in this server), for example i am just able to send mails from user1@domainX.pt to user2@domainX.pt where i have a redirection to user1@domianY.pt, if i try to send mail from user1@domainY.pt to user1@domainX.pt who is redirecting mail 
<SipriusPT> i will get this message at mail.log:
<SipriusPT> Dec  6 14:37:12 remote.domainX.pt postfix/smtp[28504]: 0B8BD259F57: to=<user2@domainY.pt>, orig_to=<user1@remote.domainX.pt>, relay=mail.domainX.pt[]:25, delay=0.1, delays=0/0.01/0.07/0.02, dsn=5.0.0, status=bounced (host mail.domainX.pt[] said: 550-Verification failed for <Xserver@remote.domainX.pt> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command))
<SipriusPT> From what it seems instead of using orig_to=<user1@domainX.pt> i am getting orig_to=<user1@remote.domainX.pt>, and my remote mail server will give that response. I am just using domainX.pt instead of remote.domainX.pt that i am not using at all.  My mail server remote.domainX.pt is connected to my remote mail server mail.domainX.pt.  Anyone knows how can i solve this?
<SipriusPT> mail_version = 2.9.4
<zul> coreycb: i think alembic was a bit too old for neutron...ci should be fine now (i hope)
<coreycb> zul, ok
<ddellav> coreycb zul have you tried installing horizon in zesty yet? I've tried a few ways and even when using whats in main i get a invalid syntax error during collect & compress: http://paste.ubuntu.com/23589188/
<zul> ddellav: corey has
<coreycb> ddellav, hrm..  that's not good.  i've only tested on xenial-ocata so far
<coreycb> ddellav, this looks odd though: /home/david/.local/lib/python2.7/site-packages/eventlet/__init__.py
<ddellav> coreycb hmm, yea, thats my venv. I'll disable and try again
<hasenov> hello everyone i succesfully installed openstack novalxd using openstack, what is the best way to shut down now?
<coreycb> zul, ^
<ddellav> coreycb same error, this time it's just /usr/local/lib/python2.7 heh
<coreycb> ddellav, i'd recommend using a fresh install
<zul> hasenov:  what do you mean shutdown?
<hasenov> and then when i start up my pc what is best way to start it all back up?
<hasenov> i mean i have all these containers running
<ddellav> coreycb alright, ill spin up a vm on serverstack and try it
<hasenov> but idk if there is a juju command or whatnot to shutdown and start up
<zul> hasenov: when you shutdown the machine the contianers should come back up
<zul> rockstar: ^^^
<hasenov> so i can just shutdown the host machine with no problem, and then when i start my host back up just issue "lxc start" on all the n number of containers right?
<hasenov> like there is no requirement on something needing to start up first
<zul> hasenov: coreect
<zul> coreycb: you are doing debhelper stuff again?
<coreycb> zul, yeah, did something break?
<zul> coreycb: http://10.245.168.2:8080/view/Ocata/job/xenial_ocata_nova-lxd/32/
<hasenov> hello another ques, how do i figure out which node is the nova compute node?
<hasenov> for the web ui it looks like i can only spawn vm instances and not containers correct?
<hasenov> looks like if i want to spawn a lxd container i need to go into the compute node and issue "nova boot --image=trusty --flavor=m1.tiny my-first-openstack-lxd-container
<rockstar> hasenov: nova doesn't know you're actually firing up a container. It sees them all as "instances". Commonly, those instances are vms, but in the nova-lxd case, they're containers.
<coreycb> zul, alright i need to try some debhelper backport testing in a ppa
<rockstar> So you can use horizon to fire up "instances" of nova-lxd that are containers.
<rockstar> But the image has to be a supported format.
<NOVAtechies> anyone have any advice on why an intel I340 would randomly not work anymore?
<NOVAtechies> i'm running 16.04 and just pushed the 4.4.0-53 update
<zul> coreycb: fyi https://bugs.launchpad.net/ubuntu/+source/ceilometer/+bug/1647805
<ubottu> Launchpad bug 1647805 in ceilometer (Ubuntu) "Ceilometer agent fails to start" [Undecided,New]
<axisys> how do I extend this /boot partition? http://picpaste.com/pics/partitions-j2Tixte5.1481049709.png .. short from backing up and rebuild (posted in #ubuntu as well)
<stomplee> axisys, I'm no expert but why extend it?  do an apt-get autoremove which will probably remove a bunch of kernel packages or whatever and free up a bunch of space in that partition
<Ussat> axisys, had that exact same issue this am patching
<Ussat> easy fix
<axisys> i am not sure why my /boot partition is small.. I bump into this a lot and autoremove is not always enough
<axisys> I need to atleast up it to 400M
<nedbat> These lines are part of a vagrant packer script to build ubuntu boxes: I suspect that they randomly leave something locked so that the next "apt install" blocks forever: https://github.com/boxcutter/ubuntu/blob/master/script/update.sh#L20-L23  What might that lock be?
<sarnold> nedbat: do you scrape the output of the apt-get -y dist-upgrade command?
<sarnold> wait
<sarnold> what's reboot ; sleep 60  do? :)
<nedbat> sarnold: i didn't write this script. i was confused by that also.
<nedbat> sarnold: packer continues on from there, without a 60-second pause.
<sarnold> iirc the 'bash -e' means a failure in apt-get dist-upgrade will cause the script to abort
<nedbat> sarnold: is there a lock that would make "apt install" block forever? Googling around, I see messages about "could not get lock"
<nedbat> if you had an "apt install" command that blocked forever, what would you look for as the cause
<nedbat> ?
<tarpman> nedbat: can you pastebin strace output of the 'apt install' that's blocking?
<nedbat> tarpman: that's a good idea, i will try that next time it sticks.
<nedbat> tarpman: (these are in vagrant packer scripts, and it's only about 50% of the time that it gets stuck)
<coreycb> zul, debhelper is fixed up for xenial-ocata
<zul> coreycb: ok you going to kick off all those rebuilds right
<coreycb> zul, well everything that was failing is successful now
<zul> awesome
<hhee> guys, how can check out - is root account blocked?
<achiang> does anyone here look after the vagrant images?
<stomplee> i do to a certain extent
<stomplee> what's up?
<achiang> stomplee: hey, wondering if you've seen lp #1569237, where the default username of the box is ubuntu, rather than vagrant (which is what vagrant expects)
<ubottu> Launchpad bug 1569237 in cloud-images "vagrant xenial box is not provided with vagrant/vagrant username and password" [Undecided,New] https://launchpad.net/bugs/1569237
<stomplee> nope haven't run across that one.  if necessary i'd just pull down a working one and repakage as my own box to work around the issue instead of having to wait
<stomplee> i currently use yakkety and works just fine
<stomplee> you guys stuck using vagrant ssh then?
<stomplee> cuz the username shouldn't really be a big issue i would think
<achiang> ok, but... considering 16.04 is the LTS, my guess is that "works on yakkety" isn't a good resolution
<stomplee> i used xenial before this without issue
<stomplee> why is the different username tripping you up?
<achiang> out of the box, vagrant expects the user to be "vagrant" - https://www.vagrantup.com/docs/boxes/base.html#quot-vagrant-quot-user
<achiang> yes, you can change the username to be ubuntu in your vagrantfile, but there is a lot of code out there that expects the username to be "vagrant"
<stomplee> you could also spin up the image, make the necessary changes to make the built in user be vagrant instead of ubuntu and repackage it as well
<stomplee> though it is a pain in the butt
<achiang> i mean, i agree i can do those things. it's just that the box known as 'ubuntu/xenial64' has some officalness about it, and it would be nice to make it work out of the box with vagrant
<achiang> the box known as 'achiang/xenial64' doesn't quite have the same ring
<stomplee> lol
<stomplee> why would you want code to reference the vagrant user in the first place though
<stomplee> better to just run stuff as root and kick off some script to provision some service account so this issue doesn't mess up the pipeline
<stomplee> to me anyways, i'm just a noob in this area though so I could be missing something glaring
<achiang> i agree it's not great, but that is the default, and people have built out lots of provisioning scripts based on this assumption
<achiang> stomplee: i am happy to submit a patch, but i don't know who actually maintains `ubuntu/xenial64`, hence my asking on irc
<stomplee> it's canonical themselves
<stomplee> but vagrant recommends some other box, i forget by whom though
 * achiang randomly pings jcastro ;)
#ubuntu-server 2016-12-07
<mjolnir40k> Hello, I'm trying to do some things with ifupdown and VLANs and bridging for KVM
<mjolnir40k> I suspect I'm running afoul of biosdevname, since the vlan scripts kind of assume interface names will be eth.*
<mjolnir40k> What I want to do is create vlan tags on individual interfaces, and then create bridges on top of the VLANs
<mjolnir40k> (bonding is not necessary in my case)
<rbasak> powersj: I replied to bug 1623721.
<ubottu> bug 1623721 in htop (Ubuntu) "/usr/bin/htop:11:strcmp:check_match:do_lookup_x:_dl_lookup_symbol_x:elf_machine_rel" [Undecided,Invalid] https://launchpad.net/bugs/1623721
<powersj> rbasak: thank you
<mozart1893> does anyone have a solution to this situation: I created a virtual network interface on a UBUNTU 16.04 AWS instance and it keeps going off after every restart of the server
<mozart1893> does anyone have a solution to this situation: I created a virtual network interface on a UBUNTU 16.04 AWS instance and it keeps going off after every restart of the server
<tsimonq2> !ask | mozart1893
<ubottu> mozart1893: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<lordievader> mozart1893: Is it configured?
<lordievader> Without any details it could be anything.
<mozart1893> lordievader
<mozart1893> it is configured
<mozart1893> but anytime i restart the instance, the configuration disappears
<jcastro> achiang: I am actively arguing the point to make the vagrant boxes useful for vagrant users
<jcastro> achiang: it's one of those "but we want all cloud images to be the same" vs. what people expect from vagrant boxes.
<jcastro> also painfully aware that hashi is unrecommending our images
<jcastro> achiang: iirc the cloud images team maintaines the image, so I think you're looking for gaughen if you want to submit patches/fixes
<coreycb> zul, ddellav: i've uploaded the liberty point releases to liberty-staging
<zul> coreycb: cool...
<coreycb> zul, how's mod_wsgi?
<zul> coreycb: slow...i had to fix ceilometer yesterday so i could test stuff
<zul> coreycb: daemon wasnt running because one of the python-dependencies had litterally nothing in the deb
<coreycb> zul, ok. if you're using the charms and then reinstalling from the new package, watch out for haproxy listening on the same port.
<coreycb> zul, are you working on heat and cinder?
<zul> yeah heat today
<coreycb> zul, ok.  i pushed aodh, ceilometer and nova.  i think i'll get the charm updates up for review next and just mark them workflow-1 until we release b2.
<zul> coreycb: awesome
<zul> coreycb/jamespage: im just in the middle of backporting libvirt to xenial as well
<coreycb> EmilienM, jamespag` : we should have all the api's moved to mod_wsgi + apache2 for the b2 release of ocata.
<EmilienM> coreycb: good news. My second problem was that nova-api package was not idempotent when also deploying nova-placement-api
<EmilienM> I haven't details but I saw that in puppet CI
<EmilienM> have you tried to deploy both packages in same time and do it again? does it work?
<coreycb> EmilienM, so just to be clear, to recreate the idempotent issue, would i have to install nova-api and nova-placement-api, then uninstall, and install them again?
<EmilienM> coreycb: no. Do something like: 1) install nova-api 2) install nova-placement-api 3) run apt-get install nova-api again and see if it works fine
<EmilienM> coreycb: maybe it's something with my setup but it was not idempotency
<EmilienM> idempotent*
<Ussat> just gonna post this once, if anyone is interested:  https://www.humblebundle.com/books/unix-book-bundle
<coreycb> EmilienM, ok i'll take a look
<EmilienM> coreycb: thanks!
<coreycb> EmilienM, ok the package assumes they are mutually exclusive, so i'll fix that to enable nova-api and nova-placement-api to both be installed at the same time
<EmilienM> coreycb: nice! so my bug was valid (/me dancing)
<EmilienM> thx for fixing it!
<coreycb> EmilienM, :)
<zul> jamespag`/coreycb:libvirt updated in the CA
<hitesh> hey
<coreycb> EmilienM, ok so looking more, the mutual exclusive bit might be valid.  basically if you install nova-api then all other nova api packages are mutually exclusive (ie. metadata api, placement api) because the apis are read from enabled_apis in nova.conf.
<coreycb> EmilienM, however if you install nova-compute-os-api (vs nova-api) then you can also install nova-metadata-api and nova-placement-api
<EmilienM> coreycb: not placement api
<EmilienM> placement api has nothing to do with enabled_apis
<EmilienM> placement api is just a simple wsgi app to run in Apache and some config to do in nova.conf ([placement] section)
<coreycb> EmilienM, ok maybe.  let me double check on that in #openstack-nova before I remove it.
<EmilienM> coreycb: I already checked :D
<EmilienM> coreycb: it has been one week I'm working on that
<EmilienM> and we successfuly deployed it on centos7
<coreycb> EmilienM, ok got a link to the discussion?
<EmilienM> just a vhost to create and run the wsgi app :)
<EmilienM> I have better
<EmilienM> CI job deploys it, a sec
<EmilienM> (we don't deploy on ubuntu yet because of the issues I showed you)
<EmilienM> coreycb: https://review.openstack.org/#/c/406301/
<EmilienM> coreycb: http://logs.openstack.org/01/406301/4/check/gate-puppet-openstack-integration-4-scenario001-tempest-centos-7/f1bb688/logs/
<EmilienM> that's logs
<EmilienM> you can look nova logs and also nova config if you like
<coreycb> EmilienM, yeah just seems like it should be valid to specify on enabled_apis based on the upstream code:  https://github.com/openstack/nova/blob/master/nova/cmd/api.py#L59
<EmilienM> coreycb: cdent, the author of Placement API told me no
<EmilienM> enabled_apis is only for compute & metadata API
<hitesh> can anyone helpme to install usb formatter found in linux mint in ubuntu
<ddellav> coreycb are you working on any CI failures?
<coreycb> ddellav, not at the moment
<ddellav> coreycb ok, we have a ton of red so I'm gonna crank through some
<coreycb> ddellav, sure. let me know if you have an merge proposals.
<ddellav> coreycb will do
<coreycb> EmilienM, ok I pushed that update so nova-api and nova-placement-api will be able to be installed together in b2
<coreycb> zul, sahara is better now for liberty-staging
<zul> coreycb: ack
<SipriusPT> hello guys
<SipriusPT> I have a smart host working in a MacosX 10.9.5 with Server App 3 (who uses postfix mail_version = 2.9.4), and i have notice that i am just able to redirect mail inside of my smart host (Outlook, Mail app and roundcubemail installed in this server), for example i am just able to send mails from user1@domainX.pt to user2@domainX.pt where i have a redirection to user1@domianY.pt,
<SipriusPT>  if i try to send mail from user1@domainY.pt to user1@domainX.pt who is redirecting mail to user2@domainY.pt, i will get this message at mail.log:
<SipriusPT> Dec  6 14:37:12 remote.domainX.pt postfix/smtp[28504]: 0B8BD259F57: to=<user2@domainY.pt>, orig_to=<user1@remote.domainX.pt>, relay=mail.domainX.pt[]:25, delay=0.1, delays=0/0.01/0.07/0.02, dsn=5.0.0, status=bounced (host mail.domainX.pt[] said: 550-Verification failed for <Xserver@remote.domainX.pt> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command))
<SipriusPT> From what it seems instead of using orig_to=<user1@domainX.pt> i am getting orig_to=<user1@remote.domainX.pt>, and my remote mail server will give that response. I am just using domainX.pt instead of remote.domainX.pt that i am not using at all. My mail server remote.domainX.pt is connected to my remote mail server mail.domainX.pt.
<SipriusPT> Anyone knows how can i solve this?
<EmilienM> coreycb: you rocks!
<zul> coreycb: hey i just noticed that the openstack-ubuntu-testing ppa doesnt have the debhelper fix
<coreycb> zul, i don't think it needs it, does it?
<coreycb> zul, or wait... backport_package should have put it in there
<zul> https://launchpadlibrarian.net/297025952/buildlog_ubuntu-xenial-amd64.python-oslo.log_3.19.0-0ubuntu1~cloud0_BUILDING.txt.gz\
<coreycb> jamespage, beisner: hi, these are ready to promote if you can please: http://paste.ubuntu.com/23594026/
<coreycb> zul, ok it's there: https://launchpad.net/~openstack-ubuntu-testing/+archive/ubuntu/ocata
<zul> coreycb: ok
<jamespage> coreycb, doing now
<ddellav> coreycb seems like most if not all of the xenial ocata ci failures are deb helper issues
<coreycb> ddellav, ok i'll take a look
<coreycb> zul, hmm yeah so dh-autoreconf failed to build in openstack-ubuntu-testing...
<ddellav> coreycb http://10.245.168.2:8080/view/Ocata/job/xenial_ocata_aodh/lastFailedBuild/console
<zul> yarp
<jamespage> coreycb, done
<ddellav> http://paste.ubuntu.com/23594051/
<coreycb> jamespage, thanks
<jamespage> ddellav, coreycb, zul: ocata testing PPA appears to lack debhelper 10?
<zul> jamespage: we were just discussing that ^^^
<coreycb> jamespage, i just deleted it because dh-autoreconf needs to build successfully before debhelper can be backported
<jamespage> coreycb, okies
 * jamespage leaves experts todo their jobs :-)
<coreycb> jamespage, lol
<zul> jamespage: just call me carol
<hitesh> help
<alex-at> help
<SipriusPT> hello guys
<SipriusPT> https://ubuntuforums.org/showthread.php?t=2345648
<SipriusPT> anyone here with postfix experience?
<coreycb> beisner, hey could you please promote cinder 1:2015.1.4-0ubuntu1.1 and python-glanceclient 1:0.15.0-0ubuntu1~cloud1 to kilo-proposed?
<beisner> hi coreycb - ^ done
<coreycb> beisner, thx
<beisner> yw coreycb
<coreycb> zul, is bug 1642274 ready to be verfied?
<ubottu> bug 1642274 in nova-lxd (Ubuntu Zesty) "[SRU] newton nova-lxd 14.0.1 point release " [Undecided,Fix committed] https://launchpad.net/bugs/1642274
<zul> coreycb: not yet
<zul> coreycb: there is another point release coming so im waiting for that
<achiang> jcastro: thanks re: vagrant boxes
<achiang> jcastro: fwiw, we are staying on 14.04 for now, because ubuntu/trusty64 *is* setup properly to be used with vagrant out of the box
<achiang> jcastro: where does the cloud images team hang out?
<rbasak> achiang: right here, mostly.
<coreycb> zul, ddellav: debhelper is fixed up
<zul> coreycb: sweet...
<achiang> rbasak: looking for the appropriate forum to chat about the ubuntu/xenial64 vagrant image. seems like there is resistance to changing the default user name to 'vagrant' (from 'ubuntu')
<rbasak> achiang: on IRC this is the right channel. Or https://lists.ubuntu.com/mailman/listinfo/Ubuntu-cloud for a mailing list.
<rbasak> achiang: it's a trade-off between making the Vagrant image look the same as other Ubuntu cloud images (for transfer from testing to deployment) vs. consistency with other non-Ubuntu vagrant images.
<rbasak> There's no single answer but we can only really do one. No sense in flip-flopping between the two, IMHO.
<rbasak> Please do present your arguments (the mailing list is probably best) but keep in mind that they may already have been heard.
<achiang> i can go search archives
<rbasak> I'm not sure there's a previous thread at all on this, only IRC discussion (here or #ubuntu-devel, I don't remember which). But please do start a thread to create an archive trail.
<rbasak> irclogs.ubuntu.com if you want to search.
<achiang> not much on the mailman archive (i just checked)
<ddellav> coreycb awesome
<ddellav> coreycb zul i need an update on python-hacking for barbican ci, plz review lp:~ddellav/ubuntu/+source/python-hacking
<zul> ddellav: done
<ddellav> zul ty
<coreycb> ddellav, i think barbican just needed pep8 in BD's
<ddellav> coreycb oh when i tried to build it it complained about hacking
<ddellav> said it needed 12
<coreycb> zul, actually hold off on 12
<coreycb> zul, ddellav https://github.com/openstack/requirements/blob/stable/newton/global-requirements.txt#L384
<zul> coreycb: yeah 13 is actually needed
<coreycb> zul, no
<coreycb> zul, oh wait
<zul> coreycb: 12 was broken last time i checked
 * ddellav is confused
<coreycb> zul, go ahead, i was looking at stable/newton.  12 is better than 13.
<ddellav> it built ok in xenial and zesty
<zul> coreycb:  https://review.openstack.org/#/c/407126/1
<zul> coreycb: doh..
<zul> coreycb: never mind
<Pinkamena_D> Every 3 seconds os so I get a bunch of 'FAILED su for someuser by root' in auth.log
<Pinkamena_D> any idea what is causing all this spamming?
<Pinkamena_D> the reason is that the accounts were deleted, but I dont know why a deleted account is trying to be accessed every 3 seconds
<sypher> Pinkamena_D: Could be trying to start a service, could be a cronjob.
<Pinkamena_D> do you know of an efficient way to search for it?
<sarnold> is the pid the same each time or different each time?
<sarnold> if the pid changes each time, then look to see if it has a 'steady' parent; the execsnoop tool here is the easiest way I can think of to find that https://github.com/brendangregg/perf-tools/blob/master/examples/execsnoop_example.txt
#ubuntu-server 2016-12-08
<engineer-pearl> Hi... I think something is wrong with my apache2, and I don't really know what I'm looking for ((I'm teaching myself PHP, so I deffinately need it)).
<engineer-pearl> I'm getting apastebin ready
<engineer-pearl> this is the output when I try to restart it: http://paste.ubuntu.com/23596809/
<jerichowasahoax> Where do systemd service files live? I need to modify one.
<jerichowasahoax> I understand that Canonical is not responsible if my modifications crash my server, kill my dog, etc etc etc
<jerichowasahoax> oh i found it, /lib/systemd/system
<lordievader> Good morning
<zioproto> coreycb: hello, upgrading Liberty to Mitaka we have hit this bug: https://bugs.launchpad.net/qemu/+bug/1626972 It is already fixed in qemu xenial. Any plan to backport to trusty in the ubuntu cloud archive ?
<ubottu> Launchpad bug 1626972 in qemu (Ubuntu Yakkety) "QEMU memfd_create fallback mechanism change for security drivers" [Undecided,Fix committed]
<zioproto> jamespage: it looks you know about this patch
<jamespage> zioproto, 1:2.5+dfsg-5ubuntu10.7~cloud0	 is in mitaka-proposed in the UCA
<jamespage> I think that has the fixes
<zioproto> thanks I will check
<zioproto> jamespage: btw, for already running VMs with the old version there is no chance to live migrate them without stopping them I guess. Is that correct ?
<zioproto> sorry, I got lost on launchpad, where is the git repository for the trusty mitaka proposed packages ?
<jamespage> zioproto, oh its a UCA pocket
<jamespage> add-apt-repository cloud-archive:mitaka-proposed
<zioproto> thanks
<jamespage> zioproto, re existing VM's
<jamespage> hmm
<jamespage> I would suspect that a stop/start is required to pickup the new qemu binary
<zioproto> Yes, that is what I also think !
<zioproto> too bad users will have downtime
<jamespage> tinoco would know for suer
<jamespage> or cpaelzer ^^ ?
<zioproto> jamespage: I checked out the sources and looks like the patch at hw/virtio/vhost.c is not there
<zioproto> I did debcheckout --git-track='*' qemu
<zioproto> using deb-src http://ubuntu-cloud.archive.canonical.com/ubuntu trusty-proposed/mitaka main
<zioproto> that is the correct source tree ?
<zioproto> I am looking for a patch that looks like this http://paste.openstack.org/show/591758/
<jamespage> zioproto, well the fix should be in https://launchpad.net/ubuntu/+source/qemu/1:2.5+dfsg-5ubuntu10.7 -> which maps to 1:2.5+dfsg-5ubuntu10.7~cloud
<jamespage> I don't know specifically where the server team put their git/bzr source
<jamespage> zioproto, I'd rely on the archive to be definative here
<zioproto> yes this is the launchpad page I was looking for at my first question :)
<zioproto> thanks
<zioproto> but this is for xenial and not for trusty
<zioproto> am I wrong ?
<arcimboldo_> the corresponding bug only reports yakkey xenial and z* patches
<arcimboldo_> I made my own packages
<zioproto> jamespage: arcimboldo_ is the actual person that tested the patch at University of Zurich :)
<zioproto> jamespage: OK the patch is there, but is that package going to land in trusty ?
<jamespage> zioproto, that pocket targets trusty - or are you actually looking for the same patch to the qemu in trusty release?
<jamespage> zioproto, i.e. mitaka UCA for trusty include qemu with fixes
<zioproto> no, I think we are fine. So that patch will be in mitaka UCA trusty, as soon as the package gets out of mitaka-proposed, right ?
<zioproto> so we just upgraded a few days too early ? :)
<zioproto> I have another question. We are running Ceph hammer and now we notice that UCA Mitaka trusty ships Ceph Jewel. If we ping Ceph to Hammer there is any known major problem ? :)
<zioproto> There is anything in the MItaka nova-compute that requrires ceph jewel packages??
<cpaelzer> jamespage: sprinting and just seeing the message know
<cpaelzer> jamespage: is there a quetsion left open still?
<cpaelzer> jamespage: I#d think you need to restart to pick up, but in theory you could also migrate to a same-version sibling, retstart the original source, migrate it back there and then hacve picked up the fix for the source to be able to migrate out to the much newer target which the fix is about
<cpaelzer> jamespage: complex and certainly needs to be tested on the target environment, but might be the way to go without downtime
<cpaelzer> zioproto: ^^
<zioproto> cpaelzer: thanks ! But I think it is too much work :) We have like 1000 VMs in our cloud
<zioproto> making this mass live migration before the upgrade sounds terrible
<zioproto> and arcimboldo_ already upgraded everything to mitaka
<arcimboldo_> yes, I actualy asked in the original bug if there was a way to fix for intsances that have the bug now
<jamespage> zioproto, so far as I'm aware there is no requirement for jewel
<jamespage> zioproto, that said we do only test mitaka with jewel
<mrtAkdeniz> Howdy!
<mrtAkdeniz> how can I set the default permission, I mean if a new file created on that folder, it should have same permissions
<ndboost> hey folks whats the inverse of -z in a conditional
<ndboost> nvm its -n
<rbasak> ndboost: "man test" is pretty handy for that.
<ndboost> thx
<rbasak> (rather than digging through the shell documentation, etc)
<ndboost> i just relied on good ol'e google lol
<xnox> jamespage, at cdo core sprint; agreed with rbasak to remove the cloud archive from the archive.
<jamespage> xnox?
<jamespage> not quite sure what that means
<xnox> what i mean is that i want to move ubuntu archive keyring from the stand alone package into src:ubuntu-keyring and highjack the old package name
<xnox> and ship the cloud archive keyring as a the key fragment in /etc/apt/trusted.gpg.d/ (similar to ppas and the ubuntu-archive keys from zesty)
<xnox> without using apt-key
<xnox> and without injecting those keys into /etc/apt/trusted.gpg as that is now redudnand in the new world order of zesty
<xnox> so, can i highjack ubuntu-cloud-keyring into ubuntu-keyring?
<xnox> or do you want to keep it as separate source?
<xnox> ubuntu-keyring already has archive and cdimage keys; and i hope to add cloud-archive, cloudimg (verification keys), ddebs keys
<xnox> all in one source, with multiple binary packages as needed.
<xnox> jamespage, does that make sense?
 * xnox feels like i should create a bileto ppa with all the diffs I am trying to land.
<xnox> on a more important note, that ubuntu-keyring has migrated to key fragments. thus it's simple dpkg managed install/remove files in /etc/apt/trusted.gpg.d (! not conf-files)
<xnox> rather than have postinst scripts that depend on gpg and manipulate things.
<xnox> currently in zesty we only require gpgv now, as gpg is no longer a required package.
<coreycb> beisner, jamespage: hi can you promote magnum 3.1.1-1~cloud0 to newton-updates for bug 1632743
<ubottu> bug 1632743 in Ubuntu Cloud Archive "Missing files from python-magnum 3.1.1-0~cloud0" [Undecided,New] https://launchpad.net/bugs/1632743
<neubi> how can i allow a website located in ~/website/index.php on ubuntu 14.04 server
<beisner> hi coreycb - magnum released to newton-updates
<hallyn> man neubi was in a hurry.  didn't get a chance to point him/her to https://help.ubuntu.com/lts/serverguide/httpd.html
<nwilson5> was having issues with what I thought were my database, but turns out to be an issue with sorting in ubuntu 16.04 vs 14.04.
<nwilson5> sorting a file of international text (2M lines) with: `LC_COLLATE="en_US.UTF-8" sort /tmp/utest1.txt > test`
<nwilson5> takes 10 minutes on ubuntu 16.04, and 20 seconds on ubuntu 14.04
<nwilson5> 14.04 build has eglibc 2.19. 16.04 has glibc 2.23
<sarnold> heh, the one feels comically too long, the other feels comically too short :)
<nwilson5> neither has a problem if it's sorted using collate "C"
<nwilson5> the lines are all < 40 characters each
<nwilson5> this chan seems dead compared to #ubuntu :| maybe I should ask there.
<teward> nwilson5: patience is also a virtue
<nwilson5> teward, perhaps, just scrolling up it appears less active than #ubuntu. A fair assessment.
<nwilson5> not saying no one would every respond. Just perhaps I should've been asking there to begin with.
<nwilson5> ever*
<tsukasadt> I know this is better for #mysql, but noone is answering in there. Does anyone know how to enabled the MySQL logs to record executed queries, not just the prepared queries?
<EvilAngel> I have been avoiding asking for help with this but I can't find a real solution anywhere. For months and now every day (to the point of being nearly unusable) I get the dreaded !caled_font-cache_frozen failed error when I launch any gtk apps. Is there a solution? I've deleted nearly everything in my .cache and .config dirs and ran fc-cache -r and manually deleted all font caches. Anything I'm
<EvilAngel> missing?
<Walex> EvilAngel: usually that happens when there are missing glyphs, adding more fonts with wider character sets usually helps.
<Walex> EvilAngel: it is a bug in font handling code, but happens only with some fonts and not others.
<Walex> Walex: also try this: https://gist.github.com/alechko/b1e9436b5a2507c50224
<EvilAngel> Walex: thank you. I installed all the ttf-* pkgs
<EvilAngel> I think that might help, as it's what I just read another person did to fix it. I wish this bug would bug off, cause ti's been around for ages
<zigmasterhanni> Hi all, quick noob question: Can anyone point me in the right direction to correctly configure DNS servers to point my domain to my VPS?
<stomplee> zigmasterhanni, what are you trying to accomplish?
<stomplee> your question wasn't clear
<stomplee> if you are just trying to configure client settings refer to this post:  https://askubuntu.com/questions/346838/how-do-i-configure-my-dns-settings-in-ubuntu-server
<stomplee> if you are trying to configure a bind server, that is a whole other ball of wax
<zigmasterhanni> stomplee, thanks for the link! I think that's all I needed
<stomplee> yw
#ubuntu-server 2016-12-09
<engineer-pearl> Hi. I'm trying to start a crontab job but it doesn't seem to be starting. I don't seem to have the log files either...
<engineer-pearl> Update: I have found some logs in the syslog but am not sure that there is anything useful in there
<tsimonq2> engineer-pearl: Can you please paste the output of your crobtab?
<engineer-pearl> The only output of crontab -l that is not commented is "@reboot (. ~/.profile; /user/bin/screen -dmS gameserver-screen /home/engineerpearl0/bootscript.sh)"
<sarnold> put a full path to the .profile
<sarnold> also i'm not sure if the () bit actually works, I've never seen that, never tried that :)
<tsimonq2> ^
<engineer-pearl> running the reboot now
<engineer-pearl> still no screen to be resumed
<sarnold> heh
<sarnold> /user/bin/screen
<sarnold> took me three tries to spot it
<tsimonq2> O__o
<engineer-pearl> Yep that would do it
<engineer-pearl> The command is now "@reboot /usr/bin/screen -dmS gameserver-screen /home/engineerpearl0/bootscript.sh" and it still is saying there is no screen to be resumed
<engineer-pearl> OH
<engineer-pearl> I forgot the ./
<tsimonq2> engineer-pearl: Got it now? :D
<engineer-pearl> I hopefully will when I remember if the ./ goes in the beginning (before the /home) or right before the name of the file
<sarnold> note that the shell command for 'source' is '.'
<sarnold> the / is part of the path
<engineer-pearl> ... still no screen to be resumed...
<engineer-pearl> isn't there supposed to be a crontab error log somewhere?
<sarnold> what's the line now? is there anything in the /var/log/auth.log? or syslog?
<sarnold> annoyingly, cron likes to _email_ errors :/ that made more sense in the 80s and 90s..
<engineer-pearl> @reboot /usr/bin/screen -dmS gameserver-screen /home/engineerpearl0/./bootscript.sh
<engineer-pearl> I don't have an email server on this machine so its emailing is doing no good
<engineer-pearl> authlog has a lot of sessions opening and closing
<engineer-pearl> syslog is mentioning hourly stuff but nothing relevant
<engineer-pearl> is there somewhere the emails sit if they can not be actually emailed?
<sarnold> it's possible that your bootscript.sh is expecting a different PATH too. read through it, see what executables it calls without using full paths?
<engineer-pearl> Not calling any exicutables without full paths, but I changed it from bash .......... to just /path/./file
<sarnold> ?
<engineer-pearl> When running a bash script I usually do bash filename
<sarnold> sure, that's handy if the sysadmin puts 'noexec' on your homedir filesystem
<engineer-pearl> nope, didn't fix it.
<engineer-pearl> It shouldn't have even had time to get past "/home/engineerpearl0/gitasist/./gitupdate pull" [[a script I wrote]]
<sarnold> btw all the /./ things in your paths aren't needed
<sarnold> . in a path refers to 'this directory'; if you're execugin things not in PATH, say, ./scripts/foo   then the . says 'start from the current working directory'
<engineer-pearl> it is asking for a password... I thought screen would protect me from that but...
<engineer-pearl> I thought the ./ helped to exicute things
<sarnold> it can if the file you're executing is in the current working directory but not in the PATH with a fully-qualified directory name
<engineer-pearl> hmm... hold on I need to figure out an escape and move my command to my root folder ((long story short: oops"
<engineer-pearl> Would screen close imediatly if it were running as a dameon and it ran into a request for password?
<sarnold> I would hope not, but it can't really tell what's a request for password or not, it's all just IO to screen
<engineer-pearl> well I adjusted that so it doesn't happen again
<engineer-pearl> still no screen
<engineer-pearl> I don't understand rrrrrgh some error logs would be helpful here!!!!
<sarnold> you can try looking in /var/spool/mail/
<engineer-pearl> I found something odd but irrelevant.
<engineer-pearl> :/
<engineer-pearl> here's something: there's something about a crontab.allow list
<engineer-pearl> which of course I misspelled
<sarnold> ay, if you've fiddled with the /etc/cron.allow or /etc/cron.deny files then you've got to make sure they still describe what you want; but I think the default is anyone is allowed to use cron, no?
<engineer-pearl> not according to the man page
<engineer-pearl> "If neither of these files exists, then depending on site-dependent configuration parameters,  only  the  super user will be allowed to use this command, or all users will be able to use this command."
<engineer-pearl> so it's hit or miss
<engineer-pearl> wait, is @reboot allowed for basic users?
<sarnold> sure, from vixie's point of view; I think our configuration allows anyone to use  it though; I don't have any /etc/cron.{allow,deny} files, but my crontab seems to work okay...
<engineer-pearl> YEP THAT'S THE PROBLEM RIGHT THERE
<engineer-pearl> or not
<engineer-pearl> I have an update towards the good! I have error logs now!
<sarnold> engineer-pearl: great! :) that is a worthy accomplishments :)
<engineer-pearl> still working on finding a replacement for runuser though. aparently that's not allowed. -_o_-
<engineer-pearl> oooh found one
<engineer-pearl> giving it a test
<sarnold> uh
<sarnold> why not just use the specified user's crontab?
<engineer-pearl> because that won't run at reboot
<engineer-pearl> :/
<sarnold> o_O
<engineer-pearl> That was my first setup
<sarnold> normally cron's @reboot thing is used because users can't write their own sysv-init scripts or upstart configurations or systemd unit files
<engineer-pearl> You're talking over my head but I'm listening
<engineer-pearl> I need to run a bash script at startup, and if there is a way to do it that won't rely on crontab I'm in
<engineer-pearl> ((I have never gotten that thing to work))
<sarnold> what release are you on?
<engineer-pearl> Ubuntu 16.04.1 LTS
<engineer-pearl> (I just upgraded today
<sarnold> engineer-pearl: okay, it's a little complicated to write systemd unit files but then you can manage it with the systemd tools -- systemctl could then enable or disable it, you can have it depend upon e.g. networking to be up and running, and so on
<sarnold> the plus side to systemd is the docs are pretty good: https://www.freedesktop.org/software/systemd/man/systemd.unit.html and https://www.freedesktop.org/software/systemd/man/systemd.service.html# should be your starting points
<engineer-pearl> oh uh... is this easier to learn or more flexible than than upstart? I can stop working on that if it is easier.
<sarnold> I think systemd is more flexible than upstart; I think upstart is easier than systemd
<sarnold> but 16.04 LTS uses systemd as init and service manager, so that's what's there :) hehe
<engineer-pearl> Okay then I'll switch over
<sarnold> there are a lot of examples in /lib/systemd/system/ that you can copy from too :)
<engineer-pearl> Umm... question: I'm trying to run it in "screen" so I can access it later. Do I need to make any adjustments later?
<engineer-pearl> ((one of the things I am doing is starting up a game which has terminal access. I want the game to start up, but I also want that access))
<sarnold> ahhh so screen wasn't just for getting it to run persistently? hrm...
<engineer-pearl> oh is that going to make it weirder
<sarnold> I haven't seen screen used in a systemd unit file before. I can't think of anything off-hand that would keep it from working...
<engineer-pearl> Lots of fancy files... doesn't look to be in bash but idk if I'd know them at this level...
<sarnold> engineer-pearl: well, here's a dude who starts screen to start rtorrent: http://www.linuxveda.com/2014/04/28/autostart-process-gnu-screen-systemd/
<sarnold> indeed it's very much not bash. that's good and bad.
<engineer-pearl> :/ so much for just getting a script to run at startup I guess
<sarnold> and this guy's got some insane cool tmux thing. Dunno -why- but he's got one: http://askubuntu.com/a/802272/33812
<engineer-pearl> wait this line looks like what I want! Ubuntu 16.04.1 LTS
<engineer-pearl> hold on didn't copy
<engineer-pearl> ExecStart=/usr/bin/screen -d -m -S rtorrent /usr/bin/rtorrent
<sarnold> I thought you'd like that bit :)
<engineer-pearl> I have questions but it is late on a night where I have to be up bright and early
<engineer-pearl> :/
<sarnold> ugh :(
<engineer-pearl> oh poop poop poop
<engineer-pearl> IIf I do it this way, I don't know how to make it so I can attach
<engineer-pearl> It will be owned by not-me
<sarnold> it'd be owned by whatever user you configure here
<engineer-pearl> If it is owned by me, I should be able to attach, right?
<sarnold> so you could do something like 'sudo -u USERNAME screen -RAD'
<engineer-pearl> I'm not entirely sure about the command but yeah, that seems about right, expecially the r
<sarnold> hehe
<sarnold> screen -RAD was just the thing I memorized because screen's baffling array of command line options is baffling
<engineer-pearl> okay, so I've got the tabs, and I'll look into it later
<sarnold> (I switched to tmux ages ago for no real good reason)
<sarnold> there I think it's just 'tmux attach' :) heh
<engineer-pearl> but for now I bid thee a good night
<sarnold> you also, have fun :)
<lordievader> Good morning
<SipriusPT> Hello guys
<SipriusPT> I have a smart host (remote.domainX.pt) connected with a remote mail server (mail.domainY.pt), that uses getmail to receive mail from that mail.domainY.pt, and then reroute it with sendmail to local user accounts in this server. My smart host uses mydomain as domainX.pt, config in postfix.
<SipriusPT> I am able to login clients with this smart host, using domainX.pt. To send mail i am using smtp_sasl_password_maps:
<SipriusPT> test@domainX.pt test@domainX.pt:qwe12
<SipriusPT> With getmail i was using as destination:
<SipriusPT> [destination] type = MDA_external path = /usr/sbin/sendmail arguments = ("-bm", "test") unixfrom = true
<SipriusPT> And didnt notice that i was using my @remote.domainX.pt local domain instead of the @domainX.pt do receive mail at postfix.
<SipriusPT> When i tried to redirect mail (with postfix aliases) from a gmail account through this smart host to another gmail account, postfix didnt send my mails with @domainX.pt, it sends as @remote.domainX.pt, and as expected i receive a message from my remote server saying:
<SipriusPT> Dec  6 14:37:12 remote.domainX.pt postfix/smtp[28504]: 0B8BD259F57: to=<test@gmail.com>, orig_to=<test@remote.domainX.pt>, relay=mail.domainX.pt[]:25, delay=0.1, delays=0/0.01/0.07/0.02, dsn=5.0.0, status=bounced (host mail.domainX.pt[] said: 550-Verification failed for <Xserver@remote.domainX.pt> 550-No Such User Here 550 Sender verify failed (in reply to RCPT TO command))
<SipriusPT> After some tests at sendmail through getmail, i also notice that i could only use local user account names as destination or use full email name only with @remote.domainX.pt and not @domainX.pt as i was expecting.
<SipriusPT> I have also tested with virtual_alias_maps instead of aliases from alias_maps but with that there is no domain associated to my local accounts, it can only be used to local delivery.
<SipriusPT> So i am trying to figure out how can i solve this with postfix, to handle just @domainX.pt to receive mail instead of @remote.domainX.pt but i am not seeing a way to fix this.
<SipriusPT> Here is my main.cf: http://pastebin.com/d9hZaTwp
<jonah> Hi can anyone please help me out with server downtime. I seem to be getting attacked but hoped someone could help with where. Netstat isn't showing a lot of connections but it seems like a dos as my server is going offline frequently. thanks for any help
<mybalzitch> jonah: whats your isp say
<jonah> mybalzitch: they are useless and not answering the phone
<mybalzitch> do your mrtg/cacti/whatever port graphs indicate you are being dos'd?
<zul> coreycb:im going to drop the arm patch we were carrying for nova its no longer needed apparently
<coreycb> zul, ok if you are sure
<zul> coreycb: i asked
<coreycb> zul, cool
<zul> coreycb: http://pastebin.ubuntu.com/23603616/
<showaz> Greeting, what is best to use a RAID controller support ubuntu? video streaming storage="40TB" & SSD
<coreycb> zul, maybe transport_url is missing from nova.conf?
<zul> coreycb: yep
<zul> coreycb: ill figure it out
<zul> coreycb: think i have a fix...testing it
<zul> coreycb: nova should be fine again
<protn> hi
<protn> who here uses evolution?
<protn> it acting weird with some accounts
<protn> wont read imap folder
<protn> yet
<protn> hehehehe
<Pinkamena_D> using ldapsearch I am trying to get info about one user, but the result comes back with a search reference. How do I tell it to follow the reference?
<tarpman> Pinkamena_D: I don't believe ldapsearch has built-in support for chasing references
<SipriusPT> hello guys
<SipriusPT> http://serverfault.com/questions/819844/not-able-to-forward-mail-from-external-domains-through-relays
<SipriusPT> anyone?
<solidpizza> hello, I am wondering what is the simplest way to set up a git server with public clones and authenticated push. I have done this before with ssh and git-daemon but it was a struggle and I can't figure it out again.
<solidpizza> and is there a guide that works for this?
<tarpman> solidpizza: I had good luck with gitolite3 - it provides a github'ish ssh interface i.e. git@git.example.com:owner/repo - and apache for the r/o http access
<Pici> solidpizza: I like gitlab, but its definitely a heavier solution.
<engineer-pearl> I am trying to make a script run at startup, and am currently using http://www.linuxveda.com/2014/04/28/autostart-process-gnu-screen-systemd/ as a template, but my thing is not running. Is there something that breaks down the parts for me so I can figure out what is going wrong?
<engineer-pearl> Status upstart gives the error ""com.ubuntu.Upstart" does not exist"
<tarpman> engineer-pearl: you said you're using ubuntu 16.04? upstart is gone, replaced by systemd
<engineer-pearl> oops I meant status systemd
<tarpman> 'status' is a command that interacts with upstart
<engineer-pearl> huh, odd. I've used it for a few other things. Must be because I upgraded, so it's not a new install.
<engineer-pearl> So what's systemd's method of checking things?
<tarpman> service xx status
<engineer-pearl> oh backwards got it
<tarpman> 'service' is a generic tool that will handle all kinds of services (init scripts / upstart / systemd) properly
<engineer-pearl> well it looks like I can't have it check its own service... hmm
<tarpman> what are you trying to do, exactly?
<engineer-pearl> run a script that opens screen and does some stuff at startup. So far I have yet to confirm that it actually opens screen
<tarpman> I meant which service are you trying to check the status of
<engineer-pearl> I'm trying to get my script (currently named UpdateAndStart@.service) running, and I wanted to know if systemd was having issues so I could move forward
<engineer-pearl> Looks like it's not found.
<engineer-pearl> I was following the instructions here: http://www.linuxveda.com/2014/04/28/autostart-process-gnu-screen-systemd/
<engineer-pearl> Are there better ones somewhere?
<rebootd> Running 16.04 server for an media server, with no-ip for dynamic dns. I can ssh in via the WAN DNS name & ip, but not from a LAN ip. ufw is disabled. openssh is listening on all ip's. what am I missing?
<rebootd> fyi, it was an ethernet adapter conflict. server was confused about which interface should respond.
#ubuntu-server 2016-12-10
<emora> hello
<emora> I need to find a 10 Gbit NIC that is compatible with Ubuntu Server 16.04
<emora> any suggestions?
<station> im trying to set ubuntu to act as rooter but wich guid is the best with 16.04 +pppoe
<station> zential distro is it nay good
#ubuntu-server 2016-12-11
<arooni> hey folks; set up a kernel crashdump on ubuntu 16.04 to figure out why i'm not able to resume from suspend on my t420;  how do i access it?  or have it tell me something useful?
<Guest15565> hi, i just got a new server  ML10v2 with 2 OS drives and 4 raid 10 storage drives i want to ensure encryption of all data on all drives I have googled and am having trouble any help?
<rizonz> 4~has there been changed something on 14.04 for rootlogin ? I cannot SSH to the box with PermitRootLogin yes in the ssh config
<mundus2018> Does anyone know what software I should look into if I want to make a server a proxy for another
<bekks> mundus2018: apt-cache search proxy
<jaguardown> Hi all
<jaguardown> When attempting to reboot a server remotely via ssh I get this http://pastebin.com/UN5Zn3Th
<jaguardown> Regardless of 'shutdown -r now' or 'reboot'
<jaguardown> Also I just found out I can't restart services either.
#ubuntu-server 2017-12-04
<jerichowasahoax> Doow: "sudo -u gitolite-user gitolite args args args"
<MannyLNJ> Hi I have a headless server running 16.04 I installed X2Go on it so I could get a GUI when working remotley but now I get no desktop how can I check that XFCE is running on it?
<lordievader> Good morning
<zioproto> good morning
<zioproto> trying to compile packages for Openstack Neutron newton version
<zioproto> jamespage: coreycb what is this weird tarball neutron_9.4.2~dev21.orig.tar.gz ?
<zioproto> I am confused today: https://pastebin.com/QQ1yA2X9
<zioproto> this used to work, to import the upstream tarballs
<zioproto> are there some changes in these tools that are braking everyting ?
<zioproto> I found the problem
<zioproto> https://pastebin.com/Hcxm86cg
<zioproto> it is hardcoded to use /usr/bin/pristine-tar
<zioproto> but my tool is in /usr/local
<zioproto> because I had to upgrade pristine-tar
<zioproto> wow is getting hard to build stuff on Xenial
<zioproto> tar: unrecognized option '--verbatim-files-from'
<zioproto> what are you guys using to build the openstack ubuntu packages ?
<zioproto> I upgraded tar by hand
<zioproto> new problem :
<zioproto> https://pastebin.com/uQdE0MBd
<zioproto> sudo apt-get install xdelta3
<zioproto> now it works !
<zioproto> today is not my day
<zioproto> E: neutron changes: bad-distribution-in-changes-file xenial-newton
<jamespage> zioproto: I suspect that both coreycb and I will be running on the development release
<zioproto> jamespage: hey there
<jamespage> zioproto: that last error about xenial-newton is normal
<zioproto> I am now building 9.4.1 with a patch backported from Ocata on top
<jamespage> we use non-standard targets for the UCA
<zioproto> jamespage: yes, I figured out I was looking for the dsc in the wrong path
<zioproto> I fixed everything, update pristine-tar, tar, and xdelta
<zioproto> I have to update my xenial provisioning script
<zioproto> or I will not be able to build packages on Xenial anymore
<zioproto> I did not understand if you are interested in the version bump to 9.4.1 or not
<zioproto> what is the development release ?
<jamespage> zioproto: that will happen yes - I suspect coreycb has it on his todo list
<zioproto> ok, I hope to get to finish testing this today
<zioproto> I will provide a MR
<frickler> jamespage: if you happen to prepare a ceph-10.2.10 pkg, please be sure to include the patch from https://github.com/ceph/ceph/pull/15835 , we just ran into that. the patch was added after 10.2.10 into upstream
<jamespage> frickler: ta
<coreycb> jamespage: zioproto: hello, i started working on point releases last week. i'll be working on the rest in the background this week.
<zioproto> coreycb: hey... I was trying to backport something from Ocata do Newton but looks too hard :(
<zioproto> anyway importing just the latest newton tarball and compiling works fine
<zioproto> the debian/patches for neutron is basically empty
<zioproto> we are blocked by a performance problem, I guess we have to start the Ocata upgrade in production as soon as possible
<coreycb> zioproto: ok. it's always tough balancing regression potential with retro-fitting a patch backport.
<zioproto> We have this problem in Newton https://bugs.launchpad.net/neutron/+bug/1665215
<ubottu> Launchpad bug 1665215 in neutron "performance degradation in agent<->server port wiring process" [High,Fix released]
<zioproto> but looks like the only viable solution is to upgrade to Ocata
<frickler> xnox: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1456789 seems fixed in newer systemd according to the debian bug, would be great to see some backport to xenial
<ubottu> Launchpad bug 1456789 in systemd (Ubuntu) "restarting services hangs on systemd-tty-ask-password-agent" [Undecided,Confirmed]
<rbasak> ahasenack: I just pushed https://anonscm.debian.org/cgit/pkg-mysql/mysql.git/log/?h=mysql-5.7/rbasak/ubuntu/devel which is my merge work in progress.
<rbasak> ahasenack: git log --reverse -p 652783454c167bec03a291ba7bc347d5e9a8e864..pkg/ubuntu/devel -- debian/
<rbasak> diff --git a/debian/patches/fix_mysql_config_flags.patch b/debian/patches/fix_mysql_config_flags.patch
<rbasak> deleted file mode 100644
<rbasak> index ee76415..0000000
<rbasak> ahasenack: https://anonscm.debian.org/cgit/pkg-mysql/mysql.git/log/?h=mysql-5.7/rbasak/ubuntu/devel
<rbasak> ahasenack: https://code.launchpad.net/~mysql-ubuntu/mysql-packaging/+git/mysql/+ref/mysql-5.7/rbasak/ubuntu/devel
<rbasak> ahasenack: I forgot update-maintainer.
<cpaelzer> rbasak: in case git ubuntu tag fails (blocked by it pretending the workign tree is not clean) - could I just tag it with git tag for the time being?
<rbasak> cpaelzer: that should be OK I think. I can't remember if git-ubuntu uses annotated tags or not.
<cpaelzer> rbasak: or is there a lot of extra magic behind "git ubtuntu tag" other than translating the changelog entry to a string that is tag compatible?
<rbasak> No other magic.
<cpaelzer> rbasak: it uses annotated tags
<cpaelzer> rbasak: like http://paste.ubuntu.com/26113388/
<ahasenack> rbasak: rubber duck review :)
<rbasak> ahasenack: build test and dep8 passed against current bionic.
<ahasenack> cool
<trdillon1> I have a maas problem and the maas chanel is dead. Can anyone here help?
<sarnold> "maybe"
<dpb1> ask away
<trdillon1> I can't commission som HPE BL460c G9 blades. They all fail with a segfault on the lshw script
<trdillon1> I am running MAAS 2.2.2
<trdillon1> Tried to commission with both 14.04 and 16.04 but they both fail with the same issue
<sarnold> "Running lshw on a Dell Precision 5510 causes it to segfault unless I use `lshw -disable SCSI`."  https://bugs.launchpad.net/ubuntu/+source/lshw/+bug/1564517
<ubottu> Launchpad bug 1564517 in lshw (Ubuntu) "lshw segfaults while checking SCSI subsystem on Dell Precision 5510" [Undecided,Confirmed]
<trdillon1> Do I just set that as a global parameter?
<sarnold> no
<sarnold> I'm just surprised to find segfaults in the bug tracker :/
<sarnold> I didn't expect lshw to do anything complicated enough to be that buggy
<sarnold> trdillon1: I suggest trying to reproduce this with a minimal image, netboot image, installed system, etc., something that would let you run ubuntu-bug and report the issue to launchpad
<trdillon1> Well this is a commission with MAAS not an install
<sarnold> right
<sarnold> but if it can be reproduced on a standard install it'll be way easier to report the bug :)
<trdillon1> Alright. I understand now
<trdillon1> Thanks
<gun1x> guys, i just deployed kubernates on ubuntu 16.04 with conjure-up and i have no passwords. it deployed a lot of services, all ask for password and i don't know it
<stokachu> gun1x: what all ask for password?
<gun1x> stokachu: all the services deployed
<stokachu> gun1x: how are you trying to connect to them
<gun1x> stokachu: kubernates, heapster, grafana, influxdb
<gun1x> https
<stokachu> gun1x: wut..
<gun1x> stokachu: https://bpaste.net/show/a43461bbec45
<gun1x> i got the links at the end of the deployment
<gun1x> but no password
<stokachu> gun1x: odd
<stokachu> gun1x: can you hop into #juju
<gun1x> just did ...
<stokachu> gun1x: just curious, what exactly are you trying ot accomplish with kubernetes?
<gun1x> stokachu: my company is forcing me to use mirantis cloud platform for openstack, and that platform also has kubernetes deployment. also, we will have multiple internal projects which should have native cloud apps so kubernetes is a far better solution then openstack
<gun1x> stokachu: so i have to learn kubernetes. fast. i hoped getting an automated build will speed up the process. i will go through manual install
<stokachu> gun1x: k, well fwiw openshift will lock you into their custom kubernetes
<stokachu> where are's is the closest you'll get to upstream
<gun1x> stokachu: fwiw ?
<stokachu> well the automated build via conjure-up does get you a full environment
<stokachu> you use kubectl to manage your kubernetes after that
<stokachu> so you'll need to do some additional reading on that
<stokachu> i wouldnt base your experience on not being able to see metrics that doesn't actually exist because you havent deployed any workloads on it
<gun1x> :D
<stokachu> but, go ahead and try out other solutions , then come back to #juju when you need more help
<gun1x> i saw juju stuff fail in the past. also deploying openstack with it is not delivering the same experience as openstack-ansible or kolla or trippleo ...
<stokachu> wel lthey are different products by different companies
<gun1x> stokachu: i don't want to use mirantis solutions. i would like to use openstack-ansible for openstack :D
<stokachu> well we dont do openstack-ansible
<stokachu> and when you saw juju stuff fail did you submit bugs?
<gun1x> submiting bugs and getting involved is normally happening AFTER you decide to go for a solution. in the testing phase you just check out every solution to see which one you like most.
<gun1x> for example, osa-aio, the all in one build from openstack-ansible, is working flawless on 3 distributions. think that has any influente on the decision of which tool to use for production deployment ? :D
<gun1x> and regarding openshift, it's the last thing i want to try, since it provides bad support for ubuntu (or none)
<gun1x> and centos/redhat have really old kernel atm.
<stokachu> gun1x: so im guessing you upgrade flawlessly with openstack-ansible ?
<gun1x> stokachu: upgrade what?
<stokachu> openstack..
<gun1x> stokachu: you mean from ocata to pike?
<stokachu> sure
<gun1x> stokachu: if you been upgrades, i didn't have a chance to try that. they have good docu for it, but never tried it out. i tried only prod builds and test builds. with cinder/swift and with ceph
<stokachu> yea see, thats the thing, you may get flawless deploys with openstack-ansible
<stokachu> but try to upgrade one
<stokachu> https://docs.openstack.org/openstack-ansible/pike/user/index.html
<stokachu> im guessing you have to do it manually
<stokachu> anyway, good luck on your solutions search
<gun1x> i don't think i will get to that anyway. company wants the "Strategical parnership" which i don't like anyway :D
<gun1x> MCP doesn't provide pike yet, they are on ocata
#ubuntu-server 2017-12-05
<lordievader> Good morning
<adac> Is ntpd better then timesyncd?
<adac> mean is it more exact? It is stated here   https://www.digitalocean.com/community/tutorials/how-to-set-up-time-synchronization-on-ubuntu-16-04
<cpaelzer> adac: IIRC timesyncd uses only one server to sync from
<cpaelzer> adac: and NTP uses by default 4 I think
<cpaelzer> that could be (one) part of a difference between them
<cpaelzer> adac: although the cases where one is so much better that it matters is IMHO limited to almost scientific cases
<cpaelzer> just like chrony being better in this regard was no reason for many people to switch since then
<cpaelzer> https://chrony.tuxfamily.org/comparison.html
<cpaelzer> I had no numbers on ntpsec, but I'd assume the clenaup of ntp also didn't hurt
<cpaelzer> adac: for a longer list of bikeshedding around that read https://news.ycombinator.com/item?id=15324386
<adac> cpaelzer, I tried now to switch, to ntpd, but I think nothing has changed. I have some problems with a load balancers queue time that gets measured by scoutapp
<adac> the guys thought that the high queue time could be maybe caused by out of sync datetime on my servers
<adac> but I think i have ruled that one out now
<cpaelzer> adac: at what level of precision is your issue secs, msecs, Âµsecs, ... ?
<adac> cpaelzer, milliseconds actually
<cpaelzer> yeah, I doubt that was a time sync issue
<adac> it should be about 1.2 ms as on my production server but currently is about 600+ ms on my staging server
<cpaelzer> but you are on the same conclusion already, so good luck testing your further theories
<adac> cpaelzer, thanks! And thanks for your hints!
<rbasak> cpaelzer, ahasenack: I merged nacc's lint fix as it was already reviewed by cpaelzer. It seems to be working in the edge snap now.
<rbasak> I wonder if I should push the edge snap to beta and/or stable?
<rbasak> What is everyone using currently?
<ahasenack> we are using edge
<ahasenack> stable is quite behind, I'm not sure what the criteria to push to stable is
<ahasenack> probably that is is stable :)
<rbasak> Right now the only point of stable, AFAIK, is to give users something to revert to if we break beta.
<rbasak> (but we'd prefer to users to be using beta or edge so we can get more testing)
<cpaelzer> edge as well, ecept for imports obviously
<rbasak> Yeah all pushed imports via beta please, as that's what the daemon importer runs.
<jamespage> coreycb: https://bugs.launchpad.net/ubuntu/+source/python-taskflow/+bug/1736394
<ubottu> Launchpad bug 1736394 in python-taskflow (Ubuntu) "unit test failure with oslo.serialization 2.21.2" [Undecided,New]
<jamespage> reproduced in a tox env directly upstream as well
<ahasenack> rbasak: a git question, if I may
<ahasenack> rbasak: I have the landscape-client cloned repo (git ubuntu clone landscape-client)
<ahasenack> I worked on it, have branches, remotes, etc. Now I want to update ubuntu/devel to whatever it's in the archive
<ahasenack> rbasak: I did git fetch pkg --tags --force, and now I'm trying to update the branch
<ahasenack> but it keeps asking me for a commit merge, i.e., it's trying to do a merge commit
<ahasenack> git pull pkg ubuntu/devel <-- that
<ahasenack> even with --ff
<ahasenack> i didn't change ubuntu/devel locally
<ahasenack> at least not knowingly
<rbasak> If it demands a merge commit, then it's because the current ubuntu/devel (local) is not an ancestor of pkg/ubuntu/devel.
<rbasak> You could do "gitk ubuntu/devel pkg/ubuntu/devel" to visualise how they differ
<ahasenack> I just tried git pull pkg ubuntu/devel --rebase
<rbasak> "gitk ubuntu/devel...pkg/ubuntu/devel" may also be helpful - it'll hide unrelated commits.
<ahasenack> and that seemed to have done the right thing
<ahasenack> I now see the changes that are in the archive
<ahasenack> d/changelog is correct
<ahasenack> tec
<ahasenack> with the rich history from the latest upload
<rbasak> I can investigate further with the help of your reflog to see what was there before if you wish.
<rbasak> It's possible that the importer did a non-fast-forwarding update to pkg/ubuntu/devel.
<rbasak> Which shouldn't happen except in the case of an archive admin intervention (a delete in the archive) but I don't think that should have been the case here.
<ahasenack> it's fine
<coreycb> jamespage: ack, 2.21.2 is causing more problems
<jamespage> coreycb: I've uploaded a compat patch for taskflow
<jamespage> might be something similar for glance
<coreycb> jamespage: ok great
<coreycb> jamespage: regression tests run successfully against mitaka-proposed. any objections to promoting the following to mitaka-updates? ceph, keystone, libxml2, lxc, python-oslo.concurrency, python-pysaml2, qemu, rabbitmq-server.
<jamespage> coreycb: no go for it
<coreycb> jamespage: ok
<jamespage> lets have a clear through :-)
<jamespage> coreycb: had a clear through the new queue for pkgs; nothing significant
<coreycb> jamespage: i'm holding off on a few that haven't landed in xenial-proposed or other reasons
<jamespage> coreycb: doko has made requests for rmq, ovs and ceph to switch to using py3 for cli tools; I've triaged those as wishlist for 18.04
<coreycb> jamespage: ok. maybe we can make some progress during this next milestone.
<jamespage> coreycb: ok
<coreycb> jamespage: do you know what the status of vmware-nsx is in mitaka-proposed? the version is ahead of xenial.
<jamespage> hmm
<ahasenack> cpaelzer: actually, here is better
<cpaelzer> ahasenack: ok so on nvme?
<ahasenack> cpaelzer: yeah, I'm checking https://bugs.launchpad.net/ubuntu/+source/multipath-tools/+bug/1711749
<ubottu> Launchpad bug 1711749 in The Ubuntu-power-systems project "[18.04] multipath-tools: Backport 2 patches to Ubuntu 18.04 (NVMe disks are detected as multipath disks)" [Medium,Triaged]
<ahasenack> cpaelzer: I have a server with nvme
<ahasenack> but I'm not familiar with multipath, and I just learned about nvme-cli (package)
<cpaelzer> ahasenack: I didn't come by the nvme-cli package yet either - let me read through that with you
<ahasenack> cpaelzer: I was trying to create multiple namespaces (new concept for me too) in the nvme device to see if I could reproduce the bug
<dpb1> Office hours officially is started (a bit late), please bring any questions to the ubuntu-server team.
<slashd> o/
<dpb1> hey slashd
<dpb1> anything from you this week?
<slashd> hey dpb1 everything is under control, was simply showing my presence ;)
<dpb1> slashd: hehe
<slashd> dpb1, Is there a document I must fill ? Like we used to do in the previous meeting format ?
<dpb1> nope
<slashd> dpb1, ack
<dpb1> we didn't find it provided any value
<slashd> dpb1, ok was double-checking in case
 * dpb1 nods
<Arshoon> Greetings. I have a new install of Ubuntu Server. I want to uninstall the OpenJDK but I can't discover the package names. The list scrolls by and off the page. How do I list installed packages one page at a time?
<Ussat> user | more or | grep "name"
<Arshoon> I'm sorry, that didn't help me.
<andol> Asandari: dpkg --list | more
<Ussat> what command are you useing ?
<andol> Asandari: Sorry, wrong nickname
<Arshoon> apt list --installed
<Arshoon> andol that worked, thanks
<Ussat> then use apt list --installed |more
<Arshoon> Thanks guys
<teward> this'll sound like a stupid question but does the server team still hold meetings or have we switched to a more 'office hours' type thing?
<dpb1> teward: we switched to office hours
<teward> dpb1: got an area where we can put specific hours or no?
<dpb1> teward: https://community.ubuntu.com/t/irc-meeting-office-hours/1491 -- we also had a mailing list post
<teward> wasn't sure what the decision was, I've been busy :P
<dpb1> teward: yes!  it's the same as before, sec.  https://wiki.ubuntu.com/ServerTeam/Meeting
<teward> ah, I see.
<teward> yeah that's smack dab in the middle of things that take my time, for now.  That'll hopefully change :)
<Neo1> hi! Who know how to test server correctly?
<Neo1> I put two wp naked site on two servers, one on digital ocean and second on my current and my current show server response time 0.4 seconds, on digitalocean less than 0.2.
<Neo1> What does it mean?
<Neo1> digitalocean:
<Neo1> https://developers.google.com/speed/pagespeed/insights/?url=http%3A%2F%2Ftest.american-chat.ru%2F
<Neo1> Current vps:
<Neo1> https://developers.google.com/speed/pagespeed/insights/?url=http%3A%2F%2Fkselax.kselax.ru%2F
<Neo1> it means my current server is sucking?
<Neo1> I'm not expert, but 0.4 seconds for naked wp site without plugins and load it's big time, with load it will significantly higher
<Neo1> who know who correct set up permissions for site folder?
<Neo1> My WP site can't install plugins
<Neo1> folder belongs the root user, inside folder belongs to test user, and I can't set up any plugins
<Neo1> folders has right 755, and I did for inside folder right 775 for can reach site using sftp
<sarnold> Neo1: there's a lot of variables that influence loading performance
<Neo1> sarnold: server response?
<Neo1> sarnold: I think current server is sucking
<Neo1> it without ssd and digitalocean on ssd
<Neo1> faster
<sarnold> Neo1: that could be part of it; it could also be that one server is closer to you than the other; another is how quickly your auth DNS servers respond, the chain of DNS responses needed to get to your host and all referenced resources..
<sarnold> for example test.american-chat.ru is 33 ms closer to me than kselax.kselax.ru
<Neo1> sarnold: how long kselax.kselax.ru load for you?
<Neo1> test this http://cyberforum.ru, it's also in Moscow and works very fast
<sarnold> heh that takes forever to load, even with noscript blocking many of the scripts
<Neo1> sarnold: why?
<Neo1> sarnold: broken site?
<Neo1> sarnold: this http://kselax.kselax.ru/
<sarnold> a few reasons, none of the referenced resources are hosted on sites that my browser has already looked up and has cached addresses for .. part of it felt like the site being built dynamically before being sent
<Neo1> sarnold: you can use google
<Neo1> https://developers.google.com/speed/pagespeed/insights/
<Neo1> sarnold: better change server IMHO
<sarnold> Neo1: note that your response speed may change over time. If one datacenter handles mostly timezone-local requests, it might be much slower during business hours than the middle of the night
<Neo1> 0.4 seconds and low than 0.2 it's big difference, with plugins and content site will work slower. It's without nothing sucks, and what we'll say when with plugins
<Neo1> sarnold: see in google inspector kselax.ru http://prntscr.com/hjlz1b
<Neo1> sarnold: and digitalocean http://prntscr.com/hjlz77
<sarnold> Neo1: wow, that's a very different interface than I saw in the google inspector :/
<Neo1> current host is faster
<Neo1> sarnold: as you can see current host is faster
<sarnold> 2.28s vs 1.79, wow
<Neo1> yes, current faster, but test on google.ru show other results
<Neo1> seems my current server even better if measure in google
<gun1x> stokachu: just saw ubuntu announced a partnership with rancher labs to release a kubernetes cloud native platform. will that be based on juju, or something new?
<teward> Neo1: consider two VPSes on the same node in the same datacenter on different IPs.  Both are running identical software.  One gives me 0.2s, one gives me 0.3s.  The two servers are identical, so what's with the extra 0.1s?  The extra .1s could be added for any of fifty thousand potential situations with networking between me and the remote server - trusting solely on that statistic for whether the host is faster or not is a poor metric.
<teward> just saying.
<Epx998> dpkg-reconfigure -fnoninteractive ca-certificates should work with no prompts right?
#ubuntu-server 2017-12-06
<Neo1> teward: ok
<stokachu> gun1x: it's on top of juju
<gun1x> stokachu: i hope it will work without any errors :D
<stokachu> gun1x: i assume that's the plan
<gun1x> stokachu: are you part of that project?
<stokachu> gun1x: i am part of all things
<stokachu> but yes im lead developer on conjure-up
<stokachu> and will probably integrate rancher deployment into it
<sarnold> stokachu: how very zen :)
<stokachu> sarnold: lol
<gun1x> stokachu: congrats. and sorry for me getting overzelous a few days ago
<stokachu> gun1x: all good, if you do get some interest to spend some time with the tools we're here to help
<gun1x> stokachu: i will use ubuntu as a distro and i am trying to build strong kubernetes & docker skills. i don't know yet what tools i will choose, or if my company will dictate that. i do however wish you great success with the development and user base of the technology
<stokachu> gun1x: thanks :) and you know where to find us :)
<gun1x> stokachu: which languages do you use in juju?
<stokachu> gun1x: go
<stokachu> https://github.com/juju/juju
<pirx> hello! getting a few Err http://se.archive.ubuntu.com lucid-backports/main Sources
<pirx> when trying to upgrade a 14.04 server
<pirx>   404  Not Found [IP: 194.71.11.165 80]
<pirx> (i want to upgrade to 16.04)
<pirx> already tried stuff like this: https://smyl.es/how-to-fix-ubuntudebian-apt-get-404-not-found-package-repository-errors-saucy-raring-quantal-oneiric-natty/
<pirx> but that just resulted in even more 404s
<pirx> any suggestions?
<Neo1> good morning!
<Neo1> who know why Apache doesn't work from group?
<Neo1> I do next
<Neo1> install for folders owner and group root:root
<Neo1> sudo chown root:root /var/www -R
<Neo1> then put my www-data to root group by typing
<Neo1> sudo adduser www-data root
<Neo1> and change permission for users from group by 7 by typing
<Neo1> sudo chmod 775 /var/www -R
<Neo1> now should www-data works as it is owner, but it's doesn't work
<Neo1> When I try to install wp plugin I'm asked to input credentials, Why does it happen?
<Neo1> if I do owner www-data by typing
<Neo1> sudo chown www-data:www-data /var/www -R
<Neo1> Everything works well
<Neo1> any suggestions?
<Neo1> How I can put Apache to user group and force it work not as owner
<michael2> hi all, im running a 16.04 ubunutu webserver,  which I access and manage through ssh (a prettty commmon setup) can anyone tell if keyloggers are much of a risk for me? for example  if someone got access say at the webserver/php (www-data) level -- could they log my keystrokes on the server? sudo , password, unlock ssh priv keys etc?
<michael2> sorry to interrupt the thread ..
<andol> michael2: Maybe. To be able to log everything you do on the server that would likely involve a two stage compromise; first exploiting the web application to get full control of the www-data user, and then find a vulnerbility in the system allowing them to elevate their privlilages to some kind of root acccess.
<andol> michael2: It's really hard to say for sure how likely it's that an attacker will be able to pull of that second stage, but it's always a risk to consider. That is, don't do anything super sensitive on a server which also runs a public web application.
<lordievader> Good morning
<andol> pirx: Why do you have lucid sources.list entries if it's an Ubuntu 14.04 server?
<cathode> hi
<cathode> i've edited /etc/network/interfaces and added 'dns-nameservers <ip of first> <ip of second>' under my interface configuration, but after a reboot my resolv.conf is still only showing 127.0.0.53
<andol> cathode: My *guess* is that that has something to do with systemd-resolved. *maybe* the solution is to disable systemd-resolved. There is also the *possiblity* that systemd-resolved only acts as a forwarded for those ip:s specified in your interfaces file.
<Art100> Hi - how do I configure IPV6 native dual stack in ubuntu server
<andol> cathode: But I'm really not sure of any of that, but that is where I would start looking.
<andol> Art100: How will you be getting your IPv6 config? SLAAC, DHCPv6 or hard coded?
<cathode> why is it so difficult to simply specify upstream dns servers?
<Art100> andol, I get given a block by my ISP so it must be DHCPV6 I am guessing
<Art100> will find out - brb
<cathode> this should be like one of the most basic configuration tasks possible
<Art100> andol, I am presented with a dual-stack configuration and have a static /56 IPv6 prefix via DHCPv6 Prefix Delegation
<andol> Art100: Nice! Except nothing I have any experience with, so won't be able to help you much.
<Art100> ok - ty anyway
<pirx> andol: i was blind, didnt see, its an old server, thanks, solved it!
<Art100> cathode, didn't see your question but I put dns-nameservers 8.8.8.8 8.8.4.4
<Art100> ^ public dns
<Jenshae> o7
<cpaelzer> rbasak: the short answer to your dpe8 fail question is "the change is arm only"
<cpaelzer> rbasak: and none of the test fails is arm
<cpaelzer> rbasak: but I take a look, thanks for the ping - this one I forgot about
<ahasenack> rbasak: this (old) bug showed up in my triage: https://bugs.launchpad.net/ubuntu/+source/mysql-5.7/+bug/1574458
<ubottu> Launchpad bug 1574458 in mariadb-10.0 (Ubuntu Xenial) "Logs.var.log.mysql.error.log.txt contains usernames and passwords" [Undecided,Confirmed]
<ahasenack> rbasak: would that be on your queue?
<ahasenack> s/on/in/
<rbasak> ahasenack: mariadb isn't in main, so not in my queue. I'm not particularly conerned about a Trusty SRU
<rbasak> So no, I don't think it is.
<rbasak> We should still do Trusty though I guess
<rbasak> Now that it's confirmed to exist there
<patdk-lap> I have been searcing, but it seems the raid6check utility is missing from mdadm package
<cpaelzer> ahasenack: I found a set of older LP MPs and wanted to clean up
<cpaelzer> ahasenack: let me send you a link so you can tell me if those are aborted
<cpaelzer> ahasenack: like https://code.launchpad.net/~ahasenack/ubuntu/+source/landscape-client/+git/landscape-client/+merge/334203
<cpaelzer> ahasenack: I think we handled the same content in a new form recently
<cpaelzer> so should we mark those rejected (superseded) or do I miss the point here?
<ahasenack> let me check
<ahasenack> cpaelzer: that one is fix released already
<ahasenack> it's in updates already, I mean
<cpaelzer> yeah that is what I thought
<cpaelzer> ahasenack: but there are 4 mps up still
<cpaelzer> should I set them to reject?
<cpaelzer> or merged
<ahasenack> something was merged, why launchpad isn't detecting it I don't know
<cpaelzer> IIRC those where like the v1 and you later came with better ones
<cpaelzer> without the master-bug
<ahasenack> hm
<ahasenack> no, the master bug I dropped early on
<ahasenack> just the bionic upload has it
<ahasenack> maybe the importer is stuck again?
<cpaelzer> the importer is not what closes these
<cpaelzer> ahasenack: until it picks from MPs we are who set them closed
<cpaelzer> but you said that content is merged
<cpaelzer> so let me set that
<ahasenack> it is
<cpaelzer> ahasenack: ok ?
<ahasenack> ok
<cpaelzer> ahasenack: same question - https://code.launchpad.net/~ahasenack/ubuntu/+source/clamav/+git/clamav/+merge/334148
<cpaelzer> I think released as well
<cpaelzer> set to merged as well
<cpaelzer> cleanup done :-)
<ahasenack> cool
<maziar> I extended the my LVM hard disk, but I forgot to add it on /etc/fstab , now what should I do ?
<dpb1> teward: hey there!  cpaelzer+nacc are moving ahead with http/2 enablement for apache2, and were wondering what you were thinking for nginx?
<cpaelzer> moving slowly but moving :-)
<dpb1> heh
<dpb1> maziar: sorry, would need a bit more info than that. :)
<maziar> dpb1 like what, please ask I will provide the information
<dpb1> maziar: well, you haven't really provided any kind of a problem.  unless I'm missing earlier context
<maziar> dpb1  I had a 20G of storage for my ubuntu machine, I add an other HDD to my Vmachine and I extend the LVM to 40G but I forgot to add information on FSTAB ,because of that after reboot it won't start
<dpb1> maziar: what did you do to "extend the lvm"?
<maziar> dpb1 I will repeat it again, I had a 20G of storage, I extended it to 40G bu adding another 20G HDD to my virtual machine and add this 20G to / partition by extending my LVM partition from 20G to 40G
<dpb1> sorry, maziar I would need more exact steps, or examples of what is failing to provide any guidance.  If you went down the regular path, extending the VG with a new PV, extending the LV, then growing the filesystem, no modifications of /etc/fstab would be necessary.
<cpaelzer> actually when I do the same I never adapted fstab
<cpaelzer> so details are really important here
<cpaelzer> I usually  did like pvcreate (on new disk), and then IIRC vgextent/lvextend resise2fs
<dpb1> yes, same.  I've done this many times even online with the root fs
<powersj> cyphermox: ISO tests failing again with https://paste.ubuntu.com/26126090/
<powersj> INPUT critical debian-installer/main-menu?
<Henster> hi guys i have lost the ability to auto mount a ext4 hardrive ,, please see this .. am i loosing it ? https://askubuntu.com/questions/983806/ubuntu-16-04-3-lts-etc-fstab-not-working-with-ext4
<ahasenack> Henster: the issue is that all files and directories are root owned?
<ahasenack> hm, wrong link
<ahasenack> Henster: did you check the uuid? sudo blkid
<Henster> yes i Used UUI vie blkid ,, i will manually mount it again and do a chown
<ahasenack> how do you manually mount it? Also via uuid?
<Henster> sudo mount /dev/sdb1 /home/henster/files
<Henster> or i just say ,, sudo mount -a
<ahasenack> if you use /dev/sdb1 in fstab, does it work then?
<Henster> sorry im just rebooting quick
<Henster> nope /dev/sdb1 in fstab also did not work ,,
<Henster> ok some backround ,, the hard drives were in my plex server untill the main hard drive crashed
<Henster> https://paste.ofcode.org/UzZv4Vbzwcu2QiUt8cGPMg ok so im gonna do a chown quick ?
<ahasenack> is it a normal internal harddrive? Or an external usb one?
<Henster> ok getting a journal error when i reboot with the uui or /dev/sdc5 after i change ownership ,, its a internal one
<Henster> now i get htis error when im trying to mount the same drive again
<Henster> mount: unknown filesystem type 'LVM2_member'
<Henster> im destrying my own data :(
<ahasenack> you didn't say it was part of lvm
<Henster> yeah i forgot it was ..part of lvm
<Henster> and now is it lost ?
<Henster> im such a noob
<ahasenack> not necessarily, can't you activate the vg?
<ahasenack> with the disk plugged in
<ahasenack> vgchange -a y
<Henster> sorry for the late responce im back trying to fix the grub loader on on har drive ,, ill try that next
<Henster> sorry for the late responce im back trying to fix the grub loader on *old hard drive ,, ill try that next if i fail
<Henster> oh sorry this chould also be the issue for this as well ? https://askubuntu.com/questions/983840/ubuntu-16-04-is-my-data-gone
<ahasenack> I don't know, I would check dmesg for messages related to /dev/sdb (or just sdb)
<powersj> cyphermox: https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/1736770 blocking ISO tests
<ubottu> Launchpad bug 1736770 in debconf (Ubuntu) "debian-installer/main-menu changes priority" [Undecided,New]
<powersj> dpb1: ^ fyi
<dpb1> powersj: thx
<cyphermox> powersj: actually, I think this is a hardware issue
<cyphermox> http://paste.ubuntu.com/26127207/
<cyphermox> and in general, here and there on the log: http://paste.ubuntu.com/26127212/
<powersj> cyphermox: I reproduced on my local system, steps in the bug
<powersj> I didn't look for that trace though
<cyphermox> well, maybe busted kernel then, but there's about no reason for dpkg-divert or apt-get to not be found
<powersj> cyphermox: thx I've added kernel to take a look
<cyphermox> ok, and I have an install running right now
<cyphermox> using IDE, so if it's an issue with scsi drivers, the install should just complete
<cyphermox> well, that doesn't reproduce it
<cyphermox> now let's change to scsi storage and test that
<cyphermox> powersj: how are you reproducing things on your system and what preseed are you using?
<powersj> cyphermox: no preseed and steps in the bug are cut and paste from what I am doing
<cyphermox> ok
<cyphermox> that's what I wanted to hear :)
<powersj> yeah preseed just complicates things
<cyphermox> it's not that
<powersj> ?
<cyphermox> for this particular test, I suppose using a squashfs or not might have made a difference
<cyphermox> and on that note, I should check if we do use a squash for the tests, because that could cut the testing time by more than half
<cyphermox> oh, I'm using the wrong image
<powersj> oops, what were you using?
<cyphermox> current, rather than pending
<powersj> ah!
<powersj> yeah the tests that are failing prevent promotion from pending to current :)
<cyphermox> yup, just habit of using current for most of what I need to do
<extor> Does ubuntu now use the new ensxxx format for network cards or does it still use the eth0, eth1 format?
<sdeziel> extor: the new format
<extor> If I wanted to revert to the old format can I do that without creating problems, simply with the stroke of a pen in the intefaces file or does the rabbit hole go much deeper?
 * extor *crIcKets ChIrpiNg*
<powersj> extor: I believe you can drop a file in /etc/udev/rules.d/ with 'SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="aa:bb:cc:dd:ee:ff", NAME="net1"' with the mac filled in of course and your chosen name
<genii> extor: echo 'GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0"'|sudo tee -a /etc/default/grub && sudo update-grub
<genii> Will prevent the predictable network interface naming scheme from being used in the first place, instead of needing to mess with udev things
<Epx998> is there a handy tool that converts the /etc/network/interfaces from dhcp to static for a given interface?
<tomreyn> it's probablky simple enough to do it and unusual enough as a use case that no one ever consiered wirting a utility for it.
<jlamb> complete newbie here, just installed Ubuntu Server v17.10 in VirtualBox.  I added a second NIC, and set its static IP in /etc/network/interfaces, but ifconfig doesn't show it.
<jlamb> I followed https://askubuntu.com/questions/778392/install-second-network-interface-on-virtualized-ubuntu-server (but using a static address) with out the same results.
<jlamb> except sudo service networking restart didn't work, so I just rebooted.
<yeats> jlamb: what does 'systemctl status networking' show?
<sdeziel> I'm not sure but I think that ifup and friends are no longer in use now that netplan is the default
<sdeziel> so I don't think that /etc/network/interfaces is being read/consumed
<Ussat> They are in use......but will go away eventually
<Ussat> yes it is de[ends on version
<sdeziel> oh, OK, thanks
<Ussat> 18.04 LTS will have it only I believe
<sdeziel> jlamb: the NIC should show in "ip link", ifconfig is deprecated
<jlamb> ah.. ok
<jlamb> thanks guys, will read up on netplan
#ubuntu-server 2017-12-07
<jlamb> still having a problem... with a second NIC on my server
<jlamb> I added emp0s8:`n addresses: [192.168.1.1/24] to my 01-netcfg.yaml file
<jlamb> and ran sudo netplan apply
<jlamb> and sudo ip link set enp0s8 up
<jlamb> but, ip addr still doesn't show the ip4 address for emp0s8
<lordievader> Good morning
<cpaelzer> late hi everybody
<ahasenack> cpaelzer: hi, iproute2 sru has been accepted, now we need to click on the reds in the excuses page
<ahasenack> :/
<ahasenack> let me check that they are the same errors we saw before in bionic
<ahasenack> who is chrony's maintainer?
<ahasenack> he/she is bound to have seen these frequent dep8 test failures
<EraserPencil> Hi! Anyone has a guide to how I could achieve Dropbox style server without using owncloud or nextcloud?
<cpaelzer> ahasenack: ping me once you checked which ones seem flaky tests ok?
<ahasenack> cpaelzer: systemd dep8 errors in s390: http://autopkgtest.ubuntu.com/packages/s/systemd/artful/s390x
<ahasenack> mine is at the top (iproute), but others have failed in the same way
<ahasenack> FileNotFoundError: [Errno 2] No such file or directory: '/boot/grub/grub.cfg' is the error
<ahasenack> any idea about that?
<ahasenack> it seems the systemd-fsckd test was skipped in the one lonely success
<ahasenack> "systemd-fsckd        SKIP Test requires machine-level isolation but testbed does not provide that"
<cpaelzer> ahasenack: ther eis no grub on s390x
<cpaelzer> and never will be
<cpaelzer> like 640k will be enough forever
<ahasenack> there seem to be two "threads" writing to stdout in the failed test
<ahasenack> I see lines like
<ahasenack> (Reading database ... 95%
<ahasenack> with "Setting up util-linux (2.30.1-0ubuntu4.1) ..." in between
<ahasenack> let's see why that test isn't being skipped
<cpaelzer> ahasenack: I re-triggered the others, but the two s390x issues need to be resolved or skipped
<cpaelzer> well firejail might ahve been a race with another upload with some luck
<cpaelzer> or other out of date-ness
<ahasenack> firejail failed like that before
<ahasenack> but let me get to that in due time
<cpaelzer> ahasenack: once the others re-ran you can check then
<cpaelzer> ahasenack: if no others are left ask for overrides in #ubuntu-release
<cpaelzer> FYI ahasenackthese will eventually go into http://bazaar.launchpad.net/~ubuntu-sru/britney/hints-ubuntu-artful/changes
<ahasenack> cpaelzer: the s390 tests were always in a vm, right
<ahasenack> xnox: around?
<cpaelzer> ahasenack: no
<cpaelzer> ahasenack: they were in a container up until recently
<cpaelzer> ahasenack: which might be why they now are considered regressiosn
<ahasenack> ah, that explains it
<ahasenack> I didn't know you could do containers in s390
<cpaelzer> ahasenack: that is what I fixed a few of last week
<cpaelzer> just as well as everywhere
<ahasenack> so now that it's a vm, the machine-isolation constraint works and the test is run
<ahasenack> but it uses grub, and that fails
<ahasenack> so I need to skip that test in s390
<ahasenack> sounds reasonable?
 * ahasenack looks for the dep8 spec
<ahasenack> "Such specific HW need seems rare and there is no e.g. autopkgtest feature to limit Architectures."
<ahasenack> probably need to add the skip to the test itself then, have it return a fake success
<ahasenack> cpaelzer: I'm looking at your dpdk dep8 https://bugs.launchpad.net/bugs/1551158 fix
<ubottu> Launchpad bug 1551158 in dpdk (Ubuntu) "DPDK dep8 tests failing on non supported platforms" [High,Fix released]
<ahasenack> you added debian/tests/check-dpdk-supported-arch.sh and you source that in the tests
<ahasenack> but you also added arch-specific bits to the depends line
<ahasenack> Depends: dpdk [amd64 i386] <--
<rbasak> ahasenack: any ETA on the my MySQL merge review please?
<cpaelzer> ahasenack: yes and yes
<ahasenack> rbasak: gonna start after I solve these iproute2 migration issues
<cpaelzer> ahasenack: the arch qualifier will ensure it doesn't run at all
<cpaelzer> as it doesn't qualify
<ahasenack> cpaelzer: is the latter necessary? Without the former, the arch qualifier would just lead to a failed test?
<rbasak> ahasenack: no problem thanks!
<cpaelzer> the checker is mostly if even on an arch there are needs like cpu features
<cpaelzer> ahasenack: it is a double cahnce for error
<cpaelzer> ahasenack: without arch qualifier it will try to install and might fail
<cpaelzer> ahasenack: so you have to mark where you expect THE INSTALL to work
<cpaelzer> ahasenack: of the package
<ahasenack> cpaelzer: the dpdk package does not exist in these other arches?
<cpaelzer> ahasenack: only afterwards the script will run and you can sort out and skip tests
<cpaelzer> yes
<ahasenack> ok, so you also had an install failure that you are fixing here
<cpaelzer> yes
<ahasenack> ok,thx
<cpaelzer> and check-dpdk-supported-arch.sh then does any in depth checks
<cpaelzer> like cpu features
<cpaelzer> or experimental arches like for a while ppc64el had the packages but was not meant to work
<cpaelzer> well that sounds bad
<cpaelzer> it worked
<cpaelzer> but was meant to be experimental/tech-preview
<cpaelzer> ahasenack: the story even went further, until s390x had KVM execution the isolation-machine blocked it
<ahasenack> right
<ahasenack> that's my case
<ahasenack> it started failing about 3w ago, with several packages
<ahasenack> I mean, other packages that triggered the systemd dep8 test suite
<cpaelzer> yep
<ahasenack> I'm filing a bug and putting up an mp for it
<ahasenack> I wonder how the bionic upload passed (of iproute2)
<cpaelzer> ahasenack: for the case to complete the story the final change then was https://gerrit.fd.io/r/gitweb?p=deb_dpdk.git;a=commitdiff;h=b179808726394c63b97747b31ca603392c182168
<cpaelzer> because since KVM exec it ran into said package-install-issue
<cpaelzer> as we didn't have the arch qualifier on that yedt
<ahasenack> can't you negate an arch there?
<cpaelzer> I don't know
<cpaelzer> sry
<ahasenack> ok
<ahasenack> cpaelzer: hm, "zipl" is an s390 thing, no?
 * ahasenack looks around for didrocks
<cpaelzer> ahasenack: yes
<cpaelzer> ahasenack: zipl is the lilo of s390x
<ahasenack> I think this test was meant to work on s390
<ahasenack> I might be out of my depth here then
<ahasenack>     if platform.processor() == 's390x':
<ahasenack>         enable_plymouth_zipl(enable)
<ahasenack>     else:
<ahasenack>         enable_plymouth_grub(enable)
<cpaelzer> yeah, there is some intention here
 * ahasenack hops on an s390 to check what platform.processor() returns
<ahasenack> it's correct
<cpaelzer> it is
<ahasenack> ok, I need to actually run this test there then
<ahasenack> cpaelzer: am I supposed to be able to run autopkgtest-buildvm-ubuntu-cloud on s1lp5? Or do I need to use nested vm?
<ahasenack> ubuntu@s1lp5:~/andreas$ autopkgtest-buildvm-ubuntu-cloud -r artful -o adt-images
<ahasenack> ERROR: no permission to write /dev/kvm
<cpaelzer> ahasenack: I thik lp4 is the one we share
<cpaelzer> ahasenack: but long story short no
<cpaelzer> ahasenack: the tests won't work
<cpaelzer> there is a lot of console magic in autopkgtest which doesn't apply
<cpaelzer> ahasenack: create a VM with uvtool, then run the test in that VM (without the autopkgtest around it)
<cpaelzer> only go the last steps to try inside if you really really need it
<ahasenack> it must be platform.processor() returning something else over there
<cpaelzer> yep
<cpaelzer> maybe it fails in a VM?
<ahasenack> the test clearly ran     plymouth_enabled = 'splash' in open('/boot/grub/grub.cfg').read(), which is only in enable_plymouth_grub()
<ahasenack> yeah, let's start ismple. Bring up the vm and run that platform.processor()
<cpaelzer> doing that atm
<ahasenack> cpaelzer: hm, there is no uvt-kvm in that s1lp5 host, should I switch to that lp4 one you mentioned? You gave me access to lp5 once upon a time, maybe before lp4 was ready for us?
<cpaelzer> lp5 is mostly mine for the more sinister experiments
<ahasenack> there used to be uvt-kvm, since I ran it before there
<ahasenack> ah, ok
<cpaelzer> lp4 is meant to be the somewhat stable shared host
<ahasenack> better remove me from lp5 then :)
<cpaelzer> it is s390x on a KVM guest as well
<cpaelzer> trying to run the full test
<ahasenack> "s1lp4 purpose: jenkins node" :)
<ahasenack> s1lp3 seems to be the one to use
<cpaelzer> I wrote it in the wiki
<cpaelzer> yep s1lp3
<ahasenack> ah, found it
<ahasenack> it's a fix that went into bionic
<ahasenack>     New changelog entries:
<ahasenack>       * systemd-fsckd: Fix ADT tests to work on s390x too.
<ahasenack> somehow I missed that changelog entry
<ahasenack> cpaelzer: it's a bug in artful's package, fixed in bionic. We probably don't sru dep8 fixes, or do we?
<cpaelzer> ahasenack: we soemtimes do sometimes not
<cpaelzer> depends on the case
<cpaelzer> but systemd uploads are grouped by xnox anyway
<cpaelzer> you know he collects a bunch and groups them for tests
<cpaelzer> so he might have a plan or nack already
<cpaelzer> I guess you are safe to ask for an override on the current version thou
<cpaelzer> ahasenack: ^^
<ahasenack> thanks, I'm asking in #ubuntu-release
<cpaelzer> if you want you can explain so in a bug, release team members like to reference something with more context
<cpaelzer> as it is just a lin in the britney hints
<ahasenack> cpaelzer: I have a bug, can you accept the artful nomination? https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1736955
<ubottu> Launchpad bug 1736955 in systemd (Ubuntu) "dep8 test systemd-fsckd fails on s390" [Undecided,Fix released]
<rbasak> ahasenack: I don't think we'd usually SRU a test fix on its own, but bundling one with an SRU is absolutely fine.
<ahasenack> sounds reasonable
<cpaelzer> approved
<cpaelzer> it is correct to have that bug task
<cpaelzer> and you can refer to it for the override
<ahasenack> cpaelzer: thx
<ahasenack> cpaelzer: one more task, zesty is also affected: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1736955
<ubottu> Launchpad bug 1736955 in systemd (Ubuntu Artful) "dep8 test systemd-fsckd fails on s390" [Medium,Triaged]
<ahasenack> xenial and trusty are fine (no systemd dep8 tests being run in their migrations)
<pmatulis> for the no_proxy environment variable, i often see addresses and hostnames. the docs say categorically that hostnames should be used. also, i often see both address and name for the local system: 127.0.0.1, localhost. is this necessary?
<ahasenack> pmatulis: surprisingly I've seen many cases where an app would send a request to localhost via the proxy
<ahasenack> I don't know why that's not the default
<joelio> no_proxy has always seemed partially implemented to me
<boxrick> I have the following lines in my preseed postinstall script to upgrade and configure ansible to the latest version.
<boxrick> https://gist.github.com/boxrick/ae85da1eedd485930a37a3dfd6e08329
<boxrick> But I wish for this to happen in the preseed itself and not the post install
<boxrick> 3Any ideas?
<pmatulis> ahasenack, thanks
<m15k> Does this make any sense? https://gist.github.com/asbachb/9fceeb1d0a00114eec31c6af82ca9805
<m15k> Is 2001:470:4242:1042::1/64 the same as 2001:470:4242:1042::1/56 ?
<ahasenack> m15k: yes, ifup/down will only work with interfaces defined in /etc/network/interfaces
<m15k> ahasenack: Any idea howto remove the interface?
<ahasenack> m15k: what ubuntu is this?
<m15k> 16.04
<ahasenack> m15k: does "lxc network list" list that interface?
<m15k> ahasenack: yes. but "lxc network delete lxcbr0" results in "error: not found"
<ahasenack> is managed "no" for it?
<m15k> yes it's no
<ahasenack> that interface was created when you first installed lxc (not lxd: then it would have been lxdbr0). Are you sure you want to remove it? Do you use lxc or lxd?
<m15k> Yes I am sure. I think I created it manully via brctl
<ahasenack> does /etc/default/lxd or /etc/default/lxc (or a name like that) reference it still?
<m15k> ahasenack: I think that's it. lxc-net bridge was enabled and referenced to lxcbr0
<ahasenack> you can probably change its details in that /etc/default/ file
<m15k> ahasenack: thanks. that was the right hint! :)
<ahasenack> cool
<m15k> ahasenack: Are you familiar with lxd?
<ahasenack> m15k: somewhat
<ahasenack> I use it a lot
<m15k> I wonder what "Would you like LXD to NAT IPv6 traffic on your bridge?" actually means
<boxrick> Hello! I am currently using the following line in preseed on Xenial 16.04 LTS d-i base-installer/kernel/altmeta string hwe-16.04
<boxrick> So I have have the more up to date kernel
<m15k> I know what NATting is, but I'm a little bit unsure what's the difference in ipv6 context.
<boxrick> However this causes all sorts of inconsistencies within my preseed postinstall chroot environment where I need correct libraries
<boxrick> Is there any way to install *just* the new kernel rather than do the thing it seems to where it installs the old one then updates it later?
<ahasenack> m15k: well, it depends if you have global addresses in your lxds or not
<ahasenack> if you don't, and you want to use ipv6 to reach the internet from that container, then you will probably need ipv6 nat, but also a global ipv6 on your host
<m15k> ahasenack: So when I've a public ipv6 subnet I should disable NAT?
<ahasenack> if your containers get a slice of that and have global addresses, probably yes
<ahasenack> I have never natted ipv6, tbh
<ahasenack> I just get one /64
<m15k> ahasenack: You assign a public ipv6 to your containers?
<ahasenack> no
<ahasenack> I don't use ipv6 in them
<m15k> I currently try that. Because of that I play a little bit around with these bridges.
<m15k> When I type "resolvconf -u" there are dns servers in /etc/resolv.conf that are not configured in "/etc/resolvconf/resolv.conf.d" any ideas how they get into the generation?
<genii> Probably by dhcp
<rbasak> powersj: congrats!
<powersj> rbasak: thank you :)
<dpb1> oh, it happened?
<dpb1> nice
<Neo1> who know my server can access server sysadmin?
<Neo1> does sysadmin of server can access my server?
<Neo1> I mean files on my server
<dpb1> root can generally access anything that is not encrypted.
<sarnold> and if the data is ever decrypted on the server, root can access that too.
#ubuntu-server 2017-12-08
<cpaelzer> gz powersj to also officially be part of the group now :-)
<cpaelzer> rbasak: once you are aroung it would be great if you could check my ubuntu-release question (if no one else answered) and tell me if/what I overlook
<cpaelzer> thanks in advance
<cpaelzer> about the MIR related apache2 migration
<cpaelzer> rbasak: resolved
<azidhaka> Help with 16.04 upgraded from 14.04 :) /var/log/syslog is empty, everything goes to syslog.1. Logrotate config: https://pastebin.com/mAiJVKJY ;  Rsyslog config: https://pastebin.com/3V7BbVX5
<rbasak> azidhaka: have you rebooted since the upgrade?
<cpaelzer> rbasak: can you pull bug 1735930 into the ongoing merge?
<ubottu> bug 1735930 in mysql-5.7 (Ubuntu) "Bug in /usr/share/mysql/mysql-systemd-start script" [Undecided,Triaged] https://launchpad.net/bugs/1735930
<Neo1> Hi! Who know how set up php5.6, Now I have 7.1
<Neo1> Used this manual and this doesn't work https://askubuntu.com/questions/109404/how-do-i-install-different-upgrade-or-downgrade-php-version-in-still-supported#109544
<rbasak> cpaelzer: added to my list. Thanks!
<rbasak> I'm planning on doing the merge first, then a further upload to fix bugs.
<cpaelzer> just wanted to know it in good hands
<cpaelzer> thanks
<jamespage> coreycb: doing oslo.* updates for m2; oslo.log is unhappy under py3.6 atm (applies to current version as well)
<jamespage> coreycb: I think we need to revert the exception serialization feature in oslo.serialization; we can drop any patches once upstream either follow suit, or fix the rest of the world to work with it.
<coreycb> jamespage: thanks, i'll work on clients today. good call on oslo.serialization.
<marlinc> Anyone who has experience with suppressing PAM messages about sudo from a user? I tried to suppress them with "session [success=1 default=ignore] pam_succeed_if.so quiet uid = 0 ruser = zabbix" in /etc/pam.d/sudo but this causes segmentation fault
<catphish> i'm attempting to disable dependence on filesystem UUIDs, but i don't seem to be able to stop grub putting them in grub.cfg (specifically in the search line), is there a good solution to this?
<catphish> i think the only solution is to hack it out of /usr/share/grub/grub-mkconfig_lib - this feels like a bug
<jamespage> coreycb: taking stevedore
<coreycb> jamespage: ack
<coreycb> jamespage: taking ironic deps and keystoneauth
<jamespage> coreycb: not doing everything via bileto - anything pretty atomic can test out in bionic-proposed
<jamespage> coreycb: stevedore uploaded
<coreycb> jamespage: ok
<jamespage> coreycb: ovsdbapp next
<powersj> cpaelzer: thanks!
<jamespage> coreycb: os-traits done
<jamespage> coreycb: python-troveclient next
<jamespage> coreycb: done; tempest next
<coreycb> jamespage: ack. done up to ironicclient. keystoneauth/middleware and ldappool next.
<jlacroix> I'm hoping someone can help me with connecting an external USB hard disk to a KVM/Qemu VM. I've tried installing every package with the word "spice" in the name, on both the host and VM, and I've tried reconnecting, rebooting, etc. For some reason, no matter what I do, the USB drive doesn't show up in the guest VM.
<cpaelzer> jlacroix: let me try to find you my last description
<cpaelzer> in some bug around that I should have steps to do so ...
<cpaelzer> jlacroix: in what Ubuntu release are you?
<cpaelzer> (btw no spice needed at all)
<cpaelzer> I fixed the remaining apparmor bits in artful, so if you are on 17.10 or 16.04 + UCA-Pike you are good
<cpaelzer> otherwise you need to adapt some configs in regard to appamor
<cpaelzer> the TL;DR to attach is this:
<cpaelzer> 1. make an xml describing your usb device
<cpaelzer> 2. run virsh attach-device <guestname> <xml-describing-your-device>
<cpaelzer> Bonus: if you need USB2 caps make sure your guest has a usb 2 host controller
<cpaelzer> list of usb controllers is at https://libvirt.org/formatdomain.html#elementsControllers if you need more than the default (which strives for max compatibility)
<jamespage> coreycb: tempest done - enabled signature verification of the tarballs using the openstack infra signing key
<jamespage> neat
<cpaelzer> bugs 1552241 and 1686324 have examples how I did test the fixes
<ubottu> bug 1552241 in libvirt (Ubuntu Zesty) "libvirt-bin apparmor settings for usb host device" [Undecided,New] https://launchpad.net/bugs/1552241
<ubottu> bug 1686324 in libvirt (Ubuntu Zesty) "usb hostdev passthrough generates the wrong apparmor rules" [Undecided,New] https://launchpad.net/bugs/1686324
<jamespage> coreycb: python-os-win next
<cpaelzer> jlacroix: I hope that gets it going for you I'm EOD actually so I should leave
<coreycb> jamespage: cool will take a look. i think i saw that mentioned in the debian policy upgrade checklist.
<boxrick> During my pre-seed postinstall chroot environment. In /lib/modules it has kernel 4.4.0-96 Yet if it I try and use modprobe it looks for 4.4.0-103. Why this difference?
<boxrick> And is there any way to stop this happening?
<jamespage> coreycb: I've been doing wrap-an-sort -bast to make future merging with Debian a bit easier
<coreycb> jamespage: ok
<jamespage> coreycb: os-win done
<jamespage> coreycb: python-os-brick next
<coreycb> jamespage: signing sure is nice
<coreycb> jamespage: checking signature that is
<boxrick> Any ideas?
<ahasenack> boxrick: what's the running kernel?
<boxrick> I am using a preseed file, then in the d-i preseed/late_command section running a chroot in the /target
<boxrick> So it is the machine I have literally just installed
<ahasenack> well, modprobe will consider the running kernel
<boxrick> Isn't it just a busybox environment at that point?
<ahasenack> and a chroot
<ahasenack> loading a module there shouldn't be done I think
<boxrick> I need to do some ZFS hacking, so I need something to have loaded in ZFS
<ahasenack> but during installation?
<boxrick> It was working in a VM, but moving this to real hardware seems to have broken something. Which makes it feel a bit fragile
<boxrick> Yea, since I want my /var living on ZFS partition
<dpb1> we are doing work in curtin to enable zfs for root, rharper might have more info here. :)
<boxrick> I guess I could do something like: d-i base-installer/kernel/override-image string linux-image-4.4.0-96-generic
<rharper> generally you'll need to have zfs.ko loaded in your "install" environment; so that looks like 4.4.0-96; so you'll  want to make sure the linux-image-generic-`uname -r` is installed; that'll make sure you have a zfs.ko that can be loaded;  one loaded the zfsutils-linux  is needed for zpool/zfs commands;  lastly, in target/chroot you want zfsutils-linux
<rharper> I'm not preseed savvy but maybe someone knows how to do the above requirements in preseed
<boxrick> Thats what I was basically doing, but for some reason it was installing 4.4.0-96 then at last minute updating it to 4.4.0-1xx. Which is quite odd
<rharper> well, whatever uname -r says, is what's needed, even if you update the install environment to a newer level,
<rharper> if you're running a late command, IIUC, and it's in the chroot, then zfs was already loaded and used to create your /var mountpoint ...  so was there an error or was the concern about seeing a different kernel version
<boxrick> No, this was a specific error when it was modprobe zfs in the late command, due to kernel inconsistencies.
<rharper> it's very likely your install media/environment is 4.4.0-96, but the latest kernel 1xxx is being installed since the installer is going to install the latest version of the package for the target
<rharper> oh, you can't moprobe late
<boxrick> Well, this is a chroot
<boxrick> So its directly in the target
<rharper> you have to do it before
<rharper> it has to match the installer kernel
<rharper> so, if there's an early command
<rharper> load zfs early, and then in late command, you can run in-chroot zfs commands as long as the target also has zfsutils-linux installed
<boxrick> Early command feels like CentOS. Not sure if thats a thing in pre-seed
<boxrick> Can certainly check though
<rharper> yeah, I'm not sure on preseed
<rharper> looks like there is a di preseed/early_command
<boxrick> Plus its some gross busybox environment. You cant really do much
<rharper> you only need to modprobe zfs
<rharper> if you're waiting until your in your target; though honestly, you should be creating your var before you install the OS , otherwise you'll need to migrate all of the data in var onto your zfs var
<boxrick> Thats fine, doing the zfs stuff before install though is a complete nightmare.
<rharper> yes
<boxrick> Moving some files from a none running os though is fairly easy
<boxrick> Create zfs pool, do mountpoint, move files
<rharper> if the tools were available, it would save some io
<boxrick> Maybe with time this will be easier. I will give this early modprobe a go though, cheers for the hint.
<rharper> sure
<boxrick> Seems its also getting very confused with disk ordering which is sad
<rharper> for zfs or something else?
<boxrick> Oh just in general, this is server oddities.
<rharper> recommendation is to use /dev/disk/by-id/ links which are stable, where as the sdX values can change
<boxrick> It has an onboard SATA card which should be seen first ( sda ) but instead is sdc
<boxrick> Can you preseed all that also ?
<rharper> I dunno; can you specify the target disk ?
<rharper> like, partition /dev/FOO and there, you can replace sda with a link but you need to know it (and it makes it less general)
<boxrick> Sadly this is the recipe for countless servers rather than a single one, so it will need to remain sda etc. But thats fine. Will just have to do a specific pre-seed for this group of hardware
<rharper> ah
<boxrick> Thanks for the help anyway, very much useful info :)
<rharper> sure
<ScottE> boxrick: just an FYI to make sure you set the "overlay" ZFS option if you have /var on a discrete filesystem, otherwise it will fail to mount at boot since there is some stuff written to /var early on
<boxrick> I did find that out earlier the hard way, and ZFS wouldn't mount because of existing files there
<ahasenack> rbasak: the other day you said you missed update-maintainer in that mysql merge, did you push that?
<rbasak> ahasenack: no I still need to do that.
<rbasak> Normally I'd rebase and redo the merge commit, but that would screw up your review.
<rbasak> But I suppose I should just add a commit at the end and it'll be fine.
<ahasenack> yeah, just add it on top
<jlacroix> @cpaelzer sorry I had to step away from my computer and I missed your messages. Ubuntu 16.04 on both the host and the guest
<jlacroix> @cpaelzer if it matters I'm using virt-manager to attach the USB device so would I still need to do the xml stuff?
<ahasenack> rbasak: still around?
#ubuntu-server 2017-12-09
<cpaelzer> jlacroix: virt-manager will do the xml stuff, but on 16.04 you will need the apparmor changes mentioned in the bug
<cpaelzer> you can manually edit them into the /etc/apparmor/... files as listed in the bgus
<cpaelzer> jlacroix: if you use https://wiki.ubuntu.com/OpenStack/CloudArchive#Pike on xenial you'd already have the fixes for apparmor
<cpaelzer> depends on you if you want to update to that or change the files
<Neo1> hi I installed ubuntu server on VPS using ISO and can't reach in using putty
<Neo1> there ssh server is installed, I can reach site using VNC console
<Neo1> when I was installing I was asked set up network because DHCP couldn't setup automatically and I skipped this step
<Neo1> network is unreachable
<Neo1> I did it in VNC console ssh neo@my_id and I get error: network is unreachable, who know how to set up network and is it reason why my putty can't connect?
<Neo1> I compare VPS on digitalocean with this unworked and on digitalocean network is setup and works
<Neo1> ping 8.8.8.8 works
<Neo1> in not digitalocean doesn't work
<Neo1> guys  what shall I do?
<gun1x> stokachu: i tried rancher out, looks like a cool app
<gun1x> stokachu: how will ubuntu integrate rancher? cause atm rancher just runs as docker image
<gun1x> i mean i am confused to how this will mix with juju
#ubuntu-server 2017-12-10
<plongshot>  Is there a way to restart an ubuntu instance via ssh without actually shutting it down?  Like the way we can restarta a service (eg: sudo service apache2 restart)  but for restarting the os?
<plongshot> It's an aws 16.04 ubuntu server via ssh on my local machine. I can't shut it down and restart without incurring a cost (they hit me for an hour over a single
<plongshot> over a sinble restart
<lotuspsychje> plongshot: perhaps also mention why you need the restart, something lacks?
<alkisg> plongshot: there's kexec, which, if configured properly, loads a new kernel etc, which is similar to restart
<plongshot> alkisg: Thank you I'll try that. Unfortunately, got super late and I didn't realize it - gotta run. ty though I'll remember that
<lotuspsychje> !cookie | alkisg
<ubottu> alkisg: Wow! You're such a great helper, you deserve a cookie!
<alkisg> Hehe, I hope it's sugar-free for my diet :D
<lotuspsychje> lol
<Exterminador> hello all. I'm having a few difficulties to find a proper answer (or maybe I'm too dumb to understand the ones I've read) in Google. I have a VPS running Ubuntu 16.04.3 and I have a IPv6 /64 block just for me. the problem is that I only have the 1st IP of the block assigned to the machine. I'd like to know if there's any way for the machine auto detect the whole subnet (I'm providing a few services such as ZNC and I want
<Exterminador> to attribute a static IPv6 address to each user) so I don't need to add manually each an every IP on /etc/network/interfaces. thanks in advance
#ubuntu-server 2018-12-03
<MACscr> any ideas what im doing wrong here in regards to dnsmasq and resolv? it shows the correct ip's when i check the dnsmasq status, but then says no servers found in /var/run/dnsmasq/resolv.conf. Is that required if its getting them fine through my network interface file? https://paste.debian.net/hidden/1b71f30c/
<MACscr> this is a xenial lts server
<MACscr> weird. rebooted system to apply kernel updates and everything is good again
<Ouyes> guys, is there any way that I can limit the buffer/cache used on ubuntu server?  My server is using too much memory for cache/buffer, the application is running lack of memory, sometimes it failed to allocate memory.
<lordievader> Good morning
<lordievader> Ouyes: Buffers/cache should be reclaimable memory by an application. You can drop them, but they are there for your benefit.
<lordievader> Ouyes: https://www.tecmint.com/clear-ram-memory-cache-buffer-and-swap-space-on-linux/
<Ouyes> lordievader, well  let me tell you something, the buffer/cache is used and controlled by the kernel, when free memory is low, the application will report "can't not allocate memory".
<lordievader> "Disk cache can always be given back to applications immediately! You are not low on ram!" from https://www.linuxatemyram.com/
<lordievader> So, buffers/cache should not be a problem. But like I said, you can drop them.
<Ouyes> lordievader, drop them ? how?  the application should got the priority to get memory, and the kernel should maintain how much should be put into cache, so in your opinion, every time when an application wants to get some memory, it should free some cache?
<lordievader> The application does get the priority. The kernel only uses memory for cache/buffers that is unused. The kernel only needs to free some cache if there is no 'free' memory available.
<Ouyes> lordievader, this is exactly the problem, the kernel did not free cache when application needs it.
<Ouyes> lordievader, never mind, I increased my swap memory.
<lordievader> Ouyes: Do you have `sysstat` installed? What is the output of `sudo sar -r 1 1`. The memory might simply be higly overcommitted.
<Ouyes> lordievader,  overcommitted?
<lordievader> Yes, there is a difference between how much memory an application request v.s. how much it actually uses.
<lordievader> The kernel, by default, allows overcommitting till 150% if I recall correctly.
<Ouyes> lordievader,  I am not quite following you, what are u trying to indicate? my application has a memory leakage?
<Ouyes> lordievader, it is actually a ubuntu server
<lordievader> Ouyes: No, that is not what I'm trying to say. Could you run the command I gave you?
<ahasenack> good morning
<samba35> if i want usb drivers to be loaded as a module ,not kernel componet then how do i remove usb drivers from kernel and add to as a module
<rbasak> kstenerud: php7.3 should be availab.e in git-ubuntu now.
<kstenerud> great Thanks!
<muhaha> any idea how to set iptables permanently ? (18.10)
<sdeziel> muhaha: check the netfilter-persistent package
<Greyztar> With rsync,if sync job is rather large and to be most efficient would it be ok to do for the initial sync with --partial(-p),then if it gets scuffed by disconnect,one would use the --append-verify,then for further syncing use the --checksum option?
<sdeziel> Greyztar: you could always run it with --partial, no? --checksum is rather expensive for large files since you need to read them all on both sides
<Greyztar> sdeziel: yes that checksum hmm,but wouldnt partial start a whole new transfer again if i just redo that command after a disconnect or so?
<sdeziel> Greyztar: no, --partial is specifically made to keep the partial file around in case of disconnect
<sdeziel> Greyztar: what I don't like with --append-verify is the implied --inplace and the side effects it has
<sdeziel> Greyztar: but maybe those side effects are OK for your use case, I don't know :)
<Greyztar> sdeziel: thanks for the heads up i think i need to look further into this,ive only used abit gluster and ceph which for me atleast was set and forget hehe
<sdeziel> Greyztar: for large file transfer, I really love zfs send/receive feature
<Greyztar> sdeziel: zfs ive yet to handle,my dream is to have my storage all on zfs,but for homelab i find it not so flexible with raidz when cant add remove was it device or vdev ?
<Greyztar> sdeziel: though they say they will implement it,when they do ill migrate,think can actually remove device now though,but add not so much
<sdeziel> Greyztar: I've only used mirrors, sorry
<Greyztar> sdeziel: ohh ok then it doesnt matter,but i fully agree zfs is the way to go thumbs up
<Greyztar> sdeziel: did some reading though,would it be that omit append with --inplace as to if source file could get corrupted so have like 3 versions to compare with?
<smoser> rbasak: katamo and Odd_Bloke (and a customer) were confused as to why bug 1802354 was not fixed in bionic.
<ubottu> bug 1802354 in open-iscsi (Ubuntu Bionic) "iscsid does not run if there are only initramfs initiated targets" [High,Fix committed] https://launchpad.net/bugs/1802354
<smoser> i think the source of that was (partially) the message in comment 17
<smoser> where would i request a fix to tooling that posted that message to mention "bionic-updates"
<rbasak> smoser: see pending-sru
<smoser> rather than just "-updates"
<rbasak> There's a resoruce-agents armhf dep8 failure
<rbasak> smoser: ubuntu-archive-tools
<rbasak> smoser: sru-review script
<rbasak> (also possibly sru-accept script)
<smoser> ok.
<smoser> katamo, Odd_Bloke i will follow up on trying to improve that message
<katamo> smoser I'll try to read more carefully too ;) thanks for that follow through though!
<smoser> but one of you should follow up in #ubuntu-release on requesting that failure to be ignored
<smoser> http://autopkgtest.ubuntu.com/packages/r/resource-agents/bionic/armhf
<smoser> katamo and for reference, "pending sru" that rbasak mentioned was
<smoser>  https://people.canonical.com/~ubuntu-archive/pending-sru.html
<v0lksman> I have an l2tp connection I'm trying to establish.  I believe I've set everything correctly however when I connect I don't see a new interface or IP bind to any of the existing interfaces. However in syslog I do see keep alives being sent and a few other entries regarding the tunnel
<v0lksman> wondering if the remote (the "server") should be serving me an IP at this point or is this something I need to set strongswan or xl2tpd to receive?
<v0lksman> I'm asking in server because the answers I've gotten to date are to use a GUI tool that was created, but I can't as it's headless
<v0lksman> all good...bad config
<leftyfb> Anyone know the proper replacement for Wants=network-online.target? Since this doesn't actually work.
<leftyfb> In a systemd unit that is
<sdeziel> leftyfb: have you also set After=network-online.target?
<leftyfb> I've tried that as well
<leftyfb> and Requires
<leftyfb> and every permutation of those
<leftyfb> I've seen lots of posts online of network-online not actually working the way it's supposed to
<sdeziel> systemctl is-enabled NetworkManager-wait-online.service systemd-networkd-wait-online.service => do you have any of those "enabled"
<leftyfb> No
<sdeziel> or maybe you are using ifupdown?
<leftyfb> it's a server so NetworkManager isn't installed
<leftyfb> it's 16.04, so yes, ifupdown
<rbasak> leftyfb: do you know about https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ /
<rbasak> ?
<sdeziel> I think you could depend on ifup@$IFACE or something
<leftyfb> rbasak: yep. Read the entire page several times. It's stating to do what we already had configured originally.
<sdeziel> I'd try Wants= and After=ifup@$IFACE.service
<rbasak> I'm not sure how well ifupdown is integrated with network-online.target.
<leftyfb> sdeziel: we have a gross workaround using "until", but I was looking for a cleaner solution
<rbasak> The page explains why network-online.target is ill-defined
<leftyfb> rbasak: right, so is there a better alternative?
<rbasak> leftyfb: for what? http://xyproblem.info/ etc
<leftyfb> alternative to network-online.target
<leftyfb> to determine if we're online .
<rbasak> Define "online"!
<rbasak> See the upstream page :)
<leftyfb> ping able to contact a host over the internet ... in this case, a REDIS server
<teward> i'm going to go out on a limb and say that "online" is a determination of if the network interface is up
<teward> not necessarily a connection to "other machines"
<teward> if you are looking for an "actually able to reach things" state I'm not sure there's a SystemD target that fits that requirement
<leftyfb> network-online is supposed to mean interface is up, has an ip and can contact a DNS server. <~~~ this would be adequate, but it doesn't work
<teward> ehhh... "network-online.target is a target that actively waits until the nework is "up", where the definition of "up" is defined by the network management software. "  <-- this is the actual definition
<teward> according to rbasak's link
<teward> but that's not really a 'clear' definition
<teward> Or more specifically: "This will ensure that all configured network devices are up and have an IP address assigned before the service is started."  <-- this
<teward> this doesn't mean that it'll verify connectivity exists if I'm reading this right
<teward> just that it's got an IP assigned
<leftyfb> that would be good if that were the case
<rbasak> Unfortunately whatever definition you pick it will not work for some reasonably substational set of server users.
<teward> ^ this
<teward> which is why it's not really in 'mainstream' use :p
<rbasak> That's why the best answer is as suggested in that page - fix the services.
<teward> ^ this
<leftyfb> ok, so there's no systemd solution
<teward> it'd be better for your app/service to have in-built ability to test its own connectivity and 'not start' in those cases where it can't reach the other servers.
<sdeziel> I don't even know if this target has any real meaning when using ifupdown
<lordcirth> Yeah, the app (or a launch wrapper) should check
<lordcirth> You could use ExecStartPre= for that, perhaps
<leftyfb> lordcirth: Again, this is what we're already doing as a workaround. I was just looking for a cleaner way. Looks like there isn't one.
<sdeziel> leftyfb: have you tried the Wants/After=ifup@$IFACE.service?
<sdeziel> this worked for me in the past
<leftyfb> ExecStartPre=/bin/bash -c 'until host remotehost.com; do sleep 1; done'
<leftyfb> This is the workaround we're using. It works
<rbasak> An "up" ifupdown stanza would be better than that.
<lordcirth> Oh ok, sorry.  Didn't read the whole scrollback
<rbasak> Or sdeziel's suggestion sounds even better
<leftyfb> sdeziel: That's cleaner. I like it. Thank you
<sdeziel> leftyfb: you are welcome
<DammitJim> is there such a thing as openjdk 10?
<nacc> DammitJim: generally? Yes, but not in any current release, I don't think
<DammitJim> whatever happened to it? got superceded by 11?
<nacc> https://launchpad.net/ubuntu/+source/openjdk-lts/+publishinghistory
<nacc> gives you a rough idea, i suppose
<nacc> DammitJim: so that package builds openjdk 11, which confusingly for 18.04 users is still at 10.x .. It will update at some point in 18.04 (I believe there is an open bug for this you canfind easily)
<nacc> DammitJim: LP: #1796027
<ubottu> Launchpad bug 1796027 in openjdk-lts (Ubuntu) "Update openjdk-11 to 11.0.1 -> Backport it from Ubuntu 18.10" [Undecided,Confirmed] https://launchpad.net/bugs/1796027
<DammitJim> OMG
<DammitJim> thanks for clarifying
#ubuntu-server 2018-12-04
<Secutor> How do you start/stop networking on 18.10 server using CLI?
<Secutor> I'm using Netplan and the default networking services.
<teward> Secutor: why would you want to *stop* the networking
<teward> you can just reapply the net config with `sudo netplan apply` if you change it
<teward> i'm not aware of any real "shut it off" functionality out of the box with netplan
<mwhudson> yeah you have to stop networkd and then down the interfaces manually i think
<Secutor>  I have a script and want to ensure that there is no incoming network traffic for a few moments to do some work then re-enable networking.
<Secutor> I know I can install ifdown and some older tools but want to try to do things the more modern Ubuntu way if possible.
<hyperlumic> ip link set eth0 down
<hyperlumic> That'll just down the interface at the link layer. ip link set eth0 up to re-up it.
<Secutor>  Thank you hyperlumic, that works.
<cpaelzer> good morning
<a_ok> I am trying to pin a package but man is the documentation confusing. Setting a high number in pin priority what does that do? "Pin: version 5.10*" will this match version 5.100?
<rbasak> a_ok: a single package? Are you sure you don't just want to put a hold on the package? What are you actually trying to achieve?
<a_ok> rbasak: I want to able to make sure a few packages are never upgraded to another major version. We use ansible to configure our servers so placing a file for each package is ideal
<rbasak> a_ok: how do you define "major version"?
<rbasak> a_ok: are you aware of Ubuntu's stable release update policy? See https://wiki.ubuntu.com/StableReleaseUpdates
<rbasak> In general Ubuntu doesn't do major version updates in stable releases.
<a_ok> rbasak: Sorry I meant semvers minor version. But patch version is ok
<rbasak> Packages in the archive don't necessarily follow "semver" for the package version strings themselves.
<rbasak> (though the general concept has been used in our ecosystem long before the semver people rediscovered it)
<a_ok> rbasak: Not relevant in this case. I need it. Semvers is used. Where other scheme is used I will create an appropriate pref file
<rbasak> a_ok: the problem is that I don't think there's any way to configure apt to break down the version string for differentiation for pinning purposes
<rbasak> a_ok: it's relevant because you need apt to do that but package version strings that apt use aren't defined to be "semver".
<a_ok> rbasak: So you mean that the package can just ommit the version or something?
<rbasak> I don't understand your question. What does "omit the version" mean?
<a_ok> When I say "Pin: version 2.1.*" Should it not be impossible for version that does not match that scheme to be installed?
<rbasak> If you're trying to configure apt to work around a broken third party apt repository upgrade policy, you're going to face a world of pain.
<rbasak> apt isn't designed around being able to do that.
<kstenerud> Is there an wasy way to get to a package's bugs page on launchpad? I'm trying to get to git-ubuntu, but everything uses google search, which returns garbage
<rbasak> kstenerud: https://bugs.launchpad.net/usd-importer
<rbasak> It's not a package as such; it's an upstream package hosted at launchpad.net/usd-importer (name bad for historical reasons)
<rbasak> It's not a package as such; it's an upstream *project* hosted at launchpad.net/usd-importer (name bad for historical reasons)
<rbasak> Sorry
<oskie> hello, in my bionic KVM VM, the hostname is reset to some old value on reboot
<oskie> any idea where it is kept? (it's not in /etc)
<frickler> oskie: in which environment do you run your VM? iirc cloud-init runs by default, so it may set the hostname and other parameters on boot
<oskie> frickler: i had to update it with hostnamectl and mess with cloud init (preserve_hostname)
<oskie> i guess hostnamectl stores it in some kind of binary format or other
<nacc> rbasak: kstenerud: pad.lv/fb/usd-importer
<nacc> works as well for srcpkgs
<shubjero> Does anyone know if spectre-meltdown-checker thats available for Ubuntu 18.04 can be obtained for 16.04?
<shubjero> I just tried it on 18.04 and its great
<nacc> !info spectre-meltdown-checker xenial
<ubottu> Package spectre-meltdown-checker does not exist in xenial
<nacc> !info spectre-meltdown-checker bionic
<ubottu> spectre-meltdown-checker (source: spectre-meltdown-checker): Spectre & Meltdown vulnerability/mitigation checker. In component universe, is optional. Version 0.37-1 (bionic), package size 29 kB, installed size 120 kB
<nacc> shubjero: looks to not be available
<shubjero> nacc: yeah too bad, its pretty useful.. and all my hypervisors are running 16.04.. haha
<shubjero> i have one system on 18.04 and its not part of our compute fleet :)
<shubjero> actually here it is in a non-packaged version (fine) https://github.com/speed47/spectre-meltdown-checker
<rbasak> ahasenack, cpaelzer, kstenerud: are we expecting any other transitions from the server team end?
<rbasak> I was going to email ubuntu-devel@ with an "upcoming transitions from the server team; let me know if you want us to hold" notice.
<rbasak> cpaelzer: should I include Ruby in that?
<ahasenack> rbasak: maybe bind, but it's a small one
<ahasenack> haven't checked if there is a soname bump yet, but there might be one in time for disco
<rbasak> OK
<ahasenack> bind9 1:9.11.4+dfsg-3ubuntu5 -> 1:9.11.5+dfsg-1
<ahasenack> probably safe
<nacc> ahasenack: would you want to mark that bug for samba as blocks-proposed or whatever the correct tag is to prevent it from migrating?
<ahasenack> nacc: how does that work?
<ahasenack> nacc: if I add the tag, and fix freeipa's test which would let samba pass, it won't pass?
<ahasenack> s/pass/migrate/
<nacc> ahasenack: i am trying to remember, but i recall there is a tag that will prevent a package from migrating out of proposed
<ahasenack> block-proposed does sound similar
<ahasenack> er
<ahasenack> familiar
 * ahasenack reads https://wiki.ubuntu.com/ProposedMigration
<nacc> ahasenack: https://bugs.launchpad.net/ubuntu/+source/ruby-autoparse/+bug/1754464 had it
<ubottu> Launchpad bug 1754464 in ruby-autoparse (Debian) "remove broken ruby srcpkgs due to ruby-defaults stuck in bionic-proposed" [Unknown,New]
<ahasenack> "No bugs with the block-proposed tag are open against the package (this can be used to temporarily block a package on manual testing);"
<ahasenack> nice
<ahasenack> I added it
<ahasenack> thanks
<nacc> ahasenack: np, it's handy for cases like this
<ahasenack> indeed
<cpaelzer> rbasak: ruby is coming once FTBFS are resolved
<cpaelzer> rbasak: but it is a minor version, so no rebuild wave planned
<kinghat> what is going on here? http://paste.debian.net/hidden/19a7c323/
<sarnold> kinghat: normally ubuntu systems don't have root passwords
<kinghat> i have to actually be root to restart apache there?
<sarnold> or have sudo privs
<kinghat> i mean i gave it root password
<kinghat> im logged in as admin account
<ikonia> admin account ?
<kinghat> i only have one account
<ikonia> you should be your normal user and use sudo to launch root based commands
<ikonia> eg: "sudo systemctl restart apache"
<kinghat> i see what you mean
<ikonia> that also looks like your running a desktop
<ikonia> are you sure this is an ubuntu server install
<kinghat> ya
<lordcirth> That auth thing is annoying.  I'd much prefer if it just said "you need to use sudo" instead of reinventing the wheel
<sarnold> yes
<mwhudson> heh i can predict what that pastebin says without opening it
<sarnold> :)
<bjonnh> why would netplan not apply at boot ?
<bjonnh> (server 18.10)
<cyphermox> it doesn't need to
<bjonnh> the inplace migration I made from fedora worked
<bjonnh> except that IÂ forgot to install lvm2 so lvm was missing in the initrd
<cyphermox> there's a generator that runs at boot, same as the other systemd generators, so the config is written before networkd starts
<bjonnh> and the second part was that netplan was never applying
<bjonnh> I made my own config
<bjonnh> (basic dhcp on one interface)
<bjonnh> http://paste.alacon.org/45631
<bjonnh> I reverted to ifupdown for now
<bjonnh> /etc/network/interfaces was empty
<cyphermox> bjonnh: maybe the device doesn't have that name at the time networkd is starting, so you might need to match the device by MAC address for networkd to know exactly which one enp7s0f1 is
<bjonnh> oh
<cyphermox> so, like this: http://paste.alacon.org/45632
<cyphermox> just my guess, since that's pretty simple config
<bjonnh> I called them id0 and id1
<bjonnh> lets see
<tafa2> would anyone know of an alternative much simpler version of freenas that can run on ubuntu with a gui to configure SFTP accounts quickly?
<bjonnh> cyphermox: that was it
<bjonnh> cyphermox: thanks
#ubuntu-server 2018-12-05
<kinghat> can someone here help me wrap my head around apache2 usr/grp/permissions?
<teward> kinghat: depends on what exactly you're trying to achieve?
<kinghat> im trying to set up this php server software that is like a self hosted image host.
<kinghat> i think permissions and users and groups is making the install of it fail.
<teward> set ownership for the web root/dir to www-data for both user and group
<teward> recursively
<teward> the web server should be able to write configs then
<sarnold> (as well as the executables :( )
<kinghat> well i created a group `web-content` and added the only user there is on the machine to it.
<kinghat> also added `www-data` to it as well.
<kinghat> i basically did this at the bottom: https://wiki.apache.org/httpd/FileSystemPermissions
<kinghat> but instead of `apache` i used `www-data`
<kinghat> but used 644 and 755
<teward> probably helps to ask what happens when you *try* to install?
<teward> because such info is useful :P
<kinghat> the guy who made the software says 'Not a bug, because thats mean that the directory is not writable by the user'
<kinghat> im basically starting from scratch here.
<teward> i'd need to see the softwarew then because something undocumented like that or not clearly written means that they don't know muhc.
<teward> and i didn't ask you waht **that guy** said
<teward> i asked you **what you witnessed**
<teward> I.E. the exact error messages you are seeing
<kinghat> https://github.com/SergiX44/XBackBone
<kinghat> ya i think it was a 500 error after it tries to install. and i think it has to do with creating a db.
<sarnold> hint: pastebin what happened.
<kinghat> this was the error: https://cdn.discordapp.com/attachments/514330611742277635/519616960741244930/unknown.png
<kinghat> sarnold: sorry im starting from scratch so i dont have them anymore.
<kinghat> actually i may be able to dig it up if i posted it to a bin. one sec.
<kinghat> http://paste.debian.net/hidden/9e9e1d42/
<sarnold> I hate this software already
<kinghat> but i was trying all different configs at the time so
<sarnold> why doesn't it give a precise error message? sigh
<sarnold> anyway try namei -l /var/www/html/xbackbone/app/Database/DB.php and see if that gives you any hints
<kinghat> its pretty new
<kinghat> well i dont even have the software on the server anymore. like i said im starting from scratch with permissions and the user groups.
<kinghat> should `www-data` own everything? or what happens when i ssh or sftp in to add the server files, then it becomes owned by the user.
<kinghat> they are both part of the group `web-content`
<kinghat> cant the software be owned by the group instead?
<sarnold> I strongly dislike www-data owning the executables but whatever works
<kinghat> sarnold: you mean `chown -R www-data:www-data /var/www/html`
<kinghat> ?
<sarnold> kinghat: I also think it's a bad idea for www-data to own the data, since I don't think a compromised web server should be able to make persistent changes
<kinghat> i mean i obv have no idea how it should be i cant get it to work
<kinghat> let alone security implications of the different configurations.
<kinghat> is it possible to have all files chmodded a default way for a certain dir and recursively?
<sarnold> not really
<kinghat> maybe it just was automagically done in ftp clients that i used to use.
<kinghat> if i transfer files over via sftp you have to change them every time
<kinghat> huh. if i set everything to `www-data:www-data` it seems to be working.
<teward> kinghat: not really, FTP clients are just as stupid as SFTP is - they'd have the same permissions problems.  (SOrry I disappeared and sarnold took over I got busy)
<kinghat> np
<kinghat> teward: so you think its ok to `www-data:www-data` everything?
<teward> no i have my reservations about it too
<teward> but I typically am "OK" for that from an *installation* perspective then change the ownership to group only with write access to only what exactly is needed
<teward> i'm a strict it security guy so I do rigorous tests and stuff along those lines to make sure permissions are as restrictive as they can be on any webapp i use
<fishcooker> on ubuntu 16.04.5i tried to change priority and nicelevel of a service using start-stop-daemon --start --quiet --chuid "$FAIL2BAN_USER" --nicelevel 13 --iosched 'idle' --exec $DAEMON but it won't change the prio and nice level https://paste.ubuntu.com/p/MzgznDnn6C/
<sarnold> is uid 0 also correct? (can it run as non-root?)
<kinghat> teward: you mean write access to `www-data` or user?
<sarnold> fishcooker: is there a systemd unit file that's being used instead of a sysv-init script?
<cpaelzer> jamespage: see mail from justin, do we cancel or postpone todays meeting then?
<jamespage> cpaelzer: I'll cancel for today
<kstenerud> I just got this error from launchpad when uploading a ppa: Source/binary (i.e. mixed) uploads are not allowed.
<kstenerud> But I built using git ubuntu build like always. Why did it upload a mixed (?) package?
<kstenerud> and what does that even mean?
<cpaelzer> ok, thanks jamespage
<lordievader> Good morning
<ahasenack> good morning
<Mr_Pan> hrllo i need a GUI for Amavis Qauarantined File ...any  ideas?
<jamespage> coreycb: seeing some autopkgtest failures in disco proposed - cinder, nova - looks like a migrate + sqlite type issue
<coreycb> jamespage: hmm ok i can take a look
<jamespage> coreycb: might be easier to just switch to using mysql - its a pretty simple setup (see neutron)
<coreycb> jamespage: good point, ok
<Greyztar> is there a way to change vi text editor edit mode key from insert to something else?my keyboard got insert on numpad/generally scuffed keyboard
<rbasak> Greyztar: uh, the "i" key?
<Greyztar> rbasak: hmm doesnt take me to edit mode though :/
<Greyztar> rbasak: ahh now it works ,time to buy new keyboard haha
<rbasak> Greyztar: you might want to give "vimtutor" a go.
<rbasak> Greyztar: with vim installed, run "vimtutor". It'll take about half an hour and you'll know your way around vim/vi much better then.
<Greyztar> rbasak: the problem was partially that i thought i was supposed to work also ,but when it didnt i thought it changed with some update or so,its they "i" button on keyboard itself which is scuffed amongst other keys
<Greyztar> rbasak: thanks for the tip ill check it out (,")
<rbasak> "a" will also work (but subtly differently - the tutorial will explain :-)
<Greyztar> rbasak: good stuff!
<leftyfb> Can anyone point me to some documentation for customizing an initrd booted over PXE to dd an image to the local drive ?
<leftyfb> I find it hard to believe people haven't already done this, though I'm having trouble finding any information on it
<sarnold> I suspect folks start with something simple and then keep building on it until they've got a system like maas or fai :)
<lordcirth> leftyfb, why was it you needed raw dd images specifically?  I forget
<leftyfb> lordcirth: as opposed to? This is to lay down an image into bare metal
<lordcirth> as opposed to pxe booting a preseeded ubuntu, for example
<leftyfb> Regardless, whatever is chosen for the disk image type, I'll still need to lay this down onto the bare metal during some running environment booted to from PXE
<leftyfb> ah
<leftyfb> we want images to keep every device standard
<lordcirth> Like, when I deploy machines, I PXE boot the ubuntu server iso with a preseed, the preseed late_command installs salt-minion and connects to the master on first boot.
<leftyfb> We're doing d-i installs now and have issues with versions of packages changing and causing issues
<lordcirth> Then salt 'minion' state.apply
<leftyfb> I know all about that, I do those installs now. We want images
<leftyfb> an image will be a lot quicker to deploy 10 or more at a time regularly
<leftyfb> The image will be created in a CI environment
<leftyfb> this is coming as a surprise to me that this isn't documented somewhere already. Customizing an initrd(initramfs?) to lay a disk image down onto bare metal.
<leftyfb> as sarnold said, this is the basis of projects like fai and maas
<lordcirth> I'm pretty sure it's not documented under that search because they didn't do it in the initrd
<lordcirth> but I could be wrong
<sarnold> leftyfb: hmm, would it be as simple as booting with init=/bin/dd ... ?
<lordcirth> lol
<lordcirth> You'd need to mount first, though
<leftyfb> sarnold: unlikely since we'll need network to pull down the image to be dd'd
<leftyfb> we'll need some minimal OS running
<lordcirth> I'm setting up test VM's now, because I'm bored
<leftyfb> I'm digging into an initrd now, but there's got to be a more methodical way of doing this
<sarnold> sorry, I got a phone call while typing that
<sarnold> but if you'v;e already booted into an initrd, you've *got* some amount of OS running and available
<lordcirth> leftyfb, I'm pretty sure DRBL / Clonezilla SE do this.
<lordcirth> leftyfb, https://wiki.gentoo.org/wiki/Custom_Initramfs/Examples
<sdeziel> wow, https://wiki.gentoo.org/wiki/Custom_Initramfs/Examples#Self-Decrypting_Server is dangerous
<leftyfb> hm, I kinda like it actually
<leftyfb> gives me an idea for my encrypted backups
<sdeziel> leftyfb: if the CPU's clock changes, the dynamic key to unlock the LUKS volume changes. Sounds risky to depend on something that volatile ;)
<lordcirth> leftyfb, http://www.evanjones.ca/software/pxeimager-scratch.html
<TJ-> leftyfb: how big is userspace FS in these systems?
<leftyfb> TJ-: ~120G SSDs
<leftyfb> 10G images
<TJ-> leftyfb: ahhh, so we can't embed it in the kernel image initrd then!!
<leftyfb> sorry, make that 15, with just a raw dd image pulled with no thought into cache size
<leftyfb> nope, not at all
<leftyfb> lordcirth: that might be exactly what I'm looking for ... going to spend the rest of this week going through it and see if it'll work the way we want
<TJ-> leftyfb: so, semi-easy way: install dropbear-initramfs, PXE boot the image and on the PXE host have it trigger a dd if=disk.img | ssh target.robot dd of=/dev/sda" ?
<lordcirth> It looks pretty simple...
<leftyfb> TJ-: got documentation on how to set something like that up?
<TJ-> leftyfb: in my head, sure :D
<leftyfb> TJ-: "on the PXE host have it trigger" what does that look like?
<TJ-> leftyfb: the only hackish part would be triggering the ssh, but i'd guess watching the PXE network connection could do that
<TJ-> leftyfb: the other option would be to reverse that and have the initrd have an ssh client that connects back to the host
<leftyfb> TJ-: I don't follow the idea of:   the client booted the dropbear-initramfs image, the host realizes the client is booted and somehow dd's an image to the clients local storage
<TJ-> leftyfb: in that case, the PXE/TFTP host 'knows' a client has fetched the boot image, so it can use that knowledge to trigger an ssh connection to the target, where the target is running dropbear-initramfs SSH server. The command is simply a dd through the SSH link
<leftyfb> ah
<TJ-> leftyfb: but doing it the other way (outbound connection from initrd to host) is probably easier, and is the procedure used for things like fetching a remote LUKS encryption key. For scripts examples see e.g. http://blog.neutrino.es/2011/unlocking-a-luks-encrypted-root-partition-remotely-via-ssh/
<leftyfb> very hacky though
<TJ-> Everything is 'hacky' until it works, then it's standard procedure!
<TJ-> Even better examples with hook scripts here https://www.quora.com/Debian-GNU-Linux-How-can-I-add-an-SSH-active-client-in-the-initramfs-image-to-get-data-remotely
<leftyfb> damn, I wanted to try that first article you posted on my laptop but can't seem to find the rsa key pair for it
<leftyfb> There's no /etc/initramfs-tools/root
<leftyfb> unless I'm supposed just make that all myself
<TJ-> the initramfs script tools auto-create paths to files when the directories don't exist
<leftyfb> so.... what do I run?
<leftyfb> 2) Install the required packages:
<leftyfb> apt-get install openssh-server dropbear busybox
<leftyfb> 3) Copy the SSH key that has been generated automatically
<leftyfb> scp root@my.server.ip.addr:/etc/initramfs-tools/root/.ssh/id_rsa ~/id_rsa.initramfs
<leftyfb> step 3 is invalid
<TJ-> the quora article is much better; it even has an initramfs hook for installing ssh and so on using copy_exec
<leftyfb> the quora article seems like a lot more manual work compared to the first one where it assumes everything just works out of the box
<leftyfb> it looks like I can just create the root myself and use my own keys
<TJ-> quora is three steps; 1) create the keys in /etc/initramfs-toosl/root/ 2) create the hook script /etc/initramfs-tools/hooks/ssh-remote  3) create the initrd.img script /etc/initramfs-tools/scripts/XXXXX where XXXX is the stage of the initrd you want it to run at
<TJ-> for copying a disk image it needs the network up but it I'd think it could be done at local-premount
<TJ-> so the correct network modules need adding, and the network configured, first
<leftyfb> welp, tomorrow is another day. Thanks for the suggestions guys. I've got some reading and tinkering to do tomorrow.
#ubuntu-server 2018-12-06
<mybalzitch> https://help.ubuntu.com/lts/serverguide/firewall.html#ip-masquerading those ufw nat instructions don't actually work
<mybalzitch> https://pastebin.com/sUrTm9ZK
<mybalzitch> deleting and readding the commit line several times fixed it? nice parser.
<samba35> i have messup with my ubuntu 18.04 server with grub loader there is now only memory test entry are there there is no linux-version entry
<samba35> how do i fix this problem ?
<cpaelzer> good morning
<cpaelzer> samba35: that seems that no kernel at all was found on your last update grub
<cpaelzer> samba35: there might be more options, but I'd try to boot from USB/CD
<cpaelzer> samba35: then chroot into your actual system
<cpaelzer> and then check why there is no kernel, fix that up
<cpaelzer> and eventually run sudo update-grub
<cpaelzer> that should then detect the kernel that you made available and update the boot tables as needed
<cpaelzer> then cross fingers, reboot and done
<cpaelzer> samba35: I think the live CD also has a boot-repair option that fixes most common issues
<samba35> sorry cpaelzer
<cpaelzer> for what samba35?
<samba35> i try to boot from dvd and mount it but it give erros
<cpaelzer> well then, disk broken maybe
<cpaelzer> what kind of errors
<samba35> error with dpkg and unable to find some files
<cpaelzer> provide a pastebin of the commands you tried and maybe the logs and dmesg that was created along
<cpaelzer> hmm
<cpaelzer> are those dpdk errors after mount+chroot?
<cpaelzer> did you bind mount /proc, ss and dev ?
<samba35> is it possible to boot from another harddisk and make broken disk as a slave and try to repiar ?
<samba35> no
<cpaelzer> samba35: that is exactly what you already do with the CD
<cpaelzer> CD is the "other disk"
<cpaelzer> and you try to repair from there right
<samba35> currenty i am on 16.04 and broken disk as a slave
<samba35> will i able to fix this now ?
<cpaelzer> no one can tell you that in advance, but give it a try
<cpaelzer> before you chroot you should like
<cpaelzer> 1. mount the disk on /mnt
<cpaelzer> 2. for f in proc sys dev ; do mount --bind /$f /mnt/$f ; done
<cpaelzer> 3. chroot /mnt
<cpaelzer> then you are as if you'd be in your hard disk's system
<cpaelzer> not sure if you need network tricks, but that would be a start
<cpaelzer> there check /boot and if there is a kernel as it should be
<cpaelzer> then run sudo update-grub what does it say ...
<samba35> ok
<samba35> let me try
<samba35> sda1 is mount as a /media/tesuser/some numbers
<samba35> what is ss ?
<samba35>  mount /media/tesuser/637d0aee-9232-11e8-9c61-2ed34b5b4932/proc/  /current (from where i have booted ) that drive any mount point or old salave disk mount point ?
<samba35> mount:  /media/tesuser/637d0aee-9232-11e8-9c61-2ed34b5b4932/proc is not a block device
<samba35> ok
<samba35> done
<samba35> with --bind
<cpaelzer> yeah it just means "be also available there for when I late chroot"
<samba35> from where i have to run update-grub  ?
<samba35> salave /18.04 disk or currnt 16.04 disk
<samba35> ok let me boot from cdrom and try
<samba35> cpaelzer, thanks i will be back later after trying this
<cpaelzer> samba35: you want to do that "inside" the chroot which is on the disk you want to fix
<samba35> ok
<samba35> chroot: failed to run command '/bin/bash': No such file or directory
<samba35> in old disk in /boot i can see initrd.img-4.15.0-42-generic.dpkg-bak
<samba35> initrd.img-4.15.0-42-lowlatency.dpkg-bak
<samba35> initrd.img-4.19.2-041902-generic.dpkg-bak
<samba35> and when i run update-grub here i show currnt disk kernl 3.x
<samba35>  w /usr/sbin/grub-mkconfig: 37: /usr/share/grub/grub-mkconfig_lib: cannot create /dev/null: Permission denied
<samba35> mount but why ?
<samba35> a /usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?).
<samba35> cpaelzer, a /usr/sbin/grub-probe: error: failed to get canonical path of `/dev/mapper/ubuntu-root'.
<samba35> now this error
<cpaelzer> hmm seems like lvm root
<cpaelzer> righ tnow I'm not sure without checking myself what special consideration apply
<samba35> ok
<cpaelzer> your list of kernel/initrd mentions only backup files
<cpaelzer> no actual kernel/initrd there ?!
<samba35> yes
<cpaelzer> well, whatever the reason is that is at least part of your issue
<samba35> there was error with dpkg and i google some site and mess up
<cpaelzer> you'd want to install at least one kernel
<samba35> yes
<samba35> will booting from 18.04 dvd will help ?
<cpaelzer> yeah the case look half-broken already, this gets hard to fix-by-remote-hints
<samba35> and rescue mode
<cpaelzer> booting a different DVD will not make it any different IMHO
<samba35> ic
<cpaelzer> you still need to install a proper kernel on the main disk in the chroot
<cpaelzer> and then update-grub
<cpaelzer> and sort out whatever the lvm setup makes you need in additon
<samba35> ok
<samba35> thanks cpaelzer back soon thanks
<lordievader> Good morning
<kstenerud> Does anyone know how to generate a control file from a control.in file?
<mwhudson> kstenerud: there's no one way, make -f rules control ?
<samba35> E: Sub-process /usr/bin/dpkg returned an error code (1)
<samba35> how to fix this
<LeMike> Would this be the right place for some rsync things? I tried using --filter=":e- .gitignore" but unfortunately it still downloads all files instead of ignoring some. Why could that be?
<LeMike> damn it. forget about this. the ":" is a directory merge so the .gitignore of the sender will be used (and not mine as receiver).
<ahasenack> good morning
<peetaur2> I don't know when or how, but at some point, vsftpd and LDAP were working fine, and now it fails.   with lftp client, it started doing this:    ls: Login failed: 500 OOPS: cannot locate user entry:username
<peetaur2> and if I change it to use the sshd pam service instead, it then says     ls: Login failed: 530 Login incorrect.
<ahasenack> you need to checkout which ldap searches are being done, and what their result is
<ahasenack> peetaur2: ^
<peetaur2> I basically did that.
<peetaur2> but restarting nslcd fixed it .... :/
<peetaur2> why should getent, ssh, etc. all work fine using nslcd, but vsftpd needed it restarted? silly thing
<ahasenack> ah, the cache?
<peetaur2> nslcd does caching, yes
<ahasenack> rbasak: hey, I just saw something interesting in a debian package
<ahasenack> rbasak: debian builds samba with glusterfs support, so their samba-vfs-modules package ships /usr/lib/x86_64-linux-gnu/samba/vfs/glusterfs.so
<ahasenack> and that links with libglusterfs.so.0, which comes from glusterfs-common
<ahasenack> rbasak: but their samba-vfs-modules package has no dependency on glusterfs-common. Instead, they have a Recommends
<ahasenack> root@oriented-mastodon:~# dpkg -s samba-vfs-modules|grep gluster
<ahasenack> Recommends: glusterfs-common, libcephfs2 (>= 12.2.8), libdbus-1-3 (>= 1.9.14)
<ahasenack> is that a valid trick?
<ahasenack> shlibs didn't seem to have picked up the linkage between /usr/lib/x86_64-linux-gnu/samba/vfs/glusterfs.so (samba-vfs-modules) and /usr/lib/x86_64-linux-gnu/libglusterfs.so.0 (glusterfs-common)
<ahasenack> in the package's description:
<ahasenack>  Note: The runtime dependencies of vfs_ceph, vfs_glusterfs and vfs_snapper are
<ahasenack>  moved to Recommends.
<nacc> ahasenack: so if you install samba-vfs-modules (but not it's recommends) and then configure samba to use gluster, does it segfault/crash?
<ahasenack> nacc: it would definitely fail to load that module. I think it still starts up, but I would have to check
<rbasak> Plugin modules are weird
<rbasak> It might be reasonable to leave it as a recommends or even a suggests
<ahasenack> also, what does ubuntu do, since it installs recommends by default? What does it do when it cannot find a recommends?
<rbasak> I think it will not take any action on a recommends it cannot fulfil. But that might need checking.
<rbasak> "The Depends field should be used if the depended-on package is required for the depending package to provide a significant amount of functionality."
<rbasak> From policy
<rbasak> For something like samba-vfs-modules, glusterfs may not be treated as "significant".
<ahasenack> right
<ahasenack> but the question is, what would britney do? :)
<rbasak> It doesn't know so it doesn't care.
<ahasenack> I mean, at migration time
<ahasenack> if it would treat recommends as depends or not
<ahasenack> or "whatever apt would do" is the answer
<rbasak> Oh
<rbasak> I see what you're asking now. I don't know. Good question.
<ahasenack> I'll find out
<ahasenack> we could drop that bit of delta if this works and is acceptable
<cpaelzer> coreycb: jamespage: is that nova test error anything you triggered or could fix https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-disco/disco/amd64/n/nova/20181206_155403_69eef@/log.gz ?
<cpaelzer> the libvirt upload I did certainly didn't trigger that
<cpaelzer> was a s390x only one line change to vfio handling
<cpaelzer> so I wonder if there is anything going on that you know avoiding that I have to debug and find out on my own tomorrow
 * cpaelzer is lazy before going to bed and hope the world fixes my issues
<evit> I was thinking the other day. It would be awesome if apt update would notify if you needed to reboot or not like it does on the desktop.
<sdeziel> evit: motd is updated with the reboot needed notice
<coreycb> cpaelzer: I've been trying to figure it out all day. I made a little progress at https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1807262
<ubottu> Launchpad bug 1807262 in nova (Ubuntu) "stein unit tests fail with sqlalchemy.exc.NoSuchTableError: migration_tmp" [High,Triaged]
<evit> sdeziel, I'm talking about after you do a manual apt update && apt upgrade
<evit> @sdeziel, I disabled MOTD
<coreycb> cpaelzer: something changed w sqlite
<sdeziel> evit: I guess you could have a post-apt hook to do what the motd in question was doing
<cpaelzer> coreycb: if you don't find something towards your EOD
<cpaelzer> would you mind filing a force-badtest for now to unblcok me and potentially others
<cpaelzer> that would give you tim eto sort it out
<sdeziel> evit: if you are looking for something to let you know which services would need a restart (more frequent than reboot-needed), you may want to look at https://github.com/simondeziel/check-deleted-libs/blob/master/check-deleted-libs </self promotion>
<cpaelzer> thanks for the bug reference, I'll refresh tomorrow what your last state on this was
<coreycb> cpaelzer: haven't done that before but will look into it
<cpaelzer> thanks coreycb I'd appreciate that
<cpaelzer> ok, cu tomorrow where I'll recheck the latest updates to that bug
<evit> Silly question. I've updated my .bashrc to include my FQDN with /H but I don't see it upon logging back in. Any ideas?
<evit> I mean \
<evit> \H sorry
<lordcirth> evit, to include it in $PS1, you mean?
<evit> lordcirth, Yes
<lordcirth> evit, what line exactly did you put in .bashrc?
<evit> PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\H\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
<evit> else
<evit>     PS1='${debian_chroot:+($debian_chroot)}\u@\H:\w\$ '
<evit> fi
<evit> unset color_prompt force_color_prompt
<evit> hostname produces www. Is there somewhere else I need to change that?
<lordcirth> debian_chroot?
<lordcirth> ah, nvrm
<lordcirth> evit, you might have run into this bug: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1276796
<ubottu> Launchpad bug 1276796 in bash (Ubuntu) "Long hostname placeholder for PS1 (\H) fails in Bash" [Undecided,Confirmed]
<lordcirth> A workaround is to use $(hostname -f) instead of \H
<evit> lordcirth, Gracias! =)
<lordcirth> np
#ubuntu-server 2018-12-07
<rbasak> kstenerud: how are you getting on?
<kstenerud> rbasak trying to find the credentials files for the vpn
<rbasak> kstenerud: OK. I'll leave you then. I'm going to disappear for a bit.
<CrummyGummy_> Hi! I'm having an issue where udp traffic is getting to my server despite ufw not being set to allow the traffic. I had the same issue with shorewall. Am I doing something wrong?
<CrummyGummy_> ufw looks like this https://paste.ee/p/opdRa
<CrummyGummy_> and I can still do a dns lookup from that server and it is receiving sip invites
<MJCD> hey all
<MJCD> I installed the mail server as part of the install process
<MJCD> but I dunno anything about administering such things
<MJCD> is there some nice one with webmail and maybe a gui/web interface
<Delvien> Is cockpit not available by default in ubuntu server 18.04.1 repos?
<leftyfb> Delvien: https://packages.ubuntu.com/search?keywords=cockpit
<teward> Delvien: known bug in the system is that it doesn't enable universe and multiverse in the ISOs
<teward> Delvien: go into your /etc/apt/sources.list and add 'universe multiverse' to the 'main restricted' lines.
<Delvien> its weird.. new install cant find ANYTHING about cockpit with apt search
<Delvien> ah, thats why then
<teward> Delvien: https://askubuntu.com/questions/1082988/ubuntu-bionic-repo-list/1082990#1082990 and my answer here https://askubuntu.com/questions/1081243/why-do-i-need-to-enable-universe-repo-in-18-04-isnt-it-default-enabled/1081246#1081246 touch base on it
<teward> Delvien: TL;DR the reason is a known bug: https://bugs.launchpad.net/subiquity/+bug/1783129
<ubottu> Launchpad bug 1783129 in subiquity "Only "main" component enabled after install" [High,Confirmed]
<teward> but it wasn't fixed on 18.04.1 ISOs
<Delvien> teward: thanks, got it fixed.
<shubjero> Anyone see this before? apt-cache thinks theres no installed kernel? haha https://paste.ubuntu.com/p/tbKZxvqTT7/
<teward> shubjero: it might be a different kernel metapackage installed, but check if linux-image-generic is installed first with apt-cache
<teward> IIRC there's a few different linux-* metapackages
<leftyfb> apt-cache policy linux-image-4.4.0-137-generic
<shubjero> teward: same output for linux-image-generic.
<teward> wonder if you're not using the 'generic' kernels then
<shubjero> I just noticed this when i was preparing to see what packages were going to be updated, and on one system a new kernel was being proposed but on another server it was not proposing a kernel update.. even tho these are both running 16.04 with the same outdated kernel
<teward> you could always install the linux-generic package again, IIRC it's just a metapackage referring to the *actual* image files like leftyfb indicated
<shubjero> yeah, i mean if i explictly ask for a new kernel it will update it.. so im not in a bind or anything.. just an observation really
<teward> shubjero: I"ve seen it when I've removed a newer kernel due to an update causing major breakage
<leftyfb> teward: why not install the hwe kernle?
<leftyfb> kernel*
<teward> it then removes linux-generic among other things, but those're rare
<teward> leftyfb: you mean to ask shubjero.
<teward> i always *do* but i also usually am on latest LTS anyways
<leftyfb> sorry, shubjero ^
<teward> leftyfb: or I'm on VMs so the HWE kernel stacks are irrelevant lol
<shubjero> dont really feel a need to use the HWE kernel really
<shubjero> never come across any blockers yet from the non hwe kernel
<leftyfb> shubjero: support? security? features? wouldn't have run into your initial problem?
<shubjero> i did run a hwe kernel when i still had a system on 14.04 and was trying to use a ceph feature that wasnt supported
<shubjero> as long as ubuntu is packaging non hwe kernels for the distro and im not hitting any blockers, why bother?
<shubjero> security is backported
<shubjero> GA kernels are fully supported for the lifetime of the lts
<caseyd> hello.. I'm having some trouble with a new ubuntu server installation. I'm needing to specify an ip with the following info: address: 136.228.96.75 gateway: 136.228.96.65 subnet mask: 255.255.255.240 ... ubuntu wants the subnet in cidr form, I entered 136.228.96.65/28, but it says "has host bits set".
<caseyd> I'm not sure what that means.. any ideas?
<teward> caseyd: you should probably read how subnetting works
<caseyd> I know on windows I can just put in the mask and it works
<teward> caseyd: http://jodies.de/ipcalc?host=+136.228.96.65&mask1=28&mask2=
<teward> as I said
<teward> you need to learn how subnetting works to better understand the "subnet" requested field in subiquity
<teward> caseyd: in most cases it's GatewayIP minus 1
<teward> see the output from that subnet calculator I linked to to see where I'm getting that from
<teward> assuming, of coursee, the gateway IP address is at the beginning of the range :P
<teward> (depending on the subnetting it might not be in weird setups)
<caseyd> wow, thanks.. yeah I think that was it. I've been looking for a subnet calculator like this forever
<caseyd> thanks for the link
<teward> caseyd: yep.  I would suggest, however, that you read up on how subnetting works.
<teward> for example, 10.0.0.1/8 the network IP is 10.0.0.0/8 - the first IP address in the subnet - typically the gateway is the next IP, and then the final IP is broadcast.
<caseyd> cool, yeah that makes sense. I have a basic understanding for normal ranges, but I've never really messed with smaller ranges than the standard 10.10.10.0/24
<teward> caseyd: I have a Python3 based library I use for network mask calculations, as well, I'd be happy to share what I've got, or even write up a simple Python equivalent of that web-based calculator for IPv4 :P
<sdeziel> caseyd: there is ipcalc and sipcalc (ipv6) calculators on the CLI
<teward> ^ that as well
<teward> which does exactly what the other calculator does
<teward> sdeziel: i should write a web frontend wrapper around this, give people a nice calculator to use...
<teward> too bad I'm not a web developer lol
<sdeziel> teward: duckduckgo has it covered for you: https://duckduckgo.com/?q=10.0.1.0%2F24&t=canonical&ia=answer
<teward> ddg is evil
<teward> nah just kidding :P
<sdeziel> you got me wondering for a sec
<teward> sdeziel: doesn't give me all the info i need
<teward> like the number of usable IPs/hosts in the range, etc.
<teward> :P
<shubjero> ive always appreciated jodies.de/ipcalc as pasted above
<caseyd> i like the jodies.de one a lot too
<sdeziel> http://jodies.de/ipcalc seems to be a wrapper around the ipcalc package
#ubuntu-server 2018-12-08
<mason> I'm having a braino. I installed a Bionic server, and when I look at available CPUs it doesn't show any IBRS models.
<mason> I'm not sure why this is. My (bionic) desktop shows them.
<ThKitten> hey guys, I need some help right quick with trying to install some software. I keep getting the following, and despite all my googling, I've found no good solutions for the issue: https://pastebin.com/DD93a3Ce
<OerHeks> "You need to both download the key signature and add it ot the apt keyring. They provide a deb package that does it all for you - apt.typesafe.com/repo-deb-build-0002.deb
<OerHeks> https://unix.stackexchange.com/questions/448315/ubuntu-apt-get-update#comment813518_448315
<ThKitten> OerHeks:  If you look at the comment under that, you'll see that this solution does not work. I too have done this, and it doesn't work at all
<OerHeks> ThKitten, then ask their forum??
<mybalzitch> or read the apt-secure man page
<ThKitten> I was able to work around it, I'm having a different issue, no one is responding in #nginx. On the setup page here: https://github.com/ornicar/lila/wiki/Lichess-Development-Onboarding it has a nginx config there I can copy and paste. I'm wanting to setup this app under www.website.com/chess. The main site is already setup to utilize a wordpress site. Any way I can do this??
<ThKitten> any thoughts OerHeks?
<teward> ThKitten: that would only work *if* the app you're trying to run can support being run under a sublocation
<teward> *most* don't support that
<teward> it'd be easier to run as a separate subdomain for website.com and just leverage nginx on the same box
<ThKitten> unfortunately this absolutely MUST run under a sublocation. Having a separate domain name is not possible
<teward> then I think you're out of luck
<teward> and I didn't say separate domain name
<teward> i said subdomain.  which if you own the domain is as simple as a second DNS entry
<ThKitten> hmm alright
<teward> ThKitten: briefly looking at that project it *looks* like it's designed to sit in its own domain or as the root location, rather than in a sublocation.  Getting such apps to work in locations underneath the root domain can be VERY difficult
<kinghat> apt cant use a repo over https by default?
<kinghat> looking into docker and step #2 wants that: https://docs.docker.com/install/linux/docker-ce/ubuntu/#install-using-the-repository
<kinghat> apt doesnt allow repos to use https by default?*
<kinghat> http://paste.debian.net/hidden/fc83c479/
<kinghat> this is on desktop but just figured https was default?
<kinghat> im probably just misunderstanding something
<OerHeks> no, http is default, install that package apt-transport-https andit will work?
<kinghat> yep i guess my sources file show all http.
<kinghat> wait nvm, yarn shows https?
<kinghat> https://usercontent.irccloud-cdn.com/file/11wKE7sT/image.png
<OerHeks> well, it is not hosted by us, so it could be https, and you need that transport-https too
<kinghat> well neither is docker but it says it needs https
<OerHeks> yay, you found out some 3rd party repos use https
<kinghat> i mean is it not really using https?
<OerHeks> i think https is the only way to acess those, so i guess you would have transport-https already, or never installed docker and such
<kinghat> ya i didnt have `apt-transport-https` but yarn never told me to get it and it installed fine. which is why im asking why docker says i need it?
<kinghat> and now: http://paste.debian.net/hidden/971e9eca/
<OerHeks> sudo apt-get install docker-ce=<VERSION>
<OerHeks> apt-cache madison docker-ce  # this shows the versions, from your own url https://docs.docker.com/install/linux/docker-ce/ubuntu/#install-docker-ce-1
<kinghat> thats to install a specific version i thought. previous instruction is `sudo apt-get install docker-ce`
<OerHeks> did you run apt update && apt full-upgrade before installing?
<kinghat> ya
<OerHeks> so if your method did not work, does the correct one do the job?
<kinghat> my method? i followed their directions..
<OerHeks> apt-get install docker-ce did not work, right?
<kinghat> http://paste.debian.net/hidden/006a631a/
<OerHeks> and the output of apt-cache madison docker-ce ?
<kinghat> nothing
<OerHeks> i see, only test and nightly
<OerHeks> https://download.docker.com/linux/ubuntu/dists/cosmic/
<OerHeks> so edit the sourses.list.d/ docker.file
<OerHeks> oh, a bug report that says it is not a bug https://github.com/docker/for-linux/issues/442
<OerHeks> for stable, stay on 18.04
<OerHeks> ofcourse, i run LTS now, after 10 years of testing anything
<kinghat> damn i forgot im on cosmic
<OerHeks> then nightly it is ..
<kinghat> im moving back to LTS anyways.
<kinghat> ill just install the deb as this install wont be around much longer.
<kinghat> wat? http://paste.debian.net/hidden/59e5e3e1/
<kinghat> removed the other pkg but still: http://paste.debian.net/hidden/d6289aaf/
<kinghat> hmmm http://paste.debian.net/hidden/5d0749ad/
<OerHeks> maybe the wrong ppa line causes this?
<kinghat> i remove the source and installed the one from the ubuntu repo
<kinghat> which was suggested in that git issue your posted above.
<kinghat> everything installed fine on LTS
<OerHeks> :-)
<mason> Anyone know where qemu-kvm keeps CPU definitions? I spun up a new hypervisor and I'm not seeing -ibrs CPU variants available for guests.
<mason> (Bionic.)
#ubuntu-server 2018-12-09
<mason> So, I see Nehalem and Nehalem-IBRS cooked into qemu-2.11+dfsg/target/i386/cpu.c.
<mason> I wonder if my host is too old to have CPUID_7_0_EDX_SPEC_CTRL or something. I'm not 100% sure how that works as yet.
<mason> I don't know. I migrate the thing over, and  Nehalem-IBRS no longer shows up in the list of possible models, but it does show up as the active CPU model. Weird.
<mason> Oh well.
<cpaelzer> mason: those are libvirt specific types
<cpaelzer> mason: for qemu that is some-base-cpu+feature-bits
<cpaelzer> libvirt does host probing for capabilities, so maybe due to that it differs
<cpaelzer> well your question was so many hours ago, did you find anything already?
<mason> Ooh, here's an opportunity to use the memo-bot!
<kinghat> why am i now getting "kinghat is not in the sudoers file.  This incident will be reported." on my server?
<kinghat> was there a recent update that changed something? never seen this before except for on fedora.
<ikonia> kinghat: you have changed either the sudoers file, or you're users group membership
<kinghat> hmm
<kinghat> i think i added the user to the group `web-content` for apache, would that have done it?
<kinghat> i thought the user could be apart of multiple groups?
<ikonia> kinghat: I suspect you've added the user to the group and at the same time removed it from the admin / wheel group
<ikonia> yes, a user can be a member of many groups
<ikonia> type "id" against your user
<kinghat> uid=1000(kinghat) gid=1000(kinghat) groups=1000(kinghat),1001(web-content)
<kinghat> ya i was just going looking for the commands to get a table of users and groups on the system.
<kinghat> ikonia: so you are saying i need to get root, then add my user to `sudo` user group?
<ikonia> what groups is your user in ?
<kinghat> because i cant add my account via sudo atm because its not part of sudo.
<kinghat> i posted it above i thought.
<ikonia> oh yes
<ikonia> so boot into single user mode and add your user to the sudo group
<kinghat> single user mode = root?
<ikonia> what ?
<kinghat> what is single user mode?
<ikonia> it boots the user into just that - single user mode, rather than the multi-user mode and permissions system you currently have
<ikonia> or you can just become root if you've set a root password and know it
<kinghat> i feel like ive logged into root using the same password as the initial account before w/o having set an actual root password.
<ikonia> then su -
<kinghat> ya i just did that and it says su: Authentication failure.
<ikonia> then you don't know the password
<kinghat> if anything i made it the same as the initial account. actually i figured thats what the installer did by default.
<ikonia> nope
<ikonia> it does what you tell it to do
<kinghat> so i have to give root a password before i can use root?
<ikonia> yes
<ikonia> (the correct model is to not set a root password and have a sane sudo setup)
<kinghat> sure but how do i get my only user back to sudo then?
<ikonia> boot into single user mode
<kinghat> can that be done via ssh?
<ikonia> possibly, but it normally requires console access as single user mode is not on the network
<kinghat> why would adding this user to another group take it out of another group?
<ikonia> depends how you added it
<kinghat> sudo adduser username groupname
<ikonia> kinghat: that's creating a new user
<ikonia> that's not adding a user to a group
<kinghat> sorry it was this: `usermod -G web-content alice`
<kinghat> but `kinghat` over alice.
<kinghat> and i also added apache to that group.
<ikonia> so that's just told the system to put the user kinghat in the group web-content only
<ikonia> that's not adding a user to a group, that's setting a user to that single group
<kinghat> well that explains it
<ikonia> I suggest you read the man page of commands if you don't know how to use them
<kinghat> https://wiki.apache.org/httpd/FileSystemPermissions
<ikonia> ?
<ikonia> what has that got to do with anything ?
<kinghat> i feel like there should be a warning or something. are you sure you want to remove this user from all groups? especially the sudo group.
<ikonia> no
<ikonia> you should read the man page of commands you don't know about, more so if executing them with root access
<ikonia> the man page is really clear on the syntax
<kinghat> well now i have to figure out how to get single user w/o console access.
<kinghat> what about giving root a password then doing what i need and then removing the password from root?
<ikonia> I suspect that will be exceptionally hard
<ikonia> how do you plan to set a root password without having root access ?
<kinghat> you mean w/o being apart of the sudo group? ya i was just realizing that.
<kinghat> fak
<ikonia> please control the languge
<kinghat> so basically i cant really do anything w/o having physical access?
<ikonia> you'll find it exceptionally hard
<ikonia> and high risk
<kinghat> apparently im high risk.
<ikonia> what ?
<kinghat> im the risk.
<ikonia> clearly
<OerHeks> no direct access makes it just a little complicated
<kinghat> you have to edit grub?
<ikonia> that is one of the high risk ways, however if you did it right and it boots into single user mode, how will you interact with it ?
<kinghat> no im asking thats how you get into single user mode?
<ikonia> right, there are a few options, but what's the plan if you did get it into single userm ode
<kinghat> you said add my user to `sudo`?
<ikonia> how will you do that remote
<kinghat> i dont have physical access atm but i will have to get physical access apparently so.
<ikonia> so I'd deal with that when you get access as the access you get / how you get it will guide you the best way to get access to the root user
<kinghat> i mean i have to go there to get physical keyboard/monitor console access. its going to happen once i figure out how its done before i go.
<kinghat> aka im going as soon as i figure out how to get single user mode.
<kinghat> so adding a user to another group and not ONLY this group is: `sudo usermod -a -G sudo username`?
#ubuntu-server 2019-12-02
<RoyK> jayjo: zabbix, perhaps?
<RoyK> Zaliek: apt install acl, perhaps?
<Zaliek> RoyK, Aye I did install it. But typically when a tool that's always been there dissapears in a new version of ubuntu there's a reason behind it. Usually it's because it was replaced by something better. I have no idea what that would be though
<RoyK> I don't think that's being replaced
<RoyK> not for long
<cpaelzer> jamespage: hiho, newer DPDK seems to need Openvswitch 2.13 - will we get this in Focal - do the release dates align well?
<jamespage> cpaelzer: they should do
<jamespage> cpaelzer: I'd be happy todo a snapshot in the interim from master branch to meet that requirement
<rbasak> bryce: I have a two items I want user git-ubuntu configuration for please.
<rbasak> I'm not sure there are bugs for these.
<rbasak> 1) git ubuntu clone - I'd like to change it to default to checking out the applied branch, with a user configuration option to revert to the current behaviour of checking out the unapplied branch for advanced users.
<rbasak> 2) git ubuntu build-source (to be replaced by build -S) - I'd like a user configuration option to enable a --no-clean option that builds the source without running the debian/rules clean target in a container. This will allow source builds to avoid temporarily installing build dependencies, which should massively speed up development builds. It needs to be a non-default option for advanced users
<rbasak> since some packages do need it to do non-clean setup steps (eg. generation of control from control.in), without which a source build will be broken in some cases.
<bryce> rbasak, #1 is on the list already - I noticed on LP: #1707367.  I'll add the note about second
<ubottu> Launchpad bug 1707367 in usd-importer "git ubuntu clone applied default" [Undecided,Confirmed] https://launchpad.net/bugs/1707367
<rbasak> Thanks!
#ubuntu-server 2019-12-03
<cpaelzer> jamespage: ok, thanks
<cpaelzer> jamespage: we'll need some time for the new DPDK in Debian anyway - if things work out I'll get in touch with you for a snapshot build of 2.13 then
<jamespage> cpaelzer: ok ounds like a plan
<nightuser> Hi folks. The main channel suggested to ask here. What's the right way of enabling auto-updates on a server? Still use cron or systemd timers?
<mwhudson> nightuser: man unattended-upgrades (which uses systemd timers, at least in newer releases)
<weedmic> nightuser: is that really what you want to do?  we (where I work) check which updates are available, if they can affect running items, is it worth the risk, etc. and above all - how to revert if it breaks something.  I'm talking servers, not workstations.  Just a thought
<nightuser> weedmic: I believe that updates from security repo are safe enough. It's just a tiny VPS which I keep for myself, so I'm not risking anything really.
<weedmic> safe v crippling are not the same thing - it was just a thought to consider - u need not listen to me at all
<nightuser> weedmic: I understand your point. If it was something serious, I'd think twice before applying them, but for personal usage it's okay for me.
#ubuntu-server 2019-12-04
<weedmic> re:  intel-microcode 3.20191115.1ubuntu0.18.04.2 - pls provide link so I can see exactly what is going to change
<weedmic> or, better, is this firmware change - or just software inside the kernel?
<martiansoul> I want to record only the time when there is a cache hit and not a cache miss using curl. that's the value contained in `x-cache`(hit or miss) in response header.
<OerHeks> weedmic, easy to find, https://launchpad.net/ubuntu/+source/intel-microcode/3.20191115.1ubuntu0.18.04.2 diff, changes
<weedmic> Q!
<weedmic> exactly what I needed - appreciated
<weedmic> brb - needs a reboot
<OerHeks> https://usn.ubuntu.com/4182-4/ A regression was discovered that caused some Skylake processors to hang after a warm reboot.
<evit> I'm trying to setup Amazon SES for sending TLS enabled email. Using the documentation here https://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html
<evit> Evidently the Amazon documentation is wrong and it is giving me an error...  cannot load Certification Authority data, CAfile="/etc/ssl/certs/ca-bundle.crt": disabling TLS support
<sarnold> compare against https://help.ubuntu.com/lts/serverguide/postfix.html which should do a better job describing debian/ubuntu tls configs
<evit> sarnold, Do I need to generate a TLS certificate?
<sarnold> evit: I'm not sure, I haven't hosted email in the modern era
<evit> sarnold, I'm sending only through Amazon SES
<evit> sarnold, When I switch my smtp_tls_CAfile to /etc/ssl/certs/ca-certificate.crt in main.cf it works without issue.
<sarnold> yay
<WILYLP86> hi everyone
<evit> sarnold, This looks like the correct path https://www.webmoves.net/blog/build/send-email-from-ubuntu-linux-via-amazon-ses-3139/
<evit> now I get no errors and mail is flowing w/ TLS
<sarnold> very nice, thanks for the link
<teward> sarnold: i see email hosting questions
<teward> ... and I run my own email ;)
<teward> a little bit late I know but...
<sarnold> hey teward :)
<evit> teward, Hi
<evit> teward, Amazon SES documentation seems to be wrong on Ubuntu to SES config
<evit> https://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html
<evit> teward,  This looks like the correct path https://www.webmoves.net/blog/build/send-email-from-ubuntu-linux-via-amazon-ses-3139/
<evit> teward, Correct CA file is sudo postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt'
<evit> Amazon doesn't have enough $$$ to have correct docs. =P
<teward> well... in 18.04 /etc/ssl/certs/ca-certificates.crt *is* a valid path...
<teward> and unless you're blind, the section stating "If you use Ubuntu or a related distribution, type the following command:" is using the ***correct command*** you just stated
<teward> ;)
<teward> point 7 bullet point #2
<teward> soooooooooooooooooooooooo
<sarnold> teward: the thing is that th e docs were written for rh-derivatives that use CAfile="/etc/ssl/certs/ca-bundle.crt": instead
<sarnold> ah
<teward> sarnold: correction:
<teward> there's multiple bullet points
<teward> and you have to ***actually read*** to know which command(s) to run ;)
<teward> so this is a case of PEBKAC and not reading the document properly
<evit> teward, don't be a passive aggressive d-wad
<evit> I see it now
<teward> that wasn't my intention
<teward> but if you want to call names
<teward> *goes to do something else more productive with his time*
<pgnd> I've got an Ubu18LTS server up.  /boot is small. kernel HWE 18 *is* installed/enabled.  Kernels in place are 4.15.0-72, 5.0.0-36 & 5.0.0-37 (running).
<pgnd> If I apt remove 4.15.0-72 & friends, the action is: "linux-generic linux-headers-4.15.0-72 linux-headers-4.15.0-72-generic linux-headers-generic linux-image-4.15.0-72-generic linux-image-generic linux-modules-4.15.0-72-generic linux-modules-extra-4.15.0-72-generic linux-tools-4.15.0-72
<pgnd>   linux-tools-4.15.0-72-generic linux-tools-generic"
<pgnd> is it 'safe' to remove the unversioned "linux-generic" & "linux-headers-generic"?
<pgnd> or 4.15x in general?
<WILYLP86> I have an active directory in samba4 and I need to know if there is any way to store a user's password in SSHA, or another type of hash
<sarnold> pgnd: those are how you get updates
<pgnd> sarnold: hi.  the 'generic' ones?
<sarnold> pgnd: yeah
<sarnold> pgnd: those meta-packages are updated to include dependencies on the new kernels when updates are released
<pgnd> Hm.  So, since I *do* want updates that come along with the 18HWE, I'm stuck with keeping the 4.15.0x packages around? even though I'll NEVER use them?
<sarnold> pgnd: if you're running the HWE kernel then you can remove the release kernels, sure
<pgnd> sarnold: sry, I'm being dense.  If I do remove the release kernels, it rm's the 'generic' pkgs, as above.  Then updates don't work, iiuc.  But I *do* want updates ... of the HWE kernels.
<pgnd> or are THEY handled by different packates?
<sarnold> pgnd: yeah, they are, eg https://launchpad.net/ubuntu/+source/linux-meta-hwe
<pgnd> hm.  don't have any *meta* pkgs installed atm ...
<pgnd> looking at the link
<sarnold> linux-generic-hwe-18.04 perhaps?
<pgnd> ah, so 'meta' is not in the naming ... looking at "Built Packages"
<sarnold> yeah, source package names don't have to match binary package names. It can be bloody confusing, and the ratsnest of kernel packages is the worst of the lot, I think
<pgnd> sarnold: ok, I've got: linux-generic-hwe-18.04 linux-headers-generic-hwe-18.04 linux-hwe-tools-4.8.0-52 linux-image-generic-hwe-18.04
<pgnd> installed.  is that^ sufficient to safely REMOVE the 'release' 4.x kernel* ?
<lordcirth_> Apt/.deb packages were never designed to have multiple versions installed in parallel, so the kernels with the versions in the names are hacky
<sarnold> I literally only make sense of these things because I've got a local archive mirror and can do things like ls -ld main/l/linux*/*hwe*   kinds of things
<pgnd> yeah, Ubu-space kernel naming is ... challenging.  Not my usual cup o' tea! ;-)
<sarnold> pgnd: that linux-hwe-tools-4.8.0-52 is ~2 years old, probably it can be removed..
<pgnd> lordcirth_: I'm generally in suse-land; bit simpler there.  or at least I understand it better :-)
<pgnd> hehe, "probably"!  u in Marketing? Sales? ;-p
<sarnold> :D
 * pgnd holds breath while uninstalling.  bets self $1 that it'll automagically reinstall itself, just to piss me off
<sarnold> lol
<pgnd> The recent upgrade from 16LTS to 18LTS was 'very greedy' about /boot space.  very Microsoft-like.  had to crib using /boot temporarily on an external USB.  woulda hoped that 250MB for a boot partition was enuf for an upgrade ...
<sarnold> oof yeah that's way too tight
<pgnd> well, perspective.  the install process is way too fat!
<sarnold> even post-install, 256 is going to give you a bad time
<pgnd> no clear reason it NEEDS GBs in /boot.  nah, production's just fine.
<pgnd>  that's /boot, NOT /root
<pgnd> which reminds me ... anyone KnowForCertain(tm) whether 18LTS can/does boot from /boot on RAID-1?  16LTS sure didn't ...
<sarnold> 512 megs should be enough for four ~60M initramfses, kernels, symbol maps..
<pgnd> sure.  clear how it scales.  just not clear why the installer had that demand.  water under the bride, anyway, now
<sarnold> poor bride hope the dress didn't get soaked :)
<pgnd> heh, oops.
<sarnold> pgnd: there's just something that'll keep around ~four kernels during updates and upgrades and these things aren't small any more..
<sarnold> back inthe day I had a linux rescue floppy that could mount ntfs and fix winnt permissions problems.. 1.44 mb.. crazy.
<pgnd> yeah, yeah.  I'm 'spoiled'.  In suse it's trivial to specify multiinstalls, what & how many kernels are installed, kept, purged etc.
<pgnd> I typically keep boot on LV on RAID 1 or 10.  Then scaling to demand is trivial.  Physical partitions are an annoying PITA.  Which is why I'm looking/hoping (currently, not finding) re: Ubu18 boot on RAID support scope, if any.
<pgnd> rm'd the release kernels, rebooted. now, boot's @ "ext4  256M  128M  111M  54% /boot"
<pgnd> and no smoke! cool.
<sarnold> pgnd: there's something that's missing with raid in boot but I've never taken the time to understand it -- https://bugs.launchpad.net/ubuntu/+source/grub-installer/+bug/1466150
<ubottu> Launchpad bug 1466150 in grub-installer (Ubuntu) "grub-install breaks when ESP is on raid" [High,Triaged]
<sarnold> pgnd: /etc/kernel/postinst.d/apt-auto-removal /etc/apt/apt.conf.d/01autoremove-kernels may be useful to you too
<pgnd> saw that. that's on EFI.  works fine here on "Other OS"; jhas for ages.  That said, on Ubu18, I'd settle for legacy/old-school ...
<pgnd> thx 4 the autorm refs
<pgnd> my search-fu is NOT strong.  can't seem to find docs, or anecdotal evidence, that it DOES work on non-EFI.
<hggdh> lsmod | grep btr
<hggdh> darn! sorry
#ubuntu-server 2019-12-05
<fluvvel> I've installed ubuntu 18 on a new Intel motherboard with secure boot installed (EFI) -all went well, booted, ran etc. Then discovered I needed a custom kernel. Can't seem to reset, reinstall for love nor money
<fluvvel> have turned off secure boot and turned on legacy in BIOS but no avail. keeps saying no bootable drive
<sarnold> I suggest turning UEFI back on; you can either disable secure boot in the bios or maybe try this mokutil --disable-validation  command listed here https://wiki.ubuntu.com/UEFI/SecureBoot/DKMS  --- or you could sign things, if you wished
<fluvvel> ok, will try, think I already did try that but I've deleted the keys from the bios at this stage.
<fluvvel> Signing sounds fun, but potentially complicated.
<sarnold> yeah it seemed a bit of a hassle to me, I'd probably have to have a huge fleet of machines before I'd want to put in that kind of effort :)
<sarnold> two or three.. naaaah
<JanC> maybe if you need the security...
<fluvvel> what I need is to just wipe and start from scratch
<sarnold> heh, that might be quickest
<sarnold> but it doesn't feel great, you know?
<eandersson> Who do I talk about adding components to OpenStack services? frickler sent me!
<eandersson> I added two new services to OpenStack Senlin https://review.opendev.org/#/c/688784/
<eandersson> and need to have the Ubuntu packages updated to support them.
<frickler> eandersson: most likely adding an issue at https://bugs.launchpad.net/ubuntu/+source/senlin would be helpful, then maybe jamespage or coreycb can take a look
<jamespage> eandersson, frickler: yep raise a bug and we'll get to it with the next round of updates
<calcmandan> i'm installing a fresh server. manually handling the partitioning. 2 4tb drives. setting root on one, and home on the other. is 500mb suffician for the efi boot partition?
<frickler> jamespage: coreycb: another python3 compat issue: openstack-dashboard-common contains some python scripts like /usr/share/openstack-dashboard/manage.py which start with "#!/usr/bin/env python" which fails when python3-django-horizon is installed
<frickler> (this is on rocky, didn't double check newer releases yet)
<frickler> well the previous should read "... when python3-django-horizon is installed instead of python-django-horizon"
<frickler> oh, the post-inst has this code http://paste.openstack.org/show/787165/ and then calls $PYTHON manage.py, likely I can do the same in our automation
<coreycb> frickler: is that an issue in your own postinst script or in ours? it looks ok on rocky. that shebang originates from the upstream code and I think it needs to remain as-is until py2 support is dropped.
<frickler> coreycb: the issue in our own code that calls manage.py on certain occasions. yes, once py2 is gone, things should be simpler again. the other solution would have been moving those scripts from -common into the python(3)-* pkgs and handle them via /etc/alternatives like some other binaries
<frickler> but as I said we can likely work around that
<coreycb> frickler: yes alternatives would've been a good approach. alright let me know if you need anything. thanks.
<lopta> What software would a person use to deploy Ubuntu Server to a cluster of compute nodes?
<lordcirth_> lopta, MaaS, or simply dnsmasq to PXE boot
<lopta> brb, phone
<lopta> lordcirth_: Thanks
#ubuntu-server 2019-12-06
<geodb27> People hi ! For my custom needs, I need to run a second sshd server aside the default one. What would be the prefered way to do so ? The ubuntu18.04 server machine I need this on runs systemd, should I write my own systemd service file ?
<rbasak> geodb27: I think it depends on the reason you need it. COuld you elaborate?
<geodb27> Thanks for your answer rbasak. I need a specific ssh on which to connect, only with key auth for certain users that would not allow shell access but only use the "forceCommand" config parameter to be used.
<geodb27> I can't modify the running and main sshd process. It should be aside for security reasons.
<rbasak> You know you can do that with a Match directive on the main sshd process, right?
<rbasak> Why can't you modify the main one?
<geodb27> Indeed I could. But this would enforce the forceCommand for all users and would restrict what can be done. The main process suits my needs : users can ssh, scp, rsync, sftp and so on. I don't want to alter that.
<rbasak> geodb27: no, that's not right. You can use the Match directive in sshd_config to limit a ForceCommand to a specific set of users or groups.
<rbasak> geodb27: in answer to your original question, I think you'd have to write a separate systemd service file, but you'd also have to carefully write an sshd_config that avoids using any state directories that would conflict with the main sshd process.
<rbasak> I remember someone else doing something similar though for different reasons having quite a bit of trouble with that.
<rbasak> I believe it's possible, but I think you'll have a much easier time of it, and less to maintain, if you can configure what you need with Match instead.
<geodb27> Thanks rbasak for answering my first question :-) I'll look for it. The main idea is to leave things untouched for now and have something else aside. Let me explain a bit more if you want :
<geodb27> My users are used ton connect to this server via every way I quoted above and I don't want to change anything.
<geodb27> However, I have a special user on this machine that I'd like to be abble to launch in place of some of the users (and not all) one specific command (mainly rsync -av $HOME other_server:HOME). You could say that each user can do that, and indeed, they can, but that is not the point.
<rbasak> geodb27: so I'd add a Match directive for just that special user with its ForceCommand
<rbasak> That won't intefere with sshd configuration for any other user
<rbasak> And it won't increase the exposed surface for security, unlike adding an additional sshd process with its own entirely separate configuration
<geodb27> I think that I mis-explained something. Never mind, I've successfully made what I wanted. If you want, I can show in a pastebin how I did it.
<geodb27> http://dpaste.com/214THCR There we are. You might well better understand my needs. This setup works fine for me.
<rbasak> Oh, I see.
<rbasak> I would still resist doing it by adding an extra sshd instance, but I agree that you can't just use a Match directive to achieve that as I suggested.
<geodb27> I It will suit my needs, and much more, it'll solve another similar problem that I'll face later on with another server. Still, it looks secure enough and I don't think that ssh will add much overload to the machines.
<azx> Hello where can i learn how to work with and configure rackmount hardware
<lordcirth_> azx, Try #ubuntu-offtopic
#ubuntu-server 2019-12-07
<TwistedBlizzard> Hi all, I'm going to be building a general purpose home server and was wondering which (if either) of these would be a good fit: https://ibb.co/HtmsFvfhttps://ibb.co/1TY90Fv
<TwistedBlizzard> Sorry, https://ibb.co/HtmsFvf https://ibb.co/1TY90Fv
<compdoc> TwistedBlizzard, the one with the X5667
<TwistedBlizzard> compdoc, Cheers! May I ask why?
<compdoc> newer chip, and faster
<compdoc> http://www.cpu-world.com/Compare/862/Intel_Xeon_X5570_vs_Intel_Xeon_X5667.html
<TwistedBlizzard> Ok, thanks once again - It is dual 5570 - I'm mostly planning on running storage and domain stuff so I thought the extra cores might be worth the trade-off
<compdoc> didnt see the dual cpu part. if the number of core are important then get that
<compdoc> are they both dual cpu?
<TwistedBlizzard> The 5667 has a dual cpu option for about 10% price increase
<CarlFK> I want to have an ssh port forward from A to B, but I don't want A to have a shell on B.  I remember something like shell=/bin/true - anyone know what I am talking about?
#ubuntu-server 2019-12-08
<Angss> Hi. I've just created Ubuntu 18.04 server on Microsoft Azure. However, ip addr show or ifconfig doesn't show the public ip address on the eth0 interface. Does anyone know how to bind the public IP addr on the eth0?
<flyback> how am I upgradeinng 16.04 x86 to 18.04 x86 despite there not being a i386 port for several versions now
 * flyback is really confused
<flyback> unless they are fake virtual i386 packages that are converting it to x64 somehow
<flyback> oh nm
<flyback> there was a upgrade path just not a full bootable installer for i386
<flyback> seriously I was like "ok did I wake up this morning" HAHHAAH
<flyback> I did it to see if it would offer to move up to x64 from x86 (replaced the hw) but I was like WTF? when it actually started installing a bunch of 18.xx i386 packages
<flyback> well that worked, now to backup the data recovery files and move it from x86 to x64
<flyback> but the 16.04 to 18.04 i386 to i386 upgrade worked good
<mwhudson> flyback: i386 is fully there for everything up to eoan
<flyback> well
<flyback> that was over quick
<flyback> board just decided to die
<flyback> oh well
