#ubuntu-server 2006-11-06
<peanutb> has anyone gotten postfix working with mysql vdomains?
<incorrect> is there anyway to get subversion 1.4 ?
<FlyingSquirrel32> I did an apt-get upgrade and now sendmail won't start. It just hangs. The common fix regarding the /etc/hosts and DNS names doesn't seem to be it. Any help?
<macaco> hello
<macaco> I need to set up my ip using dhcp instead of a fix address
<macaco> but now I can't see what's going on
<macaco> is there any way I can reset the eth0 to default?
<FlyingSquirrel32> macaco: What do you mean by "now I can't see what's going on"?
<FlyingSquirrel32> Static/dhcp address is set in /etc/network/interfaces
<macaco> hello
<macaco> is someone here?
<tmh_> macaco: just like the topic says, this isn't a support channel.
<macaco> oh my
<macaco> gotta go
#ubuntu-server 2006-11-07
<shwag> uhh...where do I take ubuntu server support questions to ?
<shwag> #gentoo-server is for server usage discussion. Shouldn't #ubuntu-server be a place for ubuntu server discussion ?
<shwag> or maybe I want ##ubuntu-server
<fabbione> #ubuntu
<shwag> fabbione: there are almost 1000 users in there! There needs to a ubuntu server discussion room.
<f0xmuld3r> Hi all, can anyone help me with setting up LVM with the Edgy server edition? The installer seems to break when I want to configure LVm during setup
<f0xmuld3r> Hi all, can anyone help me with setting up LVM with the Edgy server edition? The installer seems to break when I want to configure LVm during setup
<f0xmuld3r> Hi all, can anyone help me with setting up LVM with the Edgy server edition? The installer seems to break when I want to configure LVm during setup
#ubuntu-server 2006-11-08
<shwag> Why does php5-gd attempt to install laptop-detect and x11-common  as dependencies ?
<infinity> shwag: Because it wants x11-common as a libXpm dependency to be able to manipulate XPM images, and x11-common depends on laptop-detect.
<shwag> infinity: how did you figure that out? is there a way to get a dependency tree?
<infinity> And, for the record, the total installed size of both those packages is smaller than mhy .ssh/authorized_keys, so I'm not sure why people complain about it.
<infinity> (x11-common doesn't mean "I just installed X")
<infinity> shwag: I know how to use my packaging tools.  On the other hand, I also maintain PHP, so I'm at an unfair advantage.
<shwag> well its just kinda funny when you are installing php5-gd libraries and the next thing you know you are install laptop-detect on your server.
<infinity> Yeah, x11-common's dependency on laptop-detect is... Interesting.
<infinity> (THough it's a tiny little script, and it doesn't really make a difference to have it there, it's merely the package *name* that offends people)
<shwag> x11-comon is no big deal...fonts, makes sense. Its the laptop-detect that makes people go... uhh..whaaaa
<techwhore> yello there.
<techwhore> you guys work with gadmintools ?
<infinity> Nope;.
<infinity> We don't install X, generally. :)
<techwhore> that doesn't mean one can do an ssh and export display, right ?
<techwhore> i mean, isn't the ubuntu-server group goal to create some sort of Linux Server with the same guidelines as ubuntu desktop ?
<techwhore> in other word, easy, graphic adminstration of linux servers ?
<Burgwork> there are ways to admin a server graphically without needing to install X on the server
<Burgwork> that is part of this teams goal
<techwhore> yup, and what tools do you guys use or encourage the usage of ?
<infinity> No, honestly, that's not our goal.
<Burgwork> infinity: rain on my parade will you
<infinity> If people want to work on easy administration, I'm all for it, but it's certainly not the primary goal of ubuntu server.
<infinity> We're far more concerned in enterprise-class stability and package selection.
<Burgwork> true
<techwhore> it seems to me that both goals are not exclusive.
<techwhore> good.
<techwhore> thanks dude.
<shwag> how come when I   sudo useradd newuser  .... it doesnt create a  /home/newuser  ?
<ivoks> sudo adduser
<ivoks> useradd just creates user in /etc/passwd
<techwhore> please read the topic.
<ivoks> :)
<shwag> techwhore: what about the topic ?
<jbrouhard> shwag: try adduser
<jbrouhard> it's a script that asks you a few questions i believe
<shwag> jbrouhard: yah...adduser works.  useradd doesnt create directories though. That was rather ambiguous.
<jbrouhard> adduser is just a script
<jbrouhard> that calls useradd
<jbrouhard> with a bunch of options
<jbrouhard> anyway
<jbrouhard> afk i go
<techwhore> shwag 
<techwhore>        -m, --create-home
<techwhore>           The users home directory will be created if it does not exist. The
<techwhore> from useradd manpage
<shwag> techwhore: thats what it says...but it actually doesnt exist
<shwag> techwhore: adduser   rather then useradd  fixes the problem though
#ubuntu-server 2006-11-09
<nach0s> Hi all, anybody know any web tool to administer the server?? but.. dont webmin... another tool.. and.. free of course.. if have :D...
<nach0s> i know that have any tools to administer mail, and other things.. but i search for a tool that have many tools in one...
<phanter> hello, short question. does the ubuntu server not support audio out of the box?
<Ash-Fox> nach0s, might want to ask #ubuntu.
<nach0s> Ash-Fox, oks..
* Ash-Fox points to the topic to explain why.
#ubuntu-server 2006-11-10
<Znuff> Anyone tried installing Ubuntu Server this way: http://marc.herbert.free.fr/linux/win2linstall.html#ubuntu
<Znuff> ?
<shwag> There seems to be no clear line about whether to use Ruby on Rails from APT, or to use gems as the ruby on rails manager. The ruby on rails community that uses ubuntu all say to use ruby gems, but there is a whole ambiguous set of ruby on rails packages in the repositories that are not spoken for.
<shwag> I would love to just use app as it seems this would simply configuration, but at the same time I dont want to be stuck with unsupported packages that are not in speed with the rest of the community.
<shwag> s/app/apt
<Burgwork> shwag: afaik, there is no clear policy for packaging gems yet
<shwag> is there a Rails Ubuntu Team ?
<techwhore> i never liked debian policy on perl packages myself.
<techwhore> i think creating a gem2deb thing would be awesome.
<techwhore> like creating a repository of gems in .deb format.
* dura waves
<dura> I've been googling for a while now and I can't seem to see why the K8 kernel was obsoleted by the generic... ?
<Burgwork> because the win of performance was in question and the testing wasn't worth it
<dura> Makes sense
<Burgwork> there is a thread on -devel about it
<dura> I figured it was a reason similiar to that but wanted to read it from a dev.
<dura> ahh okay...
* Burgwork is not a dev
<dura> Close enough :)
<Burgwork> heh
<dura> I had Gentoo on my new server but got tired of it really quick. One gentoo install is enough ;)
<Burgwork> never installed Gentoo
<dura> it's not bad really. it's just not what I needed for what I want to do
<dura> It's all I'll use on my laptops though.
<Znuff> is there ANY freakin' way to install ubuntu-server if I ain't got a system that knows how to boot from a usb drive?!
<Znuff> it's really getting on my nerves
<Znuff> what is the correct md5sum for the ubuntu-6.10-server-i386.iso file?
<Znuff> 'cose I've downloaded it 5 times already and I end up with the same md5sum, but not the one in the MD5SUM file 
#ubuntu-server 2006-11-11
<shwag> what does it take to make changes to  /etc/login.defs  take effect ?
<shwag> I guess i found an instance where linux is required to be rebooted.
<shwag> ~/.bash_profile says "the default umask is set in /etc/login.defs" , but I changed the the UMASK setting in login.defs, and  $ umask , still says 022
* dura burps
<Ries> hey gius, where can I find information how to use libapache2-mod-fcgid together with php5?
<Ries> I have followed a couple of modfgi manuals but thet don't seems to do teh job with libapache2-mod-fcgid
<mustafa> hi
<mustafa> i dont want apache to start automatically
<Kim^J> Hi all. How much MB does the server 6.06 install take?
<Kim^J> zenrox: Come come here and answer my question.
<zenrox> mb of what
<zenrox> ram
<Kim^J> HDdd
<Kim^J> HDD*
<zenrox> 2 gig
<Kim^J> WHAT?!
<zenrox> 4 gigs once you install all the differnt servers you want
<Kim^J> What in the name of the devil does it install that takes 2gig ???
<zenrox> i have a remote gui
<zenrox> so i have to have xserver installed
<Kim^J> Oh... Well I just want LAMP, SSH, FTP, Samba, MPD, Shoutcast and some more little things... That CAN NOT take 2 gig. Can it?
<dura> use X11 over ssh 
<dura> no need for a GUI on the server
<Kim^J> dura: Does the standard install of 6.06 server really take 2gig?
<dura> hmm no I don't think so.
<dura> let me check one...
<Kim^J> ok
<Kim^J> I thinking of have a 1 gig / partion...
<dura> I have one setup with LAMP and postfix and it's around 1.3gb
<Kim^J> ok
<Kim^J> hmm... strange... my debian with lamp, ssh, samba is about 300 MB.
<Kim^J> 442MB
<Kim^J> about 500 MB is minimum
<shawarma> I know this is not a support channel, but could anyone with experience with having / on LVM on top of software raid please take a look a this: http://warma.dk/blog/index.php?/archives/61-Remote-Ubuntu-installation.html ? Just /msg me if you want to keep it out of this channel.
#ubuntu-server 2006-11-12
<eilker>  what is the difference between ubuntu and ubuntu-server ?  is the difference only lamp server ?
#ubuntu-server 2007-11-05
<Innatech> Hello. I need help with sshd. I have it listening on all interfaces on port 10022 (verified by netstat) and cannot connect from the localhost, or from other hosts on the same network. Pings are fine.  Remote hosts report connection failure, attempting to connect to localhost gives "Read from Socket Failed: connection reset by peer." What gives?
<nxvl> Innatech: have you check is login is allowed on your sshd.conf?
<Innatech> yes. All settings are default from install via aptitude. I did just notice that its only listening for IPv6, though? Why is that and how do I change it? The setting isn't in sshd_config
<nxvl> mm i'm not sure
<nxvl> i don't know anything about ipv6 since i don't use it
<Innatech> turned out to be a bad init script, the IP version is specified with a command line switch. It's temp fixed until I can file a bug report.
<nxvl> try /etc/init.d/sshd status
<kraut> moin
<_ruben> mornin
<^robertj> grub is failing to install, and can't read /boot/grub/stage1 correctly even though its there, any ideas?
<^robertj> /dev/sda1 is the only non-swap partition and is on a hw raid
<Aw0L> why do I keep getting an error telling my my filesystem is read only?
<Aw0L> when I try to make a directory
<sommer> Aw0L: is it full?
<Aw0L> sommer, nope
<ivoks> Aw0L: maybe it's mounted in read only
<Aw0L> ivoks, you mean with the fstab argument?
<ivoks> it can be fstab, it can be broken filesystem
<ivoks> firt thing you allways check is 'mount'
<ivoks> so you can find out how your FS is mounted
<ivoks> if there's ro, then it's read only
<Aw0L> an nifty
<Aw0L> (rw,errors=remount-ro) so that means there were some errors?
<Aw0L> as it is ro?
<ivoks> it's not ro
<ivoks> it will mount ro in case there are errors
<ivoks> but rw indicates that it's rw
<Aw0L> so if it's rw, why is it telling me the filesystem is read only?
<ivoks> are you sure you are not trying to write on some other device?
<Aw0L> just mkdir under root
<Aw0L> one thing I"m not used to though...
<Aw0L> in fstab, instead of having the device as /dev/hda1, it has a UUID
<Aw0L> is that normal?
<ivoks> yes
<Aw0L> then, I'm lost
<ivoks> you are trying to write as root, right?
<Aw0L> yep
<ivoks> then check with 'dmesg' what went wrong
<Aw0L> ooooooh
<Aw0L> think I found it
<|dthacker|> Aw0L: I've had that issue on another distro, usually takes and e2fsck to fix.  I've been told it means the disk is going bad
<Aw0L> I had a typo in my fstab
<Aw0L> it was my fault
<Aw0L> not a hardware failure fortunately
<Aw0L> that's guys
<sommer> ScottK: I was wondering if you had time to check the Postfix wiki doc: https://help.ubuntu.com/community/Postfix
<sommer> ScottK: the article is basically the same as the "official" docs and I was wondering about your opinion on the Troubleshooting section?
<sommer> ScottK: you mentioned to ping you after UDS, so if you haven't had time or don't have time... no worrries
<sommer> or if anyone else has comments/corrections that's cool to.
<itlime> Hey all. I know this is a loaded question, but i feel i must ask it anyways. I think Ubuntu would be a good choice to run my server on, however what do you think the downsides are of running it over Debian, or CentOS or FC?
<ivoks> over debian, centos and fc? none
<itlime> ivoks: over what platform would there be?
<ivoks> technically? none
<ivoks> but if you plan running oracle, or some other redhat-only supported software, then you might have problems with support for that software
<itlime> okay then. thanks
<madina-admin> 1
<jjesse> 2
<madina-admin> hi, can't find htpasswd2
<ivoks> it's htpasswd
<ivoks> and you should really use htdigest
<madina-admin> ivoks: can't find htpasswd too
<madina-admin> am on 710
<ivoks> then you didn't install apache2-utils
<madina-admin> apache2-utils is already installed
<ivoks> then you are lying :)
<ivoks> apache2-utils has /usr/bin/htpasswd
<madina-admin> oh! I was trying to install htpasswd2, then tried "apt-get install htpasswd"
<madina-admin> you could tell me that htpasswd is part of apache2-untils ppackage
<madina-admin> thanks ivoks
<ivoks> ?
<ivoks> i did tell you that
<madina-admin> misunderstood then
<madina-admin> :)
<ivoks> all right...
<madina-admin> security question, do I have to run "apt-get update" very often, or ubuntu update itself again security risk
<madina-admin> against
<ivoks> it doesn't do it automatically
<ivoks> but you can set it up to do it automatically
<madina-admin> how so?
<ivoks> apt-cache show unattended-upgrades
<ivoks> bye
<nealmcb> soren: I've hacked on https://code.edge.launchpad.net/~shawarma/ubuntu-jeos/trunk a little bit for qemu, and run into the fact that zip doesn't like files bigger than 2 GB, even ones with holes in them like opt.qcow2  And I don't see why folks would want a zip anyway.  how about putting the files in a directory instead?
<^robertj> I'm rebuilding grub inside a chroot and it gets stuck at http://www.pastebin.ca/762507, any ideas?
<^robertj> it doesn't bail, it just sits there
<zul> is /proc mounted?
<^robertj> zul: yeah, turns out it needs gawk, filing hte bug now
<^robertj> zul: new and more serious problem: parted and grub-2 differ as to what kind of partitioning schema is in use
<^robertj> grub swears its DOS, grub-2 says GPT
<^robertj> err sorry grub-2 sweras DOS, parted says GPT
<soren> nealmcb: The primary purpose was to have just one file to distribute. A tar.gz packged with -S would also be just fine.
<zul> soren: i take it there isnt xen-support for the script?
<soren> zul: Correct. Feel free to add it :)
<jamiejackson> i'm vpn'ed into work (networkmanager + its cisco vpn plugin)...
<jamiejackson> i don't seem to be using work's dns, the way i (think) i'm used to, as some machines aren't resolving
<jamiejackson> troubleshooting ideas?
<jdstrand> jamiejackson: this is really a question for #ubuntu
<jamiejackson> k, was sent here from there, i'll go back and leave you nice people alone :)
<^robertj> guided partitioning uses parted right?
<nealmcb> soren: seems to me that the most time-consuming part of the whole process is copying bits around, and having one more copy of the whole thing just in case someone wants to distribute a single file seems slow and wasteful.  I'd suggest that folks tar things up on their own if they want.
<nealmcb> in my case I just want to run it right away, so I'd then just have to untar it
<donspaulding> hello all, I have a box that connects to a host that has its IPV6 DNS records hosed, is there any way I can tell the box to ignore the lookup for the IPV6 records for just this host?
<nealmcb> donspaulding: what protocol are you connecting with?
<donspaulding> http
<nealmcb> what client?
<nealmcb> I don't know, but I'm guessing that it will be client-specific....
<soren> nealmcb: Right. The script was made to used for generatic the vm's centrally and distributing them, but I guess that's not the primary use case anymore.
<milestone> hi all. Is it possible to install i386 packages under ubuntu gutsy X86_64? Is there some i386 Compatibility Package?
<^robertj> does guided partitioning setup gpt automagically now?
<^robertj> btw, why is my server only showing with 12 gigs of ram instead of 16? is this some kind of new math I'm not hip to?
 * somerville32 laughs.
<Aw0L> kernel support maybe?
<Aw0L> is anyone familiar with the samba/windows domain guide: https://help.ubuntu.com/community/SettingUpSamba#head-09cdfc4509f08e6891f5f5a750b28a32218c592e ??
<Aw0L> or, even playing with samba and AD - how are idmap uid and guid 's generated?
<nealmcb> soren: some ubuntu-jeos-builder contributions:  https://code.edge.launchpad.net/~nealmcb/ubuntu-jeos/nealmcb
#ubuntu-server 2007-11-06
<hatter> i have a problem with gutsy (or the kernel i guess) not recognising rtl8169 chips
<hatter> it find the chipset then loads the r8169 module but then fails to run
<nealmcb> hatter: there are some tips on how to help track that stuff down at https://wiki.ubuntu.com/DebuggingHardwareDetection
<hatter> I also am suffering slowness on the network,  which i havent been able to pinpoint yet, every now and then it the wondows pc's lag, and clicking on a shared drive sits and waits 20 seconds to open
<hatter> nealmcb, thx, i will check
<nealmcb> soren: of course I'm a newbie in several of these packaging and jeos areas, so I'd welcome feedback on any aspect of that branch
<stainer> hi... anyone familiar with a free solution that would allow me to serve powerpoint presentations from a server, making me a hero at my office, possibly getting me a raise and allowing me to send my child to a nice university?
<Burgundavia> stainer: server powerpoint from a server?
<stainer> sorry
<Burgundavia> why not convert to html and then use apache?
<stainer> web server
<stainer> yes, I have gotten that far
<stainer> I would like to control the page changes
<stainer> rather than have each client do it
<Burgundavia> hmm
<stainer> maybe to much?
<Burgundavia> so you have a bunch of html already?
<Burgundavia> you could add JS to have to page reload on a timer
<stainer> ya, I converted a presentation and have it on my apache server
<Burgundavia> then add some JS and go nuts
<stainer> oh, you are assuming I have some kind of skills...
<stainer> :)
<stainer> setting the server up was somewhat of a stretch, although I have hosted a mean Counter Strike server before
<stainer> thanks a ton for the help though, Burgundavia, I had exhausted every place I knew to look.
<Burgundavia> stainer: look online for JS stuff
<Burgundavia> it shouldn't be too hard
<stainer> ok, I can do that... I can just cut and paste into the html... I can do that
<Burgundavia> onLoad or something is what youa re looking for
<stainer> this one --> Required. Specifies a JavaScript to be executed when the event occurs.
<Burgundavia> ah
<nealmcb> hmm - I never noticed this one before: https://edge.launchpad.net/ubuntu/gutsy/i386/linux-xen/2.6.22.14.21
<nealmcb> a xen kernel for gutsy
<ajmitch> what didn't you notive about it?
<ajmitch> that does look just like a boring metapackage
<nealmcb> ajmitch: I've just been playing with the jeos stuff, and hearing questions about xen, and am wondering if folks have gutsy xen vms with optimized kernels
<nealmcb> ajmitch: so what is the difference between that one and linux-image-xen?
<ajmitch> 'that one' is 24kB
<ajmitch> Depends: linux-image-xen (= 2.6.22.14.21), linux-restricted-modules-xen (= 2.6.22.14.21)
<ajmitch> it just pulls in stuff that's useful
<nealmcb> ahh - so the "complete" kernel pulls in restricted modules that the basic kernel image doesn't
<ajmitch> it's a metapackage, so it only exists to depend on others
<nealmcb> but my basic interest is in how e.g. the xen image differs from the virtual image (which is being used by ubuntu-jeos)
 * ajmitch shrugs
<nealmcb> soren: ^ on linux-image-xen vs linux-image-virtual
<ajmitch> zul_ is probably the one to ask about xen stuff
<c1|freaky> is there any good backup solution with a tutorial availabe for ubuntu 7.10 ... maybe with duplicity
<c1|freaky> ?
<m11> hi all
<kraut> moin
<Aw0L> I'm trying to join a domain with samba, but keep getting this: 'm trying to join a domain and keep getting this error: http://pastebin.ca/763437
<Aw0L> my FQDN seems to be correct
<sommer> Aw0L: have you configured kerberos?
<Aw0L> sommer, yes, and I believe it's done correctly
<Aw0L> after kinit, klist shows a ticket and expiration time
<Aw0L> does say no tickets are cached thought
<sommer> and you've setup the "administrator" account with smbpasswd ?
<Aw0L> umm...nope apparently
<Aw0L> the guide didn't mention that :)
<sommer> you might give it a try then try the net ads join command again.
<sommer> Aw0L: you might also check out this section of the Samba guide if you haven't: http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/domain-member.html
<Aw0L> thanks
<nealmcb> is there a server team meeting this morning in 20 minutes?  it is scheduled on the server team wiki, but not in the topic on #ubuntu meeting.  Or are too many people involved in the canonical all-hands meeting?
<sommer> nealmcb: wondering that myself
<nealmcb> dendrobates: howdy.  meeting today?
<nealmcb> dendrobates: i.e. server team meeting 18 minutes ago?  or too busy with all-hands?
<dendrobates> nealmcb: sorry we should have cancelled that.
 * nealmcb nods
<Centaur5> Why would I not be able to login via console on an LTSP client?  (I do have one other client working 100%)
<nealmcb> Centaur5: what version? how do the clients differ?  Perhaps the user is in /etc/passwd on one and not the other?
<Centaur5> nealmcb: The clients only differ in hardware.  I've tried logging in using the 3 users that I have setup and none of them work.  I tested those users on the working client.  I'm running Gutsy LTSP 5.0.39.
<Centaur5> that was weird, I'll post again
<Centaur5> nealmcb: The clients only differ in hardware.  I've tried logging in using the 3 users that I have setup and none of them work.  I tested those users on the working client.  I'm running Gutsy LTSP 5.0.39.
<nealmcb> Centaur5: I forget how ltsp works, but wouldn't be surprised if you have the users configured on one machine but not the other.  or is ltsp supposed to share one passwd file among all clients?
 * nealmcb thinks back and suspects that the passwd file is indeed shared....
<Centaur5> I thought all the users shared between clients.
<nealmcb> anything in /var/log/auth.log?
<nealmcb> Centaur5: bryang knows lots more about it....
<Centaur5> I grabbed another old machine and I'm testing it now.  Same problem.
<bryang> Centaur5, you are having login problems ?
<Centaur5> yeah
<bryang> edubuntu (or just ltsp), and what version ?
<Centaur5> I'm not seeing any activity in auth.log
<Centaur5> LTSP installed on Xubuntu gutsy
<Centaur5> 5.0.39
<bryang> had you done any patching (and did you rebuild the chroot), plus update the ssh-keys ?
<Centaur5> The only working client is running on SIS video chipset while the other 2 that won't load X are intel.
<Centaur5> I didn't patch anything and I did update the keys a couple times to try testing that.
<bryang> there has been a fair amount on that topic in the edubuntu-users mailing list -- have you scanned that ?
<Centaur5> I've been googling for hours but I haven't tried the mailing list.
<bryang> https://lists.ubuntu.com/archives/edubuntu-users/
<bryang> so is that the clients don't load X, or that you can't login (or both) ?
<Centaur5> It's both, they don't load X so if I hit Ctrl-Alt-F1 then I try to login it doesn't accept anything.
<bryang> when you go into text mode, any useful info on the screen ?
<Centaur5> It just lists the IP addresses from the DHCP server and the negotiation size
<bryang> so no errors/warnings, right
<Centaur5> nothing that looks bad
<bryang> and the login you are attempting is a local (as in /etc/passwd) one ?
<Centaur5> yes
<bryang> which does work on the server, correct
 * bryang apologizes if this is lots of rehash, I joined late in the conversation
<Centaur5> Yes, those logins work on the server and on my LTSP client that has SIS video chipset.
<bryang> and on the clients that don't have X, no login works at all ?
<Centaur5> That's okay, after my hours of diagnosing I'm glad to have help.  :)
<^robertj> are the items in the partner repository packaged by 3rd partys as well?
<Centaur5> ^robertj: If that question is intended for me I do not know what you're referring to.
<^robertj> Centaur5: was just a general question, I was wondering where the hold up with vmware-server was
<Centaur5> I just tried a 4th client and this one doesn't have intel chipset but VIA and I still don't get X and can't login via console.
<bryang> so server (with what graphics chipset) and SIS video clients do GUI/X, but nothing else you have tested ?
 * musashi1 joins in the discussion. anyone want to recap?
<bryang> and nothing besides server is allowing logins ?
<bryang> musashi1, will send you log of what I have heard
<musashi1> okay
<Centaur5> Correct, I only have one working client that has SIS chipset and the other 3 tested clients (2 Intel 1 VIA) have no video or login capabilities.
<bryang> and SIS client does (or does not) allow logins
<Centaur5> Yes, the working client can login to all 3 accounts I created and runs everything fine.
<musashi1> sorry if i'm rehashing but do they fail to log in with some sort of error or just a black screen and then maybe returned to the login screen?
<Centaur5> They just say "login incorrect" and return to the login prompt
<bryang> does your SIS client have higher res capabilities than the others (in other words were these clients known to work in previous LTSP setups) ?
<Centaur5> I've never tested the 3 non-working clients with an alternate LTSP server.
<musashi1> oh, yeah, we did have that issue. i'm not sure this is due to graphics chips (though i'm no expert). the black screen was a video card problem.
<musashi1> trying to remember what the fix was for us
<bryang> we had two video cards on those systems, tho correct ?
<musashi1> right, switch cards and it worked
<musashi1> but we didn't get the "login incorrect" error in this case
<Centaur5> So do you want me to test a PCI video card instead of onboard?
<bryang> Centaur5: anything similar for you (multiple graphics cards)
<musashi1> you could
<musashi1> in my case, moving back to the on board fixed it
<musashi1> but like i said, we didn't have the same symptoms with respect to video card problems. yours sounds like a problem in the setup (bryang is the expert there)
<musashi1> bryang: i got this error on the set up where where we pulled the pci-e nics and then added one back and configured it. in that case i got the couldn't login errors
<musashi1> the fix involved rebuilding the kernel (though i don't remember the commands)
<bryang> musashi1, couldn't quite recall the time sequence, thanks for joining/helping
<musashi1> not sure it's the same issue...
<musashi1> i just don't think you would get a "login incorrect" error because of the video card
<musashi1> the real experts on this are in #edubuntu
<bryang> nope, Centaur5 has two problems tho
<musashi1> oh
<Centaur5> okay, installed PCI card in and I now have video and login on that machine
 * musashi1 welcomes Centaur5 to the club :)
 * bryang nods in agreement with musashi1 re: experts
<bryang> so Centaur5, good to go on a previously non-working client ?
<Centaur5> Which makes me rather upset because I already tested with a different PCI graphics card 2 days ago.
<musashi1> which problem did this fix?
 * bryang thinks have multiple graphics cards is causing issues
<nealmcb> Centaur5: that is scary - that login on console would fail because of the video card....
<Centaur5> bryang: Yes sir, which is actually the only other one I cared about cause I only want 2 clients I was just testing with other old machines.
 * nealmcb wonders what light #edubuntu folks could shed
<Centaur5> If you want any further info for possible bug reports though let me know how to capture it and I'll help out.
<bryang> if you get a minute, you might just want to post the situation/resolution to edubuntu-users mailing list
<Centaur5> I am rather shocked the video card causes everything else to fail.
<musashi1> yeah, i don't see the connection
<bryang> on the other non-working client, can you just swap the video cable to the "other" card
<Centaur5> The first PCI card I tested in this machine was an SIS chipset as well and it still didn't work.  The PCI video card that just made it function is an nivida geforce 4
<bryang> we saw examples of built-in doing "boot" duties, and then pci card doing the X (so probably related to device enumeration)
<musashi1> that would make sense if you had more than one but did he have more than one at first?
<Centaur5> no, I was always attempting to use the onboard (I only have 3 PCI video cards on hand but now 2)
<musashi1> but were any other cards install (even if unused)? if not, i don't see why enumeration would be an issue if there is just one
 * bryang agrees 
 * musashi1 feels validated :)
 * bryang must have read two graphics cards all along
<musashi1> so the computer is seeing things that aren't there? we are heading into a scary future...
<Centaur5> I disabled every integrated device except for LAN and video but the intel video wouldn't work apparently.
<Centaur5> I also didn't have any other expansion cards plugged in.
<bryang> btw, Centaur5, what intel video are we talking about ?
<Centaur5> bryang: MSI MS-6351 with Intel 815E chipset is the machine that I was most interested in.  Do you want info about the other 2 test clients I tried that had intel?
<bryang> sure
<bryang> then maybe I can find some local clients to test with
<Centaur5> It appears the other machine that is a gateway has Intel 815 as well but I don't have a motherboard model #.
<Centaur5> The Compaq with VIA VT8235 also didn't work.
<musashi1> i'm not convinced this is a video card issue. all those chips have good support. however, if changing the video card fixes it then you can't argue with that.
<musashi1> well, not sure about that specific VIA
<Centaur5> I'm very shocked as well and I'm sure that there is something more to it.  That's why I provided the MB model # for the MSI so you can check it out.
<Centaur5> Oh, I did forget that I left onboard audio enabled on the machines but all serial ports, parallel ports, ide controller, etc were disabled.
<cwill747> so i'm trying to hook up the ubuntu server for the first time... and need to partition my hard drive. how much space does the server need?
<fujin> Anyone hear familiar with ldap authentication?
<fujin> I need to work out what is causing this
<fujin> http://rafb.net/p/NCQ20Q67.html
<Centaur5> Thanks everyone for the help getting my LTSP up and going.  I'll give the mailing list information about it later on.
<bryang> thnx Centaur5
<sommer> fujin: can you bind to your LDAP server using any user?
<fujin> sommer: I can ldapsearch -x cn=aj from the user aj
<fujin> http://rafb.net/p/bbIkA099.html
<fujin> That what you mean?
<sommer> fujin: pretty much.
<fujin> well then, yes ;)
<fujin> I'm not sure what could be causing this. going to check permissions on all my files
<sommer> fujin: yep... you might try this: http://blog.herbertm.ca/articles/2007/06/04/libnss-ldap-conf-permissions-bug
<sommer> seems similar to what you're experiencing
<fujin> Heh
<fujin> yep, I'm a tard.
<fujin> chmod a+x /etc/libnss-ldap.conf
<fujin> winner!
<sommer> fujin: party!
<fujin> thanks dude
<sommer> np
<cwill747> anybody know how much space a server needs for the partition?
<sommer> cwill747: which one?  pretty much depends on what you want to do with the server
<cwill747> sommer: Well i was just experimenting (i'm not very good with servers) but was trying to install the ubuntu 7.10 server
<sommer> cwill747: ah... if you're going to put everything under on partition I'd recommend at least 4G.
<sommer> the actual install will only use a couple hundred megs, but you'll want to add other things :)
<cwill747> sommer: Thanks a lot
<sommer> np
<cwill747> I really wanted to access it from school (PuTTy) but just wanted to set it up first
<somerville32> cwill747, You might set up your ssh server on port 80 than incase they have the ssh port blocked
<sommer> hey somerville32
<somerville32> hi sommer :)
<cameron_> yeah that's probably a good idea
<sommer> kind of cool how the doc discussion has kept going
<nxvl> i'm not sure about the way to work on LP: #45944
<nxvl> cause it's a little difficult to decide wich aplications won't make a sysadmin be angry if they are installed by default
<nealmcb> bug 45944
<ubotu> Launchpad bug 45944 in ubuntu-docs "Ubuntu Server Guide Not Installed On Servers" [Medium,Triaged] https://launchpad.net/bugs/45944
<nealmcb> nxvl: yeah - I know what you mean.  but I think a small text-mode web browser like lynx or w3m is sort of like vim these days - too small to worry about.  if I knew which one :-)
<nxvl> nealmcb: mmmm, honestly i will prefer to have it in an info file
<nealmcb> yeah - there is certainly precedence for that....
<nealmcb> and info is small and won't involve "network client" risks
<nxvl> yep
<nxvl> that's what i mean
<nxvl> :D
<nxvl> you have to keep in mind that most of the sysadmin are paranoic people
<nxvl> like me
<nxvl> :D
<nxvl> and i will really hate to have a lynx or w3m installed on one of my servers, thats why i have ssh and a desktop
<nealmcb> so what do folks think of installing the server guide in texinfo format, and installing info by default?  bug 45944
<ubotu> Launchpad bug 45944 in ubuntu-docs "Ubuntu Server Guide Not Installed On Servers" [Medium,Triaged] https://launchpad.net/bugs/45944
<somerville32> +1
<nxvl> +1
<sommer> +1 from me as well
<nxvl> i have also send and e-mail to the list, so we can discuss it there, and more people can make an opinion
<nealmcb> nxvl: good
<fujin> meh
<fujin> do not want
<fujin> extraneous bloat
<nealmcb> it could also be a tasksel option (guide plus info browser).  it would help to know the total size
<somerville32> Omgz
<somerville32> Bloat?
<somerville32> You guys have lots of room in your image :P
<fujin> lawl
<fujin> but it's a waste
<fujin> I've never used it
 * somerville32 doesn't care.
 * kgoetz looks at bug
<kgoetz> is texinfo == 'info' command?
 * kgoetz hates that tool
<fujin> It's a little friendlier than man
<fujin> the sub-menu thing is cool
<fujin> the only time I've ever used it is info glibc "Name Switch Service"
<kgoetz> its not my friend :(
<somerville32> kgoetz, It doesn't bite.
<kgoetz> somerville32: i find it har to navigate
<nealmcb> kgoetz: well anyone can browse the stuff with another browser and format.  but what format should be shipped on the server install - that is the question, and I don't see better options
<nealmcb> and I do like info....  which uses texinfo format....
<Bambi_BOFH> frigging
 * Bambi_BOFH hates you internet
<Bambi_BOFH> no idea what causes the resets either :(
#ubuntu-server 2007-11-07
<hatter> i am having problems with slow samba responsiveness on two new 7.10 boxes,  both in different locations, when on debian they were fast, i cant see any differences in the smb.conf, anyone got any clues ?
<fujin> so, I'm working on a ldap central authentication thingy, have installed sudo, but having this issue: sudo: uid 2000 does not exist in the passwd file
<fujin> obviously the user is provided by sudo
<fujin> and the uid is not in the passwd file at all
<sommer> fujin: you mith gry this: http://lists.freebsd.org/pipermail/freebsd-questions/2006-July/125900.html
<sommer> *try
<ScottK> sommer: Got a sec for Postfix docs?
<sommer> ScottK: sure
<ScottK> OK.
<ScottK> The troubleshooting section is um, basic.
<sommer> too basic?
<ScottK> It's not really troublshooting, it's getting postfix out of the chroot.  That's often the first step, but it's not actually troublshooting.
<sommer> true... but I wasn't sure what other section to fit it in
<sommer> what would you go with?
<ScottK> sommer: Do you use Postfix?
<sommer> ScottK: I'm getting ready to implement it as a virus/spam scanner
<ScottK> OK.
<ScottK> What are you going to use?
<sommer> Amavisd-new... I think you recommended it a couple of months ago
<sommer> or I asked you what you recommend anyway
<sommer> currenlty I'm using MailScanner... Amavisd-new is quite better so far
<ScottK> Gah.  Stop.
<sommer> MailScanner with sendmail I should say
<ScottK> MailScanner on Postfix is evil.
<ScottK> Ah.
<ScottK> Different story
<sommer> I think the goal of the System Docs is to be as concise as possible without getting into too much detail...
<ScottK> What you should do, I think, is write a more detailed doc as you go.
<sommer> is there more to the Troubleshooting section I should add?
<ScottK> Yes, but it's hard to explain simply.
<sommer> I submitted a pretty detailed patch to the PHP section a while back and ended up condensing the whole thing to one sentence
<sommer> ScottK: I totally agree... I'd like to see more detail in a lot of the chapters
<ScottK> Maybe we need a meta discussion on server docs before we write stuff then.
<ScottK> Personally, I think there ought to be enough to get things running, troubleshoot basic problems, and ask intelligent questions when you get stuck.
<sommer> ya currently there's a lot of discussion going on about the Server Guide... not sure if you're on the Doc ML
<ScottK> I'm not.  I'm on the server ML.
<sommer> I think some threads have been on the server ML started by jjesse.
<ScottK> Yes, I've read those.
<ScottK> This Postfix server you're setting up, is it to both send and receive mail?
<sommer> yep, then relays to the mail store server
<sommer> in the past the it was all done on the same server, and there were times when MailScanner/spamassassin would kill access
<sahafeez> okay, dumb question - how do i stop things from starting on boot
<sahafeez> like apache
<sommer> sahafeez: update-rc.d -f apache remove
<sahafeez> okay, and same sorta thing to put it back
<sahafeez> why every version of linux does it differently...
<sommer> sahafeez: update-rc.d apache defaults
<sahafeez> cool thanks. i will look at the man for that - or the docs.
<sommer> sahafeez: np... the man page is probably your best bet
<sommer> ScottK: what else do you think we should add to the Postfix chapter?
<ScottK> sommer: What I was thinking (if you'd be willing) would be to set up a complete Gutsy version of the nominal mail server config we will recommend for Hardy and then remove the MDA.
<sommer> ScottK: sure I'm willing... I'm fuzzy about what you mean by "nominal mail server" though
<sommer> there's just so many ways to setup a mail server... heh
<ScottK> I think it's Postfix + Dovecot SASL, Dovecot for MDA, Amavisd-new + SpamAssassin/Clamav
<ScottK> So for your config you'd need all that except the Dovecot MDA
<ScottK> Right, so we want to get complete instructions on ONE way to do it that works.  People are free to do others.
<jjesse> evening
<ScottK> Evening.
<sommer> I'm with ya... I wrote up a Dovecot SASL guide a while back: https://help.ubuntu.com/community/PostfixDovecotSASL
<sommer> jjesse: sup
<ScottK> sommer: The reason I suggest this approach is the person who's new to it is the person that needs to do the docs.
<sommer> ScottK: totally
<jjesse> sommer: just packing for next business trip
<jjesse> whats the topic?
<ScottK> Mail server docs
<sommer> jjesse: if you're not aware ScottK is a Postfix guru
<ScottK> sommer: You should also cover setting up TLS, including rolling your own certs.
<ScottK> Guru is putting it to strongly.  I'm a moderately advanced user.
<sommer> sure... I believe that's already covered.
<sommer> heh... more guru than me
<sommer> self signed certs anyway
<ScottK> That's all you really need.
<jjesse> ScottK: wasn't aware of that
<ScottK> jjesse: Which?
<jjesse> your a postfix guru :)
<sommer> so I think the major section to add is Amavisd-new + SpamAssassin/Clamav
<sommer> and Dovecot SASL... that also clears up the possible saslauthd chroot issue
<ScottK> sommer: Yes.
<ScottK> sommer: I'd also do a section on supporting E-mail authentication technologies (I'm thinking SPF and DKIM - I've done the SPF bit and made sure the DKIM milter is packaged well).
<sommer> I was wondering for a program to use Cyrus SASL or Dovecot SASL it needs to link to the libraries during compile time doesn't it?
<ScottK> Postfix should be configured to work with either.  If it isn't, that's a bug in the Debian package.  Upstream supports it.
<sommer> ScottK: Postfix is since Dapper at least
<ScottK> OK.
<ScottK> I've not tried Dovecot SASL yet, so I didn't know.
<sommer> I don't think that many programs are capable of using Dovecot SASL
<sommer> postconf -a is the command I came accross
<ScottK> Sure enough.
<ScottK> sommer: I think we should pick one SASL as the one we document.  If it's reasonable, I think it should be dovecot since that's the supported MDA.
<sommer> ScottK: I agree
<sommer> I'll start reworking the Postfix section... maybe we add the SASL discussion to the next server team meeting agenda
<sommer> get more opinions anyway
<ScottK> We discussed it a little at UDS.
<sommer> oh ya... I was listening in.
<ScottK> We also discussed promoting amavisd-new to Main for Hardy.
<ScottK> That was me you heard whining about that then.
<ScottK> Now you know what I sound like.
<sommer> heh... that discussion was a little in and out I think... wasn't it toward the beginning of the weak?
<ScottK> Yes.  I was just there Mon/Tues.
<sommer> the sound got better around Wed
<ScottK> Figures
<sommer> heh... I'll start working on the Postfix section and add a "mail hardening" section
<ScottK> OK.
<jjesse> sommer: two questions 1. Do you have the bzr branch downloaded 2. do you have commit rights?
<ScottK> You might look at the postfix mailing list before you post ... instructions for stuff to put into troubleshooting.
<sommer> jjesse: yep I've downloaded, but I don't have commit rights
<jjesse> sommer: ok we can work on that, i can commit the diff
<sommer> jjesse: cool
<jjesse> jjesse at ubuntu dot com
<sommer> ScottK: sure, is there any troubleshooting tips you use often?
<ScottK> Read your logs and find the first sign of trouble, not the last is the first thing.
<ScottK> Particularly mail.err and mail.warning.
<sommer> heh... logs I'll definitely note that
<ScottK> Take it out of the chroot is antoher good thing to do.
<ScottK> sommer: Postfix is very meticulous about logging.  If it's not logged, you can be pretty sure it didn't happen.
<sommer> jjesse: I submitted a patch with updates to the Mail chapter yesterday... if you want to review that
<ScottK> Where to go for help is another thing to include.
<sommer> ScottK: is there any special Ubuntu channels or ML for Postfix?
<ScottK> Here and the server ML.
<sommer> ah, sure
<sommer> will include those, good pint
<sommer> * point
<ScottK> Since Wietse and Lamont have some agree to disagree points about how Postfix is packaged, it's important to come here for help first.
<sommer> heh... it's pretty cool to have someone so involved with Postfix also involved with Ubuntu
<ScottK> One of the big points why Ubuntu is my distro is that Postfix is the MTA of choice.
<sommer> I like it better than Sendmail daily!
<sommer> ScottK: I appreciate your input, stand by for updates.  I can probably have something worth more review by this weekend.
<sommer> jjesse: I'll send you a diff as well
<ScottK> It'll grow on you even more.
<ScottK> sommer: I strongly recommend "The Book of Postfix" is you don't have it.
<sommer> yep, I think I've seen you recommend it before so I picked it up... the SMTP AUTH chapter really helped me understand how SASL fits into Postfix
<ScottK> I was had a lot of trouble until I had that.
<ScottK> Just imagine the last line is correct English please.
<sommer> heh... I got your meaning
<sommer> jjesse: are we commiting to the bzr branch now?
<jjesse> sommer:  yes sir
<jjesse> wow laughing at SMTP AUTHO and SASL and Postfix all in one sentence
<sommer> strong work, huh
<Bambi_BOFH> hi all. anyone here familar with dspam configuration?
<sommer> Bambi_BOFH: not I... sorry
<Bambi_BOFH> np. i'll hope #dspam comes to life
<fujin> smtpauth/sasl/postfix is ez
 * lamont waves
<ScottK> Heya lamont.
<manchicken_> Anybody know if the default mysql-server package is compiled with --with-innodb?
<somerville32> I'd suggest #ubuntu-devel
<ScottK> Heh.
<lamont> actually, I'd go look at the build log... :0)
<ajmitch> hehe
<ajmitch> considering that I use innodb tables all the time on ubuntu, I'd be surprised
<manchicken_> heh
<manchicken_> ajmitch: Okay, so how do I configure innodb to be my default?
<manchicken_> My client is using innodb and it looks like Rose::DB is barfing as a result of this not being a Rose setup.
<manchicken_> Err, innodb setup.
<manchicken_> (client meaning business client, not mysql client)
 * ajmitch does not know what that Rose::DB is checking for
<manchicken_> It looks like it's looking for some .frm file.
<manchicken_> Does that sound like something that would be innodb specific?
<manchicken_> Ooh, it looks like it might be
<manchicken_> That's it alright.
<manchicken_> So, ajmitch, how do I make innodb the default engine?
<manchicken_> https://help.ubuntu.com/community/InnoDBUnderUbuntu <-- that looks like I'm not the only one having this problem...
 * ajmitch has always just specified table type at creation
<ajmitch> so, that's saying it's a config issue
<ajmitch> I admittedly don't have a default config here
<manchicken_> Yeah...
<manchicken_> but can you help me config it?  Pwetty pweez?
<ajmitch> didn't that page answer it?
<ajmitch> comment out skip-innodb iff it's there
<manchicken_> Hmm...
<manchicken_> that's commented out in my my.cnf...
<ajmitch> and you created tables with the innodb option set?
<manchicken_> It said it was disabled... but that was after I tried installing this enterprise version that my client gave me.
<manchicken_> I'm trying to wipe it out and put on the default version again.
<ajmitch> good luck
<manchicken_> Why can't people make deb packages for stuff?
<manchicken_> It's really not that hard.
<manchicken_> And it looks like MySQL's enterprise tarball was configured to work with a debian build, they just had some weird stuff in their ./debian/rules file.
<ajmitch> enterprise tarball?
<ajmitch> I thought you were using the default ubuntu setup
<manchicken_> I'm going back there.  My client is trying to talk me into using the enterprise thing.
<manchicken_> They're on redhat, which is MySQL has an rpm for.
<manchicken_> I'm trying to figure out how to make innodb the default now...
<somerville32> Do you need postfix to send mail?
<somerville32> Or is there something simpler I can install?
<sommer> somerville32: I use ssmtp with mutt for that purpose
<sommer> actually wrote a short guide about it today: https://help.ubuntu.com/community/mutt
<sommer> heh
<somerville32> This is on... hoary
<somerville32> lol
<somerville32> I'm trying to remove postfix and it wants to remove:
<somerville32> anacron at lsb mailx mutt postfix postfix-tls ubuntu-base
<sommer> mmmm... you could also try msmtp
<lamont> somerville32: hoary support ended a year ago...
 * manchicken_ curses loudly.
<lamont> all of those packages Depend: mail-transport-agent
 * lamont wanders
<pschulz01> sommer: Does ssmtp support any DEBCONF options?
<manchicken_> I just learned a very valuable lesson on how to ignore a client when they tell me that I have to install a certain version of a program without knowing why it's better than the default Ubuntu one.
<somerville32> I can't install ssmtp :/
 * somerville32 installs exim
<sommer> pschulz01: I'm not sure... probably not
<sommer> pschulz01: as in dpkg-configure?
<pschulz01> sommer: Yes..
 * sommer checking
<pschulz01> sommer: Would mean that it can be 'pre-seeded'
<sommer> pschulz01: actually I think it does... dpkg-reconfigure worked
<sommer> nice
<pschulz01> sommer: I'm getting rejections from my 'hub' as it expects the sender to be fully qualified.. eg root@hostname doesn't work.
<sommer> pschulz01: did you set the hostname setting in /etc/ssmtp/ssmtp.conf?
<sommer> does the mailhub require a correct fqdn?
<pschulz01> sommer: yes.
<pschulz01> sommer: (To your second question)
<sommer> can you use SMTP AUTH with the hub?
<pschulz01> sommer: OK.. I set FromLineOverride=YES
<pschulz01> sommer: This caused the From line NOT to be overwritten..
<sommer> that works too... heh
<sommer> well I'm going to cash in for the night... later all
<pschulz01> sommer: Goodnight.. noice doco :-)
<Bambi_BOFH> later mate
<Bambi_BOFH>     exec 1>/etc/ssmtp/ssmtp.conf
<Bambi_BOFH> that looks a really odd way to create a file, but seems to work :) never sen that done before
<kraut> moin
<CyberMad> i want to create document storage with folder permission.. i did this on microsoft windows 2003 server on my company and i want replace it with Ubuntu, well i want user can access through samba, example: use map network drive and must enter their username & password, if not.. only have access as guest.  I want the folder permission is inheritance to its subfolder, but i can set individual permission on its subfolder. How to do that? I want to manage
<CyberMad> does OpenLDAP suitable to my need?
<CyberMad> or just SAMBA ?
<oly-> CyberMad, its far simpler to just use samba, if your just doing file sharing
<newbie23> hi there :-)
<newbie23> can somebody please tell me:
<newbie23> a. how I change the resolution of the terminal which is 80x25 to something like 132xxx using no gui
<newbie23> b. is it possible to add more consoles as it is under suse using ALT-1 to ALT-6
<newbie23> thanx
<MekApelsin> what's the system requirements for gutsy-server? Shortly, what's the worst machine it will install on?
<MekApelsin> especially interrested in ram use...
<newbie23> I just installed it on a 200mmx 64MBram
<MekApelsin> sounds nice
<MekApelsin> thanks
<MekApelsin> tinking about a 300mmx 64mb :D
<newbie23> I just started it day before yesterday with minimal setup and now I have apache (without php mysql) and a torrent client running
<newbie23> next I will try is seting up mysql and php (but I dont expect to much
<MekApelsin> so the server install let you choose between ubuntu-standard or ubuntu-minimal as the metapackage?
<newbie23> no it installs just the basic system almost by itself then after rebooting you just use the installmanager and add the progs you want
<CyberMad> oly- are you there?
<CyberMad> so what OpenLDAP suits to?
<MekApelsin> newbie23: does it install the metapackage ubuntu-standard and ubuntu-minimal or only ubuntu-minimal?
<newbie23> I think its minimal
<MekApelsin> newbie23: you can check by running aptitude search ubuntu-standard
<MekApelsin> if there is an i at the start of the line it is installed (you probably know that already, but anyway :D )
<newbie23> i dont know how to search in apti
<MekApelsin> it is easy, you just write " aptitude search ubuntu-standard " in a terminal
<MekApelsin> it include stuff like iptables
<oly-> CyberMad, ldap is basically a database, its good for large networks and for authenticating other services
<oly-> a lot of web apps will tie in with ldap, so you manage all your users in one place,
<MekApelsin> you got wget, iptables, nano and file in ubuntu-standard
<oly-> active directory uses ldap to store its users and groups
<newbie23> just found out yupp its standard
<oly-> samba is far easier to use with out it, especially if you do not know ldap
<MekApelsin> newbie23: thanks for checking it out for me :D
<newbie23> your wellcome :-)
<newbie23> have a nice day
<newbie23> can somebody please tell me:
<newbie23> a. how I change the resolution of the terminal which is 80x25 to something like 132xxx using no gui
<newbie23> b. is it possible to add more consoles as it is under suse using ALT-1 to ALT-6
<newbie23> thanx
<somerville32> newbie23,
<somerville32> ctrl + alt + F#
<newbie23> thx my keyboard sucks with the left strg so it didn't work can I change it to only use alt instead
<zul> yay i have xen-3.2 packaged for hardy
<Nafallo> woha
<Nafallo> kewl
<Runithad_> mmmmmmmm
<Runithad_> xen
<ScottK> lamont: Is there any reason not to go ahead and sync postfix from Debian?
<juliux> does somebody knows how i can send mail that matched a maildrop filterule to an other mailaddress?
<stiV> hi everyone! i have a small problem w. aptitude. i have my own mirror for many servers with many of my own packages and many adapted packages (this works fine!). there are many machines using that server to keep up-to-date by issuing "aptitude -y dist-upgrade" in a cronjob. i test everything thourougly (man how is that word written right? sry, i'm native german), so i do know this command is dangerous, but i need it that way
<stiV> Configuration file `WHATEVER/WHEREEVER'
<stiV>  ==> File on system created by you or by a script.
<stiV>  ==> File also in package provided by package maintainer.
<stiV>    What would you like to do about it ?  Your options are:
<stiV> [options, y i n o d z]
<stiV>  The default action is to keep your current version.
<stiV> [WHICH I DONT NEED!]
<stiV> *** ttyS0 (Y/I/N/O/D/Z) [default=N] ?
<stiV> is there a way to get this to default with Y and continue without interaction?
<stiV> [interaction is not possible, since this is called via cron]
<stiV> the command is called w. DEBCONF_FRONTEND=noninteractive DEBIAN_FRONTEND=noninteractive, but that doesn't help
<stiV> i would really appreciate any idea ... i'm running out :-|
<ivoks> it's insane to do this automaticaly
<ivoks> really insane
<ivoks> look at apt options, maybe there is some switch to make it automatic
<ivoks> i've never think about doing it automatically
<stiV> i know, but ALL the servers are installed the SAME way, and as i said - i test everything before deploying
<ivoks> do you know what it asks you?
<ivoks> it says 'you configured your stuff like this, but there is a change in configuration'
<ivoks> and you want to overwrite your changes?
<ivoks> or maybe leave your changes and possibly make service unavailable
<ivoks> check apt_preferences or apt.config
<ivoks> or something...
<ivoks> bye
<stiV> i always put the config files preconfigured in the package, since ALL the machines have the same config files. the settings that need to be adapted are always being adapted by some other systems that create them for me --- so i don't care whats there in the first place, since it has to be created a few seconds later ...
<stiV> thanks i'll have a look
<stiV> i'm using aptitude ... not apt-get
<stiV> i found it ... dpkg has an option "--force-confnew"
<^robertj> I've been told I need to change the type on my gpt legacy container before I can run grub, but changing it makes it unmountable so that I cant mount the thing to install grub
<lamont> ScottK: no reason not to sync postfix
<fujin> so, anyone an iptables expert?
<fujin> I've got correct accept lines, but it's getting down to my log/drop at the bottom
<fujin> using state
<ScottK> lamont: Would you please ack Bug #160830 and subscribe ubuntu-archive?
<ubotu> Launchpad bug 160830 in postfix "Please sync Postfix from Debian Unstable (Main)" [Undecided,New] https://launchpad.net/bugs/160830
<lamont> ScottK: ok
<lamont> ScottK: and done
<ScottK> lamont: Thanks.
<lamont> ScottK: bug 127555: stopping twice is fine. :-)
<ubotu> Launchpad bug 127555 in postfix "package postfix 2.4.3-1ubuntu1 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Undecided,Incomplete] https://launchpad.net/bugs/127555
<lamont> I think we can call that one fixed.
 * ScottK looks
<lamont> 2.4.6-2 will have 35329 and 135851 fixed as well
<ScottK> Great.
<lamont> oops.  maybe I was unkind on bug 160176
<ubotu> Launchpad bug 160176 in bind9 "L.ROOT-SERVERS.NET record needs an update" [Low,Fix committed] https://launchpad.net/bugs/160176
<newbie23> now I wanted to restrict the access by putting a .htaccess file in the www directory same as I found it in my xamp installation on windows (Auth Basic etc),  created the passwordfile with htpasswd, changed the AllowOveride from None to All in /etc/apache2/sites-available/default, restarted apache accessed the side and got a 500 err, I read the apache docs at least I tried to understand but...
<newbie23> I installed the apache-worker and it works fine,
<newbie23> ...it seams I can not wrapp my brain around it successfully :-(
<newbie23> any pep-talk available?
<maff> anyone doing clustering with 7.10?
#ubuntu-server 2007-11-08
<newbie23> maff: not yet but I am really interested can you give me any hints how I could start in that field
<fujin> lol
<sommer> ScottK: I have an update to the Postfix section, is it cool if I email it to you for review?
<somerville32> sommer, Is it a doc?
<ScottK> sommer: Sure.
<ScottK> Might be the weekend before I get to it.
<sommer> somerville32: it's the generic/server/C/mail.xml file
<sommer> ScottK: no problem
<somerville32> sommer, Why not send it to ubuntu-doc/ubunt-server for review too?
<sommer> somerville32: yep, I was planning to, but ScottK isn't on the doc ML :)
<somerville32> Silly Scott
<sommer> it's pretty big... covers parts of every section of the mail chapter
<ScottK> Not at all.  I'm uninterested and unqualified to deal with virtually all docs.  For the ones I am, it's not worth the mail.
<ScottK> sommer: As long as it's under 10MB, send it.
<somerville32> ScottK, I agree.
<sommer> ScottK: 44k
<ScottK> That should be fine.
<sommer> you'll probably need yelp to read it, I seem to remember you use Kubuntu?
<ScottK> I do.
<ScottK> Please mention that in the mail.
<sommer> sure
<sommer> somerville32: do you know a way to extract/render part of the guide into html?
<somerville32> sommer, Yes.
<somerville32> Why not just build the entire server guide and then just send him that page?
<sommer> somerville32: I did that, but the make command didn't render my changes into html
<sommer> does that make sense?
 * somerville32 notes that his lights in his room are flicking.
<sommer> or wait maybe I'm browsing to the wrong page
<somerville32> Are you looking in build/ ?
 * somerville32 just noticed that the xubuntu-docs don't build anymore.
<sommer> somerville32: yep, build/index.html
<sommer> gives me links to to serverguide
<somerville32> But the page you are looking for isn't in there?
<sommer> somerville32: it is, but not my changes
<sommer> somerville32: not a big deal I'll just send an xml file
<sommer> and a diff to the ml
<somerville32> Are you doing make all ?
<sommer> somerville32: yep make from the top level directory
<somerville32> Try make web
<sommer>  No rule to make target `web'
<somerville32> sommer, Your makefile is different from the other doc branches
<somerville32> sommer, Where is the bzr branch located?
<sommer> somerville32: I'm using ubuntu-hardy... did the bzr branch about 30 min ago
<sommer> after I realized the other bzr checkout I had was the vcs-import one... heh
<somerville32> sommer, The server guide is a part of the ubuntu-hardy branch?
<sommer> it's in generic/server right?
<somerville32> I don't have ubuntu-hardy branched
<sommer> I think it's part of all branches
<somerville32> I have xubuntu-hardy branched
<somerville32> oh
<somerville32> look at that
<sommer> I think the make file isn't quite up to date... especially with all the moves into bzr and what not
<sommer> somerville32: anyway, thanks for your help... I'm going to send those emails and call it a night
<somerville32> k, night
#ubuntu-server 2008-11-03
<Cosmos1206> ello
<Cosmos1206> enmand_i'm having trouble with ubuntu 8.10
<Cosmos1206> server
<Cosmos1206> edission
<ScottK> Cosmos1206: What exactly is the problem.
<Cosmos1206> part of the reason ihaving trouble getting Open-SSH
<Cosmos1206> apt-get open-ssh isn't working
<Cosmos1206> or even this i meant
<Cosmos1206> apt-get installl open-ssh
<Cosmos1206> huh?
<Cosmos1206> huh?
<Cosmos1206> do I type apt-get install sshd or what
 * Cosmos1206 is listening to "àáâãäåæçøûýPÙ|Ìç"
<ScottK> Cosmos1206: SSH has a server and a client.
<ScottK> To install the server you want:
 * Cosmos1206 is listening to "àáâãäåæçøûýPÙ|Ìç"
<Cosmos1206> jaws80
<ScottK> sudo apt-get install openssh-server
<ScottK> And for the client you want:
<ScottK> apt-get install openssh-client
<Cosmos1206> i'm connecting to it via a windows machine
<ScottK> Then you want the server
<Cosmos1206> i'm connecting to it via a windows machin/
 * Cosmos1206 is listening to "àáâãäåæçøûýPÙ|Ìç"
<Cosmos1206> oops sorry about the jaws80
<Cosmos1206> i'm connecting to it via a windows machok
<Cosmos1206> ok
<Cosmos1206> hang on
 * Cosmos1206 is listening to "àáâãäåæçøûýPÙ|Ìç"
<cosmos-linux> ok can you say that gain
<cosmos-linux> again
<cosmos-linux> about apt-get
<cosmos-linux> ill be back
 * ajmitch sighs
<ScottK> ajmitch: His IRC client came up "mIRC with speech, Using IRC 4The blind" on whois.
<ajmitch> still doesn't excuse the 'listening to' spam
<ScottK> Cosmos-linux: I'll try again.
<ScottK> To install the server you want:
<ScottK> sudo apt-get install openssh-server
<ScottK> And for the client you want:
<Cosmos-linux> ok i'm back and now can read your messages I couldn't before
<ScottK> apt-get install openssh-client
<ScottK> That last one needs a sudo at the start of it.
<Cosmos-linux> right. the client is a windows machine via puTTY, so... and the linux machine is the ssh demon
<Cosmos-linux> it needs to via root?
<Cosmos-linux> ssh demon  or open ssh whatever i'm new to this
<NCommander> Cosmos-linux, just to install the client
<Cosmos-linux> i'm using a windows machine as the client
<Tristan-b> i'm using win32 as client and connecting to it via windows because I'm not using orca, I'm visually impaired, you see
<Tristan-b> so on the server side apt-get install openssh-server and on win32 side just connect to it after the needed steps are complete
<Tristan-b> ?
<Tristan-b> hello
<hads> Yes
<Tristan-b> do you see my messages?
<hads> Yes
<Tristan-b> what's that
<Tristan-b> what's that link
<Tristan-b> can someone inform me of the steps or give me a link to a tutorial on what you must do after the installation of Open-ssh is complete, to prepare it for use etc?
<Tristan-b> ?
<ScottK> Tristan-b: It should be ready to go after you install.
<Tristan-b> i don't need the openssh-client if it's the server machine, right? that's an obvious question but
<Tristan-b> what about starting and stopping the demon?
<Tristan-b> that's part of what i'm referring to
<ScottK> Tristan-b: It starts on install
<Tristan-b> so now I just unblock port 22/23 and ready to connect
<Tristan-b> .
<ScottK> Yes (22)
<Tristan-b> there we go. its unblocked. I think I'm ready to connect
<Tristan-b> that right
<ScottK> Should be.
<Tristan-b> ok lets see
<Tristan-b> connecting
<Tristan-b> thanks! i'm, in!
<ScottK> You're welcome.
<Tristan-b> now... can you assist me on one more thing -- finding out what the device id of a thumb drive would be in /dev?
<ScottK> I'm not sure of an easy way to do that.
<ScottK> Maybe someone else.
<J-_> What does "rsync error: syntax or usage error (code 1) at main.c(1220) [sender=3.0.3]"
<Tristan-b> does anyone use an external hd or pendrive
<Tristan-b> with ubuntu server
<ScottK> J-_: Are you running Hardy?
<Tristan-b> how do you view it that's the generalised version of the question
<J-_> On my server, yes. On my desktop I'm running Intrepid
<J-_> ScottK:  ^^
<Tristan-b> mm
<ScottK> J-_: Then you've got rsync 3 on the desktop and rsync 2 on the server.
<ScottK> That's what that error means.
<J-_> What do I need to correct the error? Do I need to have install the same versions on both machines?
<J-_> in order for a script to work
<ScottK> J-_: Yes.  We're working on testing a backport for Hardy.  See Bug 257211
<uvirtbot> Launchpad bug 257211 in rsync "please backport rsync 3 from Intrepid to Hardy" [Undecided,Invalid] https://launchpad.net/bugs/257211
<ScottK> !backports
<ubottu> If new updated Ubuntu packages are built for an application, then they may go into Ubuntu Backports. See https://help.ubuntu.com/community/UbuntuBackports - See also !packaging
<ScottK> too
<J-_> :(
<ScottK> Mostly we need help with testing.
<J-_> I hope there's a workaround
<ScottK> NCommander: Could you help J-_ get fixed up with rsync3 in Hardy
<NCommander> Huh?
<ScottK> Do we have a package built for backports testing somewhere?
 * ScottK hands NCommander some more coffee.
<NCommander> ScottK, I shoved it into the PPA
<NCommander> ScottK, wait, rsync3 can break communications w/ rsync2?
<ScottK> NCommander: Yes.
<ScottK> This is why Rsync 3 in Intrepid with no backport to Hardy is a problem.
<NCommander> But Hardy to anything else other will break w.o rsync3
<Tristan-b> hi i have another question
<ScottK> Thus the backport is a good idea.
<Tristan-b> sorry if i am an annoyance
<Tristan-b> but
<NCommander> ScottK, its a bad idea because if someone has backports enabled and has any server without it, boom
<NCommander> broken rsync
<Tristan-b> how do I get an ftp server and access different account's files via it? I just want it to be on the local network so its no big deal about out of netowrking ftp's
<hads> In what situations does it break? I rsync between Intrepid and Hardy fine here.
<NCommander> hads, if your using rsync server mode it will break
<ScottK> OK.  Maybe I'm wrong, but I understood the protocol changes between Rsync 2 and 3 to be incompatible.
<Tristan-b> hi
<hads> Ah. I only ever run over SSH
<ScottK> Tristan-b: Just ask.
<Tristan-b> where
<Tristan-b> what
<Tristan-b> what do you mean
<Tristan-b> i just did ask
<NCommander> ScottK, the only sane choice is it make rsync3 available either at the same time as rsync2. We either just need to make rsync3 available with a different binary name (rsync3 and rsync), or something similar
<ScottK> Tristan-b: Sorry.  I didn't see the question.  I see it now.
<Tristan-b> what ftp server's are there out there for ubuntu server 8.10 so I can upload files from my windows machine to my linux desktop server
<NCommander> Or make rsync3 available as a seperate package (which runs in other issues)
<J-_> Intrepid is turning into a nightmare for me. :(
<Tristan-b> here's the original question
<ScottK> Tristan-b: You can already use sftp without installing anything extra.  Just use that.
<Tristan-b> how do I get an ftp server and access different account's files via it? I just want it to be on the local network so its no big deal about out of netowrking ftp's
<J-_> Thinking of just going back to Hardy on my laptop.
<hads> Also that error message that J-_ posted is what you get from calling rsync with a weird command line option.
<NCommander> J-_, you can grab the rsync backport from our PPA, with the understanding that it is unsupported
<Tristan-b> how what's the command to start it
 * ScottK goes to put the kid to bed.
<Tristan-b> sorry if i'm a pain, new to the ubuntu server
<Tristan-b> so the sftp the command to start it yeah
<NCommander> Tristan-b, sftp and ftp are two different things
<J-_> hads:  The was called by rsyncing, "$RSYNC $SSH -i $RUSER@$RHOST:$RPATH $LPATH" and the error was on /var/www. I don't think it's a weird setup.
<hads> J-_: Sure, just commenting that you can get that error from an unknown option.
<Tristan-b> HMM
<Tristan-b> hmm hmmm hmmm hmmmm hmm
<Tristan-b> so the sftp the command to start it yeah
<Tristan-b> how do you start sftp in a ubuntu prompt
<hads> sftp
<NCommander> Tristan-b, install openssh-server
<NCommander> Tristan-b, that automatically installs the sftp server
<Tristan-b> is that an ftp client or server? it appears as though its a client
<Tristan-b> i need a server
<NCommander> Tristan-b, server
<NCommander> openssh-server is a server :-)
<Tristan-b> ok i have openssh server
<NCommander> Now on the client, just type sftp *IP address*
<Tristan-b> i have it so how do i start it
<NCommander> Tristan-b, it was started once installation finished
<Tristan-b> i'm not using linux though on the client
<Tristan-b> ... its windows...
<NCommander> Tristan-b, Grab WinSCP (despite its name, it also supports SFTP)
<J-_> Alright, I'll define the script better and see if an error occurs. Yep same error occurs when I, "sudo rsync ssh -i user@IP:path/to/dir /path/to/local/dir"
 * J-_ enables the repo backport.
<J-_> https://launchpad.net/~chrisccoulson/+archive Is that the correct repository?
<Tristan-b> right i have it with file zilla secure ftp protocol
<NCommander> Then you are in business
<NCommander> J-_, no, the offical backport testing repo is here
<NCommander> https://edge.launchpad.net/~ubuntu-backports-testers/+archive
<NCommander> It should be noted that backports in that repo are experimental, and not well tested :-)
<NCommander> (also, rsync isn't uploaded to it yet, someone will have to do that for me because I'm on dial up ATM)
<J-_> Well, I'm not so concerned about my laptop. Though, I'd cry if my server messed up. :)
<J-_> About to install hardy back onto the laptop anyway. It will save a lot of troubles I've been having.
<NCommander> Is the laptop or the server running hardy
<J-_> Server = Hardy. Laptop = Intrepid
<J-_> s/,/./
<J-_> the other way around!
<J-_> :P
<hads> That's an odd command line.
<NCommander> lol
<NCommander> so the laptop is running Hardy?
<hads> What's up with the "rsync ssh -i"?
<J-_> I'll repeat. Sorry. :(
<J-_> Server = Hardy. Laptop = Intrepid
<NCommander> J-_, you said it was the other way around O_o;
 * NCommander looses his mind <g>
<J-_> I ment the s/,/./ was supposed to go to s/./,/ and yes, not that it matters.
<NCommander> Oh
<NCommander> ok ;-)
<NCommander> What issues are you having specifically?
<NCommander> J-_, I'd perfer to resolve them rather than you resorting to downgrade
<J-_> Is it okay if I paste 2 lines of data here?
<J-_> actually
<J-_> !pastebin
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<NCommander> J-_, I'm building the rsync backport now
<NCommander> J-_, I'll upload it to the testing repo
<J-_> Let me take the -i out. The RSA key may not be working right. Though, it has been working fine via regular ssh. And, a while ago--I created a group for my user on my server so if someone did create another user, they wouldn't be added to the group I made. Therefore, only my user has ssh access. But, I don't think that should affect it. Let me take the -i out and see if that works.
<J-_> I think it was in relation to the ssh group
<J-_> I forget.
 * NCommander nods
 * J-_ boggles eyes
<NCommander> Uploading to the testing repos
<J-_> Yeah, same thing.
<NCommander> J-_, its on its way to our PPA
<NCommander> In 20-40 minutes, it should be available, and you can install it on your intrepid laptop
<J-_> Awesome, thanks. :) Does this mean, I'm the first user to test it? :'( I don't like being the guinea pig. lol
<NCommander> Its been tested by other people who have built and installed it before
<J-_> Sounds good
<NCommander> but there were no premade binaries before now
<J-_> I guess I can get going on my dump script.
<hads> I don't see why you need the backport if you're just copying over SSH
<NCommander> hads, in SSH mode, I believe it tries to start by calling the remote rsync, and then using the rsync protocol over SSH
<NCommander> J-_, uploaded, now we have to wait for Launchpad to compile and publish
<J-_> Nice
<J-_> It automates those processes too?
<NCommander> That's the purpose of PPAs
<NCommander> Binaries usually are published within 20 minutes of the build completeling
<hads> Okay. Well FWIW I haven't run into any issues rsyncing between my Hardy servers and Intrepid clients.
 * J-_ doesn't know anything about PPAs. Though, not often, I do enable them as a resource.
<NCommander> J-_, ok, its pending publishing (the build finished successfully)
<J-_> Nice. :)
<NCommander> J-_, https://edge.launchpad.net/~ubuntu-backports-testers/+archive - when the Pending on rsync changes to published, you can get it via APT
<centaur5> Does anybody know if the preseed variables changed for Intrepid?
<J-_> NCommander:  Searching in Synaptic, I can't find the backport. I've enabled the repo, refreshed(updated) and, I don't seem to find it. What do I look for?
<NCommander> J-_, its not in the offical backports repo
<NCommander> You have to add the PPA I gave you to it
<J-_> Yeah, I ment I've enabled the PPA, can't find the package.
<J-_> I switched to the main server. We'll see if it's there now.
<NCommander> J-_, what main server?
<NCommander> J-_, try going to the command line, and typing sudo apt-get update && sudo apt-get install rsync
<NCommander> (it should prompt an upgrade is available for rsync, but its unsigned and act for more permission to continue)
<J-_> No prompt. I enabled both deb http://ppa.launchpad.net/ubuntu-backports-testers/ubuntu intrepid main and deb-src http://ppa.launchpad.net/ubuntu-backports-testers/ubuntu intrepid main to Intrepid
<J-_> Probably not in the PPA yet. It says it's published.
<NCommander> It should be
<NCommander> J-_, http://ppa.launchpad.net/ubuntu-backports-testers/ubuntu/pool/main/r/rsync/ the debs are there
<uvirtbot> New bug: #292895 in samba (main) "large samba transfers kill wireless" [Undecided,New] https://launchpad.net/bugs/292895
<J-_> !info ubuntu-standard
<ubottu> ubuntu-standard (source: ubuntu-meta): The Ubuntu standard system. In component main, is standard. Version 1.123 (intrepid), package size 25 kB, installed size 52 kB
<josh_> i am setting my computer to be a home server and host a website.  Is ubuntu server for setting up multiple computers on a network or for hosting a website?
<ScottK> Yes
<josh_> so is that a yes to both aspects of the question?
<ScottK> Yes.  You can use it for either.
<josh_> so do i need to go ahead and install the server edition?
<josh_> is it complicated to set is up to run a website?
<ShawnR> is there any setting I can do to get a 2nd SSH serve running (obv. on a diff port), or do I just need to (or can i even?) copy and rename the sshd to run a 2nd copy?
<josh_> sorry, i dont know.
<ScottK> josh_: What are you trying to do?
<ScottK> ShawnR: I don't recall, but that's a common question that Google should have a reasonable answer to.
<ShawnR> prolly does.... i must admit, i was looking for an easy way out... got a nasty sinus thing going now, if you don't know off the top of your head, don't worry about it
<hads> From memory you can have multiple port lines.
<ShawnR> ah, it looks like i just need to run a 2nd service and use the -f switch to point to a diff config
<ShawnR> unless you know how to do it off of the same running service
<hads> You just want it on two ports?
<ShawnR> yup
<hads> Yeah, just add a line to sshd_config
<ShawnR> oh?
<hads> Yeah, you can have multiple port lines in the config
<ShawnR> seperated by comma?
<ShawnR> like 22,443 or something?
<hads> No, multiple lines.
<hads> Port 22
<hads> Port 222
<ShawnR> ah
<AtomicSpark> 8.10 server install now asks "do you want to activate the sata raid" near the beginning. what does this mean/do? I'm using a hardware raid 5 that already has a logical volume set up. do I want to say yes or no?
<ShawnR> yeah
<ShawnR> activate it
<AtomicSpark> My problem is, after rebooting, GRUB cannot find any .. devices I guess.
<AtomicSpark> It has error 15, which i've been told it has the wrong kernal listed, but it really cant find anything.
<ShawnR> did you not activate the last time?
<AtomicSpark> So its just overly broken. :P
<AtomicSpark> I installed both ways. :\
<AtomicSpark> The partitioner found my raid array either way.
<AtomicSpark> So thats why I asked what that option did.
<ShawnR> i have a soft raid on my mobo... so it does a raid... but it's a crappy one (uses the processor, not the chipset itself), in older installs, i would have to not use that raid and create soft raid in linux
<ShawnR> in 8.10 i can set the raid in BIOS and it'll recognize it as just 1 disk
<ShawnR> so if it's a new install, it won't matter... install it one way, if it doesn't work, try the other
<ShawnR> but firstly, i'd try by setting the RAID in your RAID bios, and then activating it in the install
<AtomicSpark> Yeah I tried installing with saying yes and no. I'm not sure if my issue is related as its probably a GRUB bug or linux really can not have / or /boot on a raid5 (saw that on a website).
<vk5foss> is it a true hardware raid 5, or a hardware aided raid 5?
<AtomicSpark> Although it worked before. I might try formating it as a LVM instead of "default". I know that worked in the past and thats the only thing I am doing different.
<AtomicSpark> Its a raid 5 w/ online spare set up by the bios raid util.
<AtomicSpark> Its a HP proliant ML350 G5.
<AtomicSpark> Says something like "detected sata raid array, do you wish to activate?"
 * AtomicSpark should of wrote it down
<AtomicSpark> The new VM stuff is what interests me, other then that I would stick with LTS.
<ShawnR> i know the msg, it's the new RAID stuff in 8.10
<AtomicSpark> Hmm.
<vk5foss> not dealt with 8.10 or hp proliants, so i'll leave you to it
<AtomicSpark> They're hiding "known issues" for server install. Maybe its the same for the desktop.
<AtomicSpark> Ill try again tomorrow with LVM as the formatting option. Other then that I can only think of trying to fix grub with a live cd or sticking with 8.04
<ScottK> AtomicSpark: I don't think anyone is hiding known issues.
<ShawnR> and 8.04 loaded from your hardware RAID just fine, from GRUB?
<AtomicSpark> Yes.
<ShawnR> hmm
<ShawnR> did GRUB change versions in 8.10?
<AtomicSpark> I even did a upgrade to 8.10, that worked fine. I just thought I'd do a fresh install because I was switching over from an all-n-one to a more virtualised system.
<ShawnR> hmm
<AtomicSpark> According to ubottu, grub didn't change versions.
<ShawnR> you said the error you get is from GRUB not loading (or finding) the install?
<AtomicSpark> The only thing I can think of is I didn't choose LVM this time.
<ShawnR> or is grub not starting?
<AtomicSpark> Yes, it says booting from cd/floppy/C: Grub error 15.
<AtomicSpark> Grub seems to load. Doesnt give any options. Cannot hit e to try to manually type the loading command.
<ShawnR> hmm
<ShawnR> was grub fully wiped off the drive?
<ShawnR> i'd say undo the RAID, then redo it (should clear ALL of the HDD, including MBR), then try the install
<AtomicSpark> I think so. After the 2nd time it failed, I re did the raid.
<AtomicSpark> Yup I thought of that. :P
<ShawnR> hmm
<AtomicSpark> So next time Ill try with LVM and with/without saying yes to activate the sata raid.
<AtomicSpark> I took that as to "enable it to be partitioned"
<AtomicSpark> I hope it wasn't trying to set up a software raid on it.
<ShawnR> nah
<AtomicSpark> Hmm.
<ShawnR> when i activated, it showed it as a RAID drive, didn't show seperate sda and sdb like it did before in previous versions
<AtomicSpark> I cannot remember. It might of worded it different.
<AtomicSpark> I'm sure I'll figure something out. Not much I can do since it's not sitting next to me at the moment.
<ShawnR> i hate that
<AtomicSpark> Yeah, but if I get it working, it would be a lot easier. I'm thinking of having 4 virtual servers. One FreeNAS, one LAMP, one OpenLDAP (experimental), and one test server.
<AtomicSpark> Before I had all that on one server (sub samba for freenas) and it got messy.
<ShawnR> cool
<AtomicSpark> Yeah. Have you seen what the "free portion" of Landscape is?
<ShawnR> nope
<AtomicSpark> Hmm.
<ShawnR> i just saw that it was a trial, and stopped paying attn
<AtomicSpark> Heh.
<seravitae> hi there, im having issues settuing up egroupware, the package in ubuntu seems to be half-broken
<seravitae> id appreciate anyone taking a look at it if possible
<Kamping_Kaiser> seravitae, whats the error?
<Kamping_Kaiser> whats half broken mean?
<seravitae> well, installing the package and removing it via purge/remove doesn't actually remove all the files
<seravitae> its okay though ive decided not to use the package at all
<tonyyarusso> Anyone have a recommendation for learning how to set up Bacula?  Online docs, a book, etc.
<kraut> moin
<kaushal> hi
<kaushal> how can i install a specific version of MySQL DB Server 5.0.54 on Ubuntu 8.04 Server
<kaushal> actually the default version is 5.0.51a-3ubuntu5.1
<Kamping_Kaiser> why do you need 54 specifically?
<kaushal> I am looking out for MySQL DB Server 5.0.54
<kaushal> since our code is being developed on it
<kaushal> we have just migrated to Ubuntu Server
 * Kamping_Kaiser finds subversion dependant code to be quite failful (but thats just me)
<Kamping_Kaiser> sub-version *
<domas> kaushal: mysql.com/enterprise/, subscribe, install stuff from there
<domas> easy
<kaushal> so you mean install it from source
<_ruben> i'd suggest looking into the debian new maintainers guide on how to 'manually' roll a newer version of a package .. it isnt that hard really
<domas> or subscribe to mysql enterprise :)
<_ruben> building from source is asking for trouble
<domas> muhuh
<domas> this reminds me, that gcc-4.2 produced broken code for me, whereas gcc-4.1 worked properly (on hardy)
<Kamping_Kaiser> or just use .51
<hads> Indeed
<_ruben> using .51 would indeed be the best solution
<domas> using 5.0.68 would be best, though
 * Kamping_Kaiser mutters under his breath about web developers who write code for micro-versions of all the apps involved
<_ruben> rolling your own package is a decent second
<domas> or actually, using 5.0.68 with my and google patches ;-)
<Kamping_Kaiser> domas, the 'remote root' patch? ;)
<domas> Kamping_Kaiser: hey, default ubuntu package can provide you with remote root ;-)
<domas> I just notified security@ few days ago
<domas> if anyone reads it
<Kamping_Kaiser> domas, hehe. i do get dsa's, but didnt know there was an ubuntu security list
<domas> probably should've forwarded that to debian too
<domas> but as I don't use debian, I don't care much :-)
<Kamping_Kaiser> :o
<domas> anyway, there's mysql packaging mistake that opens few security bugs
<Kamping_Kaiser> *i* use debian :P
<lukehasnoname> OpenBSD 4.4 came out 2 days ago
<Kamping_Kaiser> lukehasnoname, orly?
<domas> Kamping_Kaiser: :-)
<Kamping_Kaiser> domas, :)
<lukehasnoname> quite rly
<domas> anyway, running old mysql versions is stupid! :)
<domas> every time I see someone running a 2-year-old distro package, it makes me cry
<Kamping_Kaiser> phtt.
<Kamping_Kaiser> if it hasnt been out for two years it wont be stable
<Kamping_Kaiser> :p
<domas> well, thats why 5.0 is up to 5.0.68
<domas> because it has been out for two years and has had lots and lots of fixes
<Kamping_Kaiser> yeah. but not necesarily ones that need a new install
<lukehasnoname> the server guide for intrepid still isn't up!
<domas> Kamping_Kaiser: thats what you think :)
<Kamping_Kaiser> domas, yes, i'm a debian user :p
<lukehasnoname> It's been 4 days since launch, and Canonical/Ubuntu still haven't put the draft up to the current documentation!
<domas> Kamping_Kaiser: I work mostly with people who run mysql at very much core of things :)
<Kamping_Kaiser> domas, the one time i've been close and personal with mysql was my last job, and it was a bad setup. my current job we use mysql, but only to backend our bts/wiki/etc
<Kamping_Kaiser> s/backend our/backend our internal
<domas> well, my major mysql place is backing a wiki too!
<domas> I run my own mysql fork there :)
<Kamping_Kaiser> :o
<domas> 4.0.40 ;-)
<domas> (the official last release is 4.0.30 ;-)
<Kamping_Kaiser> the last place i used it (that time referenced) it was a badly setup system i inherited - 5 or 6 copies of mysql running on one system for different webapps. it was nasty.
<domas> hehehe
<domas> we got recently 20 new database boxes, 32gig ram, 16-15krpm-disks, etc, nice ones
<Kamping_Kaiser> nice.
<Kamping_Kaiser> if they ask me to work there agian they'll have to put up with some architecting. one dedicated db box would have made a massive difference (as i'm sure your aware :D)
<domas> 30 dedicated boxes!
<domas> uhm
<domas> and yes :)
<Kamping_Kaiser> we didnt *have* 30 boxes!
<Kamping_Kaiser> domas, i'm actually wondering how you got 16 drives into a server - is it an array hooked up, or do you have a crazy box with 16 drives? didnt think they sold them anymore
<domas> Kamping_Kaiser: X4240
<domas> Kamping_Kaiser: brilliant machine
<domas> http://www.sun.com/servers/x64/x4240/
<domas> 2u, 16 disks
<domas> <3
<Kamping_Kaiser> aaah, wow. Sun still make them <3
<_ruben> Kamping_Kaiser: supermicro has chassis upto 24 disks (4U) .. 16disks in 3U (got 2 of those as SANs)
<domas> _ruben: 16 disks in 2u is way better than in 3u! :)
<domas> btw, what can cause this: http://p.defau.lt/?hC8C7MTk9BdTKBEHFgcsqA
<Kamping_Kaiser> _ruben, we have some supermicro boxes at work, but i thought they didnt make the 24's anymore
<domas> i/o controller issues? CPU? etc?
<_ruben> domas: true, sun has some nifty hardware layouts ;)
<Kamping_Kaiser> bloody frieght company *lost* one of our two 24 drive supermicros
<domas> we used to use 24/16 disk supermicros for our storage servers
<domas> now we switched to thumpers
<domas> (X4500s)
<domas> thumper with ZFS is teh awesome
<Kamping_Kaiser> domas, looks like what we got when some of our raid controllers worked themselves loose
<_ruben> 16x1GB sata in raid10 makes for a semi decent storage backend for our internal virtual servers (esxi)
 * Kamping_Kaiser goes back to drooling over sun boxes
<domas> _ruben: where the heck did you get 1GB drives?
<domas> _ruben: ;-ppp
<_ruben> domas: back in the 80's ... or maybe they were 1TB ones :p
<Kamping_Kaiser> hehehe
<domas> _ruben: nowai, I remember back in '96 I had ~1GB drive
<domas> Kamping_Kaiser: we managed to read 3GB/s from thumper disks
<_ruben> i remember when i went out with my dad to buy our first pc .. a laser xt .. pondered about getting a 20MB hdd or not
<_ruben> 3GB/s .. damn :P
<Kamping_Kaiser> domas, nice. not sure what we get from our arrays at work (head+stacks of fibrechannel). its not my area (tm)
<domas> pity default configuration has just 4 GEs
<domas> should put in 10G NICs to fully utilize the i/o bandwidth
<Kamping_Kaiser> domas, just looked at the x4500 - whoaoo!
<domas> X4540 is even more impressive
<domas> it is next-generation X4500
<maswan> domas: Yes, the hp dl185 is somewhat more balanced with network bandwidth vs storage ammount
<Kamping_Kaiser> domas, i wont bother looking - at the price of those i cant even dream anymore
<domas> dl185 is very weak, compared
<domas> Kamping_Kaiser: it is a goddamn listprice
<domas> it has desktop motherboard inside :)
<domas> maswan: thumper is ideal for stuff where you do some limited filtering at storage layer
<maswan> domas: 2 gigE/10TB is better than 4 gigE/40TB
<maswan> especially if you're not sure you can do any kind of bonding
<maswan> I store files to/from the network.
<domas> maswan: you can use 10GE interfaces in thumpers
<Kamping_Kaiser> domas, list price in $US
<domas> Kamping_Kaiser: still, it goes down :)
<Kamping_Kaiser> domas, true
<domas> maswan: thumper has internal bandwidth to support 4x10GE
<maswan> domas: Do they support cx4/rj45 yet, or is it still just optics?
<domas> optics, I guess
<maswan> domas: Well, in an ideal load, yes. In practice, you lose quite a bit, as with all storage, when you put less than ideal load (multiple reads and writes) on it.
<domas> maswan: anyway, one of win-win-things here is rackspace
<maswan> domas: Sure, if that's precious. We run out of power and cooling before we run out of space.
<maswan> domas: How much does a x4540 use in practice btw? We haven't measured one yet.
<domas> maswan: ~1kW iirc
<maswan> domas: So roughly the same per TB as a dl185.
<maswan> That comes in at ~230W
<domas> thats not much
<domas> would expect a bit more
<domas> ghm, maybe it was 800w
<domas> should ask our datacenter guy :)
<uvirtbot> New bug: #293000 in openssh (main) "hardy: openssh-server oom_adj can lead to denial of service" [Undecided,New] https://launchpad.net/bugs/293000
<Kamping_Kaiser> DoS is always a nice bug
<Kamping_Kaiser> and a 000 as well
<_ruben> same problem here .. run out of power/cooling before room .. which sucks
<maswan> domas: We have a tender out which is likely to end up with 5 x4540s or 20 dl185s, so we'll see.
<domas> maswan: what os/software are you using for all that storage management?
<maswan> domas: locally, these will be solaris+zfs. globally it is dcache (http://www.dcache.org) for our distributed LHC tier1 at http://www.ndgf.org. (The head nodes run ubuntu, so we're still on topic here ;) )
<\sh> phew...I was thinking about the x4500 series of sun for storage...but 2x dl365 with dual quads and 32gb ram + p800 + 2 msa60 is good enough ;) for the x4500 I really don't like the location of the drives
<domas> maswan: interesting
<maswan> Oh, if you want to run zfs on hp hardware, test the plain sas hba instead of the cciss. We got a factor of 4 performance increase on our test-dl185.
<domas> maswan: the site I was talking about is my hobby/nonprofit activity, I work for Sun ;-)
<domas> I'd expect ZFS to be fast with direct access to disks
<maswan> domas: Ah, ok. :)
<\sh> maswan: uh...that's a lot
<domas> is dcache any good for media files storage maagement?
<domas> \sh: the location of drives is not too bad, you can still service it online
<domas> \sh: just have proper cabling/rails/etc
<domas> it is a bit scary, when you take it out of rack for servicing
<maswan> domas: It could be, I suspect it is still a bit too rough aroudn the edges to be very useful for the general public (outisde HEP or HPC) though.
<domas> aokie
<\sh> domas: well, the best way to have it build into a rack is at the bottom...
<\sh> domas: and sun tells the admin, please exchange the sata drives every year...;)
<maswan> domas: But on the plus side, it is getting developed. And it does scale to the "a few PB" scale, which is good for media. :)
<domas> \sh: doesn't matter much, I've seen people having full racks of X4500s
<domas> maswan: does it do data replication?
<maswan> I've seen people having dozens of racks side by side full of x4500s.
<domas> (we're probably going to do ZFS send/recv for now, but... ;-)
<domas> maswan: you beat me! :)
<maswan> domas: Yes, but it is a not very commonly exercised code path.
<domas> maswan: I'm from the .org/.com world, not HPC/grids ;-)
<\sh> domas: not in such an environment like this: http://gallery.sourcecode.de/d/320-2/b028319l.JPG ;)
<domas> maswan: though I was recently in SARA and saw some of scientific capabilities :(((
<domas> \sh: haha, supermicros!
<maswan> domas: *nods*, IN2P3 in Lyon is a big x4500 installation, I think they are up to 20:ish racks.
<maswan> well, x45[04]0
<\sh> domas: old DC ...
<\sh> domas: 4 rooms full of them...:(
<domas> okok, we have just few thumpers
<domas> goddamn, anyone can download our site, and they're doing it
<domas> :)))
<domas> actually, once upon a time I bought a supermicro box for '3-month temporary media storage'
<domas> it ended up having 900 day uptime
<domas> and the sad part of it - IPMI/NFS port collision crashed it afterwards :(
<maswan> "Sun X45xx ( 146 Thumpers & 108Thors) usable space 6.1 PB" was the reference I was looking for for IN2P3.
<\sh> domas: the problem was not supermirco...the problem these days was areca...maswan knows the story about kernel, areca module and fun ;)
<\sh> bah...coffee + nicotine
<Kamping_Kaiser> night all
<Kamping_Kaiser> sleep time for me :( all your words are belong to my logs!
<maswan> \sh: well, GSI has had some interesting supermicro problems too, with their burning backplanes. :)
<domas> it is noon here :)
<domas> anyway, our supermicro box survived for 3 years, being main media server
<domas> that was so sad
<domas> (and we couldn't make backups eventually, because it was too loaded :-)
<maswan> eww
<domas> see, we're nonprofit running one of bigger websites
<domas> we don't have cash all around
 * maswan nods
<domas> I feel a bit desperate sometimes when I see scientific computing facilities :)
<domas> we run like... top10 website on 400 boxes in total
<domas> and they have tens of thousands boxes doing... um... something!
<maswan> yup
<maswan> In my dayjob, I help run one of the LHC tier1, with thousands of compute nodes and petabyte-scale storage.
<domas> hehe
<domas> I had to work a bit with people building petabyte mysql databases
<maswan> In my spare time I help run ftp.acc.umu.se which is purely donated equipment, and still manages a few gigabit/s of mozilla/ubuntu/debian etc. :)
<domas> hehe
<domas> we pay for bandwidth :(
<maswan> http://ftp.acc.umu.se/about/ <- if you want to take a look at our magic caching setup for media delivery
<domas> http://dammit.lt/uc/workbook2007.pdf for ours ;-)
<\sh> maswan: oh...burning backplanes...I know that feeling
<maswan> domas: our redirect+hacked mod_disk_cache is happy to handle a few tens of thousands of requests per second,
<domas> well, you don't do evictions probably
<maswan> I don't know how well it'd scale. :)
<domas> we have to rely a lot on evictions
<maswan> lunch, I'll get back to this. :)
<domas> damn, I hate computers, and filesystems most of all
<domas> filesystems and block layers
<\sh> disappearing for one week now...nightshifts in DCs is fun work ,-)
<domas> hehe
<domas> have fun then :)
<domas> jeeez I'm an idiot
<domas> my XFS machines had barrier support enabled for I/O
<maswan> domas: We do handle eviction, by handling Last-Modified and stat:ing (with some timeout, we can serve old files up to 10 minutes in current configuration, IIRC)
<maswan> stat:ing the file on the backend NFS
<domas> thats expiration, not eviction :)
<maswan> oh, is there a difference?
<domas> there is! :)
<domas> LRU/time based evictions are expected, forced evictions are not
<domas> we purge objects whenever something changes
<maswan> Ah, we don't care and expect LRU to take care of it later.
<domas> yup! lucky bastards!
<domas> once upon a time I was doing acceleration for a website, where it was all expiration-based
<domas> if anyone wanted up-to-date inforation, they could just hit 'refresh' on their browser :)
<maswan> I guess our method _could_ just hook out an rm on the appropriate host and file though.
<maswan> but that would have "some" overhead. :)
<uvirtbot> New bug: #293037 in net-snmp (main) "snmpd sigfaults" [Undecided,New] https://launchpad.net/bugs/293037
<domas> maswan: we have multiple layers in multiple continents
<domas> maswan: with failover, CARP, etc
<domas> stuff gets complicated eventually
<domas> thats why I asked about storage software %)
<domas> sometimes people have good solutions
<uvirtbot> New bug: #292405 in mysql-dfsg-5.0 (main) "adept manager unable to install /var/cache/apt/archives/mysql-server_5.0.67-0ubuntu6_all.deb" [Undecided,New] https://launchpad.net/bugs/292405
<maswan> domas: as a sun guy, shouldn't you be pushing lustre everywhere? ;P
<domas> maswan: I have... um.. conflicts of interest!
<J-_> Is there a reason why I'm getting, "5 packets transmitted, 0 received, 100% packet loss, time 3999ms"
<J-_> I can ssh into my server
<J-_> I can ping my local IP
<J-_> can't ping my IP
<J-_> hmm
<J-_> wonder if I got hacked
 * delcoyote hi
<J-_> I restarted apach2, but that didn't do anything
<J-_> apache2
<J-_> I can't seem to connect to my server with my local IP either
<J-_> that sucks
<domas> J-_: someone is filtering :)
<J-_> what do you mean?
<domas> iptables -L
<domas> damn, found the problem with oprofile
<domas> hehe, /bin/sh is dash, not bash
<J-_> domas:  all three chains have, target     prot opt source               destination
<J-_> I just restarted mysql, and, it said the restart went okay, twice. But, after it said, "* Checking for corrupt, not cleanly closed and upgrade needing tables."
<J-_> Is this normal?
<domas> yes
<domas> ubuntu scripts are braindead in this regard
<domas> and do database check after every restart
<domas> that is an example of extreme stupidity, but oh well
<J-_> domas:  You want me to do a database check after each restart, or was that ubuntu checking for me?
<_ruben> the latter
<domas> I think it is extremely stupid to run checks after every restart
<domas> thats like traversing and reading every file on your filesystem after every reboot
<J-_> kk. :)
<J-_> Man, this sucks
<domas> (this hits hard people with terabyte databases ;-)
<J-_> Maybe I'll switch ethernet ports on my router. actually, switch to a new cat5 cable too.
 * J-_ runs off the server.
 * ScottK hopes it doesn't hurt when J-_ lands.
<J-_> off to the server* :P
<J-_> Yep, something definitely going on here.
<J-_> blah!
<J-_> I suppose I should wait a couple minutes incase  the DNS/ IP have to sync.
 * J-_ waits
<J-_> http://www.speedtest.net/result/349489942.png
<J-_> hmmmmmmm
<J-_> blarrrrrrrgh
<J-_> What can I do to troubleshoot? What logs should I look at?
<matthewi>  /ignore #ubuntu-server CRAP NOTICES SNOTES CTCPS JOINS PARTS QUITS KICKS MODES WALLOPS NICKS DCC DCCMSGS CLIENTNOTICES CLIENTCRAP CLIENTERRORS HILIGHTS
<uvirtbot> New bug: #293040 in samba (main) "package samba-common failed to install/upgrade : subprocess post-installation script returned error exit status 143" [Undecided,New] https://launchpad.net/bugs/293040
 * J-_ pulls his hair out
<J-_> It's turning grey faster than ever!
<J-_> Heh, I can't even do a traceroute to my domain
<J-_> :(
<J-_> My ISP must have shut me off
<J-_> stupid ISP
<J-_> Guess I'll shut the server off, and find something else to consume my time while I'm here.
<_ruben> i'd spend that time bitching at your isp, if they'd disco you without prior notice
<J-_> I wonder if my domain ran out
<J-_> could that be a cause too?
<J-_> I doubt it since I tried to go to my IP and it didn't work out
<J-_> blah
<om4r> exit
<uvirtbot`> New bug: #292836 in samba (main) "Cannot browse samba shares" [Undecided,Incomplete] https://launchpad.net/bugs/292836
<uvirtbot`> New bug: #292191 in mysql-dfsg-5.0 (main) "could not install 'mysql-server-5.0'" [Undecided,Incomplete] https://launchpad.net/bugs/292191
<tmccrary> nfs boot support seems to be broken in intrepid
<didrocks> sommer: there is a dead link in the serverguide at page http://doc.ubuntu.com/ubuntu/serverguide/C/libvirt.html
<didrocks> it is pointing to https://help.ubuntu.com/8.10/installation-guide/ at "Ubuntu installation Guide"
<iAlien> i have ubuntu server installed on a laptop - is there a way to shut off the lcd monitor being i only access it via ssh. the only commands i have found online are if you run X
<lukehasnoname> close the laptop
<antdedyet> don't forget to store the laptop in a locking steel droor, securely bolted into concrete flooring
<antdedyet> (after it's closed, of course)
<iAlien> tried that already
<sommer> didrocks: it's because the 8.10 documentation hasn't been updated on the site yet
<iAlien> antdedyet, i'm just using it to do website development before i move the site to our hosting provider. i'm tempted to put it infront of the exchange server for spam / virus filtering
<antdedyet> iAlien: ah, nothing like allocating temporary machines as a proof of concept on how to harden the soft.
<iAlien> the sad thing is with my budget ( being a non-profit) -- it would likely become permanent.
<antdedyet> iAlien: would it be permanent if there's no way to turn the monitor off?
<antdedyet> but you know some smart marketing guy is always going to make it know that if you were a Real Engineer you would just cut the hard wires to the unmonitor.
<antdedyet> s/know/known
<antdedyet> er, unmonitor = monitor
<antdedyet> <-- :)
<tmccrary> Does anyone know where the "nfsmount" command source code is? Specifically the version included with initrd images?
<zul> tmccrary: packages.ubuntu.com
<iAlien> antdedyet, i was just planning on putting the machine next the the windows server ( and put a sign do not remove ) and make the change
<tmccrary>    You have searched for packages that names contain nfsmount in suite(s) intrepid, all sections, and all architectures.       Sorry, your search gave no results
<tmccrary> yet.. its in there
<tmccrary> and its not some kind of symlink
<tmccrary> it apparently does some kind of function like pivot_root
<tmccrary> but I cannot find the source for it anywhere
<tmccrary> or even a mention on google
<tmccrary> which is bizarre
<iAlien> i think i figured out how to turn the monitor off
<iAlien> hmmm
<Deeps> iAlien: do tell if you work it out
<Deeps> tmccrary: you're not searching for packages whos names contain nfsmount
<Deeps> you want to search the contents of packges
<Deeps> that's the next search box down
<iAlien> hmmm if i manually press the close lid button in the bios the monitor shuts off, but it does not when booted into linux
<tmccrary> Deeps, thanks
<moo---> how do I check if my kernel is Xen enabled?
<domas> uname -a
<domas> Xen kernels are called -xen
<domas> :)
<Nafallo> uname -r then ;-)
<moo---> thx
<moo---> ok - i assume sudo apt-get install ubuntu-xen-server does not automatically add a new kernel?
<moo---> on ibex
<iAlien> i thinki may just bring in one of the systems i have around my house, its only a pentium class but should be fine
<iAlien> maybe not --- no room for it
<domas> moo---: it probably doesn't reboot your box ;-)
<moo---> domas: why is that?
<moo---> domas: does not sound a very human being thing ;)
<mathiaz> ScottK: do you have some preliminary ideas (1 or 2) about the mail server stack for Jaunty?
<ScottK> mathiaz: I think the main thing is to pursue better/easier integration.
<ScottK> mathiaz: This can be done a number of ways, but that's the direction.
<mathiaz> ScottK: I'm preparing the Server session I'll run tomorrow for the Open Week. I'll talk about what has been done in intrepid on the mail server stack and I'd like to get one or two details about what might happen in Jaunty.
<mathiaz> ScottK: IIRC ivoks and you were talking about amavisd-new integration
<ScottK> OK.  I think in Intrepid we got to a 'complete' solution by adding clamav and spamassassin and took some first steps in Intregration.
<ScottK> mathiaz: I blogged about the integration work that got done here; http://www.kitterman.org/ScottK/2008/10/easy_smtp_filter_and_policy_se.html
<mathiaz> ScottK: http://paste.ubuntu.com/66906/ -> is this an good statement of what you're thinking for Jaunty?
 * ScottK looks
<ScottK> mathiaz: Let's not tag me with it individually.  I have some ideas, but I don't know I'll have the free time.
<mathiaz> ScottK: right. I'll add a sentence that help is welcome.
<mathiaz> ScottK: the idea is to give a sneak preview of what *might* come in jaunty to spike interest of prospective developers.
<ScottK> The goal would be to be able to script installation of postfix, amavisd-new, spamasassin, and clamav in an integrated, working configuration with no hand editing of config files needed.
<ScottK> How's that sound?
<mathiaz> ScottK: great!
<lamont> ScottK: that sounds very good
<domas> teeheeeee
<domas> "Thank you for reporting this, however security@ubuntu.com is not the
<domas> proper forum to report bugs. Please go to
<domas> https://bugs.launchpad.net/ubuntu/+filebug and file a bug in our bug
<domas> tracker. Feel free to mark it as a security vulnerability."
<domas> oh, sorry, thought that will be one line paste
<domas> (excuses excuses)
<Cosmos-Tristan> ok got a question
<jdstrand> domas: I just sent you that
<domas> jdstrand: filing a bug!
<domas> jdstrand: I went to some security page and found email there
<Cosmos-Tristan> what?
<domas> jdstrand: http://www.ubuntu.com/usn refers the email
<jdstrand> domas: perhaps I can get the page updated if it isn't clear. do you have the link?
<jdstrand> heh
<domas> hehe! ME FAST!
<jdstrand> that really should be updated...
<jdstrand> domas: thanks
<domas> jdstrand: pleasure to assist with sorting that out
<domas> jdstrand: /usn is alias for /security too
 * jdstrand nods
<Cosmos-Tristan> is there any good dyndns (dynamic domain name service) dyndns.com update clients
<Cosmos-Tristan> dynds update clients
<Cosmos-Tristan> any that will just work right out of the box with a few commands/keystrokes
<domas> jdstrand: bug#293258
<Cosmos-Tristan> ..
<jdstrand> domas: thanks
<domas> jdstrand: I realize this may be upstream issue, just.. was a bit lazy to talk to Debian people :)
<jdstrand> domas: it affects us, so reporting it to us is fine
<domas> okie
<domas> ubuntu server is a huge gift to humanity! I'll assist in any way I can!
<jdstrand> awesome! :)
<domas> ( should I point out all recursive mutex problems too? :-)
<Cosmos-Tristan> i think I found a client
<Cosmos-Tristan> http:// mexpolk.wordpress.com/2008/01/29/ubuntu-gutsy-dyndns-client-setup/
<Cosmos-Tristan> but its for gutzy, not intrepid/the most recent 8.10 ubuntu server release
<domas> one of my most annoying ubuntu-server issues: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/164533 ;-)
<uvirtbot> Launchpad bug 164533 in imagemagick "imagemagick tools should be built without threading (or recursive mutexes fixed)" [Medium,Confirmed]
<domas> few more years and it will be fixed :)
<Cosmos-Tristan> mm
<Cosmos-Tristan> hm
 * Cosmos-Tristan is listening to "àáâãäåæçøÛýPÙ|Ìç"
<Cosmos-Tristan> Speech disabled.
<Cosmos-Tristan> Speech enabled.
<Cosmos-Tristan> sorry bout that guys
<localhost> lol
<moo---> I can't find vmlinuz kernel file for amd64 ibex
<Cosmos-s> ahem?
<andol> moo---: I might just be called "linux", if you'r refering to the file I think you are.
<Cosmos-s> oh what's the package name for mail server
<Cosmos-s> ello?
 * Cosmos-s wonders if anyone is alive.
<moo---> andol: http://pastebin.com/m22bfff58
<Cosmos-s> hello?
<andol> Cosmos-s: Well, there is a task(sel) called mail-server
<Cosmos-s> so apt-get install mail-server?
<Cosmos-s> how do i start the task oops
<andol> moo---: ls -l /vmlinuz
<andol> Cosmos-s: Well, if you want a menu, you can simply run: sudo tasksel
<moo---> andol: /vmlinuz -> boot/vmlinuz-2.6.27-7-server
<andol> moo---: There you are :) Or were there something else you were looking for?
<moo---> yes
<moo---> where is my xen hypervisor support?
<moo---> [moo@bison][22:23][~]% sudo xm
<moo---> ERROR Internal error: Could not obtain handle on privileged command interface (2 = No such file or directory)
<Cosmos-s> how do i start it, though?
<andol> Cosmos-s: or else you directly run: sudo tasksel install mail-server
<moo---> andol: 1) if the default ibex kernel includes hypervisor support how do I start it? 2) if not where has the -xen kernel gone?
<andol> moo---: Good question. I don't know.
<moo---> the next question is, who knows?
<Cosmos-s> its just sitting there
<andol> Cosmos-s: What is?
<Cosmos-s> please wait 0%
<andol> moo---: Google? suitable forum?
<moo---> have been googling 3 hours now
<moo---> I think this is a new issue
<Cosmos-s> Package configuration
<Cosmos-s>  Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Â¤ Installing packages Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢
<Cosmos-s>  Ã¢ Please wait...                                                            Ã¢
<Cosmos-s>  Ã¢                                                                           Ã¢
<Cosmos-s>  Ã¢                                                                           Ã¢
<Cosmos-s>  Ã¢                                                                           Ã¢
<Cosmos-s>  Ã¢                                     0%                                    Ã¢
<Cosmos-s>  Ã¢                                                                           Ã¢
<Cosmos-s>  Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢
<domas> thanks!
<moo---> so I try to reach a person who actually might know something about this
<moo---> and I thought all hardcore hackers spent their time on #ubuntu-server ;)
<Cosmos-s> uh?
<mathiaz> moo---: have you tried #ubuntu-virt?
<moo---> mathiaz: there is such a place
<domas> moo---: I'm still happy with hardy!
<domas> btw, anyone knows why ddebs site has broken Packages files?
<domas> or actually, is the whole ddebs process broken?
<Cosmos-s> hey this is what i get
<Cosmos-s> Package configuration
<Cosmos-s>  Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Â¤ Installing packages Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢
<Cosmos-s>  Ã¢ Please wait...                                                            Ã¢
<Cosmos-s>  Ã¢                                                                           Ã¢
<Cosmos-s>  Ã¢                                                                           Ã¢
<Cosmos-s>  Ã¢                                                                           Ã¢
<Cosmos-s>  Ã¢                                     0%                                    Ã¢
<Cosmos-s>  Ã¢                                                                           Ã¢
<Cosmos-s>  Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢Ã¢
<mathiaz> !paste | Cosmos-s
<ubottu> Cosmos-s: pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<moo---> mathiaz: thx!
<Cosmos-s> !paste
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<Cosmos-s> ok so
<Cosmos-s> what' si tmean
<moo---> Cosmos-s: don't copy-paste on this channel dircetly, use pastebin isntead
<Cosmos-s> w/e
<yann2> http://pastealacon.com/1570 - I've got a disk controller that seems to *freeze* sometimes for a couple of seconds (2 - 10 secs)
<yann2> I have no idea how to troubleshoot further - it's a  nVidia Corporation CK804 Serial ATA Controller
<yann2> any known issues? Idea how to get more infos?
<kraut> nvidia foo is teh crap
<yann2> sun fire server though :)
<kraut> yep, it sucks hell, the nvidia NICs are a nightmare
<domas> try upgrading firmware
<yann2> here we go again..  http://pastealacon.com/1571 .. 5 secs for something that takes usually 0.03secs...
<domas> :)
<domas> and open support case with Sun too
<yann2> i got ubuntu support.. x2100 is supported hardware in theory
<yann2> think that may help?
<yann2> bah I'll see.. never used the support so far
<domas> I've escalated some RAID issues internally, having more cases open help :)
<MatBoy> has someone used proftpd + mysql auth and shell login ?
<DavGerm4> hey I'm having trouble getting ubuntu seen outside my network?  Like if someone typed in the external IP it would usually say "It Works", but it doesn't go anywhere?
<Gino> hi, is there a way to centralize user managment in ubuntu server?
<domas> centralize ?
<Gino> i mean a easy way to use kerberos/LDAP
<Gino> or somethings like that
<Gino> sorry for my poor english
<domas> well, you can use PAM or NSS
<Gino> where can i find some documention for ubuntu?
<Gino> is something strange what i have asked?
<domas> Gino: try with 'apt-get install authtool'
<domas> or apt-get install auth-client-config
<domas> do note, there're separate issues client of authentication provider, and actual provider
<Gino> when you have many server to manage what do you do for user account?
<domas> unix accounts or service accounts?
<domas> at the moment we're using NIS
<Gino> both
<domas> though people use puppet nowadays
<domas> for systems management
<domas> LDAP is common choice if you want services integration
<Gino> ok thank you
<Gino> just one more question
<Gino> is there a way to add a virtual machine to a kerberos realm automatically during the creation with python-vm-builder?
<ScottK> leonel: New clamav is out.  Looking at the Changelog I didn't see any obvious security stuff, but there's an off by one error that should be looked at.
<johnbollwitt> Hi folks.  I'm wondering if anyone might have some insight on how to get Railo running on Ubuntu server?  I'm pretty hard up for help on this one.
<jgjones> Greetings
<jgjones> Quick question...
<jgjones> I'm looking into something that is like iFolder - which seem like an excellent product but doesn't seem to be in active development? Any good alternatives?
<jgjones> Currently we're using the Microsoft's solution - Offline Files over a PPTP VPN.
<jgjones> Licencing cost is a reason for looking at alternatives.
<uvirtbot> New bug: #292955 in ubuntu "[needs-packaging] func" [Undecided,New] https://launchpad.net/bugs/292955
<Cosmos-s> ello
<Cosmos-s> !paste
<ubottu> pastebin is a service to post multiple-lined texts so you don't flood the channel. The Ubuntu pastebin is at http://paste.ubuntu.com (make sure you give us the URL for your paste - see also the channel topic)
<Tristan-B> ok
<Tristan-B> here ya go
<Tristan-B> i'm having a problem with this
<r00tintheb0x> Anyone fimiliar w/Dell CERT SATA RAID controllers.
<r00tintheb0x> I hope I didnt nuke my array.
<Tristan-B> http://paste.ubuntu.com/67008/
<r00tintheb0x> I had to replace a drive in a raid1 array, and my only option was to re-create the array.
<Tristan-B> !paste http://paste.ubuntu.com/67008/
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<Tristan-B> any good ansi c-compilers that i can use
<Tristan-B> !p
<ubottu> Sorry, I don't know anything about p
<Tristan-B> !
<Tristan-B> got it
<Tristan-B> does anyone see the c compiler thing
<Tristan-B> !help
<ubottu> Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://tinyurl.com/5zfb6t - Usage info: http://wiki.ubuntu.com/UbuntuBots
<Tristan-B> ... alive out there?
 * Tristan-B growls
<Tristan-B> quit
<uvirtbot> New bug: #293333 in mysql-dfsg-5.0 (main) "E: /var/cache/apt/archives/mysql-server-5.0_5.0.67-0ubuntu6_amd64.deb: Ð¿Ð¾Ð´Ð¿ÑÐ¾ÑÐµÑÑ pre-installation script Ð²Ð¾Ð·Ð²ÑÐ°ÑÐ¸Ð» ÐºÐ¾Ð´ Ð¾ÑÐ¸Ð±ÐºÐ¸ 1" [Undecided,New] https://launchpad.net/bugs/293333
<Appl3Kork> ok so I finally got the server outside the home network.  But is it possible to edit things through PuTTY from outside the network? or does it have to be on the same network?
#ubuntu-server 2008-11-04
<centaur5> Does anybody have any ideas on why Intrepid doesn't find the HTTP location for the CD to install from or load the user information from a preseed file?
<lukehasnoname_> What does it mean to "Manage system with Landscape" in the Ibex server? I can't find any documentation on that.
<blunder> ok guys
<blunder> is there a command to disable services
<blunder> nevermind.... I thought my server was running sendmail/postfix or whatever
<blunder> ok guys see you later
<lukehasnoname> anyone?
<henkjan> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<lukehasnoname> I asked hours ago
<kraut> moin
<lukehasnoname> I asked what benefit I would get as a non-paying customer to select "Manage system with Landscape" in the server install. There is no documentation in the server guide about what this option actually entails.
<nijaba> lukehasnoname: the option only makes sense if you pay for Landscape, as it will register your server with Landscape and install the full client.
<lukehasnoname> That's what I was thinking, but I didn't know if there was any "free" part of Landscape, or something I didn't know about, since it's not mentioned in the install.
<lukehasnoname> and the automatic updates just install security updates every so often?
<nijaba> lukehasnoname: the free part of Landscape is now installed by default.  You'll notice it when you login via a text console
<nijaba> lukehasnoname: automatic update installs unattended-upgrades which installs updates once a day
<lukehasnoname> thanks
<lukehasnoname> The virtualization part of the Server Guide should, in my opinion, be changed to reflect the use of the "virt-host task" method of virtual host setup
<uvirtbot> New bug: #293515 in bacula (universe) "bacula-director-mysql installed and started before mysql-server" [Medium,Triaged] https://launchpad.net/bugs/293515
<Gargoyle> Greeting from the other side of the firewall - why didn't I think of using an ssh tunnel as a socks proxy sooner!? :D
<mvo> is there someone particularly attached to ucf? the three-way merge feature seems to cause a log of grief during upgrades (e.g. bug #293539)
<uvirtbot> Launchpad bug 293539 in ucf "package update-manager 1:0.93.32 failed to install/upgrade: ErrorMessage: SystemError in cache.commit(): E:Sub-process /usr/bin/dpkg returned an error code (1)" [Undecided,New] https://launchpad.net/bugs/293539
 * soren thinks ucf's three way merge is sexy
<soren> mvo: For Samba, blame slangasek :)
<uvirtbot> New bug: #293567 in mysql-dfsg-5.0 (main) "can't install mysql-server due to unmet dependencies" [Undecided,New] https://launchpad.net/bugs/293567
 * soren hates bugs
<domas> huh, mysql bugs are the most common, it seems
<dou213> hey u guys, got a problem with my ubuntu server: bought today another NIC for my server so that it has 2 in order to set it up as gateway and firewall for my network. i connected one NIC to the DSL-Modem and the other to the switch, where the clients are connected also. What settings do i have to take care of now?
<mathiaz> dou213: you need to setup a gateway with masquerading enabled. See https://help.ubuntu.com/8.04/serverguide/C/firewall.html for more information on how to do that with 8.04
<dou213> mathiaz: thx in advance, i'm really tired now, i'll look it up later, can i come b 2 u with questions later on if i have problems with it?
<mathiaz> dou213: sure. Come back to this channel and ask your questions here. Many other people here will probably be able to help you out too.
<dou213> thx cya later.
<mathiaz> !serverguide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/8.04/serverguide/C/
<mathiaz> !inetd
<ubottu> Sorry, I don't know anything about inetd
<mathiaz> !openssl
<ubottu> Sorry, I don't know anything about openssl
<mathiaz> !msa
<ubottu> Sorry, I don't know anything about msa
<mathiaz> !mra
<ubottu> Sorry, I don't know anything about mra
<mathiaz> kirkland: are you still making improvement to the manpage repository?
<mathiaz> kirkland: I'm currently cleaning the server team roadmap
<frontmill1> hey
<frontmill1> I have a question, hope someone can help me :p
<ScottK> !ask | frontmill1
<ubottu> frontmill1: Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<kirkland> mathiaz: yes, i am
<kirkland> mathiaz: i have a set of changes that are awaiting audit by kees
<frontmill1> I have an old computer with 500mhz and 192mb memory, do you think it would be recommenable to install ubuntu-server on it? Or is the pc too crappy and would you reccommend installing another linux OS?
<ScottK> frontmill1: What CPU?
<frontmill1> AMD k6 500 mhz
<matthewi> frontmill1: it should run, but it really depends on what you intend to use it for whether the performance will be adequate
<matthewi> what services do you intend to run?
<frontmill1> matthewi: I will mainly be using it as webdevelopment environment, I want to host 1 or several repositories and I might use it as printserver too
<frontmill1> 1 or several SVN reop's*
<frontmill1> repo's
<matthewi> i think it will work fine; I've run a similar setup in the past
<matthewi> if your using mysql or another database it could be a little sluggish
<matthewi> but it should work for a dev environment
<frontmill1> okay, thank you bery much
<frontmill1> I guess using the alternate cd would be reccommendable?
<thefish> can sysklogd send logs from diffent machines to different files? I have another machine sending its logs, this works fine if I use *.* /logile, (remote is sending *.* @thishost), but is there a filter i can use for just that machine, so i can have a log per machine?
<thefish> eg machine1.* /var/log/machine1
<matthewi> frontmill1:  i've uses the text-based install on the alternate cd in the past
<matthewi> but i think current releases have their own server cd you could use
<FrozenIRSSI> I'm having a slight issue with our new ubuntu-server 8.04 - it's a very isolated issue, but we're not entirely sure where to look yet
<FrozenIRSSI> when visiting one particular page on our site, SOME users (like... 3 that we know of) are getting a Network Error (tcp_error) A communication error occured: '''' The web server may be down, too busy, or experiencing other problems preventing it from responding to requests.  YOu may wish to try again at a later time.
<FrozenIRSSI> It's 3 separate users, we can't replicate the issue internally, and didn't happen on our old novell server we just swapped from
<FrozenIRSSI> same code, similar php versions, same apache2 version
<kees> kirkland: oh, which changes need my audit?
<nijaba> server meeting currently starting in #ubuntu-meeting
<Karamon> Hello, I'm looking for the default envvars.conf file for apache on a default server environment.  I deleted it like an idiot..
<Karamon> Does anyone know where I can find this?
<ivoks> apt-get --reinstall install <name of the package>
<Karamon> ivoks - If I do that, will it overwrite custom config files that I have set up already?
<ivoks> it will ask you
<Karamon> Cool
<Karamon> Thanks!
<ivoks> if you changed apache2.conf or something
<FrozenIRSSI> i figured out my issue.  The customer has a proxy server that apparently doesn't like the fact that we switched servers. Thanks anyways for the help.
<ivoks> Karamon: that's apache2.2-common package
<ivoks> soren: congrats on becoming the D-person :)
<Karamon> ivoks: I ran the install, but it didn't prompt me to overwrite anything and the file still didn't appear.
<ivoks> oh
<ivoks> Karamon: that's envvars
<Karamon> Thanks :)
<ivoks> without the .conf
<ivoks> bbl
<soren> ivoks: "D-person"?
 * ogra wonders if thats the driver of the d-bus :)
<domas> damn, jfs deadlocks on other server
<kab> I want to setup a dns server, I used this HowTo https://help.ubuntu.com/community/BIND9ServerHowto, but I get    * Starting domain name service... bind9                                                                                                                           named: chroot(): Permission denied
<kab> I google the problem and the more common response is to remove apparmor, but I want to run with apparmor
<kraut> might be offtopic but i'll get anyhwere else an answer. i just upgraded from hardy to intrepid and my workstation with mdraids will boot now with degraded arrays. with the old kernel everything works fine.
<kraut> does anybody know, why this happens?
<kraut>        0     254        4        0      active sync   /dev/block/254:4
<kraut> what the hack is that for a device?
<domas> kraut: cat /proc/devices, check the 'block' section
<kraut> domas: http://pastebin.com/m6db7c463
<domas> then thats your LVM volume ;-)
<kraut> and where are sda und sdb?
<kraut> i'm not using lvm
<domas> sda/sdb are under 'sd'
<domas> you are using LVM
<domas> at least it is loaded and visible by kernel
<kraut> i'm not using lvm!
<kraut> domas: http://pastebin.com/m185e87db
<domas> lsmod :))
<kraut> domas: http://pastebin.com/mb6b3d48
<kraut> do you believe me now? :)
<kraut> is that a problem with fakeraid?
<domas> what are these dm_ modules doing there? :)
<kraut> no idea
<domas> these are all 'device mapper'
<kraut> i installed that raid by using the alternate installer
<domas> so yes, thats your software raid
<kraut> but it's degraded
<kraut> http://pastebin.com/m59d8183b
<kraut> domas: ^
<kraut> and with mdadm --detail the second device is missing
<kraut> md1 is totally missing
<KingOfDos> Can someone help me with a strange problem, after a server update from Ubuntu 8.04 (server) to Ubuntu 8.10 (server)?
<KingOfDos> http://dev.kingofdos.com/tmp/ubuntu810-serverproblem.jpg
<KingOfDos> that's the only thing that I can get from the server (by using a normal boot).
<mvo> KingOfDos: have you tried the recovery boot option? does that work?
<KingOfDos> the server is not completing it's boot. when i press ctrl+alt+del at that point after a while (30 seconds or something) I can login to the tty. when i take a look at the mounted disks it "looks" that i'm missing the /home and i've got no /var/log
<KingOfDos> mvo: no, didn't try that. the update was completed at 17:45, the reboot at 17:50.
<KingOfDos> after that i'd take a quick look at the server. tomorrow from 08:00 i'm working on that device again.
<KingOfDos> so far I can see there is no harddisk broken, and my scsi card seems to work fine (according to HP iLO)
<KingOfDos> anyhow, the first thing i'll try is the recovery boot from the bootcd
<KingOfDos> perhaps that i'm first copying the complete /etc to another server, so my settings will be saved (specially the firewall and the openvpn setup). after that the recovery boot option.
<kraut> domas?
<ivoks> take care guys
<Lns> I upgraded to the latest -server kernel the other week (well, the mix of 'em) and ever since, I've been having major dhcpd issues. Is there any information on this or should I describe further?
<josh_> how do i connect my ubuntu desktop to my macbook without ethernet?
<Lns> josh_: I think this is the wrong chan for that..try #ubuntu
<josh_> tried there first. no one is there
<Lns> no one there? I'd try again... ;) There's probably more people in #ubuntu than anywhere else on freenode
<josh_> ok, there are people there but no one has answered
<jgjones> josh_, a suggestion - you could try #ubuntu-(country code) - ie for UK there's #ubuntu-uk and so on - smaller number of folks and perhaps more likely to respond - try searching for it in channel list.
<josh_> thanks
<Lns> Can anyone comment on this thread? http://sourceforge.net/mailarchive/forum.php?thread_name=48CE65D600038BC2%40mail-h3g-1.mail.tiscali.sys&forum_name=ltsp-discuss
<Lns> Anyone? Anyone? Bueller? Bueller? :p
<baversjo> Hello! I am using ubuntu server and I have a problem regarding PAM limits. The group I would like to limit is the group "ssh", only one session of each user in the ssh group should be able to be logged in at the same time. I'm able to do this in the file limits.conf but the problem is that I want to disconnect the old user session if a new user session was started with the same username. Now, when a user is fo
<baversjo> Do I have to make my own code or is this feature allready included in Ubuntu server?
<grout> im trying to start mediatomb on my server so i run sudo mediatomb but as soon as i log off the ssh session it shuts down, how can i keep it running?
<baversjo> Anyone? :=)
<josh_> I am installing ubuntu server to run a website for a friend and work as a home server. Which sever software packages do i need to download?
<KingOfDos> apache2 :)
<uvirtbot> New bug: #293741 in samba ""sepcified" typo in net_rap.c" [Undecided,New] https://launchpad.net/bugs/293741
<KingOfDos> do you need a database, php, perl, other languages, etc?
<josh_> i was asking about the installing options that come on the disk.  I just chose to install all of them
<baversjo> josh_: Just install LAMP and Samba and you are good to go ^^^
<josh_> i already started installing all of them.  so what are LAMP and Samba
<baversjo> LAMP is Linux Apache Mysql PHP. That is everything you need to host a website on your server. Samba is windows file and printer sharing so you can share files and printers with windows systems in your network.
<josh_> ok
<baversjo> I am using ubuntu server and I have a problem regarding PAM limits. The group I would like to limit is the group "ssh", only one session of each user in the ssh group should be able to be logged in at the same time. I'm able to do this in the file limits.conf but the problem is that I want to disconnect the old user session if a new user session was started with the same username. Now, when a user is for examp
<grout> What can i use on my ubuntu server to share files.  Theres no windows machines on the network so nfs should work.  Is there an easier option besides nfs?
<grout> like webdav maybe?
<andol> grout: Well, if you have an sshd running I guess you could use sshfs from your other computers.
<grout> im just saying whats the best option?
<grout> whats the most common option samaba?
<grout> samba?
<andol> grout: best option? Depends on what you want to accomplish.
<Deeps> cifs and nfs both have their own strenghs and weaknesses, for simple generic filesharing without much complication, there's not much between them
<josh_> is it a CLI?
<dou213> i installed yesterday a SSH-server on my ubuntu server, now i restarted the server and i can't connect from a client anymore?
<josh_> is it all CLI?
<dou213> i restarted the ssh on the server
<dou213> still can't connect
<KiNnaZ> domas netsat -an | grep 22
<KiNnaZ> aww
<KiNnaZ> dou213 netsat -an | grep 22
<dou213> what should i point out?
<KiNnaZ> tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
<KiNnaZ> should have smt like that
<dou213> yes
<dou213> it has
<KiNnaZ> then it must be your firewall
<dou213> i installed some new packages 2day, dnsmasq and ipmasq
<dou213> wanted to try to make it gateway
<dou213> but i deinstalled them both when i saw i can't :)
<KiNnaZ> dou213 offtopic but i would suggest using iptables nat for gateway functions
<josh_> is ubuntu server just run as a server or can it run as a home computer also?  is it all CLI?
<KiNnaZ> dou213 you could try to see if you have any iptables rules in place iptables-save > somefile
<dou213> josh_: yes it's only CLI
<dou213> josh_: nevertheless u can install a GUI
<dou213> josh_: sudo apt-get install ubuntu-desktop
<MatBoy> do I always need to copy all dirs and files to make a jail for a user ?
<dou213> KiNnaZ: i'm a big newcomer in this, can u be more explicit, what are the commands to do this?
<KiNnaZ> dou213 iptables-save > somefile
<MatBoy> I would like to use something like AMD that you have on FreeBSD
<KiNnaZ> dou213 after that check the contense of that file
<KiNnaZ> dou213 or you could try /etc/init.d/iptables stop
<KiNnaZ> dou213 if you havent changed ssh configuration it must be somekind of problem with firewall
<KiNnaZ> dou213 can you connect to other services okey ?
<dou213> KiNnaZ: let
<dou213> s take it one after the other :)
<dou213> i did that with somefile
<dou213> then i sudo cat somefile
<dou213> what should i look after?
<KiNnaZ> dou213 deny or smt
<KiNnaZ> dou213 did you build the firewall ?
<KiNnaZ> i quess not
<KiNnaZ> dou213 did you use somekind of firewall rules generator to create the firewall ?
<TrioTorus> setting up a file and webserver. Got 1TB available, what's a good plan for swap partition size?
<dou213> all entries in this file are from fail2ban... a program i installed for the ssh-server so that it is more fiable against attacks
<KiNnaZ> dou213 that fail2ban is whats hurting you for sure
<TrioTorus> 2GB of ram available
<dou213> KiNnaZ: no deny in the somefile-list
<KiNnaZ> dou213 you should revise it's configuration
<dou213> KiNnaZ: how come? yesterday it went all good
<dou213> KiNnaZ: i could connect to it
<KiNnaZ> i have really no knowledge of that fail2ban
<dou213> KiNnaZ: hmm, ok i'll go through the config files again
<dou213> brb
<Deeps> TrioTorus: double your ram, is the general rule
<TrioTorus> Deeps:  thx
<TrioTorus> can my swap use lvm2?
<TrioTorus> is /boot on lvm supported now in 8.10?
<dou213> KiNnaZ: i tried to `sudo /etc/init.d/iptables stop`, it says   no such file or directory
<KiNnaZ> dou213 one option could be to flush the iptables, thou ALL settings will be removed from there iptables-flush for that
<KiNnaZ> dou213 iptables --FLUSH
<KiNnaZ> even
<KiNnaZ> dou213 thou can use iptables-save > file and iptables-restore < file
<KiNnaZ> to save and restore it aswell
<KiNnaZ> dou213 ah and the line to look for from the iptables-save should be REJECT not DENY
<KiNnaZ> sorry for giving out misleading information
<dou213> KiNnaZ: np, wasn't that misleading at all ;)
<dou213> KiNnaZ: i tried to ping the host from the client, can't see him... so there i definetely a firewall in the way... but i can't say what it is, this is the link which i followed today: http://wiki.ubuntuusers.de/Router
<dou213> KiNnaZ: look only at the commands, the rest is another language
<dou213> KiNnaZ: hopefully u can figure out what i did and maybe some solution do undo it...
<dou213> *to
<KiNnaZ> dou213 could you paste that output from iptables-save to somewhere
<dou213> no, i've flushed iptables, now there is nothing in it
<KiNnaZ> dou213 thou theoreticaly iptables --flush should remove all rules from firewall
<KiNnaZ> dou213 and still no connection to ssh ?
<dou213> nope :(
<KiNnaZ> dou213 check /etc/hosts.deny
<dou213> KiNnaZ: every line in /etc/hosts.deny is commented: with # in front
<KiNnaZ> dou213 is the box in internet ?
<dou213> KiNnaZ: no
<dou213> KiNnaZ: did u have a look on the link i sent u
<KiNnaZ> dou213 yeah nothing there that could hurt imho
<dou213> KiNnaZ: the commands listed there are those which i played today
<dou213> KiNnaZ: i could put the box online
<dou213> KiNnaZ: but what would it help?
<KiNnaZ> was just wondering would have tried to nmap it or smt
<KiNnaZ> then could be sure that smt is blocking just your ip
<dou213> KiNnaZ: gotta reconnect to the net here in order to put the server online
<KiNnaZ> dou213 dunno if it helps but you could try to stop the fail2ban
<dou213> KiNnaZ: ok trying that first
<KiNnaZ> dou213 and check fail2ban log files for any bans or smt
<dou213> stop fail2ban with: `sudo /etc/init.d/fail2ban stop` ?
<KiNnaZ> quess so
<KingOfDos> offtopic: is fail2ban supporting ipv6?
<KiNnaZ> KingOfDos if it uses iptables, in theory it could
<dou213> y i've read about it
<KingOfDos> ah nice, then i'll try to find something usefull soon.
<KingOfDos> in about 2 months i've got native ipv6 at the datacenter. so i'm preparing for that.
<KiNnaZ> ipv6 for the win :)
<dou213> KiNnaZ: tried stopping fail2ban, won't work either...
<KiNnaZ> dou213 check the log files then, see if it has banned anything so far
<dou213> KiNnaZ: already checked them... `sudo iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE` this command, couldn't it be cuz of this?
<KiNnaZ> dou213 it justs enables of NAT
<dou213> KiNnaZ: how do i disable it?
<dou213> or reverse the command
<dou213> to make it as it was before..
<KiNnaZ> you already have by flushing the tables
<KiNnaZ> only thing still changed from the howto you were using is net ipv4 forwarding
<KiNnaZ> thou it cant be whats causing the problem you have at the moment
<KiNnaZ> because it just basicaly makes box gateway
<dou213> well let's disable that also, make it as it was before all that, maybe it will work practically, if theoretically it is nonsense
<dou213> so... `sudo sysctl -w net/ipv4/ip_forward=0` ?
<KiNnaZ> echo 1 > /proc/sys/net/ipv4/ip_forward
<KiNnaZ> echo 0 > /proc/sys/net/ipv4/ip_forward
<KiNnaZ> result should be the same
<KiNnaZ> as your line
<KiNnaZ> thou that still isnt whats causing the problem with your ssh
<dou213> KiNnaZ: permission denied, although i did sudo before it
<KiNnaZ> make it your way then if my way wont work
<KiNnaZ> i'm using debian maybe that could have some effect
<KiNnaZ> thou anyways after the reboot it will be set to 0 again
<KiNnaZ> so dont worry about it
<dou213> KiNnaZ: permission denied...
<KiNnaZ> anyways try to find fail2ban log file or smt
<KiNnaZ> and see if has smt about banning your ip
<dou213> w8, maybe i run some other commands today... looking on the tuts
<Pangea> Hello Ubuntu users!
<dou213> how can i check if a program is running?
<Pangea> I have installed a Ubuntu Intrepid on a HP Proliant server with 32G of RAM and run:  sudo vmbuilder kvm ubuntu --suite hardy --flavour server --arch amd64 -o --libvirt qemu:///system --user usuario --name Usuario --pass password666 --mirror http://br.archive.ubuntu.com/ubuntu --dest hardy01 --hostname guesthardy0
<Pangea> but...  How to boot my new VM after vmbuild finishes ?
<dou213> ahhh i know now the problem :)))
<Pangea> I see a virtual disk at: hardy01/disk0.qcow2 but I don't know how to boot it!
<Pangea> with KVM.. of course...
<Pangea> My server is a x86_64
<KiNnaZ> dou213 ps -ax |grep progname
<KiNnaZ> dou213 ps -ax | grep progname
<incidence> In Ubuntu 8.04.1, How do I add a new serial terminal for iLO2?
<dou213> KiNnaZ: thx for ur help mate, it was the client with the problem... i use a windows client, and i've made some changes in the LAN-settings, thus it isn't in the same subnet anymore :) no wonder it didn't work :)
<KiNnaZ> lol
<KiNnaZ> okey :P
<Pangea> When I use virsh to connect to KVM, the "list" command don't show any virtual machine there...
<incidence> Do I have to create rc.serial to /etc/event.d/ or something=
<dou213> KiNnaZ: but i can check it also within `top` or not? if it is listed there then it is up and running
<KiNnaZ> dou213 yeah you can use top, top just doesnot show all proccesses
<KiNnaZ> dou213 ps -ax gives you everything running
<KiNnaZ> dou213 and its wise to grep to get just what you need
<dou213> KiNnaZ: k thx ;)
<KiNnaZ> np
<cod3r3d> hey all...is it possible to have a matrix-like raid setup in linux.  I want to take 3 drives and create a 6 partitions total.  3 small ones for raid 1 mapped to the /boot partition and 3 large partitions for a raid 5 mapped to the / partition
<Deeps> yep
<cod3r3d> and part 2 of that question is would it hinder the raid 5 performance to do this? btw they would all be software raids
<Deeps> mdadm will let you do that
<cod3r3d> thanks Deeps
<cod3r3d> will the raid 5 suffer performance from this or not because the /boot partition is mostly inactive after booting?
<cod3r3d> if having 2 different types of raid on the same physical disks will kill the performance of my raid 5 then its worth it to but seperate /boot disks
<cod3r3d> but = buy*
<cod3r3d> basically Im trying to make a cheap reliable storage server...and i dont want a hardware raid
<dou213> i bought today a second NIC, i put it on my server box. if i connect through it to the network, i also can't see the server... can somebody tell me how to troubleshoot this?
<dou213> the card is supported
<dou213> chipset 8139
<dou213> when i `lspci | grep Ethernet` then it shows them both
<TrioTorus> hm I got to the point where I have to choose where to copy lilo: /dev/md1 or another path. /dev/md1 is a physical volume of a volume group named myraid. On the vg myraid, I made a logical volume named boot, but trying to install lilo to /dev/myraid-root fails. What am I doing wrong?
<TrioTorus> sorry: trying to install to /dev/myraid-boot fails
<tonyyarusso> dou213: Could you define "see the server" and "connect through it" please?
<dou213> tonyyarusso: see the server: i can't ping it from the client, and connect through it: it is that NIC which is connected to the switch
<tonyyarusso> dou213: gotcha.  Could you pastebin 'ifconfig -a' then?
<KiNnaZ> can you ping client from server ?
<dou213> tonyyarusso: just did ifconfig -a, guess i just needed to set a static ip on the second NIC :)
<Cosmos-moo> hi
<tonyyarusso> dou213: nice :)
<Cosmos-moo> question  about ho server speeds, on a ubuntu machine -- disregarding, the internet.
<Cosmos-moo> how to i make the connections to my server (out of network ones) less laggy
<Cosmos-moo> ;)
<Cosmos-moo> ;)
<Cosmos-moo> ok
<Cosmos-moo> @uvirt
<Cosmos-moo> !uv
<ubottu> Sorry, I don't know anything about uv
<Cosmos-moo> !w
<ubottu> Sorry, I don't know anything about w
<Deeps> Cosmos-moo: get a less laggy connection
<Cosmos-moo> !shutdown
<ubottu> Sorry, I don't know anything about shutdown
<Cosmos-moo> it isn't laggy. maybe i could upgrade or kill some processes?
<Cosmos-moo> whatever
<Deeps> ping the ip
<KiNnaZ> dunno my shells are out of lag :P
<Deeps> or just quit
<KiNnaZ> yeah save some bw for that putty :P
<KiNnaZ> obviously that was the weak spot
<Deeps> lol, his connection's terrible
<Deeps> 136ms to the last hop before him
<Deeps> 3000ms to him
<KiNnaZ> try me
<KiNnaZ> out of curiousity
<Deeps> 42ms from my server in london
<KiNnaZ> :)
<Deeps> and you are actually in .ee
<Deeps> nice
<cod3r3d> is there an irc channel i can go to for raid 5 on linux questions?
<freaky_t> hi all i got a problem while upgrading to intrepid from hardy: http://main.freakyy.de/errors.txt
<freaky_t> can you please help me?
<tjaalton> does anyone know if likewise-open works on non-AD setups? (caching in particular..)
<lukehasnoname> Server guide needs to be moved from doc.ubuntu.com, and updated for Intrepid, especially w.r.t. the virtualization guide. the updated tasksel method of virtual host setup, the new meta packages for virt-management, all need to be covered.
<lukehasnoname> I will continue to bug you guys about it! I know a bug is filed about the draft guide needing moved, but not about the virtualization updates needed.
<uvirtbot> New bug: #293823 in samba (main) "package samba-common 2:3.2.3-1ubuntu3 failed to install/upgrade:  (dup-of: 293539)" [Undecided,Confirmed] https://launchpad.net/bugs/293823
<mario> Hi, where can i find documentation about ubuntu-vm-builder in 8.10?
<zoredache> does anyone have suggestions on a good/easy RIP implementation?
<mathiaz> zoredache: quagga
#ubuntu-server 2008-11-05
<zoredache> how does quagga compare to bird?
<Gemini420> hi there, would anyone here be able to assit with a Postfix + Dovecot + SMTP AUTH question ... ?
<Gemini420> i am switching from Qmail to Postfix, and having issues with setting up SMTP AUTH to use the same user/passwd files as POP3/IMAP
<Gemini420> POP3/IMAP work fine ...
<Gemini420> ehlo?
<AtomicSpark> So I *think* I've figured out whats wrong with my ubuntu 8.10 server.
<AtomicSpark> Its seeing the raid 5 + online spare wrong. Its saying its 320 GB (all disks) but since I have an online spare, i really only should be getting ~298.
<AtomicSpark> So its creating the partition too large. If thats possible.
<AtomicSpark> Might be a hardware issue too.
<AtomicSpark> To test this, I'm going to use a RAID 10 (1 + 0) instead. Size is not an issue and this should give me better performance/reliablity
<AtomicSpark> Yes. Its showing my size correctly now. 3x80=240. I hope this works. :P
<r00tintheb0x> I am so elite.
<r00tintheb0x> :O
<r00tintheb0x> Because of my name.
<AtomicSpark> Yea. No.
<AtomicSpark> !leet
<ubottu> 1337 i5 nigh-inc0mpr3h3n5ib13 70 u5 n00bs, 4nd n0b0dy c4r35 if UR 4 1337 h4x0r. Giv3 i7 4 r357.
<r00tintheb0x> Yeah I am.
<r00tintheb0x> 1337 h4x0r
<r00tintheb0x> Im going to leagaly change my name to "ub3t 1337 h4x0r"
<ajmitch> k
<r00tintheb0x> ty
<r00tintheb0x> kthxbye
<AtomicSpark> Interesting.
<r00tintheb0x> Im joking guys ad gals.
<r00tintheb0x> Heheh
<r00tintheb0x> and
<r00tintheb0x> :)
<r00tintheb0x> Just bored outta my gord.
<Appl3Kork> hey so on my server, my index.html has flash enabled content or whatever.  But is there a way to enable the server to read that?
<Appl3Kork> cause it says on the website FAIL
<Appl3Kork> FAIL (the browser should render some flash content, not this).
<Appl3Kork> that's what it says
<mynous> would disk speed be a reason for vsftpd to effect rtorrent upload speeds even if both are limited to 1/4 the available bandwidth?
<mynous> e.g. downloading viz vsftpd causes rtorrent uploads on the same server drop to almost nil
<benlake> anyone running IET?
<framstag> huhu
<framstag> I want to add a new server application to ubuntu - where should I start?
<framstag> (adding to the repositories)
<_ruben> getting it into debian is probably best .. check debian's new maintainer guide .. in what stage is that application? source tarball? .deb package?
<framstag> I have no debian system running
<framstag> stage: final release february this year
<framstag> source code and documentation has been already publisjed:
<framstag> http://fex.rus.uni-stuttgart.de/
<framstag> but no distribution specific package
<framstag> for I am using ubuntu myself, I thought it would be best to start with it
<kraut> moin
<_ruben> framstag: well .. making a proper .deb package for it will be the next step i think .. you should join #ubuntu-motu, those are the packaging gurus and know the steps to take to get your package included in either debian or ubuntu or both
<framstag> ahh... ok, I see,  wrong channel :-)
<dataflow> =]
<framstag> thanks for the hint
<fsbano> hi
<fsbano> good morning for all
<dataflow> morning
<dataflow> whats on the morning agenda?
<fsbano> isn't running ubuntu-server 8.10 with dom0?
<fsbano> working..
<fsbano> Xen
<soren> fsbano: The Ubuntu server kernel in 2.6.27 can function as a Xen domU. Not dom0.
<soren> for that, you need the Xen kernel image.
<soren> ....which I can't seem to find anymore.
 * soren wonders..
<soren> Darn it. It appears to have been NBS'ed.
<fsbano> soren : okay
<soren> You can grab it from Hardy, though, and install it in Intrepid.
<fsbano> do you know kvm?
<uvirtbot> New bug: #293941 in samba (main) "distribution upgrade fails on samba (dup-of: 293539)" [Undecided,New] https://launchpad.net/bugs/293941
<soren> fsbano: Yes.
<soren> fsbano: If you want the Xen kernel from Hardy: http://packages.ubuntu.com/hardy/linux-image-2.6.24-21-xen
<fsbano> i will go get it
<Abracadabr4> hi /all
<KingOfDos> I've got this problem with a ubuntu server, after updating from 8.04 to 8.10 -> http://dev.kingofdos.com/tmp/ubuntu810-serverproblem.jpg
<KingOfDos> The device just won't boot further then that point
<KingOfDos> When i press ctrl+alt+del there, after about 30 seconds the console will show up. When I login there I can see that i'm missing "at least" the /home and the /var/log paths.
<KingOfDos> When I start the recovery mode I can mount some disks, and do other stuff. But I've got no idea where to start searching on that server
<incidence> KingOfDos, Is it AMD64?
<incidence> I mean, x86_64, https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/8414
<uvirtbot> Launchpad bug 8414 in util-linux "AMD64: Cannot access the Hardware Clock via any known method." [Medium,Invalid]
<soren> I doubt that's the big problem here.
<soren> KingOfDos: It's booting 2.6.27-7-server?
<KingOfDos> Nope. It's an old server. HP Procurve DL380 (G2 i beleave), with Intel P3 (i beleave 1300mhz) as CPU
<KingOfDos> soren: how can i check what kernel it's booting? (yes i'm not "that" good with linux, most problems i can solve myself, but this is a little hard for me ;) )
<Deeps> uname -r
<KingOfDos> with the recoverymode @ livecd, after mounting the /dev/cciiss/c0d0p1 device (the /boot) i see that there is the 2.6.27-7-server kernel.
<soren> KingOfDos: Reboot it and watch :)
<soren> KingOfDos: Does it use lilo or grub?
<KingOfDos> indeed, the 2.6.27-7-server is used as kernel when booting the system
<KingOfDos> it's a almost default server (so it uses grub, no lilo). the server is used for OpenVPN and Zabbix
<KingOfDos> when i'll boot the 2.6.24-16-server it's working normal, as i'm used to be.
<soren> KingOfDos: For now, just use that, then. I'd like it if you could open a but about your problem, though.
<KingOfDos> soren: what do you think is good to do about the bug? post the picture @ launchpad, including that it's happening with the 2.6.27-7-server kernel and not on the 2.6.24-16-server?
<soren> KingOfDos: that's a good start.
<soren> KingOfDos: Also, attach the output of "lspci -vnn".
<KingOfDos> or what do you suggest? cause i can't find any "logs" of that bug at my server (just a logical something. because the /var/log is not mounted with the 2.6.27-7-server kernel)
<KingOfDos> ok
<KingOfDos> you've got other suggestions of things that i can post?
<soren> KingOfDos: Not off the top of my head, no.
<KingOfDos> Ok, i will add a case in a few hour (don't know any passwords from my head, needs to be generated with some secure tool, at home).
<KingOfDos> Thanks for your support so far :)
<byte_slave> hello everyone!
<byte_slave> how can  i disable the "automatic upgrades" of my ubuntu server box? i ask it bc some time ago when using v8.04 and without doing nothing the box has upgraded itself from 8.04 version to the available 8.10 intrepid ibex RC version available at that date
<soren> a) Ubuntu server has no automatic upgrade
<soren> b) There's no such thing as automatic upgrades from 8.04 to 8.10, not even on the desktop.
<soren> You need to take very explicit steps to perform that upgrade.
<_ruben> automated upgrade .. nasty
<soren> Does not exist.
<soren> byte_slave: You probably put intrepid in your sources.list and did and apt-get upgrade at some point.
<soren> byte_slave: *Nothing* in the Ubuntu repository will automatically do a dist-upgrade from Hardy to Intrepid. Even update-manager needs special options to even *offer* the option to upgrade  (since Hardy is an LTS).
<byte_slave> hummm.... maybe i put that in the sources.list
<byte_slave> because i remember was a very strange behaviour and i had to format the box and reinstall all again
<_ruben> and upgrading to an rc usualy requires even more effort .. unless the edit-sources.list-approach is taken .. which is nasty in itself
<_ruben> byte_slave: so much for "doing nothing" then ;)
<byte_slave> :(
<byte_slave> thanks for the explanation guys!
<nodebo1> under gentoo i used to do make menuconfig and select modules to be builtin or whatever myself... does ubuntu do anything similiar during apt-get
<nodeboy_999> the problem is i have two kernels (same version) on the same hardware under 2 different version of ubuntu 8.04 nothing from lsmod but a different startup sequence 1 starts the other dosen't both appear to be using different modules
<nodeboy_999> does apt-get <linux-kernel> provide a static or dynamic kernel image for any given kernel?
<uvirtbot> New bug: #294148 in php5 (main) "move_uploaded_file does not set right permissions (ignores umask)" [Undecided,New] https://launchpad.net/bugs/294148
<uvirtbot> New bug: #294179 in php5 (main) "ALERT - canary mismatch on efree() - heap overflow detected" [Undecided,New] https://launchpad.net/bugs/294179
<benlake> anyone use IET?
<nxvl> IET?
<benlake> iscsi enterprise target
<josh_____> how do i use samba?
<josh_____> how do i use samba?
<domas> by using it!
<josh_____> newbie
<josh_____> i just installed it using tasksel
<josh_____> ok, maybe this is phrased better.  How do i set samba up?
<benlake> http://us1.samba.org/samba/docs/using_samba/toc.html
<josh_____> i just want to share files between my mac and ubuntu
<benlake> did you even look at that link?
<benlake> are you running the server edition?
<josh_____> yes,  i found a similar link, before i posted here. the one you posted is much easier to read, but still overwelling
<josh_____> no, basic ubuntu
<benlake> why are you asking this in server?
<benlake> the normal desktop has GUIs for sharing your stuff
<josh_____> someone told me that i need samba to share file, and lamp to run my website
<benlake> if you are running ubuntu desktop, samba is in the background
<benlake> just use the GUI to setup shares
<yann2> josh_____ > try to read some documentations first, and then come back with specific questions :)
<josh_____> ok,  how do i do that?
<yann2> don't expect someone to make a 3 hours speech to explain you step by step how to setup a complete web server ;)
<benlake> dude if you can't click around on an interface and discover that or google "file sharing ubuntu" then this is really the wrong place to ask
<benlake> we are like jesus, you have to do half the work
<benlake> the difference being we then actually help.
<josh_____> i have been reading on it.  I can only see 3/4ths of my screen because its hooked up to my tv because my monitor has not came in yet
<nxvl> mathiaz: where was the list of merges for the ubuntu-server team?
<mathiaz> nxvl: I haven't created a list yet
<mathiaz> nxvl: for now, merges.ubuntu.com is the best place to look at :)
<nxvl> ok
<nxvl> :D
<nxvl> but had a tool that created such a list
<mathiaz> nxvl: https://code.launchpad.net/~mathiaz/+junk/get-merges
<nxvl> that one
<nxvl> \o/
<nxvl> thank you
<zul> heh apache2 was taken care of this morning
<rhalff> hi
<rhalff> ug in the documentation: http://doc.ubuntu.com/ubuntu/serverguide/C/jeos-and-vmbuilder.html#jeos-bridging
<rhalff> source network='br0' should be source bridge='br0'
<unit3> Hey all. Just upgraded to intrepid, and apparently do-release-upgrade thought I needed consolekit and dbus, which are now spamming my logs.
<unit3> Is there any reason to keep those?
<ScottK> unit3: If you remove them, make sure you see if the system wants to remove anything else.  If not, it's probably fine.
<unit3> Ok, I just wasn't sure if there was server daemons or hardware detection now doing stuff with dbus.
<unit3> If there isn't... then I'm not really sure why the upgrader thinks a server install needs those packages.
<benlake> unit3: my upgrade specifically removed consolekit, odd
<unit3> Weird.
<unit3> also, is anyone else getting a bunch of apparmor spam about clamd?
<ScottK> unit3: Are you using a TCP socket for it?
<unit3> lemme check
<unit3> yes.
<unit3> but that's not what it's complaining about.
<unit3> it's complaining about clamd trying to get read access to files under /etc/resolvconf
<unit3> which it isn't allowed to do in the default apparmor profile.
<ScottK> Yes.  That's a different issue.
<ScottK> There's an apparmor update in intrepid-proposed that fixes that.
<unit3> Oh ok. I'll grab that. :)
<ScottK> unit3: After you install it, please comment in https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/286080 about if it fixes your problem or not.
<uvirtbot> Launchpad bug 286080 in apparmor "cups fails to print to network printer if resolvconf package is installed (apparmor)" [Undecided,Fix committed]
<unit3> ok
<unit3> hrm... gulus mirror doesn't have it in proposed. I s'pose I can use prevu to build it from launchpad?
<ScottK> Let me get you a link.
<unit3> sure.
<unit3> I'm on amd64.
<ScottK> unit3: It was just uploaded, so it's not built yet.
<ScottK> unit3: If you look at https://launchpad.net/ubuntu/intrepid/+source/apparmor/2.3+1289-0ubuntu4.1 once amd64 says done or accepted you can click on the link and it'll lead you to the .deb
<ScottK> IIRC it's two clicks from there.
<unit3> great, thanks.
<BUGabundo> hi
<BUGabundo> does ubuntu handle soft raid 10 ?
<benlake> the short answer is yes
<BUGabundo> thanks
<benlake> man md
<BUGabundo> benlake: long answer?
<BUGabundo> some wiki link?
<benlake> BUGabundo: since you are in the server channel I'll assume you don't need GUIs
<BUGabundo> its not for me
<BUGabundo> a collegue asked me
<BUGabundo> I have no special needs for GUI, don't worry
<BUGabundo> $ man md
<BUGabundo> No manual entry for md
<BUGabundo> LOLOL
<BUGabundo> MAN won't help much there benlake
<unit3> mdadm actually is what you want to look at.
<benlake> you obviously did that on desktop
<unit3> And also the wikipedia on Linux's raid10 implementation.
<BUGabundo> eheh
<benlake> unit3: there is no actually about that statement
<unit3> benlake: well, for someone who doesn't already know the md system inside and out, I'd recommend looking at mdadm before md.
<benlake> man md will lead you to mdadm after explaining what is supported and how
<unit3> Ok, fair enough. :)
<benlake> I would disagree
<BUGabundo> http://manpages.ubuntu.com/manpages/intrepid/en/man4/md.html
<benlake> I don't want to give people programs until they have an idea of what they are trying to do with them
<BUGabundo> LOL
<unit3> benlake: true. :)
<BUGabundo> I'll fw him this info
<BUGabundo> any more tips?
<benlake> BUGabundo: something tells me there are glazed eyes in their future
<BUGabundo> why?
<unit3> BUGabundo: I'd still suggest the wikipedia page about nonstandard raid levels, as it explains the linux raid10 options in more detail (or at least more visual form): http://en.wikipedia.org/wiki/Non-standard_RAID_levels#Linux_MD_RAID_10
<benlake> well you're colleague couldn't googled "ubuntu software raid" to get an idea of what the situation is
<benlake> unit3: you can build the 10 yourself too :)
<benlake> unit3: not sure of the pros and cons of that though
<unit3> benlake: yeah, you can do a traditional stack of 1+0 or 0+1...
<unit3> generally I find it's all cons and no pros, but that's just IMO. ;)
<uvirtbot> New bug: #294277 in tomcat6 (main) "Tomcat 6 missing directory "Catalina" in /etc/tomcat6 - so impossible to deploy webapp" [Undecided,New] https://launchpad.net/bugs/294277
<pjman80> Hello All - I'm having a very odd network problem and I'm looking for some advice.
<pjman80> I have a server (running Ubuntu 8.04 Server) on an Internet facing DMZ. At "random" times the server becomes unreachable from our LAN and the Internet. However the server is reachable from other servers on this DMZ. The server is reachable from the LAN and Internet if I generate traffic between the problem server and another machine on the DMZ. There are no typos in the network settings (SubnetMask, DefaultGateway, etc.). Our fir
<pjman80> "The server is sending the reset packet, meaning that it does not want to accept any connection at that time for some reason. The firewall is just forwarding those back to the client."
<pjman80> I've viewed all the logs in /var/log/ and there is nothing worthwhile showing up. I do see some lines in /var/log/messages that have "-- MARK --" but I do not know what these indicate.
<pjman80> I've tried listening for all incoming connections from the LAN source IP with tcpdump. tcpdump isn't showing any of these incoming attempts while we are experiencing the problem.
<pjman80> Anyone have ideas?
<zoredache> I can tell you the '-- mark --' is just a way for you to know that your syslog server hasn't crashed
<pjman80> good to know :-)
<zoopster> pjman80: good one
<zoopster> pjman80 - let me make sure I am clear - if you even ping from the "problem server" to another ip address the connection "wakes up"?
<zoredache> pjman80: what services are you running?
<bn43> Hi I need to understand raid 10 on a dell 2950 III
<pjman80> during the time I can't reach the server from our internal LAN I'm able to ping the server from other servers on the DMZ. After I do this, usually I'm then able to reach it again from the LAN.
<pjman80> services = ssh server, tomcat
<bn43> the server has got an internal PERC raid 6/i controller card
<bn43> has anyone worked with this server?
<pjman80> and mysql
<pjman80> ntp as well. I think that's it. So it's ssh server, tomcat, mysql and ntp
<zoredache> bn43: perhaps you should tell us what you don't understand
<zoredache> pjman80: I would almost be tempted to suggest that for some reason something isn't responding to ARP requests...
<bn43> um ok - I have been using software raid before with LVM
<unit3> ScottK: just installed that new apparmor package, and got a bunch more spam about clamd.
<bn43> what I understand now is that the raid card will control the raid
<unit3> So it doesn't appear to have fixed my issue.
<unit3> I'll update the bug on launchpad.
<bn43> so ubuntu will see the disks in raid format upon installation right?
<ScottK> unit3: Is it tied to resolvconf or something else
<zoredache> bn43: no, ubuntu will just see a single disk
<unit3> ScottK: it's the same resolvconf error I was seeing before.
<ScottK> If it's about clamd, I think we have a different bug on that already.
<bn43> yeah sorry thats what I meant!
<ScottK> jdstrand: ^^^
<ScottK> unit3: I'd suggest discuss it with jdstrand as he prepared that update.
<unit3> ok.
<bn43> so I was reading in wikipedia that raid10 is not advised but I've been told to set it up
<unit3> bn43: where does it say it's not advised? I don't know of any issues with it.
<unit3> It's worked rather well for me for years now. :)
<jdstrand> unit3: please post your kern.log in the bug and ping me
<zoredache> pjman80: when the failure happens, I would be tempted to look at the arp tables on system, and your firewall perhaps.
<bn43> apparently if one disk fails and is not replaced and another disk goes, the whole array goes
<unit3> jdstrand: ok, 286080?
<bn43> everything is lost
<unit3> bn43: well yes... if you have two disks fail, and only two levels of redundancy then yes, you'll lose data.
<pjman80> I'm not familiar with arp. Any idea how I would look at their tables?
<zoredache> bn43: if one disk fails your fine, if a second disk fails everything is lost
<unit3> That falls under "expected behaviour". ;)
<jdstrand> unit3: that would be fine
<zoredache> bn43: but the same is true for raid5, raid1, and so on
<unit3> bn43: and that's only if you use near/far=2. If you've got more disks, you can do near=3, or near=4, to ensure more data copies.
<unit3> So it's up to you, really.
<bn43> ok - I'm also trying to understand the disk setup too
<zoredache> bn43: unless you have host-spares which will automatically take over
 * ScottK wants a system that will preserve my data if all the disks fail and no performance penalty.
<bn43> I'm still understanding raid so pls bear with me
<zoopster> pjman80: and to add to zoredache...look at the ethx stats - this could be a cable issue or port issue
<bn43> so on this raid card, can I setup hot-spares?
<zoredache> pjman80: sudo arp -a
<bn43> I'm assuming the raid card controls hot-spares
<zoredache> bn43: I am not certain with a perc6, I think I have perc5s...
<pjman80> zoopster: zoredache: Thanks - I'll look into that
<bn43> perc5s's allow for that?
<zoredache> bn43: the system probably came with a set of docs that is somewhat ok...
<bn43> ok I'll look into that
<zoredache> bn43: I don't think so...  I have never wanted a hot-spare on a server...
<bn43> zoredache: have the server for some time so just want to learn how to do it :-)
<bn43> Is there a howto for raid10 on ubuntu?
<zoredache> I figure after the first dirve fails, I will replace it as soon as possible, and that I will have good backups, so I can restore if the second disk fails
<unit3> bn43: there's docs, but the mostly concern software raid, which won't apply if you're using a hardware raid controller.
<bn43> and how is the latest release (8.10) for a working environment?
<unit3> So far I like it on my server, just tracking down some minor apparmor issues.
<Deeps> bn43: it's just been released. same logic applies to ubuntu releases as does to all major software releases
<unit3> aww.... dbus/consolekit are deps for avahi... so I've got to give up service discovery if I want consolekit to shut up in my logs. :(
<bn43> Deeps: so what do you guys use? - version?
<unit3> oh nice, and now console-kit-daemon is just segfaulting in my logs rather than complaining about org.freedesktop.
<Deeps> bn43: depends on the importance of the server
<zoredache> bn43: I suspect I would stick to an LTS for servers, unless you really needed something recent.  But that is mostly because I don't like running updates ever 6 months.
<Deeps> debian and 8.04 are what i use
<jdstrand> unit3: what is the output of 'dpkg -l|grep apparmor'
<jdstrand> ?
<bn43> Deeps: File Servers mostly
<bn43> Deeps: hehe - Important!
<unit3> Yeah, you might want to stick with LTS (8.04) unless you really need something in the new release...
<unit3> and even then, prevu is your friend. ;)
<bn43> ok now about the disks themselves
<bn43> If I wanted a capacity of 1.5TB on a server, how many disks do I need of what capacity for Raid10?
<unit3> Double.
<unit3> So you need 3TB of raw space.
<unit3> four 1TB disks will do fine. ;)
<bn43> wikipedia says theoretically raid10 will work with 2 disks - I'm confused about that given that the 4 is what I worked out too
<bn43> can someone explain?
<zoredache> bn43: raid10 on 2 disks is effectively a RAID1
<unit3> Yeah, there's just not much point to it.
<Deeps> or RAID0
<bn43> yeah so how can it be raid10 then?
<Deeps> unless i'm confusing RAID10 and RAID01 again
<Deeps> which is quite likely, ignore me
<zoredache> bn43: perhaps they partitioned both of the drives equally, and then did raid10 accross the 4 partitions
<bn43> ahhhh!
<bn43> ok that makes sense
<unit3> it wouldn't really be raid10 in logical terms, but the software/hardware would think it was.
<zoredache> bn43: it would be a silly thing to do I suspect.  Very little practical use for it
<bn43> thats why 'theoretical' i suppose
<bn43> something else I need to understand about hardware raid - since the OS sees one disk, the boot sector is installed across the array right?? so any one disk can fail and the sytem will still boot?
<unit3> In theory, yes.
<unit3> Since the boot block will exist on 2 disks.
<bn43> ?? - please explain that - why 2 disks?
<zoredache> bn43: I think he was assuming a raid10. The systems ability to boot would depend on the raid.
<bn43> I'm looking at raid10 here
<zoredache> on the *type of* raid.
<unit3> Oh yeah, sorry. Thought we were still talking about raid10.
<unit3> In raid 10, the boot block would exist on the first disk, but also the disk that is a mirror of that one.
<unit3> and the controller would know that is logical block 0.
<unit3> so if the boot disk died, it could still retrieve the boot block from the mirror disk.
<bn43> ok so if any one disk dies, the system will still boot as if nothing happened
<zoredache> aside from the warning you'll get on the boot screen that you have a degraded array
<bn43> on my software raid1 systems, I had to manually install grub on the second disk to have that work
<unit3> bn43: that depends on how you've got software raid setup.
<unit3> If you set it up across the entire device, then you shouldn't have to.
<unit3> But if you set it up on individual partitions, then yeah, you'll need to manually install the bootloader on both disks, because the bootblock isn't "inside" the raid.
<unit3> with a hardware raid controller, it always uses the full disks, so it shouldn't be a problem.
<KingOfDos> Someone here a suggestion for a Hauppauge PVR-150 tv card? I just can't get any audio. Already searching/testing things for a couple of days, but it just wont work.
<KingOfDos> There is no /dev/radio* or /dev/audio*
<unit3> KingOfDos: that's because the hauppauge encodes to mpeg2 in realtime, you generally pull the audio out of the mpeg2 stream you get from the device.
<unit3> IIRC.
<unit3> I haven't worked with one in a while, so how it's setup may have changed.
<bn43> great - thanks to all for explaining this to me!
<unit3> bn43: no prob.
<KingOfDos> Ah on that way. So it will be possable to grab the audio from the stream somehow.
<KingOfDos> Nice suggestion, i'll search for something usefull.
<unit3> KingOfDos: yeah, you can pipe it through mplayer or something to demux it.
<unit3> look on the mythtv wiki, it has lots of info about those cards.
<unit3> KingOfDos: the ivtv wiki probably also has useful info: http://ivtvdriver.org/index.php/Main_Page
<KingOfDos> unit3: if i'll use the "v4l2-ctl -d /dev/video0 --set-audio-input=0", i've still got no audio.
<unit3> KingOfDos: there's a ticket about that in launchpad, is that where you've been looking before now?
<KingOfDos> checked with "v4l2-ctl --list-audio-inputs", and i'm sure that input 0 is Tuner 1
<unit3> First thing I'd do is try the different audio inputs just to make sure.
<KingOfDos> I'll guess that if I use "cat /dev/video0 > somefile.mpg" the audio will also be dumped to that file?
<FrozenIRSSI> I'm trying to setup an SSL certificate in ubuntu server 8.04 for apache, and i have the cert made, and setup, but it'sg iving me a "this site uses an older, insecure version of the ssl protocol" error
<unit3> KingOfDos: yeah, should be.
<unit3> then if you run that file through mplayer on the cli, you should see what it detects for video and audio streams.
<unit3> (or the properties panel in vlc will show you the same thing)
<zoredache> FrozenIRSSI: you might want 'SSLCipherSuite HIGH:MEDIUM' maybe
<FrozenIRSSI> i have that in my apache directives already
<KingOfDos> unit3: using mplayer from the CLI, i'll guess that de adevice=/dev/video0 will work then? i've also got found some nice commands for VLC (specificly for my card), so that's also another thing i can try.
<unit3> yeah, you should be able to just point mplayer at /dev/video0.
<unit3> either of those should be good for troubleshooting.
<KingOfDos> and trying something from a GUI cannot be done, because it's a server (without X)
<unit3> ahhh... well then, mplayer might give you more useful info, since vlc's more geared for its gui interface.
<unit3> and mplayer tends to be pretty verbose by default. ;)
<KingOfDos> i'm building an AJAX based webinterface for streamin TV to my computer and laptop (and soon a beamer). and a seperate card for the scheduled records.
<unit3> neat. :)
<KingOfDos> but still, i've got found some "strange" bugs in mplayer. known since ubuntu 8.04, but so far i can see it's not fixed.
<unit3> yeah, that's why I mentioned vlc, since I find its playback seems to be a bit better than mplayers.
<unit3> But for testing the streams mplayer should work fine.
<unit3> I mean, it's just mpeg2, every movie player's been able to do that forever. ;)
<KingOfDos> i've found this bug at launchpad, can that be my problem? https://bugs.launchpad.net/ubuntu/+source/linux/+bug/228363
<uvirtbot> Launchpad bug 228363 in linux "Hauppauge PVR-150 with no audio after upgrading to Hardy" [Undecided,Confirmed]
<unit3> KingOfDos: seems likely, that's the bug I was mentioning before.
<unit3> Might want to subscribe to that bug, and mention the lspci details of the card you're having problems with.
<KingOfDos> unit3: thanks for the suggestions so far. i'm going to subscribe to that bug, and create a new post on it, including some information (lspci, dmesg).
<unit3> Good plan. Hopefully people involved with the kernel packages can help you track it down further.
<KingOfDos> afther that i'll post another bug that i'd discovert this morning with the 2.6.27-7-server kernel.
<unit3> yeah? what's it relate to, generally?
<KingOfDos> no that's for another device
<KingOfDos> this old workstation with 3 TV cards is for private use, as some kind of server (apache, mysql, asterisk and more). the server with that "other" bug is at my work, something about that the kernel cannot initialize the system clock, and therefore dies/crashes.
<KingOfDos> i'd see that there is an bug like that, but it's 64bit based. and that is happening on a 32bit server ;)
<unit3> ahhh
<j0N45> how do I install ubuntu-server via netinstall?
<j0N45> I have mini.iso but I guess that installs ubuntu desktop or what exactly is the difference?
<andol> j0N45: How well do you know your pxe? (dhcp, tftp, etc)
<j0N45> some
<unit3> j0N45: there's quite a few options documented on the wiki: https://help.ubuntu.com/community/Installation#Server%20and%20network%20installations
<unit3> I'd suggest going through those, and asking again if none meet your needs.
<j0N45> hmm okey but the mini.iso doesn't work?
<unit3> I believe it's tailored to the desktop install, yes.
<unit3> but you may be able to use it for one of the install methods on the wiki.
<j0N45> ahh okey but what exactly differs if I install with mini.iso but without X?
<unit3> Does the mini.iso give you an option to install without X? I'm not really familiar with it.
<unit3> If it's just installing up to ubuntu-standard, then probably not a lot is different.
<j0N45> unit3: ok thanks for all help
<unit3> np
<KingOfDos> j0N45: you also can try the UCK
<j0N45> UCK?
<unit3> http://uck.sourceforge.net/
<unit3> ubuntu customization kit.
<unit3> makes custom installers.
<j0N45> looks kinda cool
<KingOfDos> and afther that you can boot the ISO from your network, for example using PXE. there are many options/methods to create/manage ubuntu :)
<j0N45> :-)
<KingOfDos> i'm using puppetmaster and puppet to maintain the already installed linux env. specialy to manage the firewalls from my management panel (some home-made website), but it can be used for many things.
<KingOfDos> puppet is some kind of tool that will change/update files from the puppetmaster. you can execute a command after you'd changed a file.
<j0N45> yeah I've heard quite a bit about puppet
<j0N45> seems cool
<FrozenIRSSI> so does anyone know why i'd be getting an an insecure version of the ssl protocol error when turning on ssl for apache?
 * andol has an implimentation of puppet on his todo-list.
<KingOfDos> i'm managing/manipulate/watching all my clients with puppet, zabbix, uck and some-kind of PXE env. and everything is webbased managable (for my boss, who is manager and not an IT-er).
<KingOfDos> FrozenIRSSI: what version of ubuntu? i'll guess that your problem is based on the debian random number generator "bug"
<andol> KingOfDos: Is that really the kind of power you want to put in the hands of a manager? :-)
<FrozenIRSSI> 8.04
<FrozenIRSSI> server edition
<FrozenIRSSI> firefox gives me "(Error code: ssl_error_ssl2_disabled)"
<KingOfDos> andol: some basic things, yea. he claims to be IT, but he only can manage some windows stuff.
<unit3> lol andol
<Nafallo> andol: ooh. so you've found your way here? :-)
<unit3> well, time to go track down some donuts. :)
<andol> Nafallo: I'm afraid so :)
<Nafallo> I'm not. iz awesomenezz
<KingOfDos> isn't that error just generated directly from firefox, because (for example) the ssl2 is disabled at your browser?
<FrozenIRSSI> i have no idea, that's what i'm trying to figure out... and if that's thec ase i don't understand why it's even using ssl2
<KingOfDos> quote from some website "SSL2 is disabled by default in Opera/MicroB (and also most desktop browsers such as IE and Firefox) as it's widely known to be insecure and it's continued use places the users data at risk."
<FrozenIRSSI> i am trying to figure out how to get ubuntu se to use ssl3 like it should be
<KingOfDos> using the correct apache options i'll guess? ;)
<FrozenIRSSI> as far as i can tell i AM using the correct options. i have "SSLProtocol +SSLv3 -SSLv2"
<ScottK> FrozenIRSSI: Don't use SSLv2
<FrozenIRSSI> i would love not to, but i hvae no idea why it's even trying to use sslv2
<FrozenIRSSI> i've followed every ubuntu ssl tutorial i've seen, and i still get this same error
 * ScottK doesn't know much about Apache.
<KingOfDos> i know something about apache, but not mutch about certificates. can it be possible that the cert is incorrectly generated, so apache can't use ssl3?
<ScottK> Certificates don't know what version you have.
<FrozenIRSSI> i'm using make-ssl-cert, as well as trying to use openssl to do manual self-signed certs... no difference
<KingOfDos> did you try "SSLProtocol all -SSLv2"?
<FrozenIRSSI> just did that one.
<FrozenIRSSI> i found another tutorial that's -all +SSLv3 +TLSv1... didn't work either
<KingOfDos> what comes at the apache error.log file after you restart the apache server?
<FrozenIRSSI> 13120:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:583:
<FrozenIRSSI> that's from openssl's s_client
<FrozenIRSSI> i have no errors in apache's error log
<KingOfDos> strange
<KingOfDos> Then I'll guess that my apache+ssl knowledge is to small
<KingOfDos> What if you completely remove the SSLProtocol directive?
<FrozenIRSSI> same thing
<KingOfDos> i've got only 3 rules (sslengine on, and one for the key, and one for the pemfile), that's all.
<arrrghhh> howdy.  i just upgraded my server, and now there's no network cards present!  is there anything i have to do when i swap mobos?
<arrrghhh> i thought linux didn't really care if i swapped hardware...
<arrrghhh> k nvm i figured it out.  what's the best tool for partitioning in the console?
<zoredache> arrrghhh: I like cfdisk
<arrrghhh> can i format with it?
<zoredache> no, if you want to format something, you juse mkfs.ext3 or mkfs.whatever...
<arrrghhh> hrm ok.
<hads> cfdisk is groovy
<arrrghhh> i just got a new 1tb hdd, and i want to use it to backup my ntfs drives so i can freakin format them to ext3 as well
<arrrghhh> Couldn't find any package matching "cfdisk".  However, the following packages contain "cfdisk" in their description: gpart
<zoredache> so you use cfdisk to delete any existing partitions, and create your linux partition, then format it with mkfs.ext3
<zoredache> arrrghhh: cfdisk is most likely already installed
<hads> cfdisk will be installed
<hads> hads@snowman:~$ dpkg -S `which cfdisk`
<hads> util-linux: /sbin/cfdisk
<arrrghhh> it is
<arrrghhh> but i run it: FATAL ERROR: Cannot open disk drive.  i'm guessing it's trying to get a lock on my ROOT hdd?
<hads> You'll need root permission
<arrrghhh> ah
<zoredache> arrrghhh: cfdisk is most likely already installed
<arrrghhh> root permissions did it.  thanks hads.  i'm just not thinkin straight today.
<arrrghhh> so after i make the 2 500gb partitions, i use mkfs?
<arrrghhh> they look good to go, i'm guessing they're not actually formatted?
<zoredache> they are not formatted, to format them you whould run a command like 'sudo mkfs.ext3 /dev/sdb2'
<arrrghhh> schweet.
<zoredache> you might want to set a volume lable with -L Lable.  There are lots more options if you want to tweak things man mkfs.ext3
<arrrghhh> hrm.  well it's formatting.  any guess as to why when i play music the songs stop before they're done?  is there anyway to tell that nfs is running out of bandwidth?  i haven't tried adjusting the buffers for nfs yet./
<arrrghhh> does cfdisk add entries to fstab?  i'm guessing not.
<zoredache> nope
<zoredache> arrrghhh: when a song stops playing does the next song play?
<arrrghhh> yes, the next song starts right away, no delay.
<zoredache> if you copy the files locally do the play completely?
<arrrghhh> i've reproduced this with amarok and kaffeine and vlc.  songbird hasn't been working so well for me lately, and amarok is screwing up a lot.
<arrrghhh> yes they do, i tested that as well.
<arrrghhh> that's why i figured an nfs buffer issue or something.
<arrrghhh> now songs are playing all the way thru, it was just that first song.  previously i would chalk it up to my crappy old server hanging on ntfs-3g module suckng all the processor cycles.
<arrrghhh> which is why i upgraded my hardware so i can ditch the ntfs drives.
<zoredache> and you don't have issues read/writing any other types of files?  NFS is pretty well tested, and has good default settings
<arrrghhh> i was having issues, but i cleared those up (i was mounting the ntfs drives in fstab improperly)
<arrrghhh> it is working ok now.  i'm just hoping completely freeing myself of the ntfs plague that a lot of my issues will be cleared up :D
<zoredache> I suspect it will make a big difference
<doctorX> hello
<doctorX> we need some help
<zoredache> !question
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line, so others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<doctorX> i couldn't install my ubuntu 8.10 on my olidata tehom 7601 ,
<zoredache> how unfortunate.
<zoredache> Did you have a question?
<doctorX> run well on my laptop ibm t30 , but crashed boot on olidata
<doctorX> simply, how to install ubuntu on olidata tehom 7601 ?
<zoredache> perhaps you should start with tell us what happened when you tried to install.  Read the error messages on the screen and such.
<doctorX> ubuntu is installed corectly, but crash in boot
<doctorX> i mean after installing
<doctorX> hello cateye
<doctorX> how to install ubuntu on laptop olidata tehom 7601
<unit3> Ugg... just got bit with a rather severe upstream bug in md: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495580
<uvirtbot> Debian bug 495580 in mdadm "Kernel doesn't start a resync after adding a disk." [Normal,Open]
<unit3> Is there a launchpad bug to track that?
<unit3> I couldn't find anything on some simple searches, so I though I'd check here.
<unit3> It's pretty nasty... after being removed, a new spare doesn't get resynced to a raid10 array.
<unit3> So I'm sitting here with the right amount of drives, but md is refusing to add the spare, even though it sees it, so my data's still vulnerable. :(
<unit3> ahh, it is on launchpad, bug #285156.
<uvirtbot> Launchpad bug 285156 in mdadm "mdadm RAID10 arrays cannot be rebuilt, will not use available spare drives" [Undecided,New] https://launchpad.net/bugs/285156
<unit3> Not linked to the debian bug, but I'll fix that now.
<unit3> Awesome. Launchpad claims that "mdadm" is not a valid source package upstream. :P
<unit3> I guess I'll link it to the debian bug without the package name for now. :P
<Gemini420> ehlo
<Gemini420> wow, 151 users doing something *else* ...
<unit3> heh
#ubuntu-server 2008-11-06
<wo0f> hi guys
<wo0f> Im just about to reinstall ubuntu on my server
<wo0f> im wanting this time to have terminal serivces functionality
<wo0f> (like remote desktop)
<wo0f> (/freenx etc/vnc)
<wo0f> will installing via tha LTSP option be of any use to me?
<wo0f> i won't be connecting via LAN
<wo0f> i just want a dev desktop available via the net
<Deeps> sounds like you're wanting ubuntu desktop rather than ubuntu server then
<wo0f> oh
<wo0f> i don't just want to enable 1 instance of remote desktop tho
<wo0f> and i dont want to have X/gnome actually running on the server all the time
<wo0f> i just need it to auto start an x session on my remote login
<Deeps> sounds like you want vncserver i guess then
<wo0f> i see
<wo0f> do you know a decent tutorial for setting vnc up in this way?
<wo0f> iv always had trouble previously
<arrrghhh> anyone know where i download the code for the advanced tree to compile for xml-rpc?  i'm tired of my large torrents displaying incorrectly.
<wo0f> does ubuntu impliment tightVNC ?
<Deeps> to both of you, i'm afraid i dont know, but google might
<arrrghhh> so if i'm copying a lot of data on my server from my ntfs drive to my new ext3 drive, what's the best method?  just cp?
<arrrghhh> wo0f, it does vnc protocol which tightvnc is capable of connecting to...
<arrrghhh> but that doesn't really apply to ubuntu-server.
<Deeps> i use rsync for large transfer batches
<wo0f> i see
<arrrghhh> is there anything special to use rsync locally?
<Deeps> nope
<Deeps> just specify a local source and destination path
<Deeps> i personally use...
<wo0f> its just i dont want X to be running on the head of my server
<Deeps> rsync -aPv /local/source /local/dest
<arrrghhh> like rsync -va --progress /media/500GB/* /media/500_1
<wo0f> i just want it to be invoked and used via network only
<arrrghhh> is the capital P --progress?
<Deeps> same thing, -P and --progress
<arrrghhh> d'oh
<Deeps> resumable, and you see progress reports, cp's too... quiet
<arrrghhh> yea
<arrrghhh> i've just had rsync fail for no reason before.
<Deeps> likewise, and with cp too
<arrrghhh> well now i have a massive amount of space
<arrrghhh> kinda weird having it all over in so many different partitions.
<wo0f> hmm, i guess problem is, i dont want to use vnc to connect too an existing screen, rather invoke a fresh x session on login
<arrrghhh> eh i don't want to try and coordinate that
<arrrghhh> wo0f, your server is running X?
<Deeps> vncserver will let you do that wo0f
<wo0f> cool
<Deeps> google it, test it locally / in a vm if needbe
<Deeps> it's fairly straightforward
<arrrghhh> x11vnc will allow you to view their current session _and_ uses better compression (imho)
<wo0f> Deeps: n1
<Deeps> arrrghhh: he wants to connect and start an x session, not connect to a running session
<wo0f> what about NX, is this worth looking into as an alternative?
<Deeps> ie, he logs off, x goes with him
<arrrghhh> nx is sweet
<arrrghhh> but i had issues setting it up
<Deeps> haven't used it personally, no idea
<arrrghhh> i got it to work eventually, and it was like being there
<Deeps> i remain of the opinion that servers shouldn't need more than a command line ;)
<wo0f> well if i wont
<wo0f> i still want it headless
<wo0f> just serve up remote X
<arrrghhh> servers = no X
<wo0f> hmm
<arrrghhh> and you can forward X apps over ssh...
<arrrghhh> no need for vnc, nx, etc
<wo0f> yeah?
<wo0f> how do you do that?
<arrrghhh> ssh -X
<arrrghhh> well ssh -X user@server
<arrrghhh> assuming you use the default port etc
<arrrghhh> yea then from a command line run like "firefox &" - firefox will popup on your screen!
<arrrghhh> technology has been in unix since like 1984 lol.  m$ still isn't capable of it (to my knowledge)
<Deeps> urr, you just run a win32 X server
<arrrghhh> well
<Deeps> XMing or some such
<arrrghhh> that's not from microshite
<wo0f> well i assume you have to be running a nix os for that to actually work
<arrrghhh> i use xmming at work since all our workstations are winblows
<Deeps> no, so? most packages in ubuntu repos aren't written by canonical
<arrrghhh> i said unix has had the technology since _x_
<arrrghhh> and m$ still hasn't implemented it
<Deeps> ms has rdp
<arrrghhh> xmming + putty is not from microshaft
<wo0f> (i mean, im chatting to via putty:P)
<arrrghhh> but that's not an individual application
<Deeps> wo0f: http://www.math.umn.edu/systems_guide/putty_xwin32.html
<wo0f> Deeps: oo
<wo0f> Deeps: (Y)
<Deeps> change the relevant variables for your servers, rather than the umn.edu servers
<arrrghhh> you can't forward an individual application over the internet thru a secure tunnel.
<Deeps> no, but you can still forward an entire desktop that'll be more responsive and require less bw with RDP than you get from forwarding a single X application
<Deeps> (in my experience)
<arrrghhh> i honestly haven't compared b/w usage between the two.
<Deeps> X forwarding on a high latency low speed link is a very very painful process. not half as bad over RDP
<arrrghhh> yea the compression isn't there w/ssh./
<Deeps> i read something about NX making things faster in both camps, but i've yet to play with it as thankfully I dont have to deal with remote guis anymore
<wo0f> this is whats tempting me towards nx
<arrrghhh> nx is seriously like being at the machine
<arrrghhh> it's ridiculous
<Deeps> well you can run rdp, x and vnc all through nx, which is nice
<wo0f> i think nx runs as one user
<arrrghhh> yea
<arrrghhh> i don't know if nx runs as one user or not...
<wo0f> so you have a separate accounts list just for nx
<arrrghhh> it probably does.
<wo0f> rather than running as the user your logged in as, like vnc
<arrrghhh> wo0f, there's a lot of options, it's linux haha
<wo0f> haha
<wo0f> sometimes too many for my liking/understanding
<Deeps> given that you can run x, vnc, or rdp through nx, chances are it's a case of how you configure it
<wo0f> mm
<wo0f> so whats LTSP
<Deeps> freedom of choice, it's great
<wo0f> ?
<Deeps> thin client manager i believe
<wo0f> so it doesnt use vnc at all?
<Deeps> run LTSP on a powerful server
<Deeps> run a bunch of underpowered dumb screens that simply connect to the server and accept local inputs, and display X forwarded from the server
<Deeps> slightly overkill for what you're looking to do i think
<wo0f> it just seems appealing as theres a install option on the disk in 8.10 now
<Deeps> it's been an option for installing for a while, i think it was restricted to edubuntu before though
<wo0f> is bitshift obsolete?
<arrrghhh> i don't know what bitshift is
<wo0f> is bitshift obsolete?
<wo0f> oops sry
<wo0f> for hard drives
<wo0f> as opposed to LBA
<wo0f> (logical block addressing)
<arrrghhh> yea still don't know what bitshift is
<mynous> having a server harddrive setup like this : /boot and /  on /dev/sda  and /home on /dev/sdb, would i see a performance boost by using /home/ftp as a directory for files to be transfered from over /ftp on /dv/sda like it is now?
<ShawnR> has anyone else tried installing 8.10 on a fakeraid raid 0 yet? it seems that it is only using 1 of my HDDs
<wo0f> fake raid and linux just don't mix
<ShawnR> well, 8.10 is supposed to support it, so i figured i'd give it a shot
<ShawnR>  dmsetup status
<ShawnR> nvidia_ecfbjcdh: 0 976773166 mirror 2 8:0 8:16 7453/7453 1 AA 1 core
<wo0f> are you wanting software raid, or fakeraid?
<wo0f> if fakeraid, have you checked your chipset is supported?
<ShawnR> and iostat shows dm-0 and dm-1 being used when doing file transfers, but i see that sda is working, but sdb is sitting still
<ShawnR> i am pretty sure it is supported, it installed fine... but where can i double check?
<wo0f> im not sure how youd check
<wo0f> i know suse supports raid out of the box
<wo0f> but i really shouldnt say that here :P
<ShawnR> it's an nforce chipset, should be supported
<wo0f> im pritty sure the nvidia chipsets work
<wo0f> unlike the amd ones :/
<ShawnR> AMD has their own chipsets now? or do you mean the ATI ones?
<ShawnR> i guess maybe AMD rebranded the ATI chipsets with their own name
<arrrghhh> hardware raid or nothing!
<ShawnR> well, this is a somewhat budget file server for my own house
<ShawnR> and the 1 pci-e slot has my eSATA card in it
<arrrghhh> yea i just built a budget file server
<arrrghhh> no raid...
<wo0f> yeh amd bought out ati
<arrrghhh> that they did
<arrrghhh> which will hopefully open the accelerated graphics drivers for the processors.
<arrrghhh> the graphics processors that is
<arrrghhh> anyone have experience setting up a pxe server?  i'd love to be able to just plug machines in and boot the newest ubuntu w/o needing optical drives.  i've already got nfs setup, and i have been struggling with tftp and dhcp.
<ShawnR> i've wanted to play with it myself, but never had the reason to actually impliment it
<arrrghhh> i've been repairing a lot of computers lately so i'd love to have a pxe server
<arrrghhh> show the masses ubuntu
<J-_> When using the inadyn DNS dynamic IP updater, should I use the root, or user crontab -e?
<J-_> Using wget
<hads> If it doesn't need root permissions don't run it as root. That's pretty much the theory.
<hads> A dynamic DNS updated shouldn't.
<J-_> k
<J-_> Thanks dewd. :)
<J-_> hads:  Are you familiar with afraid.org's method of updating via wget? Would, 1-59 * * * * /usr/bin/wget http://freedns.afraid.org/dynamic/index.php?action=script&data_id=xxxxxx -o - >/dev/null 2>&1' >> /tmp/crontab work?
<arrrghhh> this doesn't really have much to do with my server, but i can't get my monitors at the right resolution & in separate X screens.  twinview works tho...
<hads> J-_: No I'm not familiar
<J-_> Okay cool, thanks anyway!
<J-_> !info drupal hardy
<ubottu> Package drupal does not exist in hardy
 * J-_ facepalms
<J-_> !info drupal
<ubottu> Package drupal does not exist in intrepid
<J-_> How can I enable mod_rewrite in apache2 in Hardy?
<zoredache> try a2enmod
<J-_> mod_rewrite isn't in the most.
<hads> ?
<zoopster> a2enmod rewrite did it for me
<hads> Yah
<J-_> hmm, not exactly sure what I ment to say. lol, I'm tired.
<J-_> But I'll try that again
<J-_> Is cl-url-rewrite the package I want to install/ enable?
<hads> No
<J-_> hmm, it's already enabled. But, drupal is saying otherwise.
<hads> I think it's shipped with apache
<J-_> Nevermind! It worked now.
<J-_> I could have sworn it did before.
<J-_> didn't*
<J-_> Thanks again.
<uvirtbot> New bug: #294528 in postfix (main) "installing getlive crashed on wizard gui when pressing cancel" [Undecided,New] https://launchpad.net/bugs/294528
<josh_> where is the apache root directory?
<hads> /var/www
<josh_> thats what i thought.  so, i have saved 2 files there how do i access them from the internet?
<zoredache> there is a redirection setup by default, you probably need to remove that...  look in /etc/apache2/sites-available/default
<hads> I thought there was just an "It Works" page
<josh_> it says that i dont have permission
<josh_> deleted through terminal
<josh_> i am trying to add a file to a folder with terminal.  i used "sudo mkdir" to make the folder. how do i add to it?
<incidence> josh_, man mv
<kinnaz_> josh_ touch filename
<incidence> oh meant that way
<antdedyet> josh_: or cp if you just want to 'add' a file to that directory and not remove it from the old location
<KiNnaZ> it would be easier to say, cp to copy file
<KiNnaZ> mv to move file
<KiNnaZ> rather to try to explain difference of cp and mv
<hads> $EDITOR my.file
<kraut> moin
<lukehasnoname> morning
<gammy> I noticed tha tthe init script for policy kit doesn't actually do *anything* except upon 'start'. Anyone care to teach me a lesson? :)
<gammy> Is it in the kernel? :o
<soren> How is this server related?
<gammy> Well, it's running ubuntu server. I don't know how you have exactly defined "server specific" since the term is pretty loose.
<gammy> Or am I only allowed to ask questions regarding topics in your serverguide (which is pretty much empty) ?
<hads> There's stuff in the server guide.
<soren> No, but policykit is a tool used on the desktop to achieve elevated privileges for discrete tasks.
<soren> It's not server related at all.
<gammy> soren: Alright - I did not know that. I was forced to install it because console-kit-daemon kept giving me SEVERE logs about it.
<gammy> "console-kit-daemon[6283]: CRITICAL: cannot initialize libpolkit
<gammy> "
<gammy> That's why I installed it and related packages.
<gammy> I wonder why it gives a critical error about it if it isn't supposed to depend on it.
<gammy> soren: So it's only server related if it's a base package in server? Or..? Please tell me where I would be more on-topic in that case.
<gammy> ie, it's not server-related if I run server with additional packages then
<gammy> :o
<Kamping_Kaiser> depends what the 'aditional packages' are
<hads> Gnome :)
<Kamping_Kaiser> its on topic if its server related - eg, services running on a server. not if its 'my desktop wont work on a server install'
<gammy> I thought bloody policykit was a service.
<gammy> this is 8.10 server edition. I only got policykit due to http://pulia.nu/tmp/console-kit-daemon these issues
<gammy> Now again, console-kit-daemon did this out of the box - what is the *right* way to do then, if policykit is the wrong way?
<gammy> ...I see.
<soren> Look... It's not that we don't want to help. It just way easier to ask desktop people if you're having trouble with desktop stuff.
<gammy> YOU are telling me this is a desktop issue
<gammy> I have *no* idea why you're telling me thart
<gammy> that, sorry.
<gammy> I am not running X, I don't have gnome installed, I don't even have a screen
<gammy> This is ubuntu SERVER on a SERVER SERVING peoples homepages and shells. I just want to solve the problem at hand, being console-kit-daemon giving me critical errors in my log. I have no idea why it's even installed but I presumed it was "woven" into ubuntu for some reason
<soren> I'm terribly sorry, but policykit is simply not our domain.
<soren> What is that you don't understand?
<soren> 09:12:46 < soren> Look... It's not that we don't want to help. It just way easier to ask desktop people if you're having trouble with desktop stuff.
<gammy> I don't understand why it's a desktop issue.
<gammy> You have as of yet not explained that.
<soren> Look at policykit's description.
<hads> Ooo circles
<soren> It's not that hard.
<gammy> soren: Yes, but let's *ignore* policykit for a minute.
<Kamping_Kaiser> gammy, you can `aptitude why $package` to find out what you installed that drew in policy kit as a dependancy (assuming you didnt manually install it )
<gammy> soren: And let's look at console-kit-daemon
<soren> ...which yells about policykit.
<gammy> Yes.
<soren> Right? That's your problem, isn't it?
<gammy> So the server component is whining about a desktop component
<gammy> and you're telling me this is *not* a server issue?
<soren> Can't you just accept that the desktop guys are the guys who deal with consolekit and policykit?
<gammy> you just told me desktop was "dealt with" by the desktop guys. you had not previously said so.
<gammy> So now I know.
<gammy> Thanks.
<gammy> I .. guess.
<soren> Do you honestly think it's more useful if I just say "I don't know" instead of leading you to the right place to ask your questions?
<soren> Bloody hell!
<soren> 09:16:59 < gammy> you just told me desktop was "dealt with" by the desktop guys. you had not previously said so.
<soren> ??? Big surprises there.
<soren> Desktop guys deal with desktops. Who would have guessed?
<hads> Never would have guessed that.
<soren> No, how could you?
<lukehasnoname> GUYS, guys... I'm trying to code, all this blinking is distracting me
 * soren glances at his 381 irc windows and sends no sympathy to lukehasnoname
<domas> =)
<domas> let's hilight lukehasnoname a bit too!
<Kamping_Kaiser> lukehasnoname, hehe
<domas> so that lukehasnoname's coding would be more productive!
<Kamping_Kaiser> domas, but lukehasnoname might be struggling!
<lukehasnoname> damnit
<domas> yeah, but if we don't hilight, lukehasnoname would stop coding!
<Kamping_Kaiser> domas, ah in that case i guess lukehasnoname better stay in converstaion :D
<domas> :-)
<lukehasnoname> why can't 1/0 be defined
<lukehasnoname> then I wouldn't have to handle that
<soren> lukehasnoname: It is defined.
<soren> lukehasnoname: It's \infty
<lukehasnoname> new idea for a language function
<soren> Eh?
<lukehasnoname> double IntegerOffset(int n)
<lukehasnoname> returns a number VERY MINUTELY tweaked below or above n
<lukehasnoname> double IntegerOffset(int n, bool upDown = 1) //0 is down, 1 is up
<soren> At any rate, 1/0 is defined. It's positive infinity.
<soren> infinity: Not you.
<soren> However, using that as an offset might not be defined. It depends.
<lukehasnoname> so IntegerOffset(0, 1) would return 0.000000000000000000000000000000000000000000000000000000000000000001 or similar. I suppose I could define that as 0+Math.pow(1, pow(10,20))
<lukehasnoname> I'm writing a genetic algorithm whose fitness score is 1/radius of a circle
<lukehasnoname> if that radius is calc'ed to 0, then I have to handle it
<soren> A circle can't have a radius of 0.
<soren> A circle is the set of points at a given distance from a given point. The set of points at 0 distance from a point is just the point itself.
<lukehasnoname> rather, I'm calculating the max radius a circle can have, given a center and some parameters to meet
<lukehasnoname> there are times that the parameters are not met and the max radius val is 0
<lukehasnoname> I have 8 hours to debug my algorithm, run tests on it, and write a one page paper about it for a test grade
<Kamping_Kaiser> if $rad=0; <do not fail painfully>; fi ?
<soren> if radius==0: <forget everything you used to believe about circles>
<lukehasnoname> The zeros thing isn't trouble anymore, I don't think... it's something else now.
<domas> soren: you're not that good at math, are you?
<domas> soren: 1/0 is not infinity
<Deeps> the internet disagrees
<Deeps> http://lexlibertas.com/wordpress/wp-content/uploads/2008/04/i-divided-by-zero.jpg
<domas> Deeps: <3
<domas> soren: http://en.wikipedia.org/wiki/Division_by_zero :)
<soren> domas: I just don't limit myself to real maths.
<soren> domas: I studied maths at university. I usually know what I'm talking about.
<domas> oh, wait, me too! :)
<domas> I wonder how you get the 'positive infinity' number
<Deeps> mathgeekfight
<domas> teeheeee
<soren> What else would it yield?
<domas> negative infinity, if you approach it with a limit :)
<domas> of course, if you define a concept of unsigned infinity, you can use it as much as you want
<domas> I don't like math
<domas> :(
<soren> Me neither.
<soren> Ironically :)
<domas> hehe
<soren> Abstract algebra is wicked cool.
<soren> Pretty much anything else, I really don't like very much.
<domas> math is applied philosophy :)
<domas> physics are applied math \o/
<domas> some more nested applied sciences
<domas> and we end up building information systems :)
<domas> and sit in #ubuntu-server
<domas> haha
<jamey-uk> I'm trying to get a custom shell script to run when I insert a USB hard drive, so far I've installed autofs and "/etc/init.d/autofs status" returns this as the configured mountpoint: "/usr/sbin/automount --timeout=300 /media program /tmp/test.sh". But it doesn't work, any ideas?
<yann2> nijaba   http://www.securityfocus.com/bid/29106  :)
<yann2> ah right, <52.. good we updated too hardy :)
<Spirits-Sight> what do I type to install LAMP on Ubuntu
<Deeps> tasksel
<Deeps> and select it from the list
<Spirits-Sight> do I do that at the term
<Deeps> yep
<Deeps> sudo tasksel
<Deeps> even
<_ruben> or sudo apt-get install lamp-server^
<Spirits-Sight> thanks for your help
<jamey-uk> Does anyone have any experience with ivman?
<jamey-uk> I'm trying to get a script to run when an external USB hard drive is plugged in. So far I've tried usbmount, udev rules and now ivman. I've been watching /var/log/messages, USB drive is initiated as /dev/sdb but none of the daemons have worked and run my test script. Can someone help me?
<soren> jamey-uk: I'd use dbus and subscribe to DeviceAdded events from Hal.
<soren> I didn't know about ivman. It seems like it does kind of the same thing?
<jamey-uk> soren: yeah I think it must do. So I have to apt-get install dbus then? I don't understand, how/what is "subscribing" to the DeviceAdded event?
<soren> It's a dbus term.
<soren> DBUs has a notion of signals to which you can subscribe.
<soren> Hal emits DeviceAdded and DeviceRemoved signals when... Well, I imagine you can guess when :)
<jamey-uk> thanks, so how does Dbus relate to Hal, it's basically the bus that hal reports onto?
<soren> Pretty much.
<soren> How does ivman fail you?
<soren> I'm looking at its config now, and it seems to do what you want?
<soren> Better yet: What are you trying to do exactly?
<jamey-uk> yeah it does, none of the tools i've tried have worked which leads me to believe I've set something up wrong or haven't got a needed package
<jamey-uk> soren: thanks for asking :)
<jamey-uk> we've got a truecrypt encrypted drive, we want it to automount this external usb drive when you plug it in, but we don't want regular mount* stuff, we've got a command/shell script that will mount the drive for us. so far, when you plug it in dmesg says it's assigned to /dev/sdb. And we can succesfully mount it manually into somewhere like /media/usb-backup.
<jamey-uk> so now I just need *anything* to make a script run when a usb (hard drive) is plugged in. sounds simple, so far proved to be very tricky!
<jamey-uk> any help would be much appreciated :)
<soren> At the bottom of /etc/ivman/IvmConfigActions.xml...
<soren> there's a match-all snippet.
<soren> Do you see it?
<soren> It's uncommented right now.
<jamey-uk> erm, looking in that file, no 'match-all'...?
<soren> It doesn't say "match-all"
<jamey-uk> oh heh
<soren>  97     <ivm:Match name="*">
<jamey-uk> ah gotcha "...Match name="*"'
<jamey-uk> yeah
<soren> The line just before that one says: \!--
<soren> Er..
<soren> <!--, I mean.
<soren> Remove that...
<jamey-uk> yep, so remove the XML <!-- and --> comment delimiters, gotcha :P
<soren> and the line just below </ivm:Match>, which reads "-->"
<soren> Right.
<jamey-uk>  /etc/init.d/ivman force-reload
<soren> Restart ivman (sudo /etc/init.d/ivman restart)
<jamey-uk> "Restarting ivman: manager.c:1387 (do_startup_configure) Directory /etc/ivman/ will be used for configuration files."
<soren> Yes, that should do it too..
<soren> tail -f /tmp/devices
<soren> and try plugging something in
<jamey-uk> okay, here goes :P
<jamey-uk> *awesome*, it works :D
<jamey-uk> "usb_device_1058_702_5758485A3037303239313933 attached at Thu Nov 6 13:50:25 GMT 2008"
<soren> Ok. So ivman works :)
<jamey-uk> so..., how do I get it to run a script now? :)
<jamey-uk> fantastic, *nothing* has so far!
<soren> Look at the config file.
<jamey-uk> so an exec line
<soren> The part you just enabled runs a command line.
<soren> Right.
<soren> Just change that to point to your script.
<jamey-uk> what is "execun" vs exec
<soren> Probably unplug vs plug
<soren> I don't know, to be honest.
<jamey-uk> oh, der
<jamey-uk> :p
<soren> I've never used ivman.
<jamey-uk> yeah it is lol
<jamey-uk> okay so i'm going to tell it to run /tmp/test.sh, which is a simple bash script that echo's "Running script" then touch's /tmp/it-is-running (which I just rm'd)
<soren> Ok.
<soren> Here's a trick:
<soren> When the drive is plugged in, use lshal to find the name of the attribute you want to look for.
<soren> In your case, you want the one that tells you the name of the block devices.
<soren> Sorry, block device. Not plural.
<jamey-uk> okay let me just check this script works (because it hasn't yet) and then we can get onto lshal :)
<soren> Right. When you're comfortable that it works, run lshal, find your harddrive and pastebin that part that pertains to that.
<jamey-uk> Okay, it works fantastic :D
<soren> Coolness.
<jamey-uk> http://pastebin.ca/1246866
<soren> jamey-uk: Ok, for starters, try replacing the match name="*" thing with this:
<soren> <ivm:Match name="hal.usb_device.serial" value="5758485A3037303239313933">
<soren> ...and see if it still triggers.
<soren> (don't forget to restart ivman)
<soren> I don't know if it picks up changed config files, so I'm just taking the safe approach.
<jamey-uk> yep, it's still working with serial clause :)
<jamey-uk> yeah I did force-reload
<jamey-uk> maybe I could do it on hal.info.product ("External HDD") because we're going to be using two different external HDDs that both will be mounted with the same encryption etc
<jamey-uk> awesome, thank you *very* much soren :)
<soren> Ok, what you probably want to do now is to find the disk in /dev/disk/by-id/
<soren> or /dev/disk/by-uuid/
<soren> and use that in your script.
<scientes> why does everybody have to do all this virtualization junk when unix has had all of the same abilities with 0 overhead for decades?
<soren> This way, ivman will make sure your script is only called for the right devices.
<scientes> is it just cause windows sucks?
<soren> ...and your script will make sure it find the right block device to mount.
<soren> scientes: Because it hasn't.
<scientes> you have to run the same kernel but otherwise what is differnt?
<soren> Containment.
<soren> Primarily, anyway.
<soren> Lots of other stuff, too.
<scientes> Its just doing a second round of permissionss, software and hardware, when there are allready these things
<soren> Migration options, for instance.
<scientes> it just seems like its all there but developemers have neglected it so we have to do the meta=solution
<soren> scientes: You clearly don't know what you're talking about.
<scientes> ok
<soren> Explain to me what you'd do instead of using virtualisation?
<soren> What are these magic old school incantations that achieve the same thing?
<soren> chroots?
<scientes> run the same app under differnt users with differnt permissions, and SELinux, etc
<scientes> and yeah chroots
<scientes> i guess the virtualization is cleaner, and makes the the kernel do one task and irt another
<soren> These things all run in the same memory space, process space, filesystem, network...
<jamey-uk> soren: or instead of /dev/disk/by-id/* I could use that match line with hal.info.udi ('/org/freedesktop/Hal/devices/usb_device_1058_702_5758485A3037303239313933')?
<soren> jamey-uk: You can't use that to mount the disk.
<soren> jamey-uk: ...because that's not the name of a block device.
<scientes> you can multicast the network exactally the same as a virtual machine does, memory space is kept clean by access controls in kernel
<soren> scientes: No, it's not.
<scientes> and nice etc control scheduling
<jamey-uk> soren: ah sorry I thought you meant to use that as a "filter" so that only *that* USB hard drive gets mounted
<soren> No, no. It was to make sure you grab the correct block device.
<jamey-uk> you mean to use /dev/disk/by-id/* to find where the symbolic link goes to, and that is the block address for the HDD
<jamey-uk> yeah
<jamey-uk> cool, thanks
<soren> /dev/sd? are handed out as devices pop up.
<jamey-uk> it's ok, they're always going to be /dev/sdb because we're only connecting a single USB HDD at once (well USB device in general)
<soren> jamey-uk: Don't bother following the symlink. Just use the symlink directly.
<soren> jamey-uk: Well, yes, until something goes bad and you have a block device that's stuck for some reason.. :)
<soren> It happens :)
<jamey-uk> soren: okay so better safe than sorry, I should have a script for each drive that looks in /dev/disk/by-id/ for the expected symlink and use this to mount? :)
<jamey-uk> and then two different match blocks in ivman conf file?
<soren> jamey-uk: Unless I'm gravely mistaken, the symlink will be named after one of the attributes you can see from hal. Pass that on the command line to your script.
<soren> ...and you can get by with just one script.
<soren> ...but possibly two match rules in ivman's config.
<jamey-uk> ah, clever
<soren> Or perhas ivman has other clever ways to handle it. I don't know. This is the first time I've ever heard of ivman :)
<jamey-uk> soren: unfortunately not, the symlink is "usb-WD_3200BEV_External_5758485A3037303239313933-0:0" which isn't in http://pastebin.ca/1246866
<soren> It's derived from the serial.
<jamey-uk> so what do you suggest?
<soren> How many files match /dev/disk/by-id/*5758485A3037303239313933* ?
<jamey-uk> ah I see :)
<soren> Heh :)
<soren> scientes: Anything that has root privs can go snooping around in every other process's memory space.
<soren> scientes: Anything that runs as user foo can go snooping around in every other process run by user foo.
<scientes> but if you took away the 1024 port limit nothing would ever need root privs
<soren> Oh, really?
<scientes> and there is a practically unlimited number of users available
<soren> cron could magically run as a non-privileged user?
<soren> backup systems?
<soren> mail servers?
<scientes> ok, then its just a way to get around lowsey old unix defaults
<soren> And if anything could listen below port 1024, *any* user could hijack the ssh port, the http port or any other port during logrotate, for instance.
<scientes> not if you set user permission to specific ip addresses,
<soren> What?
<scientes> idk, hardware is suddnly going to be rewritten for hypervisors and we are going to have sub-kernels, i guess thats ok
<soren> How does user permissions relate to ip addressses and how does that relate to privileged port hijacking?
<soren> You're essentially saying that if we redefine the entire security model we already have, we wouldn't need virtualisation...
<soren> a) We're not going to do that
<soren> b) There's lots of other benefits of virtualisation
<soren> Have you ever managed a system that you later needed to split over several machines due to performance requirements changing?
<jamey-uk> soren: this doesn't pass the serial number on: <ivm:Option name="exec" value="/root/scripts/backup_to_usb2.sh `$hal.usb_device.serial`" />, is my syntax wrong? (I've got it "touch /tmp/$1"-ing)
<soren> I think you need a $ at the end as well.
<jamey-uk> oh yeah *duh* thanks :)
<soren> :)
<jamey-uk> should it be enclosed in back ticks or single quotes?
<soren> jamey-uk: Neither, probably.
<soren> jamey-uk: It doesn't look like something that really needs escaping, but to be on the safe side, you can put it in single quotes.
<Spirits-Sight> what do I do to connect to a system on the outside network when there is more then one system on the network for VNC
<jamey-uk> soren: I'm learning the basics of bash scripting heh
<soren> Spirits-Sight: Huh?
<Spirits-Sight> I am trying to test and see if I can connect to a computer on my network from the outside, I am not sure what I have to do to make it see able, I know it works from the network but I am unable to connect if I just use the WAN IP address
<jamey-uk> soren: in my shell script I have this: DRIVE=`ls /dev/disk/by-id/*$1*` ... If ls failed it is set to "ls: cannot access /dev/disk/by-id/*[xxxxxx]*: No such file or directory"... How can I check whether it has "failed" and so exit the script early? :)
<yann2> jamey-uk > http://pastealacon.com/1603
<jamey-uk> yann2: so it returns 2 if it fails, 0 otherwise? :)
<Deeps> 0 if it succeeds
<Deeps> >0 if failed
<Deeps> true of most applcations you run
<jamey-uk> http://pastealacon.com/1604 > the syntax must be wrong because even when $? returns 0 it echo's "ls failed", where am I going wrong? :)
<Deeps> jamey-uk: -gt, -lt, -eq, not >, < or =, when dealing with numbers
<jamey-uk> Deeps: thanks, I've now got: "if [ $? -ne 0 ]; then". How do I add "or if $DRIVE is empty" to that if statement?
<Pizarro> Hellow everyone
<Pizarro> I just installed Ubuntu Server 8 and I wonder if eBox comes already isntalled (I don't know how to acces it). If not I tried to install it by apt-get install ebox but I get a broken dependencies error. Can anyone help me please? thanks
<Deeps> if [ "$DRIVE" == "" ]
<Pizarro> Deeps, is that for me?
<Deeps> Pizarro: no, it's for jamey-uk
<Deeps> !ebox | Pizarro
<ubottu> Pizarro: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<Deeps> is all i can suggest
<Deeps> that and looking if there's any bugs on launchpad of anyone having the same problem as you
<Pizarro> I dont understand this line:
<Pizarro> sudo apt-get install â^ebox-.*â
<jamey-uk> Deeps: I get "[: 46: ==: unexpected operator]"?
<Pizarro> what are those symbols around ebox?
<jamey-uk> Pizarro: it means match any packages that begin with "ebox-" and have any characters after that, e.g. "ebox-", "ebox-something", "ebox-sdkfjsdkgfjsdkl"
<jamey-uk> so effectively, install all ebox related stuff
<Pizarro> yes but I am talking about this:  â^
<Deeps> looks like an error
<Deeps> sudo apt-get install ^ebox-.*
<Pizarro> ah ok, it is confussing ok ok
<jamey-uk> yeah ? means "0 or 1 of ^ebox" but seems like an aerror
<Deeps> the ^ and .* are used in regular expressions
<Pizarro> let's try that
<jamey-uk> Deeps, was that to me? any idea why I get == being an unexpected operator?
<Pizarro> so I don't have to type  â, do I?
<Deeps> sudo apt-get install ^ebox-.*
<Pizarro> ok, thaks
<Deeps> jamey-uk: no, google for bash scripting / bash conditional guides
<Pizarro> i got a broken packets error
<Pizarro> and this is a brand new server isntallation, just 10mi ago
<Deeps> Pizarro: paste the full error into a pastebin?
<Pizarro> it is in spanish...
<Pizarro> but anyway
<Pizarro> http://pastebin.com/m7442af61
<Pizarro> "Hecho" is done
<Pizarro> the line 16 says
<Deeps> problem resides with the 'libapache-authcookie-perl' package
<Pizarro> yeah that's right
<Deeps> hablo espaniol ;)
<Pizarro> it says "it's not installable"
<Pizarro> Ha ok, perfecto entonces
<Pizarro> Xd
<Deeps> in here we speak english though
<Pizarro> Where?
<Pizarro> the channel?
<Pizarro> ah ok
<Deeps> https://bugs.launchpad.net/ubuntu/+source/ebox/+bug/255368
<uvirtbot> Launchpad bug 255368 in ebox "ebox: Depends: libapache-authcookie-perl but it is not installable " [Undecided,Confirmed]
<Pizarro> let's see
<Pizarro> so basically the file was removed, that's the issue
<alpine_style> let's say i stuff a NIC card in my Ubuntu server and it's recognized as eth0, then one day i pull it out how do i free up eth0 so it can be used again by another NIC at the OS level?
<Deeps> alpine_style: /etc/udev/rules.d/??-persistent-net.rules
<Pizarro> mmm.
<Pizarro> Is there any other alternative to eBox?
<Pizarro> I don't feel confident using it now after this..
<Deeps> not that is supported by ubuntu
<Deeps> there are various other tools that do similar things
<Pizarro> Suported by ubuntu?
<Deeps> webmin, ispconfig
<Deeps> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system. See !ebox instead.
<Deeps> !ispconfig
<ubottu> Sorry, I don't know anything about ispconfig
<Deeps> fair enough
<Pizarro> Well I would say the ebox is not longer suported by Ubuntu too, since you can't install it due no existing dependencies
<Deeps> well, it is officially supported, that it cant be installed right now is a bug
<Pizarro> Well I can download manually from launchpad, but how can I do it from the server? wget?
<Pizarro> done
<alpine_style> Deeps: can you just delete the iface from that file?
<Pizarro> Is it possible to do this?: apt-get [whatever].deb ?
<Deeps> alpine_style: yep
<alpine_style> Deeps: wow, never new anything about that trick
<Pizarro> I mean, sorry. apt-get install [whatever].deb
<Deeps> Pizarro: nope, you either need to add the launchpad repository to your apt sources, or you need to wget all the relevant debs and dpkg -i blah.deb
<Pizarro> Deeps, I already downloaded the main ebox package, but to install a DEB pkg from the command line? Shall I use apt-get install too?
<Deeps> apt-get will download packages from the apt repositories listed in your apt sources file
<Deeps> dpkg -i will install deb files you've downloaded yourself manually
<alpine_style> Deeps: you can delete lines from 70-persistent-net.rules, but as soon as you reboot they just reappear
<netrat> when doing a new install of ubuntu server 8.04 or 8.10 with LVM on top of software raid, is LVM automatically aligned with stripe size of the raid?
<uvirtbot> New bug: #294728 in samba (main) "Public shares not possible in home folder (Hardy 8.04) " [Undecided,New] https://launchpad.net/bugs/294728
<Pizarro> Ok...
<Pizarro> new issue
<Pizarro> I want to install a vpn server to get access to Microsoft comptuers outthere..however using OpenVPN I have to setup certificates to give to the clients..which is not usuall under Micrsosoft enciroments when usint the default vpn client..any clue?
<netrat> if you want to use openvpn in windows, then you have to install the openvpn client
<Pizarro> so they can't use the default XP vpn cliente, right?
<netrat> Microsoft XP has built-in support for PPTP and L2TP vpn tunnels
<Pizarro> For example, I was given only an VPN account name and password, nothing else, and I can connect to that VPN network...I want to do the same in my side, but using OpenVPN I have to send each client a certificate!!!
<Pizarro> which is a little bit complicated since the users can use difierent computers
<Pizarro> am I right?
<netrat> yes
<netrat> install a pptp server on your ubuntu box
<Pizarro> Ah i tried to instal poptop in the last server isntallation and I couldn't make it to work properly; whenever the clients use to get disconnected after some seconds
<Pizarro> And I couldn solve it, and no help
<Pizarro> so I wanted to move to OpenVpn
<Pizarro> is there any alternative to poptop?
<Aleka> Trying to get help on where the setting to turn the terminal bell would be >> right now I am doing setterm -bfreq 0 , but that is per session
<Pizarro> Also I cant install OpenVPN!!!!! I got the same dependencies error as when installing ebox!!
<Pizarro> Is this happengin only to me?
<Pizarro> Could you please check the packet "openvpn"?
<Pizarro> PLEASE Can anyone help me with Open VPN??? I am really bad
<Pizarro> Nobody can help me please???
<Pizarro> I really want to keep going with linux, but the situation forces me to move on with another thing
<Pizarro> Hi, can anyone explain me how to set up a VPN network???
<Pizarro> I am confusesd about local ip and remote ip
<Pizarro> I dont understand de concept
<darkvertex> ï»¿Pizarro: read about it here http://en.wikipedia.org/wiki/Virtual_private_network and http://openvpn.net
<Pizarro> thanks
<darkvertex> ï»¿Pizarro: you're welcome
<penguinhunters> Anyone have some good documentation on migrating 2003 AD information into openLDAP...
<ghost3> I have an issue.. I have a tower im using as a server at my brothers house cause he has high speed access. there are 3 pc connected to the router which issuse ip address in the likes of 192.168.15.3 and so on. but when I goto whatismyip.com it give me a diffrant ip addy.. my server is running a noip client but when ever I try to access my server from a remote site it times out. any ideals?
<darkvertex> ï»¿ghost3: that would be because ï»¿whatismyip.com sees your legal ip addr.
<ghost3> ok, the router they have is for there voip phone. not sure if I should/can disable dhcp on the router..if I did/could would that fix the issue and if not what could I do to access it?
<darkvertex> ï»¿ghost3: by what ip addr sis you try to connect to your server? the 192.168.xx.xx one? that would not work.
<darkvertex> s/sis/did
<ghost3> no. I know that is for the local network. the noip I was using was michaelhoward.hopto.org I started noip client on this pc so it canceled out the redirection to this pc..i just stoped the client and the server should up date the client here in a few mins. I don't remember the ip
<ghost3> the server is of course running ubuntu but my brothers pc are running windows xp & vista. im not sure what the network is doing with 3 diff os's captureing the request on one legal ip address.
<ghost3> im watching my noip account on line when the server sends for the up date ill get the ip address then ill tell you what it is.
<ghost3> is anyone thinking about what I said or am I wasting my time? its just to quiet not sure if anyone is listening
<darkvertex> ï»¿ghost3: The differences in OS's doesn't really matter, they're NAT-ed to a single legal ip addr. That is common usage at a small network (e.g. home network, soho etc). I just don't quite get your question.
<unit3> ok, I've been tracking bug #286080, problems with apparmor.
<uvirtbot> Launchpad bug 286080 in apparmor "cups fails to print to network printer if resolvconf package is installed (apparmor)" [Undecided,Fix committed] https://launchpad.net/bugs/286080
<unit3> and after a bunch of discussion with jdstrand, and building a new proposed apparmor package...
<unit3> I'm still having problems with apparmor.
<Pizarro> Ok, I solved the VPN connection, now it is working with PPTP instead ofr OpenVPN
<Pizarro> SOLVED
<unit3> jd helped me track it down to the apparmor profile for clamav-daemon, which doesn't contain a reference to the latest resolvconf stuff, and suggested I purge and reinstall clamav-daemon to get it to install the correct version of that profile.
<ghost3> ok. thank you. when ever I goto michaelhoward.hopto.org it times out. I have apache listing on port 8080 and I have some other services running.. I can't access any of them.
<unit3> So I've done that, but it's still broken.
<darkvertex> ï»¿Pizarro: great! :)
<unit3> I verified after a purge that /etc/apparmor.d/usr.sbin.clamd was gone, and that after apt-get install apparmor it came back.
<unit3> But it's the same broken version that's supposed to be updated in the intrepid package.
<Pizarro> darkvertex, yeah, my issue was due the staff related to certificates with OpenVPN, so finally I went with PopTop
<unit3> ie, doesn't contain a reference to "#include <abstractions/nameservice>"
<Pizarro> *stuff
<unit3> Does the i386 version of this package just contain an old version of the config file, or what?
<Pizarro> Now I have another question (last one I promess), Is there any web tool to manage Ubuntu server remotly? (eBox is not installable now sine one of the dependencies has been removed temporaly because is bugy), and Wibmin is not supported by Ubunut anymore
<ghost3> pizarro: I use webmin.
<Pizarro> ghost3, How did you install it? It is not under apt
<ghost3> browser based server admin tool
<ghost3> you have to download it. very easy to install. ill find the link
<Pizarro> ok thanks mate
<darkvertex> ï»¿ghost3: What are you trying to do? Connect to your server over the internet? I can  ping ï»¿michaelhoward.hopto.org fine right now.
<penguinhunters> now that we have some activity I will ask again...
<penguinhunters> Anyone have some good documentation on migrating 2003 AD information into openLDAP...
<ghost3> pizarro http://www.webmin.com/
<jdstrand> unit3: :/
<Pizarro> ghost3, thanks, I'll take a look
<unit3> jdstrand: yeah, I'm pretty puzzled... I'm going to go pull apart the package file I've got in /var/cache/apt, and see what the config looks like in there.
<jdstrand> unit3: it appears *I* had a modified usr.sbin.clamd file
<unit3> ... :)
 * jdstrand filly very silly
<ghost3> darkvertex yes. that address is to noip.com which redirects to my server.
<jdstrand> feels
<unit3> Heh, well, at least we're tracking it down. :)
<darkvertex> ï»¿penguinhunters: sorry, no idea
<unit3> So, wanna get your modified config into clamav-daemon? ;)
<ScottK> jdstrand: You probably tested the TCP sockets change I haven't uploaded yet.
<unit3> ScottK: oh, is that for a fresh copy of clam not being allowed to start a socket? because I'm running into that now after the purge-reinstall, and I *really* need clam to be running because dspam (and exim) block on it missing. :(
<unit3> oh, I guess if I just unload the apparmor profiles it starts.
<Pizarro> ghost3, can't install webmin
<unit3> I should mark the clamd profile as warn rather than enforce for now, I guess.
<darkvertex> ï»¿ghost3: ï»¿pinging to that address never times out for me. FTI, I'm across an ocean from where you are.  But I can't access your web on 8080 port.
<Pizarro> ghost3, I get the same error as with ebox,
<jdstrand> unit3: just put in in complain mode
<unit3> jdstrand: yeah, that's what I meant. :)
<jdstrand> unit3: you can also update it yourself-- it's just a conffile
<darkvertex> *FYI
<Pizarro> ghost3, there are some libs that have been remoeved from the repositories
<Pizarro> libauthen-pam-perl
<unit3> jdstrand: I just don't want to get into the situation where it sees it modified, so I don't get the newest maintainer version on upgrade in future releases.
<Pizarro> is not under the repositories now,
<ScottK> unit3: Or you can make this change to the profile and have it work: http://launchpadlibrarian.net/18953684/usr.sbin.clamd-patch
<darkvertex> ï»¿ghost3: If you encounter the same problem, that is you cannot access the web server, then I suggest you open port 8080 on you firewall/router.
<unit3> ScottK: oh, that's where that patch is... no, I'm cool with complain mode for now if I know that it'll get patched into an official package shortly.
<ghost3> darkvertex ill try that when I go back over there. duh. I can't believe I didn't think of that. thanks
<jdstrand> unit3: yes, it is bug #288942 that I verified, which is why I had the updated profile installed
<uvirtbot> Launchpad bug 288942 in clamav "clamd daemon fails to load" [Medium,Fix committed] https://launchpad.net/bugs/288942
<unit3> jdstrand: gotcha, makes sense.
<jdstrand> ScottK: what is the git repo for clamav? I can't seem to find it in the alioth pages
<unit3> Now if I can just get some motion on the killer raid10 bug I found yesterday, I'll be feeling better about intrepid.
<ScottK> jdstrand: ssh://git.debian.org/git/pkg-clamav/clamav
<jdstrand> ScottK: thanks
<jdstrand> ScottK: btw-- any word on when that will get uploaded?
<ScottK> jdstrand: They're working on 0.94.1 now (there has been ML traffic).  Once they've uploaded, I'll have it for Jaunty and intrepid-updates very shortly.
<jdstrand> ScottK: great! thanks
<unit3> Do any of the kernel (package) maintainers hang out here at all, or do I need to another channel to get their ear?
<unit3> or are they too busy right now to discuss stuff on irc? ;)
<ghost3> it got real quite when you asked about that unit3
<unit3> I noticed. ;)
<ghost3> shhh...were taking a nap
<unit3> I'll take the hint for now, but honestly, bug #285156 has me quaking in my boots...
<uvirtbot> Launchpad bug 285156 in mdadm "mdadm RAID10 arrays cannot be rebuilt, will not use available spare drives" [Undecided,New] https://launchpad.net/bugs/285156
<unit3> I've got at least two machines on raid10 that have been upgraded to intrepid before I discovered that issue, and one of them has already had a drive failure... and as of now, I have no way of fixing that array.
<unit3> So I'm pretty worried.
<ghost3> downgrade to 8.04?
<ghost3> is this a 8.10 bug only?
<unit3> it seems to be a 2.6.27 bug actually.
<unit3> although that's only been confirmed across debian and ubuntu so far, so it could be a debian packaging problem too.
<unit3> but behaviour looks like a kernel regression since .26
<ghost3> hmmm... is it possible to downgrade your kernal?
<unit3> Maybe, might be the easiest solution.
<ghost3> test it on a DD'ed partion.
<unit3> ghost3: you mean the re-add? dd it out from /dev/zero and then add it?
<unit3> I'll try that, and then see if I can grab a debian linux-source-2.6.26 to build a kernel package from.
<unit3> assuming there isn't too much difference between the debian and ubuntu kernel packages?
<ghost3> if it works let everyone know. for a short term soultion anyway
<slicslak> so.... the full vim isntalled by default right?  what do i have to install to get it?  i thought i had done it before with the package name vim, but aptitude says that's already installed
<unit3> ghost3: will do, and I'll post results on the bug of course.
<ScottK> unit3: Ubuntu does their kernel completely seperately from Debian.
<ghost3> :-D
<unit3> ScottK: ok... is there a source or amd64 generic package for 2.6.26?
<ivoks> apt-get source linux-image-2.6.26-generic
<ivoks> er...
<ivoks> apt-get source linux-image-2.6.26-XY-generic
<ScottK> Not any more.
<unit3> yeah, that's what I thought... :(
<ivoks> oh, right... 2.6.26 :)
<unit3> well, regardless, dd'ing now.
<ScottK> unit3: You should be able to dig through the history of the linux-source (I think that's what it's called) and find 2.6.26
<unit3> ScottK: dig through where? on launchpad somewhere? or in git?
<ScottK> On Launchpad somewhere.  Git would work too no doubt.
<unit3> ok... I'll poke at launchpad since I don't know the git setup as well...
<unit3> after I get control of my machine back though, since that dd is apparently doing a number on my system responsiveness. :(
<slicslak> nvm, had to do a update first
<Baversjo> Ubuntu Professionals! Is there any way i could invoke a script when a user is authenicating? Not when the user is authenicated, before that.
<unit3> Baversjo: you could with a custom pam module, although that may be more programming than you're looking for.
<unit3> Not sure if there already exists a pam module that just runs a custom script.
<Baversjo> Would be great if it did
<Baversjo> Here is my problem: I don't want multiple instances of the same users (needed) on my system. When I am connected to my SSHD and my Internet goes down, I'm still logged in on that computer. Then my users cannot login again.
<Baversjo> Because they are allready logged in!
<unit3> I'm not sure what you mean... you don't want people to login more than once?
<unit3> I'm not sure how that relates to a loss of internet access though...
<Baversjo> When a user is allready connected, I don't want the same user to be able to connect on another computer. I added this line in the /etc/security/limits.conf for this to be possible: @ssh - maxlogins 1
<Baversjo> This works great, but the user is still connected when his/her connection to the server is somehow interupted, and then they cannot login again.
<ScottK> Baversjo: But can't they just work around this by ssh to another machine from the remote one they are in?
<unit3> Baversjo: oh, is your problem primarily that if the connection gets interrupted, and there's an existing connection, they can't establish a new connection?
<Baversjo> ScottK: I'm using scponly so they can't do that, even if I don't care acually. I don't want them to be logged in to my system with multipe instances.
<unit3> I'm not sure how you'd work around that, other than having an idle timeout on existing logins.
<Baversjo> unit3: Exactly.
<unit3> Lemme check the sshd_config manpage, see if it's got any helpful hints. :)
<Baversjo> unit3: Thank you very much :D
<unit3> oh, there is an idle timeout option:
<unit3> ClientAliveInterval. by default it's not used, but you can set it to a number of seconds, after which it will disconnect a client that hasn't sent anything.
<unit3> So if you set that to something suitably low, like 30s, then if there's a connection interruption they should only have to wait 30 seconds before they can login again.
<unit3> Will that work for you?
<unit3> Also, note that it only works with SSH/SFTP v2 clients.
<Baversjo> ye i have that
<unit3> Ok, well, give that a try then, see if it works the way you want.
<Baversjo> unit3: But I don't know, the user can't send any commands to the server so they will maybe be disconnected immidietly.
<Baversjo> I'm building a proxy service xD
<unit3> Baversjo: it doesn't mean commandline commands, it just means as part of the protocol it requests a response from the client.
<Baversjo> nice
<unit3> any ssh/sftp v2 client should send those responses automatically.
<unit3> so you shouldn't have to worry about it, the only time it should disconnect someone is if the connection gets interrupted for the amount you specified.
<Baversjo> Nice, I'm using putty (or actually plink, command line putty) to make the connection. I'm going to disconnect and w8 for a minute and two now and see if it works and I'll come back here after that :D
<Baversjo> or two*
<unit3> ok. :)
<unit3> oh, except it may not work for existing connections.
<unit3> you probably need to put that into the sshd_config, then restart sshd, then make a new connection to test it with.
<Baversjo> ye done already xD
<unit3> heheh alright then. :)
<Baversjo_> Yey it worked! Thx unit3!
<unit3> Cool, good to hear. :)
<unit3> alright, back to my raid10 issue... spare partition has been zeroed, time to re-add again.
<Baversjo_> I've built my own proxy program that is powered by Ubuntu, sshd and Putty and users connect to my server using their MAC-address as username and their own password, the thing with this feature is that users cannot use their account on different computers even if they MAC-spoof because the user only can be connected with one instance at once ^^. Success! :D
<unit3> Neat. :)
<unit3> Damnit! even after zeroing the partition, it refuses to rebuild the array. :(
<unit3> well, I'll update the ticket with that anyway. Time to build a 2.6.26 kernel package.
<Baversjo_> unit3: Sounds complicated :S xD
<unit3> Baversjo: yeah, it's a rather nasty bug with raid10 in intrepid... so don't upgrade any machines that are using linux software raid10 to intrepid just yet. :(
<Baversjo_> unit3: I started with Linux like one year ago and I got to admit that i thought it sucked pretty much from the beggining. But now when I've learned the basics I find it much better then Windows that I'm used to.
<unit3> Baversjo: it's one of those things that's really powerful once you learn more, and makes it difficult to go back because you expect that level of power and control everywhere else. ;)
<Baversjo_> agreed :D
<jdstrand> ScottK: where is the debian/ directory for pkg-clamav? is it in a different repo?
<ScottK> There are several branches there.
<ScottK> There's a 0.94.1 and a 0.94.1+debian.
<ScottK> Debian's debian dir is in the latter.
<ScottK> There is also an Ubuntu/devel branch that has our changes in it.
<jdstrand> ok-- I thought I checked there, but must have missed it
<jdstrand> ScottK: thanks
<Aleka> 've been getting a "302 Moved Temporarily [IP: 91.189.88.31 80]" on a lot of my apt sources today (universe, multiverse). This is a clean server install.. anything I need to correct?
<andol> Aleka: I'm not sure on how apt handles those? Does it automagially follow the new url?
<andol> Aleka: Or does it simply break?
<Aleka> just breaks
<andol> Aleka: Well, then you might want to use another mirror, at least temporary.
<andol> aleka: the 302 is a standard http response. In other word it is something happening on the repository mirror, not on your computer.
<aleka> andol: At this point, they're all pointing to us.*.ubuntu*, should I just have all of them point to *ubuntu.com?
<andol> aleka: Not entirely sure what the best syntax/choice is when it comes to US-mirrors.
<andol> aleka: If you know a good one close by I would specify it by name.
<andol> aleka: Those I am familiar with are in Sweden, and most likely not your first choice :-)
<aleka> lol.. I guess not
<aleka> I am just wondering if I should try and remove the us mirror and just have it point to ubuntu.com
<andol> aleka: That would work, but might not be optimal
<andol> aleka: Another option is to pick one from here https://launchpad.net/ubuntu/+archivemirrors
<aleka> andol: Actually, its not even the us mirrors a getting the http error on... its the security repos(security.ubuntu.com) and the archive (which is a us mirror)
<andol> aleka: That sounds more strange then. Myself I have no trouble reaching security.ubuntu.com
<andol> aleka: In short, I don't know then :) Perhaps there are some local problem, or you might be behind some kind of proxy or I don't know
<aleka> I can't even ping it
<andol> aleka: right now I'm mostly guessning
<aleka> andol: Thanks... will try to get it figured out
<unit3> ugg... I forgot dpkg-buildpackage -b builds *all* the different kernel variants.
<unit3> Can someone remind me what I need to do to just build the -generic variant and modules?
<soren> unit3: https://wiki.ubuntu.com/KernelMaintenance has a lot of info on the subject.
<soren> unit3: https://wiki.ubuntu.com/KernelMaintenanceStarter likewise.
<unit3> great, thanks.
<soren> The latter is the "cheat sheet" for the former :)
<unit3> heh, it actually finished just now, so I guess I don't need it right at this moment anyway. ;)
<soren> These sorts of questions are likely to be answered faster in #ubuntu-kernel, though.
<unit3> But I'll remember it's in the wiki for next time.
<soren> Faster and more competently, even :)
<unit3> Oh ok, I'll head that way, since the problem I'm fighting with is a kernel issue (I think)
<Baversjo_> Hey! I'm using PAM to limit number of logins to my server (maxlogins). When another instance of the user is active the new instance just gets disconnected. Is it possible to view the Access denied message instead? I need this that information, the ssh client can not just exit :S
<Baversjo_> that information*
<Baversjo_> Maybe that's not the way PAM works? Should I use my own script to determine if a user can authenticate instead?
<moo---> happy world plone day (plone.org)
#ubuntu-server 2008-11-07
<uvirtbot> New bug: #294935 in bind9 (main) "apparmor error when logging to /var/log/named/" [Undecided,New] https://launchpad.net/bugs/294935
<squee__> Is it possible to install ubuntu-server remotely, doing nothing but putting in a stock ubuntu-server cd and maybe SSHing in?
<lukehasnoname> I /think/ there is a way to set that up, but I don't think it's with a stock cd
<lukehasnoname> I seem to remember a tutorial where someone spun a custom disk so that when it booted up, it listened for remote connections and you installed through remote X
<uvirtbot> New bug: #293993 in ebox (universe) "ebox will not install in 8.10 server - dependency problem (dup-of: 255368)" [Undecided,New] https://launchpad.net/bugs/293993
<lukehasnoname> https://help.ubuntu.com/community/Installation
<lukehasnoname> squee_
<lukehasnoname> check that
<antdedyet> !pae
<ubottu> Sorry, I don't know anything about pae
<antdedyet> !RAM
<ubottu> A quick FAQ on Memory Management: http://gentoo-wiki.com/FAQ_Linux_Memory_Management For Lubos Lunak's desktop memory usage comparison, see: http://ktown.kde.org/~seli/memory/desktop_benchmark.html
<antdedyet> !4GB
<ubottu> Sorry, I don't know anything about 4gb
<antdedyet> !help
<ubottu> Hi! I'm #ubuntu-server's favorite infobot, you can search my brain yourself at http://tinyurl.com/5zfb6t - Usage info: http://wiki.ubuntu.com/UbuntuBots
<Dominik> anyone home?
<timr> hi guys
<timr> is anybody in here?
<TIMREICHH> hey guys
<TIMREICHH> could somebody tell me why im getting this error Fatal error: require_once
<TIMREICHH> is this room alive?
<soren> TIMREICHH: It's called patience. Here.. Have some.
<soren> Also, there's something called "context". Gimme, gimme.
<Ramrunner> Good afternoon all
<andol> Ramrunner: Good morning
<Ramrunner> I just did a server 8.04->8.10 upgrade and lost my internal net Outlook clients connectivity to dovecot. Running local Evolution on the server works fine
<Ramrunner> imap
<soren> How do they fail?
<Ramrunner> With a wonderful Outlook error of "Cannot connect to server" :(
<soren> I can't work with that :)
<Ramrunner> in the mail log it says "ubuntu dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.0.3, lip=192.168.0.10"
<Ramrunner> as an example
<soren> Wat kind of authentication are you using?
<soren> "What", even.
<Ramrunner> I believe it's standard PAM unless the upgrade changed that???
<soren> No, I mean IMAP authentication.
<Ramrunner> sorry - my bad - I'm allowing plain text passwords - is that what you mean?
<soren> Yes.
<soren> Can you put your dovecot conf on pastebin? Be sure to weed out sensitive information, if any
<Ramrunner> no problem - except I'm new to IRC. How do I do that, is it easy to explain?
<Ramrunner> ok wait - it's a web site
<soren> Right.
<Ramrunner> Do I just paste my config into the web site and hit the button?
<soren> Yes.
<soren> That will give you an URL that you can post here.
<soren> ..and then I can go look at your config.
<Ramrunner> http://pastebin.com/m6738d770
<soren> Ramrunner: It looks fine at a glance... Try cranking up the logging.
<soren> auth_debug, for instance.
<Ramrunner> ok - here's a new snippet
<Ramrunner> Nov  7 16:20:23 ubuntu dovecot: Killed with signal 15
<Ramrunner> Nov  7 16:20:23 ubuntu dovecot: Dovecot v1.1.4 starting up
<Ramrunner> Nov  7 16:20:24 ubuntu dovecot: auth(default): new auth connection: pid=13521
<Ramrunner> Nov  7 16:20:24 ubuntu dovecot: auth(default): new auth connection: pid=13522
<Ramrunner> Nov  7 16:20:24 ubuntu dovecot: auth(default): new auth connection: pid=13520
<Ramrunner> Nov  7 16:21:13 ubuntu dovecot: imap-login: Disconnected (no auth attempts): rip=192.168.0.3, lip=192.168.0.10
<Ramrunner> Nov  7 16:21:14 ubuntu dovecot: auth(default): new auth connection: pid=13527
<Ramrunner> the ones that are working are the local evolution running
<Ramrunner> the one at 16:21:13 is outlook trying to connect
<Ramrunner> is there a set of telnet commands I can maybe try???
<Ramrunner> better idea - let me try windows mail from the same PC
<Ramrunner> bingo - more information!!!
<Ramrunner> Your IMAP server wishes to aleert you to the following:
<Ramrunner> Plaintext authentication is disabled, but your client sent password in plaintext anyway
<Ramrunner> let me check that damn config file again
<Ramrunner> sweet as
<Ramrunner> When the server upgraded - it honestly didn't work, and I couldn't get it to work.
<Ramrunner> I copied the new config file, set my settings, but obviously mis-read the plaintext thing
<Ramrunner> the default is yes to NOT allow plaint text.
<Ramrunner> I feel like a dick - and I owe soren a beer
<Ramrunner> soren -you still there? I want to thank you
<soren> I'm here again now :)
<soren> sorry for wandering off like that. I had something I needed to handle.
<Ramrunner> no problem - just wanted to thank you - i got it sorted in the end.
<Ramrunner> Postfix is holding new messages now in a queue, which mailscanner is supposed to pick up and deliver, which isn't working any more but I'll sort that one out myself
<J-_> What should I chown my /var/www to so user can write with root privileges via sftp? Is there anyway to get a prompt password when trying to add to a root protected directory like /var/www?
<J-_> It looks like /var/www is owned by www-data for some reason.
<stka> hi
<jgjones> J-_, www-data - that's the process Apache2 runs as (so allows Apache access - usually I give group as www-data and on pages where apache2 need to edit (ie for Wordpress or other CMS) I give group write permission
<stka> in ubuntu-server 8.10 is the dhcp3 and bind9 Sever linked against LDAP? In 8.04 they are not :-(
<J-_> jgjones:  So, would sudo chown -R <user>:www-data /var/www be safe?
<J-_> Currently I have Drupal installed. I gave up on Wordpress.
<jgjones> I don't change the permission of the /var/www directory itself
<J-_> hmm
<jgjones> However on folders IN /var/www itself - I might have my own directory with my website in it - let's call it mysite - this would have user:group as me:www-data
<jgjones> me being me obviously :)
<J-_> true
 * J-_ ponders
<jgjones> I give it group-write permission (so if I edit pages in Drupal/wordpress/whatever - Apache2 can write to there because it's www-data)
<jgjones> hope that made sense...not sure if I'm explaining it very well :)
<incidence> Is it possible to deny users removing ".bash_history" or can I log the history to another file too?
<soren> incidence: Anything like that can be easily circumvented.
<incidence> Yea :/
<incidence> "export histfile=/dev/null" etc
<soren> For instance, yes.
<soren> Or start a different shell.
<incidence> Yes. So the answer is no, for bash
<soren> Well, no.
<soren> Not if the question is: "Is it possible to deny users removing ".bash_history" or can I log the history to another file too?"
<incidence> I'd like to know what commands all users / certain users run. Any suggestions?
<soren> It's the correct answer to the question: "Can I easily force any command a user runs to be logged somewhere where he can't delete it again?".
<incidence> Yes.
<Squeakyneb> Heya
<Squeakyneb> hey cateye
<_ruben> bugger .. im pretty close to finishing up my pxe/tftp/http install rig .. if only my dhcp server cooperate
<slicslak> in /var/log/messages i'm seeing -- MARK -- all over the place
<slicslak> can anyone tell me what this is?
<ScottK> slicslak: It's just a period message to the log so you know logging is working even if there's nothing to log.  It's normal.
<ScottK> period/periodic
<slicslak> thanks
<_ruben> for some reason the pxe bootrom can get an ip just fine, but when the ubuntu installer kicks in and tries to get an ip everything goes to shit
<_ruben> as in, the box keeps requesting and declining ips
<_ruben> seems im being bitten by http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479473
<uvirtbot> Debian bug 479473 in dhcp3-client-udeb "debian-installer: DHCP client fails to assign address during install" [Normal,Open]
<slicslak> in /var/log/messages, every day i see this line:  Nov  7 06:38:47 foo syslogd 1.5.0#1ubuntu1: restart.
<slicslak> what does this mean?  is ubuntu cron'd to restart every day?
<_ruben> logrotate
<slicslak> oh
<_ruben> after rotating logfiles it restarts syslogd
<J-_> If /var/www belongs to www-data, how can I add modules to drupal in /var/www/modules? Can I change ownership of /var/www/modules and still be safe, and make everything still work well?
<slicslak> J-_, set the group owner to a group that you and every web tech is in and make g+rwX for all your web files
<slicslak> _ruben, where would i look for actual reboots?
<J-_> How would I do that? I think someone told me a long time ago. But, I forget.
<slicslak> rtfm chmod and chgrp
<J-_> !rtfm
<ubottu> Acronyms or statements like  noob, jfgi, stfu, or rtfm are not welcome in this channel. Period.
<slicslak> lol, and here i thought i was being helpful
<slicslak> how do you know how to invoke the bot in the chanel but do not know how to chmod?  i wasn't being rude, i even gave you the syntax!
<J-_> I hang out in other Ubuntu channels where ubottu is. And, I've been using Ubuntu for a few years. :)
<J-_> 3-4 years I suppose.
<slicslak> note the capital X in that chmod command, that makes directories readable but NOT files executable
<aleka> is the version of vim installed by default on the server ed not the full package?
<Gargoyle> whats jfgi?
<slicslak> that's right
<slicslak> aleka, updat apt first and then install vim
<aleka> I am trying to enable syntax highlighting and trying to install the package: vim-full tries to install a bunch of Gnome-deps
<slicslak> just install vim, but you need to do a package update first
<aleka> slicslak: Thanks
<_ruben> slicslak: the 'last' command shows reboots
<slicslak> _ruben, thanks.  it just shows the last reboot though.  i was more hoping for all reboots (and preferrably who invoked them).  i'm assuming it's somewhere in syslog....  just need the right grep
<josh_> does anyone have a samba gui suggestion?
<sommer> josh_: you might check out swat... it's a web config tool
<josh_> i'm working with smbwebclient now. i was just wodering if anyone had a suggestion. i'll check it out
<ScottK> kirkland: Saw you blog post.  nixternal knows people who worked at the Obama headquarters and they told him it was Windows there.
<kirkland> ScottK: yeah, there seems to be a lot of 2nd hand information, much of it conflicting
<ScottK> kirkland: You might want to follow up with nixternal then because he's at least in contact with someone who has first had info.
<kirkland> ScottK: thanks
<ScottK> No problem.
<lhnn> Wow, kirkland, nice Halloween costumes.
<kirkland> lhnn: thanks ;-)  bsg fan?
<lhnn> not really, a few of my roommates like it, though.
<lhnn> I would go as Data or something
<lhnn> but Sci Fi has to stick together
<lhnn> I see KVM can do live migration!
<J-_> Can anyone help me get PHPmailer working in Drupal on Ubuntu with gmail SMTP?
<J-_> biggest pain in the arse. I can't seem to figure it out
<J-_> I don't remember it being this hard before
<uvirtbot> New bug: #295293 in mysql-dfsg-5.0 (main) "InnoDB: Assertion failure in thread..." [Undecided,New] https://launchpad.net/bugs/295293
<NineTeen67Comet> Hay all, I built an Ubuntu server (8.04) a few months ago, and it has had a hard time staying up for more than a day or two. It simply locks up, there is no monitor or keyboard to it and my error logs say nothing unusual. Ideas on figuring it out?
<hads> Sounds like a hardware problem
<NineTeen67Comet> That's my fear =) .. All I need is another excuse to order some parts .. hehehe
<NineTeen67Comet> That box was given to me because it would just go non responsive after a while (as a workstation)
<NineTeen67Comet> It has some "unique" ram if I remember right too. Not something I want to mess with.
<NineTeen67Comet> I'll go dig it out and pull it apart. Thanks for the idea.
<uvirtbot> New bug: #289479 in openldap (main) "problems when trying to install packages: "E: /var/cache/apt/archives/wallpaper-tray_0.4.6-5_i386.deb: files list file for package `libldap-2.4-2' is missing final newline" (dup-of: 108189)" [Undecided,Incomplete] https://launchpad.net/bugs/289479
<mynous> anyone in here that could help with server network troubles?
<kgoetz> !ask mynous
<ubottu> Sorry, I don't know anything about ask mynous
<kgoetz> bah.
<kgoetz> mynous: just ask your question
<mynous> sorry just seems dead in here always
<mynous> im having problems with vsftpd making rtorrent uploads drop to almost zero when im transfering a file, even when the rate is limited. is this just a conflict of the 2 programs?
<mynous> neither of them will come close to maxing their connection when running concurently either
<kgoetz> hm. not seen a behavour like that before
<mynous> another strange coincidence is that rtorrent seems to be able to either "max" download or upload but one drops while the other goes up
<mynous> the server has a 10mb connection and when downloading files from it at 3-4mb i dont see a reason for rtorrent to stall to almost 0KB, i just cant think of what would need to be configured
<kgoetz> i cant think of a reason either
<mynous> damn
<mynous> could it be that the harddrive just isnt fast enough?
<mynous> i wouldnt think so because ive had it going at better than 60mbps at one point before configuring it for a 10mb connection
<mynous> v
<mynous> Settings for eth0:
<mynous> 	Supported ports: [ TP MII ]
<mynous> 	Supported link modes:   10baseT/Half 10baseT/Full
<mynous> 	                        100baseT/Half 100baseT/Full
<mynous> 	Supports auto-negotiation: Yes
<mynous> 	Advertised link modes:  10baseT/Half 10baseT/Full
<mynous> 	                        100baseT/Half 100baseT/Full
<mynous> 	Advertised auto-negotiation: No
<mynous> 	Speed: 10Mb/s
<mynous> 	Duplex: Full
<mynous> 	Port: MII
<mynous> 	PHYAD: 1
<mynous> 	Transceiver: internal
<mynous> 	Auto-negotiation: off
<mynous> 	Supports Wake-on: pumbg
<mynous> 	Wake-on: d
<mynous> 	Current message level: 0x00000001 (1)
<mynous> 	Link detected: yes
<mynous> does that look like its correctly set up? for some reason i think auto-neg should be on but i have no clue
#ubuntu-server 2008-11-08
<ascent> goodmorning all :)
<mynous> morning :\
<ascent> Quiet in here :)
<mynous> yeah, which means im still at a loss :P
<ascent> Why's that?
<mynous> trying to figure out why my servers networking abilities are acting to strangely
<ascent> :) that's no easy brainer I suppose :)
<mynous> nope
<mynous> its the strangest thing ive seen too
<ascent> any particular symptoms?
<mynous> well im basically running only rtorrent and vsftpd on it at the moment and when i tarnsfer files through vsftpd transfers in rtorrent come to a stop even tho vsftpd has been rate limited
<mynous> also it seems that if uploads are going quickly then downloads suffer or the other way around
<ascent> well, that's common on adsl-type links. Not sure what you're connected to?
<mynous> well its on a 10mb full-duplex connection :\
<ascent> and is it really full duplexed ? ifconfig says so? switch leds say so?
<mynous> i cant see the switch leds, its remote
<ascent> ah okay
<ascent> ethtool?
<ascent> dmesg?
<mynous> Settings for eth0:
<mynous> 	Supported ports: [ TP MII ]
<mynous> 	Supported link modes:   10baseT/Half 10baseT/Full
<mynous> 	                        100baseT/Half 100baseT/Full
<mynous> 	Supports auto-negotiation: Yes
<mynous> 	Advertised link modes:  10baseT/Half 10baseT/Full
<mynous> 	                        100baseT/Half 100baseT/Full
<mynous> 	Advertised auto-negotiation: No
<mynous> 	Speed: 10Mb/s
<mynous> 	Duplex: Full
<mynous> 	Port: MII
<mynous> 	PHYAD: 1
<mynous> 	Transceiver: internal
<mynous> 	Auto-negotiation: off
<mynous> 	Supports Wake-on: pumbg
<mynous> 	Wake-on: d
<mynous> 	Current message level: 0x00000001 (1)
<mynous> 	Link detected: yes
<ascent> Auto-negotiation setting to "On" might help?
<mynous> possibly but im trying to find out if the particular nic has a problem with that as ive read some do
<ascent> right -- and, remote, right? nice.. :/
<mynous> also when i first got it i was using considerably more than my 10mb connection so i was told to use : ethtool -s eth0 speed 10 duplex full autoneg off	
<mynous> yeah i know, its a rhine II from whati can tell from lspci
<mynous> so im not sure why they specifically mentions autoneg off
<mynous> i suppose autoneg on couldnt do much harm other than not work?
<ascent> right :)
<ascent> It won't break a thing.
<mynous> wouldnt be the first time
<mynous> i uninstalled libncurses a while back :P
<ascent> but -- you we're using more than your 10mb connection? are they rate-limiting you by having you ``downgrade'' yourself? ;)
<ascent> oh, nice one ;)
<mynous> yeah thats why they wanted it set at 10mb
<arrrghhh> so i partitioned some drives with cfdisk, and now i can find the uuid from the vol_id command, but it doesn't show when i do ls /dev/disk/by-uuid -alh
<mynous> ascent: well i tried it, we will see
<ascent> mynous: okay :)
<mynous> nic is still working yay!
<ascent> hurray ;)
<mynous> what is it that autoneg does?
<ascent> it tries to negotiate with the next device about a speed both devices know of
<ascent> in general, just enabling it won't hurt, only specific cases where you need to explicitly set it off
<mynous> i cant see any reasons why you would explicitly want it off
<mynous> it does "seem" to have helped slightly
<jhouse_> With all this just enough operating system stuff, is ubuntu server now dominantly command line?  My install of 8.10 server wasn't X-based like I had expected.
<ascent> I do -- at work, we use a fiber connection and that device doesn't cope with autoneg's :)
<ascent> jhouse_: just installed -server as well, in vmware
<ascent> well, almost done, still installing.
<ascent> No X for server installs is fine for me tough.
<mynous> well it doesnt seem to have helped much, rtorrent uploads hitting 5mb stop the transfer, when the ftp client reconnects the upload rates drop off for rtorrent
<jhouse_> My bigger concern is that it failed to detect my network connection and then dumped me to the command line when I booted up.
<mynous> well setting autoneg on set it to halfduplex :(
<jhouse_> I have a wifi card and no ethernet connection.
<ascent> mynous: okay, that may be why it needs autoneg off in your case.
<mynous> yeah
<mynous> what is PHYAD: 1  in ethtool?
<ascent> not sure. what does the manual say?
<mynous> phyad N
<mynous>               PHY address.
<mynous> not much
<ascent> hurray :)
<ascent> dunno, sorry :)
<mynous> lol
<ascent> How much overhead would a crypted FS give, I wonder..
<ascent> Off to bed now, later!
<jhouse_> Trying to reinstall now...  At the start of the install, I see two errors/warnings.  One is that it's ingoring an aperature beyond 4G and the other is something about USB on port 1.  Would any cause me significant trouble?  I'm thinking maybe the aperature error would be why I don't have a graphical install?
<mynous> using ifconfig i get a listing that says collisions:29975, i recon this is bad but im not sure how to fix it
<DrSmall> Greetings
<arrrghhh> why is my new drive not showing up in ls /dev/disk/by-uuid -alh?  i can't mount it in fstab with uuid since it's not listed there.
<hads> I've seen them not show up there stright after partitioning occasionally.
<timreichhart> anybody in this chat room here?
<Ahmuck> hi.  i'd like to buy one drive and use it in a degraded array and buy the second one 2 weeks later.  does ubuntu server have raid1 software that will allow this?
<timreichhart> can anybody help me to confg my modem on my server 8.04 i am using Agere Systems LT WinModem
<arrrghhh> so i don't get it.  how do i add a partition to /dev/disk/by-uuid?
<arrrghhh> i used cfdisk and i can find the uuid by using vol_id, but i can't find the uuid in /dev/disk, and i can't mount with uuid when there's no entry for it there.
<hads> There's likely a way to make them show up by restarting something. They should do after a reboot to. You could also be evil and link them manually
<timreichhart> can anybody help me to confg my modem on my server 8.04 i am using Agere Systems LT WinModem
<Ahmuck> hwo does manual partitioning work with LVM
<tonyyarusso> Ahmuck: Basically, you set up LVM first, and then go through the regular partitioning after that using the logical volumes you created.
<Ahmuck> tonyyarusso: thx
<HellMind> How is called the pkg that works like network manager on ubuntu server 8.10?
<Illusion> hello folks
<Illusion> Can somebody please help me to get pxeboot(netboot) working on a server. I want to run Kubuntu Live on client without a hard drive
<Illusion> Starting rpc mountd...                                                [fail]
<centaur5> https://help.ubuntu.com/community/UbuntuLTSP/LTSPQuickInstall worked fine for me when I did it.
<Illusion> did you choose the option in the setup install LTS server?
<centaur5> No, but that should work just as easily. My only problem with LTSP was an incompatibility with a video card I was trying to use and had to find a different one.
<Illusion> problem i have currenly is that clients boot up in a initram shell or smt
<Illusion> btw by installing LTSP my dhcp is down
<centaur5> That's what was happening to me until I changed my video card and I was getting an error message in .xsession-errors
<Illusion> hmmz why is dhcp3 down :S
<Illusion> on the server i mean
<Illusion> i can start or stop it
<Illusion> *can
<Illusion> t
<Illusion> doesnt make sense to me to change the videocard on the server
<centaur5> My problem was video card on the thin client.
<centaur5> Check /var/log/syslog to see if there are errors with your DHCP configuration.
<Illusion> sec
<Illusion> another weird thing then
<Illusion> it's 10 am here
<Illusion> and logs unit 8am
<Illusion> *until
<Illusion>  * Starting DHCP server:                                                 [fail]
<Illusion> invoke-rc.d: initscript dhcp3-server, action "force-reload" failed.
<Illusion> thats in the shell
<centaur5> Your dhcp conf file isn't right then.
<Illusion> i can show ya, sec
<Illusion> http://pastebin.com/m333d06be
<Illusion> looking good to me as this config has been working before
<Illusion> i think LSTP installed another DHCP server'
<centaur5> I don't think you should have the next-server line if this is your LTSP server and also the filename line needs to be within the brackets under the dhcp range.
<Illusion> still failing after your comment
<Illusion> cant i just total erase the LSTP instalation?
<centaur5> yes
<Illusion> or dhcp reconfigure?
<Illusion> i cant stop or start dhcp at all
<Illusion> restart even
<Illusion> dhcp3-server is the problem
<Illusion> i think
<centaur5> Make sure you have everything in order according to this https://help.ubuntu.com/community/dhcp3-server
<ascent> Good morning everybody!
<centaur5> I think it's time for me to say g'night  :)
<Illusion> nn
<Illusion> you leave me like this :P
<Illusion> this is the problem:
<Illusion> ./etc/default/dhcp3-server
<centaur5> Sorry, it's 2:20 a.m. here and I'm falling asleep.
<Illusion> and /etc/init.d/dhcp3-server
<Illusion> it takes it from default wich is empty
<Illusion> np centaur5
<centaur5> Illusion: Good luck. I'll be in tomorrow but you'll probably find someone smarter to help you.
<Illusion> BAH
<Illusion> Segmentation fault
<Illusion> lol
<Illusion> nn centaur5
<ascent> hehe
<Illusion> he fecked my installation :P lol
<Illusion> sudo dpkg-reconfigure ltsp-server-standalone - doesn't work either
<Illusion> same as with dhcp3
<Illusion> even installing dhcp will remove dhcp3 and ltsp-server-standalone
<Illusion> but again i cant start any dhcp services
<Illusion> :S
<Illusion> Can somebody help me pls?
<Illusion>  * Stopping DHCP server                                                                                                                                [fail]
<Illusion> Internet Systems Consortium DHCP Server V3.0.3
<Illusion> Copyright 2004-2005 Internet Systems Consortium.
<Illusion> All rights reserved.
<Illusion> For info, please visit http://www.isc.org/sw/dhcp/
<Illusion>  * Starting DHCP server:                                                                                                                               [fail]
<Illusion> invoke-rc.d: initscript dhcp3-server, action "start" failed.
<ascent> what's the actual error?
<Illusion> no errors my logs are empty/not updated either
<ascent> ok
<Illusion> the configuartion is the same as before installing LSTP
<Illusion> i think another DHCP service is running
<Illusion> but i don't know which one
<ascent> stop it :)
<Illusion> lol
<ascent> bad idea?
<Illusion> what are the most common dhcp services for dhcp?
<ascent> how do you mean?
<Illusion> seems that there is dhcp and dhcp3
<Illusion> wonder if there's more
<ascent> Just stop the processes?
<Illusion> i cant stop dhcp3
<Illusion> cant start it either
<Illusion> weird isnt it
<Illusion> its installed tho
<LoveGuru> Is there anyone Familiar with sql-ledger
<Illusion> ascent its not my config
<Illusion> i did # in all the lines
<Illusion> and it still wont stop or start
<ascent> illusion: will dhcp(d?) even start with an empty config?
<Illusion> yes
<Illusion> looks like it
<Illusion> cause i get the same message over and over
<Illusion> no matter what i do
<Illusion>  * Stopping DHCP server                                                                                                                                [fail]
<Illusion> Internet Systems Consortium DHCP Server V3.0.3
<Illusion> Copyright 2004-2005 Internet Systems Consortium.
<Illusion> All rights reserved.
<Illusion> For info, please visit http://www.isc.org/sw/dhcp/
<Illusion>  * Starting DHCP server:
<Illusion> fail
<Illusion> still wonder why my logs are empty
<Illusion> date is 10:47 here and my logs go to 8am
<Illusion> :S
<Illusion> *time
<Illusion> version 3 of dhcp-server is not the default server message
<Illusion> thnx centaur5 :)
<Illusion>  * Starting DHCP server:                                                                                                                               [fail]
<Illusion> invoke-rc.d: initscript dhcp3-server, action "start" failed.
<Illusion> root@The-Hive-S1:~#
<Illusion> ypbind[12491]: broadcast: RPC: Timed ou
<Illusion> t
<Illusion> this really annoyes me
<ascent> ah, it's even a dutchy ;)
<Illusion> lol
<Illusion> i will start swearing if i need to reinstall the server
<Illusion> then i wouldn't be pleased at all
<ascent> Then dig into the problem instead of pasting the whole channel =)
<Illusion> lol i am
<ascent> okies.. good luck mate.
<Illusion> hopefully i can fix it
<Illusion> but it seems i have a problem here
<Illusion> udp 0 0 *:bootps *:* - is not in netstat -uap
<Illusion> Status of DHCP server: dhcpd3 is not running.
<kraut> moin
<ascent> mogge.
<Illusion> ascent i have dhcp running again
 * delcoyote hi
<ascent> good job
<Illusion> now i need to boot the ditsro
<Illusion> cause my pxeboot boots in initramfs
<foo> Hm, anyone in here interested in writing articles for pay? Looking for these categories: Linux servers, Linux on the Desktop, Multimedia and Linux, Linux Applications, Distro Reviews, Linux Security, Linux Programming, Misc Linux Articles, and Linux Installation articles. Not sure how to go about finding the right people, but I'm helping out this forum who is lookin' for some articles. Nothing demanding... feel free to PM me for more info. Thanks!
<rhalff> hi do I need dbus on a server ?
<rhalff> if I remove dbus and no critical packages are removed along with it, I probably don't need it right ?
<uvirtbot> New bug: #295520 in dhcp3 (main) "dhcp3-server vlan support seems to be broken" [Undecided,New] https://launchpad.net/bugs/295520
<m11> hello
<rhalff> any of you using iscsitarget ?
<rhalff> I get can't create a target 17
<Tristan-B> hi
<Tristan-B> I have just rebooted/shutdown my server for maintanence, and booting it back up, I am unable to ssh into the server
<Tristan-B> it was just a reboot/shutdown, no real maintanence was done
<Tristan-B> any idea
 * Tristan-B glares
<Tristan-B> hey how do I start ssh
<Tristan-B> sshd
<Tristan-B> answer someone
<Tristan-B> whatever
<billybigrigger> morning all
<billybigrigger> is there a free version of landscape available? or maybe even an alternative that i can install? i just have a home server and don't really need to pay 150/year, so a free or alternate package would be nice
<ScottK> What do you think you need it for?
<billybigrigger> well i saw a screeny of it and it had nice graphs for stats and all that, and the new package notifications looked good, just wondering if there was a free alternative
<ScottK> Probably not all in one package, but I'd expect most of it's functionality is in one or another package.
<D4rkMist> whot is speak ????
<mario_> Hi, is possible to use a logical volume in a guest system using kvm?
<soren> Yes.
<mario_> where can i find documentation about this?
<soren> What do you need to know?
<soren> You just use it like you would any other file or device.
<mario_> id' like to use a logical volume in a guest system, recognized such as /dev/sda2
<mario_> and let only that guest to access the lv
<mario_> more clearly i'm setting up a virtulized file server
<mario_> that have to serve file that are on a lv
<soren> It wouldn't be known as /dev/sda2, but rather /dev/sdc
<soren> ...or whatever.
<soren> It's simple.
<soren> kvm -hda /path/to/some/file.img
<soren> that's the usual way
<soren> ...if it's an lv:
<soren> kvm -hda /dev/vg00/lv2
<soren> No different.
<mario_> yes you are right as /dev/sdc not as another partition, ok, is it possible to assign during the creation with vmbuilder?
<soren> That's what the --raw option is for.
<mario_> thank you!
<soren> It works for me, but I've heard of people having problems with it..
<Ahmuck> i've had problems with lvm and vm
<mario_> mmm --raw is not in the man , how can i use it? what kind of problems?
<mario_> can someone share his experience with lvm and kvm?
<MontyMars> hello?
<nijaba> mario_: use "sudo vmbuilder kvm ubuntu --help" to view all options
<mario_> thank you
<MontyMars> can anyone help me set up extra users for samba?
<mario_> nijaba, --raw is used to set the first disk image?what does it means?
<nijaba> mario_: hmm, the text look wrong.  should read: "Specify the path to a raw file or device to install in.  Can be specified multiple  time  in  conâ
<nijaba>               junction with --part, paths will be used in the order presented. Make sure that the raw element(s)
<nijaba>               specified have enough free space."
<mario_> ok so i have to create n raw device and n elements in the partition file
<mario_> is right?
<nijaba> mario_: not exactly. one --raw per "disk", a disk can have multiple partitions in --part
<mario_> nijaba, ok thank you again
<nijaba> np
<mario_> what is the function of /srv ?
<soren> mario_: http://www.pathname.com/fhs/pub/fhs-2.3.html#SRVDATAFORSERVICESPROVIDEDBYSYSTEM
<hikenboot> hello all--does the open-iscsi package provide an alternative iscsi target or initiator or both when compaired with the other two packages availabe
<hikenboot> s/availabe /available
<soren> It's an iscsi initiator.
<soren> I don't know what you mean by alternative.
<mario_> How can i force vmbuilder to create the system into an already existing file?
<hikenboot> can anyone explain where the man page is for iscsitarget? man iscsitarget man iscsi-target man iscsi nothing comes up!
<ScottK> hikenboot: You can search for it here: http://manpages.ubuntu.com/
<uvirtbot> New bug: #295684 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.0.67-0ubuntu6 failed to install/upgrade: subprocess pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/295684
<mstirner> hello, i think i've just locked myself out of my vserver by changing the username; its "not in sudoers" now so cannot get root
#ubuntu-server 2008-11-09
<uvirtbot> New bug: #295398 in samba (main) "The name of domain in samba is incorrect" [Undecided,New] https://launchpad.net/bugs/295398
<greenman> hey, what vm is installed with the "Virtual Machine host" option during install?
<zul> kvm
<greenman> ok cool, i just wanted to check before checking that option
<greenman> hey, is there a tutorial anywhere about giving ubuntu server a gui
<wsa> so I'm looking at this (incomplete) howto: https://help.ubuntu.com/community/Router
<wsa> what file is shown in the 'The Firewall Script' section?  (https://help.ubuntu.com/community/Router#The%20Firewall%20Script)
<paul> im needing some help, i tryed to upgrade to latest ubuntu server build, and the installion failed, ever since, my file system has become read only, iv been needing to remount the hdd each time the box restarts to get it working again, anyone help me fix this?
<nxvl> zul: ping!
<nxvl> zul: i've just see a perivuan flute band at the airport!!! i took a picture for you, i will upload it after heading the hotel
<Lifesf> anyone can help me with proftpd / gadmin-proftpd?
<paul> Lifesf: proftp probably yea
<Lifesf> well,... i ask here also because i install the server version of ubutnu then the desktop over it
<Lifesf> i used to be able to use proftpd with gui; i think it was in gutsy, but ever since moving up,... all the gproftpd have crashed when trying to open
<Lifesf> although; i did that because only desktop it wouldn't work either
<mib_j1hc8pb8> alguien me puede ayudar con ubuntu 8.10, no tengo internet
<Lifesf> Hi; i have come earlier because gadmin-proftpd crashes when trying to start it; but then again.... Apache doesn't seem to be working on my pc either
<Lifesf> could these problems be related?
<mib_j1hc8pb8> somebody knows of some video that explains to you like doing it? in order to have an IP ADRESS static in my Ubuntu 8.10
<NineTeen67Comet> Sorry if this quesion doesn't fit this room but: I've got some network issues between my copper side and my wireless side. They can't ssh each other, but they can ssh w/in their respective path (wireless to wireless and copper to copper) .. they are all part of the 192.168.0.* network, and here is my picture/current layout: http://www.openlug.com/?p=39
<NineTeen67Comet> Is there a #networking room? I don't know how to search with in IRC
<jahor> hello, does anybody know about some tool (like lintian for packages) to check policies on servers ? i mean somethink like 'apache must have server tokens only', 'resolv.conf must have 2 working nameserver lines', 'all filesystems must have coresponding line in nagios nrpe config' etc etc ?
<Richard_> When i shutdown the laptop i can see the orange bar of the splash going down, but it won't finnish, it goes to 80-90% and then the pc goes to a blank state(black) with a blinkin' cursor on top left, so i have to press the power button myself to shut it down, could i have damaged any file of the system or left temporary files(as the splash doesnt go to 0% unloading) by pressing the button?
<Richard_> What can cause this? any proccess still running?
<hikenboot> can anyone tell me if automake autotools-dev m4 autoconf2.13 autobook autoconf-archive gnu-standards autoconf-doc libtool  are available on the ubuntu server 8.1  cd so i can use it as an apt source since i have a vm that has no networking capability
<Deeps> build-essential usually is
<Deeps> dunno if that covers all that you need
<Deeps> easiest way to be sure is to try
<Baversjo> Hello! Is there any way to make the pam_limits PAM module write a message to the user that tries to login if the login was unsuccessful instead of writing it to the log?
<Baversjo> As it it now, the user only gets disconnected
<hikenboot> anyone know the command for adding intrepid cdrom as an apt source in apt/sources.list
<andriijas> Im running ubuntu-server on a sony vaio laptop, i have installed powernowd to enable speedstep because i only run irssi and a small webserver on this machine. sensors say that the temperature is +43C  but the fan speed is always maximal. i cant find anyway to lower the fanspeed?
<KingOfDos> andriijas: apt-get install cpufreqd cpufrequtils
<andriijas> KingOfDos: cpufreq doesnt change the fan speed of a laptop?
<KingOfDos> after that's running. check out cpufreq-info and see what "steps" you've got available. and on what step it's running currently.
<andriijas> i already got speed step working, its a laptop and it doesnt have a cpu fan. theres just a laptop fan
<KingOfDos> andriijas: i'll "guess" that the fan speed is related to the cpu temperature. so if you can lower the temp then you can lower the fan ;)
<andriijas> the computer should lower the fan speed automaticly yeah
<andriijas> the cpu is already running on the lowest step wich is good enough
<andriijas> still the fan keeps running at max :(
<KingOfDos> does that happen when you run windows on it? or is it some general hardware problem?
<andriijas> nope in windows both the fan and cpu is controlled
<KingOfDos> I had seen a couple of laptops witch always used to full fan speed, even when they can change it based on temperature, this was both on windows as on linux.
<andriijas> hmm alright
<KingOfDos> what kind of settings did you use at the daemon?
<KingOfDos> and are u using powernowd or cpufreqd?
<andriijas> which daemon? powernowd?
<andriijas> pn
<andriijas> i googled and found this http://www.linux.it/~malattia/wiki/index.php/Sony-laptop#Fan_speed_control
<andriijas> but i dont have any /sys/devices/platform/sony-laptop/fanspeed
<andriijas> KingOfDos: is cpufreqd better than powernowd? i found out there is something called cpudyn aswell
<KingOfDos> don't know. on my workstation is powernowd running, on my laptop i'd installed cpufreqd at this moment to check something
<KingOfDos> you can try to install it (it will automatilly replace powernowd), if it doesn't work right/nice, then install powernowd again ;)
<KingOfDos> what type of AC_SCHEME are you using with powernowd?
<KingOfDos> I'll see that there is some "acoustic" scheme for powernowd. That will be nice i'll guess ;)
<KingOfDos> lower temperature (when idle) is lower fanspeed, at least for the most laptops ;)
<maxstirner> hello, i'm having problems with the default ubuntu server mail setup
<maxstirner> i tried adding a new user using adduser, and I successfully sent mail to it; I cannot set up the account in thunderbird on my local system however..
<maxstirner> could anyone point me to some documentation for this?
<andriijas> KingOfDos: i dont know, i just apt get installed powernowd so i guess it runs on default conf
<KingOfDos> andriijas: in that case: when your laptop is at AC power it will be running at performance mode.
<andriijas> KingOfDos: are you sure? because cat /proc/cpuinfo says model name	: Intel(R) Pentium(R) M processor 1.73GHz
<andriijas> cpu MHz		: 798.000
<KingOfDos> hm. indeed
<andriijas> and if i understand that right the cpu is running at 789 mhz instead of 1.73GHz
<andriijas> do i need to make any more config to tell it to tell it to not run in performance mode?
<KingOfDos> i don't think so. but i'm not that good with powermanagement, so i can be wrong ;)
<KingOfDos> i'm managing servers and i'll put them to performance mode. my 3 year old HP laptop is still running about 3 hour on battery
<andriijas> awesome
<KingOfDos> my ex-girlfriend's laptop was always running to fast, like the powersave options where broken (on a windows based system). that's a vacuum-cleaner if you want to sleep ;)
<KingOfDos> but, somehow. now i'd installed cpufreqd on my laptop. it's not using 36 watt, but 26 watt.
<KingOfDos> and it's running at 1300MHz instead of the lowest step of +/- 800MHz
<KingOfDos> So i'll guess that if I change my cpufreqd setup a bit, that i can force it to run slower (change the "scaling up" time, somehow?). so even configure it to run longer. but anyhow ;)
<andriijas> hehe
<andriijas> im soon considering breaking the damn fan..
<KingOfDos> andriijas: try to read this -> http://ubuntuforums.org/archive/index.php/t-238566.html
<KingOfDos> or simular topics, based on your vaio type.
<KingOfDos> breaking something is never good, there is always some way to fix it (so far i can tell)
<andriijas> :)
<Pizarro> Hi
<Pizarro> Can anyone help me please?
<Pizarro> I can establish a VPN connection from a XP machine to a Ubuntu server (pptp), however I can't do the same fomr an Ubuntu desktop machine
<Pizarro> Help!
<Pizarro> This will force me to log into XP to access my office which is a silly thing, use an XP machine to access an Ubuntu one!
<hikenboot> anyone know what tools i am supposed to install to get iscsitarget to build i am getting messag.c:130 error storage size of cred isn't known
<zul> nxvl: lol
<rgotten> how do i know if i have 64 or32 bit for upgrade
<Ahmuck> pull the hard drive and check the bits
<rgotten> i am trying to upgrade to the latest ubuntu, isisnt this related to motherboard more than tho har drive?
<Ahmuck> rgotten: it's processor
<Ahmuck> do you have a sepearte /home partition and /storage partition now?
<rgotten> Ahmuck: so how do i know if i have 32 or 64?
<Ahmuck> currently or downloaded?
<Ahmuck> http://www.ubuntu.com/getubuntu/download
<Ahmuck> towards the bottom
<rgotten> i want o know what i have 32 or 64 to download the appropiate version
<rgotten> i also need to know the following, i have my ubuntu server and i have windows clients conected to the server thru samba. my server has an e-sata conecection, i have a folder on the server that is acces by windows computers were a store a lot of word documents. Can i conect an external harddrive to the e-sata conecter and do backups so if the server goes down i can connect the hard drive to one of the windwos computer and read the in
<Ahmuck> data.  windows will read fat32 partitions, writing the data in 32bit mode in fat32 seems like that would cover you.  the best idea is to test
<Ahmuck> will windows read a ext3 partition on your external esata drive, that i don't know
<KingOfDos> Is there a way to see "what" controller is what /dev/videoXX ?
<KingOfDos> I've got 5x composite in, 2x radio in, 3x TV in, 2x composite out.
<JaxxMaxx__> I'm having some difficulty working with  /etc/init.d   scripts.   Are they supposed to work in tandem with  /etc/rcX.d   scripts,   or is it one VS the other?   Using Ubuntu Server 8.04 LTS here...
<Deeps> /etc/init.d/ holds the scripts
<Deeps> /etc/rcX.d/ contains symlinks to the scripts depending on whether they should be started or stopped as you enter that particular runlevel
<Deeps> or at least, /should/, unless you've done something different
<JaxxMaxx__> I'm having an issue where one of the startup scripts,  or whatever component,  isn't creating the  .pid  file for one of my daemons,   and therefore the init.d  scripts cannot stop or restart that service.    Is there any way to find out which part of the startup script is failing to create the file?    what process actually makes the .pid  files anyway?
<ScottK> JaxxMaxx__: Usually it's the init script.  You can generally find them in /etc/init.d
<JaxxMaxx__> yeah, I've located it there, but I'm unsure what part of it is supposed to write out the .pid file
<ScottK> Is this from an Ubuntu package?
<JaxxMaxx__> it's  freeradius,  I have the init.d  script on paste.ubuntu, http://paste.ubuntu.com/69708/
<JaxxMaxx__> I'm not sure if Ubuntu has the latest freeradius release.   I did  install outside the package manager, at least once
<ScottK> Line 53 is what should do it.  Looking at it, it looks right.
<Spirits-Sight> Is there any one here willing to help setup a Ubuntu server for a non-profit organization
<Spirits-Sight> in the USA
<Deeps> given the legal rammifications of doing anything for anyone in the USA...
<Deeps> heh
<Spirits-Sight> Deeps: is that a joke :-) I know people in USA are should we say not so nice any more it seems
<Spirits-Sight> Deeps: you in the USA
<Deeps> no, i'm not brave enough to live in the land of the brave, heh
<Spirits-Sight> LOL I like that LOL, I am not happy living here many times and for sure with the past president LOL
<Spirits-Sight> Ok, so the question still stands is there any one here from the USA that would be willing to help setup a server system for a non-profit org, the server would need asterisk also
<thenewguy> yay irc for the win
<Shpook> So, I'd like to be able to access my home LAN server from anywhere on the web, and through the server, and computers that are connected. Where would I start? I'm assuming it wouldn't be too difficult.
<Deeps> depends on how you want to be able to access your server
<Deeps> simplest way would be to open tcp/22 to the server and just use ssh
<Deeps> also happens to be one of the more secure ways
<Shpook> I was hoping to access through http, and be able to assign a domain name to it.
<Shpook> Mainly to make it easier on my wife and daughter.
<Shpook> I mean, security is an issue of course, but I don't need Fort Knox.
<Deeps> well, you probably want to look at
<Deeps> !ebox | Shpook
<ubottu> Shpook: ebox is a web-based GUI interface for administering a server. It is designed to work with Ubuntu/Debian style configuration management. See https://help.ubuntu.com/community/eBox
<Deeps> and if you're using intrepid, this is probably relevant to your interests: https://launchpad.net/bugs/293993
<uvirtbot> Launchpad bug 293993 in ebox "ebox will not install in 8.10 server - dependency problem (dup-of: 255368)" [Undecided,New]
<uvirtbot> Launchpad bug 255368 in ebox "ebox: Depends: libapache-authcookie-perl but it is not installable " [Undecided,Confirmed]
<Shpook> Hmmm
<Shpook> That would be a problem then.
<Deeps> i believe workarounds are described in the bug reports
<Shpook> Yeah I just found one that says it works.
<Shpook> Cool, I appreciate it, I'll look into it now and get started. :D
#ubuntu-server 2009-11-02
<uvirtbot> New bug: #469336 in linux (main) "part of lm-sensors and fancontrol does not work after fresh install of 9.10" [Undecided,New] https://launchpad.net/bugs/469336
<snth> Why is there no way to load a different version of the kernel without rebooting?
<twb> Erm, because that's how kernels work.
<twb> It's like saying "why can't I refuel my cessna without landing?"
<snth> twb: hmm .. they should work differently then.
<twb> You are welcome to talk to Hurd or Mach about that.
<twb> Microkernels are probably more "pluggable"
<twb> The erlang people have also done some work into replacing components of a large, scary system while it's running, without the whole thing crashing down
<snth> See, it is possible to refuel it without landing then ;).
<twb> You can refuel some aircraft in mid-air, but they generally have to be designed from the ground up with that functionality in mind.
<snth> I know that you can patch it without rebooting.
<twb> Do you just.
<jmarsden> snth: You may be interested in http://arstechnica.com/open-source/news/2009/07/ksplice-is-like-viagra-for-linux-server-uptime.ars
<snth> jmarsden: Yeah, exactly. They can apply patches, but I am not sure that they can reload a whole new version.
<jmarsden> snth: kspice is open source -- if this is important to you, learn all about it and improve it so it does what you need.
<jmarsden> *ksplice
<JanC> I think VMS kernel can update without rebooting too, I wonder why MS didn't port that VMS-feature to NT with all the rest they took from it  ;)
<twb> IIRC ksplice also can't patch kernels arbitrarily.  Any change involving a data structure still requires a reboot.
<crohakon> I need a good guide on setting up virtual hosts...
<crohakon> anyone got a good link?
<twb> The ubuntu admin guide should include that
<twb> Unfortunately there's no bloody link in ubottu, nor in /topic, and ICBF digging it up yet again
<crohakon> is the admin guide the same as the server guide
<twb> Yeah
<crohakon> ahh
<crohakon> okay, I have the link booked marketed. Thanks
<twb> Which is why it takes me so long to find
<crohakon> and yeah, why is it not in the topic?
<crohakon> Any operators here want to be nice and add the link to the topic?
<twb> !ops
<ubottu> Help! Channel emergency! infinity, soren, lamont, mathiaz or tom
<crohakon> lol
<crohakon> Also, I am not sure creating virtual hosts is the best option...
<crohakon> I have two friends that are going to college for digital media design... and part of the course study is building websites. I wanted to set them up with a play ground on my server. Give them an one FTP account each, and access to a sub directory each. I am not really worried about security...
<crohakon> Should I just create the two sub domains and create two ftp accounts that only have access to the respective directories?
<nalioth> twb: everything sorted?
<ajmitch> nalioth: it was about adding the server guide to the topic
<crohakon> https://help.ubuntu.com/9.04/serverguide/C/index.html <--- in topic
<twb> And/or in ubottu
<ajmitch> though when I look now, I see "server guide: http://tinyurl.com/65jzxw"
<twb> Oh.
<crohakon> oh...
<ajmitch> so I guess it's sorted enough
 * crohakon dislikes tinyurl...
<twb> I guess I don't look at tinyurls because they only exist for rickrolling
<ajmitch> rickrolling & cramming as much as possible into a channel topic
<crohakon> although, that tinyurl is for 8.something... not 9.04... or .10 for that matter...
<twb> You could lose the www. from esr's site :-)
<twb> But also the other stuff in /topic wasn't tinyurl'd.
<ajmitch> you could lose esr's site
<ajmitch> crohakon: right, it goes to the server guide for hardy, the last LTS release
<twb> Yeah, replace it with the copy on linuxmafia
<twb> Since Moen isn't an NRA goon
<twb> >duck<
<snth> Does anyone know what's the equivalent to Redhat Kudzu in Ubuntu?
<twb> snth: you could create one by adding an init script that does "sleep 10m"
<snth> twb: what? Kudzu is a hardware detection tool.
<snth> It simply probes for the hardware, looks up the driver/module in a hwdatabase. Then configures your kernel to load that module.
<twb> IME what kudzu mainly does is say:
<twb> "hi, headless machine with no display!  Apparently the mouse was unplugged, so I will sit here and wait for input for a while instead of booting!"
<qman__> I have never needed anything to perform that function since I started using ubuntu
<qman__> 4 years ago
<twb> But if you're talking about hardware detection, the closest thing is probably udev (for NICs) and UUID/LABELs (for fstab).
<qman__> it just works
<snth> qman__: I am trying to understand how it works :)
<twb> In theory what kudzu is supposed to do is notice when you replace one NIC with another, or add a NIC, and pop up a helpful GUI asking you what to do about it.
<qman__> ubuntu just does something about it
<qman__> and doesn't ask you
<qman__> if it's wrong, you go in and fix it
<twb> Mainly what it does is REALLY, REALLY annoy you
<snth> Kudzu doesn't have to ask you about anything. Also, it doesn't only work for NICs. It literally probes for any hardware you add/change.
<twb> For example, it once managed to remove all the nodes from my RAID (or was it LVM?) array when I swapped in a new HDD
<qman__> the point is, that function is not necessary
<qman__> the system handles hardware changes without that
<snth> Infact, as far as I remember, kudzu doesn' automatically run. It only runs during boot .. then, you can run it manually, but it won't just detect stuff for you after booting.
<twb> qman__: rather, Ubuntu acts the same as if you let Kudzu time out.
<qman__> right
<twb> snth: IME it runs automatically during boot.
<qman__> it's handled by udev (I think it's still udev?)
<qman__> it just takes care of it
<twb> udev will notice new hardware, but not do anything about it.
<qman__> no user interaction necessary
<snth> *looking up IME*
<twb> IME = In My Experience
<twb> Install bsdgames, run "wtf ime"
<snth> :)
<snth> So, when udev detects hardware, how do you load the right module for that hardware?
<snth> I mean, how do you know which module/driver to load?
<qman__> normally, it just loads it
<twb> snth: if modules aren't automatically loaded, that is a bug
<twb> snth: the system includes a big database of magic numbers vs. modules to load
<snth> What loads that module?
<qman__> the only thing the user needs to do is possibly configure the system to use it, like adding a NIC and assigning the IP address
<qman__> or adding a disk and specifying a mount point
<twb> If you get a very new piece of hardware, it might not be in the database yet.  Then you need to edit /etc/modules by hand.
<qman__> theoretically you should never have to load or unload modules
<snth> twb: where is that database in the system?
<qman__> of course the world isn't perfect and some stuff doesn't work right out of the box, but for the most part, it works great
<twb> snth: a combination of /etc/udev/rules.d and /etc/modutils.d, IIRC
<twb> snth: udev mainly says things like "oh, a sata disk!  I'd better load SATA disk support."
<twb> Some of it is also handled within the kernel itself, I imagine.
<qman__> but that's precisely the point
<snth> twb: hmm ..that behavior of udev is what kuduz does.
<crohakon> trying to setup virtual users in vsftpd is giving me a headache...
<qman__> while in redhat you use kudzu, in ubuntu, it just works, and you never have to worry about it
<twb> snth: then kudzu is obsolete and useless.
<snth> :) fair enough.
<snth> hmm udev man page says that udevd receives uevents directly from the kernel if a device is added or removed from the system. qman__ So I guess this is how it just works :)
<snth> I wonder what module in the kernel sends these uevents.
<snth> twb: man hald this has the database I was talking to you about.
<twb> snth: hal is obsolete
<twb> snth: it's functionality has been absorbed by udev
<snth> hmm .. is this what is replaced by udev?
<snth> Oh OK.
<twb> https://wiki.ubuntu.com/Halsectomy
<twb> Unfortunately, other parts of hal are being replaced by devkit, which is reputed to be just as broken
<snth> Cool .. thanks. That's one more difference between rhel and ubuntu. Man, the list keeps growing :).
<snth> rhel 5 still uses hal
<twb> Ubuntu still uses hal too, for now
<snth> I haven't heard of any plans for redhat to change using HAL, yet at least.
<twb> Well, RHEL do tend to lag behind everyone else
<snth> Yeah. (fortunately/Unfortunately) all of our servers are RHEL.
<twb> Pick your flavour of cowboy :-(
<snth> My company pays a ton of money for RHEL support and we have never used it -- not even once.
<twb> Switch to CentOS, then
<snth> I wish it was up to me.
<twb> My sympathies.
<snth> Management still thinks that it is better to have support for the one time that we will need it.
<twb> I am still maintaining servers that run FC3
<poningru> heh
<poningru> that is... a bad idea
<twb> Like you say: not my decision :-(
<twb> The problem with linux is it doesn't fail each week, it fails once every few years -- spectacularly.
<twb> So it's hard to convince management to fund a man-week to migrate to a newer release
<ScottK> snth: If you just want support for the one time you need it, support contracts for Ubuntu Server are a lot cheaper.
<twb> They'd prefer to spend a man-month fixing the spectacular failure while all the users mill around due to the unscheduled outage.
<snth> I rarely have problems with the kernel itself. It is usually the services on top that can/may crash.
<twb> snth: sorry, I meant GNU/Linux, not the kernel
<snth> ScottK: I wish Redhat have the same model. The problem is that all of our servers are RHEL for the last 9 or 10 years or so.
<snth> It doesn't seem that they have any plans on changing the platform.
<snth> As twb said, it doesn't break often, so they don't see why they may need to change to something else.
<twb> We need a routine-failure package
<twb> It makes stuff go wrong occasionally, and lets you configure the frequency and severity
<snth> haha .. then, they would think that you aren't doing your job right.
<twb> I actually remember seeing a package a bit like that, which was intended for vocational training of sysadmins (like the RHCE)
<snth> Maybe in a few years when ubuntu server gains reputation of stability and so forth, companies would start looking at it since it would be cheaper than redhat.
<snth> Yeah, when I was working on my RHCE we had some random scripts that just kinda mess with your system and you have to go figure out what happened. It was kinda cool.
<twb> haha "when
<twb> You mean "if"
<snth> No, I mean "when" :)
<snth> Are the ubuntu server maintainers/developers/commiters come to this channel or they have another room?
<ScottK> This is both for development and support
<snth> ScottK: thanks :) .. I am liking the discussions here so far. You guys form/have a good community in here.
<ScottK> snth: It's a distinguishing characteristic of Ubuntu in all it's flavors.  It doesn't happen by accident.
 * crohakon smashes head on vsftpd
<twb> crohakon: there's probably a #vsftpd
<crohakon> there is...
<crohakon> I had not thought about that...
<crohakon> =)
<snth> crohakon: what's the problem with vsftpd?
<twb> snth: he's trying to configure it
<twb> 14:00 <crohakon> trying to setup virtual users in vsftpd is giving me a headache...
<snth> I was just wondering .. I might be able to help.
<twb> snth: I was just telling you :-)
<crohakon> snth; Every guide I have tried those far has not worked. I just tried setting it up to use Mysql database for user/pass but that does not seem to work either.
<crohakon> those = thus
<snth> twb: I was kinda hoping for a bit more accurate description of the problem :p.
<twb> snth: fair enough
<snth> crohakon: what's your config file look like?
<crohakon> How is it that I send it to pastebin or what not from console?
<twb> crohakon: w3m hpaste.org
<twb> That's how I'd do it, anyway
<twb> There are little dedicated paste utilities, but I can't recommend one
<snth> pastebinit /etc/vsftpd
<crohakon> ahhh
<crohakon> there we go
<crohakon> http://pastebin.com/f477bf642
<snth> crohakon: and you want mysql authentication only ?
<crohakon> yes
<snth> crohakon: first mistake is in line 27. Change this to NO.
<crohakon> okay, done
<snth> crohakon: and where exactly in this file do you try to authenticate against mysql?
<crohakon> I don't know... I was following a guide... I just did what it tells me to do... something to do with PAM?
<crohakon> /etc/pam.d/vsftpd contains the lines for accessing the DB I believe...
<snth> it shouldn't .. but can you show me the contents of that file.
<snth> Also do you have the package libpam-mysql?
<crohakon> I do now..
<snth> sweet. have you created the database?
<crohakon> yes, it is created and I have users added already
<snth> crohakon: IM me, I need to send you config lines to add.
<twb> You realize that libpam-mysql only does one of the four pam bits, don't you?
<twb> (auth and not password/session/account, IIRC.)
<snth> twb: Yeah, that's how I am configuring it with crohakon now. It should suffice, right?
<twb> I don't know.
<snth> I am pretty sure that it should be fine.
<twb> I would never use mysql for anything.
<crohakon> =(
<crohakon> It just seemed like the easiest way...
<qman__> mysql and easy don't belong in the same sentence
<uvirtbot> New bug: #470071 in vsftpd (main) "Listing use locale for date representation" [Undecided,New] https://launchpad.net/bugs/470071
<kosmic> hey guys
<crohakon> qman__; I have worked with mysql for some time now... so I figured it would give me an advantage.... I was wrong.
<twb> That's like saying that you're been a plumber for five years, so you thought you'd make a sports jacket out of turds.
<crohakon> twb; I understand this now... but a few hours ago I was a tiny bit more ignorant... hehe. I am slowly working on curing that... one struggle at a time.
<Classic> hello all
<Classic> i get this error when ever i try installing mysql
<Classic> errors were encountered while processing: fuse-utils, gvfs-fuse
<matei> I have a question about the Karmic EC2 image: are Linux Containers (lxc) supposed to work on it? When I try to use lxc-execute or lxc-start, I get "lxc-execute: failed to clone(0x2c020000): Invalid argument"
<jmarsden> Classic: Installing mysql how, on what version of Ubuntu server?
<Classic> jmarsden: i used sudo apt-get install mysql. the version is 9.02
<kblin> Classic: seems unconnected to mysql, though
<kblin> ...
<kblin> Classic: seems unconnected to mysql, though
<jmarsden> Classic: Sounds like your apt-get database is inconsistent or otherwise unhappy?  Try sudo apt-get -f install      and then try the sudo apt-get install mysql again.
<Classic> kblin: i get the same error when i uninstall mysql using sudo apt-get remove mysql
<Classic> ok
<Classic> I get the same kind of error
<Classic> From running sudo apt-get -f install
<Classic> Errors where encountered while processing:
<Classic> fuse-utils
<Classic> gvfs-fuse
<crohakon> Thanks to snth I can stop hitting my head against vsftpd..
<Classic> E: Sub-process /usr/bin/dpkg reutrned an error code (1)
<jmarsden> Classic: OK...so it's *really* unhappy.. :(  Did you get those two packages in some unusual way, or have strange issues installing them?
<snth> Alright guys -- having a long week :) gotta get some sleep. Later.
<Classic> jmarsden: Wel I'm running on a VPS and I'm helping a friend install something. This was the very first command line I typed: sudo apt-get install mysql-server subversion binutils cvs cvsutils gcc gdb make libmysql++-dev libssl-dev libtool automake g++
<snth> twb: mysql_pam supports auth and account :).
<jmarsden> Classic: That doesn't really answer my question... did you try at some point to install fuse-utils or gvfs-fuse?
<twb> snth: righto
<Classic> jmarsden: Nope.
<snth> Later
<jmarsden> Classic: Did your friend, before you started helping?
<Classic> jmarsden:  No.
<Classic> jmarsden: I was the very first who accessed it. Idk if its because I was using debian commands at one point >< (I am more familiar with debian than ubuntu so yeahh).
<kblin> debian commands?
<twb> "apt-get -f install" is not a Debianism
<twb> It's a "I broke the system, please try to guess the fix for me"ism.
<jmarsden> Classic: Both sudo and apt-get work the same way in both Ubuntu and Debian... so what did you or someone else *really* do here?
<twb> Classic: pastebin the *entire* output of apt-get -f install.
<twb> Classic: I suspect the real information about the problem is during the dpkg --configure -a step.
<kblin> at least the fuse parts are not part of a plain server install
<Classic> root@sfwebhosting:/# sudo apt-get -f install
<Classic> Reading package lists... Done
<Classic> Building dependency tree... Done
<Classic> 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
<Classic> 2 not fully installed or removed.
<Classic> After this operation, 0B of additional disk space will be used.
<Classic> Setting up fuse-utils (2.7.4-1.1ubuntu4) ...
<Classic> creating fuse group...
<Classic> udev active, skipping device node creation.
<jmarsden> Classic: Use pastebin please!
<Classic>  * Reloading kernel event manager...                                            No /sbin/udevd found running; none killed.
<Classic>                                                                          [fail]
<Classic> invoke-rc.d: initscript udev, action "reload" failed.
<Classic> dpkg: error processing fuse-utils (--configure):
<Classic>  subprocess post-installation script returned error exit status 1
<Classic> dpkg: dependency problems prevent configuration of gvfs-fuse:
<omani> Classic, wtf?!
<Classic>  gvfs-fuse depends on fuse-utils; however:
<Classic>   Package fuse-utils is not configured yet.
<Classic> dpkg: error processing gvfs-fuse (--configure):
<Classic>  dependency problems - leaving unconfigured
<Classic> No apport report written because the error message indicates its a followup error from a previous failure.
<Classic>                           Errors were encountered while processing:
<Classic>  fuse-utils
<Classic>  gvfs-fuse
<Classic> E: Sub-process /usr/bin/dpkg returned an error code (1)
<Classic> Sorry
<Classic> http://paste-it.net/public/wd13eb3/
<jmarsden> If you are sure you don't need those packages, try removing them.
<Classic> ok
<Classic> that did the trick
<Classic> thanks
<jmarsden> Classic: No problem.
<__ruben> hm .. rebooted a jaunty router/firewall due to power maintainance .. now its ipv6 stack seems totally busted (cant ping link local addresses, radvd cant send packets, ..)
<kblin> __ruben: you sure ipv6 came up at all? tried loading the module?
<__ruben> kblin: in jaunty its no longer a module
<__ruben> and i do see link local addresses, but they're tentative
<kblin> __ruben: certainly is a module for me
<__ruben> kblin: on jaunty?
<kblin> yeah
<kblin> ubuntu armel port
<kblin> though it's a beagleboard, your kernel might be different
<__ruben> ah .. ports (can) use different .config's
<__ruben> hmm .. attempt to boot previous kernel by altering menu.lst seems to have failed .. and the box is remote (at work)
<kblin> __ruben: well, there's no official ubuntu kernel for my hardware
<twb> Dunno why you'd use Ubuntu on armel instead of Debian or Emdebian.
<twb> At leat armel is a first-class arch on Debian
<kblin> not for the OMAP SOCs
<twb> Huh.
<twb> I'm using kirkwood here, so I guess I just assumed the OMAP targets were already supported
<quizme> ssh ubuntu@stuff.com 'echo $PATH'  ..... my $PATH variable is not fully set .... i added a couple directories to my PATH variable in .bashrc.... anybody know why ?
<quizme> why doesn't .bashrc get read when running commands with ssh
<__ruben> perhaps it gets executed by sh instead of bash for instance
<twb> Passing a command to ssh will cause that command to be run in a sh shell on the remote host.
<twb> The only configuration file on the remote host that might be read in this circumstance is ~/.ssh/environment.  This file is not read by default.
<twb> You can also configure sshd to allow, and ssh to send, additional environment variables.  $LANG and $LC_* are typically in this list; $PATH is (for obvious reasons) not.
<twb> Additionally, if you control the script invoking ssh, you can simply do something like ssh x env PATH=z y
<quizme> no it's running bash
<quizme> the error is:   bash: rake: command not found
<quizme> so it's comming from bash
<twb> Hm.
<twb> Maybe it invokes your login shell -- I didn't think it did.
<jmarsden> twb: ssh jonathan@localhost 'echo $SHELL'  outputs /bin/bash, so it sure looks like bash is being run to me...
<twb> You're right, it invokes the login shell.
<twb> OK, this is even weirder
<twb> I changed my shell to /bin/sh on the remote host, and it's still using bash
<twb> Grr, NIS' ypchsh didn't do its job.
<quizme> can i set PATH=$PATH:/opt/ruby19/bin:.  in ~/.ssh/environment ?
<twb> TIAS
<quizme> doesn't work
<twb> Did you enable environment?
<quizme> how do you do that ?
<twb> PermitUserEnvironment    Specifies whether ~/.ssh/environment and environment= options in ~/.ssh/authorized_keys are processed by sshd(8).  The default is ânoâ.  Enabling environment processing may enable users to bypass access restrictions in some configurations using mechanisms such as LD_PRELOAD.
<med\weed> quizme: try doing one of those path add commands as an export
<twb> ...from sshd_config
<med\weed> something like
<med\weed> ssh "export $PATH=$PATH:/SOME/PATH; commands"
<twb> med\weed: those should be single quots, and the leading $ is wrong, and ideally you'd use && instead of ;.
<quizme> med\weed want to to configure it so that i don't have to do that every time
<twb> But I already suggested that approach: 19:01 <twb> Additionally, if you control the script invoking ssh, you can simply do something like ssh x env PATH=z y
<crohakon> how do I view a list of users in terminal?
<twb> getent passwd
<qman__> who
<crohakon> thanks
<crohakon> goodnight
<quizme> so i enabled PermitUserEnvironment
<quizme> but in ~/.ssh/environment    I put "duck=wow"  but when i did locally: "ssh ubuntu@stuff.com 'echo $duck'" it was empty
<med\weed> twb: i know - like i said _something like_
<twb> quizme: did you restart sshd?
<med\weed> its only for conceptual ~_~
<quizme> twb: no....
<quizme> twb: /etc/init.d/sshd restart    like that ?
<twb> That will do, yes.
<twb> ssh, not sshd, actuall
<quizme> i restarted ssh, but $duck is still the empty string
<twb> quizme: I give up.  Ask #openssh
<quizme> k
<quizme> thanks
<quizme> pretty tricky stuff
<quizme> twb: it's set in /etc/environment
<ycy> in order to use rsync between two machine, should one of them have rsync server (and thus a tcp port open) installed?
<atomic_1> no
<kwork> you can rsync over ssh i think
<atomic_1> yeah
<atomic_1> rsync -arvupz /source/folder --exclude-from '/from/here.txt' user@remotehost:/BackupFolder > /your/logfile.txt is what i use
<atomic_1> shove it in crontab and you're done
<kwork> thou bacula is fancier then rsync
<cemc> or maybe BackupPC? which can also use rsync
<knecht> hi there. i have to compress huge backups (>120GB). Some files are already compressed (rar, zip, tar.bz2 files), and i search for a way to get these files into an archiv file without double-compresse them. (i prefere 7z or tar.bz2)
<knecht> in short words: is there a way to tell an archiv manager: Compress all Data except already compressed files, and put everything in a archive? (like a "do not compress these files" filter)
<knecht> ?
<knecht> in short words: is there a way to tell an archiv manager: Compress all Data except already compressed files, and put everything in a archive? (like a "do not compress these files" filter, but dont skip the files)?
<kwork> you can tell archiver to udpate the archieve with the changed files
<jmarsden> knecht: By definition a .tar.bz2 file is a single .tar file which is compressed using bzip2, so ... no, what you want can't be done with that archive format.
<jmarsden> You could create a .tar file or all the already-compressed files, and a .bar/bz2 of everything else, maybe?
<knecht> kwork: i know, but that does not help me out. i need to do full backups every day, and it tooks to long. i thought already compressed files don't need to be processed again.
<jmarsden> knecht: Is the issue really CPU usage??  More likely the speed issue is that your backups are I/O bound, in which case trying to avoid compressing some files will not really help your speed.
<knecht> jmarsden: to make two archiv is a way, but i will try to find a better one
<kwork> knecht, try something like bacula
<knecht> jmarsden: i have a raid, the cpu is for shure the problem
<knecht> kwork: i take a look at bacula (never heard that before)
<knecht> kwork: mabe the best way is to copy the already compressed archive every day, and update the clone . . . should work, or?
<knecht> kwork: bacula is to big for my purpose
<kwork> for me bacula is doing one full backup + incremental
<kwork> from there
<kwork> rather tehn taring whole world together and rsyncing it
<kwork> i have move that that option
<kwork> its pretty straightforward to set up aswell
<jmarsden> knecht: If your backups are all on disk, use rsync to update them each day; something like rsnapshot could work well for you and is smaller/simpler than bacula
<knecht> kwork: i agree, but my boss does not. There should be rotating full backups available of the last seven days. Not incremental cause he wants to be able to simply pick a backup via smba, and open it on his computer. So if it works, it is the way to go for me.
<uvirtbot> New bug: #469548 in samba "can't list smb shares" [Undecided,New] https://launchpad.net/bugs/469548
<kwork> knecht, you can define rules
<kwork> so that you make full backup weekly for exampel
<kwork> and incremental otherwise
<knecht> kwork: i also tend to do so, for now i had to do it like i mentioned. Thanks for your help!
<Vertigo009> Hello everyone. I'm trying to install pear auth_SASL in my ubuntu server, but after i do the install, it keeps saying that it is not installed. Can anybody help me please? Thanks.
<Vertigo009> root@neptuno:/# pear install auth_SASL
<Vertigo009> downloading Auth_SASL-1.0.3.tgz ...
<Vertigo009> Starting to download Auth_SASL-1.0.3.tgz (5,724 bytes)
<Vertigo009> .....done: 5,724 bytes
<Vertigo009> root@neptuno:/# pear list auth_SASL
<Vertigo009> `auth_SASL' not installed
<Vertigo009> root@neptuno:/#
<kim0> Hi folks .. ubuntu server 8.04 LTS, fails to boot when a degraded raid happens
<kim0> I understand passing the kernel option, "bootdegraded=true" .. should resolve this
<kim0> but it seems to be ignored
<kim0> any idea if kirkland fixes have been integrated into 8.04.2 ?
<joeD2> get during system installation the follwing message: file:///cdrom/pool/main/u/util-linux/bsdutils_2.16-1ubuntu5_amd.64.deb was corrupt. downloaded the image already twice. Any idea? Thnx.
<pmatulis> joeD2: why do you need to install from the cd?
<joeD2> pmatulis: Where do you install from???
<pmatulis> joeD2: the internet
<joeD2> pmatulis: what is the command for that? Or do you have a link for a description?
<pmatulis> joeD2: remove the cdrom line (or comment it out with a '#' mark) and then '$ sudo aptitude update; sudo aptitude install bsdutils'
<pmatulis> joeD2: the file is /etc/apt/sources.list
<joeD2> pmatulis: the system has not been up. it's during the groundsystem setup that I get the message.
<pmatulis> joeD2: ah
<pmatulis> joeD2: check the md5sum of the iso you d/l'd
<joeD2> pmatulis: how?
<uvirtbot> New bug: #470636 in libvirt (main) "virt-aa-helper fails to add copy-on-write images on apparmor profile" [Undecided,New] https://launchpad.net/bugs/470636
<pmatulis> joeD2: '$ md5sum /path/to/iso' and then compare it to the mirror you d/l'd from, do a search for "ubuntu md5sum"
<gamla_kossan> umm, how can I check when a user account was created?
<gamla_kossan> by the date of their homediw?
<gamla_kossan> *dir?
<joeD2> pmatulis: md5sum ubuntu-9.10-server-amd64.iso 14707e8847b9c9ba2dd1869fb5086e4f  ubuntu-9.10-server-amd64.iso is the result. downloades from http://releases.ubuntu.com/releases/9.10/
<joeD2> pmatulis: found the md5 and it matches nevertheless I burned two cds (after two seperate downloads) and still got the sysm error.
<pmatulis> joeD2: i recommend burning another cd but at a lower speed
<joeD2> pmatulis: already on the way trying it, but what is strange that I bourned the two cds also on different burner
<uvirtbot> New bug: #470675 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade: el subproceso script pre-removal instalado devolvi? el c?digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/470675
<pmatulis> joeD2: wow, that *is* strange
<zul> morning
<pmatulis> zul: good morning
<zul> hey pmatulis
<joeD2> pmatulis: I thought it could be a problem in the iso, but seams no one else has the problem.
<pmatulis> joeD2: maybe also test your ram, it might be using the exact place in ram during the install and then boom
<joeD2> pmatulis: don't get it. what exact place in the ram?
<pmatulis> joeD2: during the install, when it processes bsdutils
<joeD2> pmatulis: by teh way started with a new cd
<joeD2> pmatulis: ok it was the cd. changed the cd brand and downgraded the burning speed. now server is installed and running. thnx
<pmatulis> joeD2: good stuff
<kirkland> kim0: those fixes should have landed for 8.04.3
<kirkland> kim0: though you would still need to manually run grub-install on your md device, to put a bootloader on each disk
<Fenix1> if my domain ip is 67.20.30.1 what is the reverse zone file address
<Fenix1> I made up the ip
<Fenix1> Do u only but the network part of your address in a reverse zone file?
<kblin> depends on your setup
<Fenix1> what do u mean
<kblin> what you put in the zone setup in named.conf.local
<andol> Fenix1: The actually file name you specify yourself. The name of the zone depends on what is delegated from above.
<kim0> kirkland: ah .. thanks
<kblin> eg. if it's zone "30.20.67.in-addr.arpa", you'd only put the last octet into the database file
<Fenix1> ok thanks
<uvirtbot> New bug: #371181 in openssh (main) "xauth authentication not working" [Low,Invalid] https://launchpad.net/bugs/371181
<Sorell> Does any one know If I must have 2 machines to run a simple cloud
<Sorell> I will be using this as a personal cloud
<Sorell> ( I.E. just for me )
<kblin> I haven't poked the cloud setup yet. for personal use, I just use a vbox or kvm directly
<Sorell> I'm really just doing this right now, as an experiment.
<Sorell> https://help.ubuntu.com/community/UEC/CDInstall
<Sorell> I'm looking at this right now
<Sorell> it says that I need to have a front end and a node
<Sorell> but that seems kind of silly for what I'm doing as
<PJiPhone> Can they not be virtual?
<Sorell> the front end will be doing almost nothing.
<Sorell> I was thinking that, however I'm not sure
<kblin> well, the nodes run kvm, right?
<kblin> I'm not sure if you can even run kvm on a kvm guest
<Sorell> I think so.
<Sorell> right
<Sorell> because I think that it needs the CPU VM extensions
<PJiPhone> You can do remote X though
<Sorell> and the VMs wouldn'tdo that.
<Sorell> :/
<PJiPhone> Or VNC of course
<Sorell> yeah I really didn't want to do that.
<Sorell> the end goal here is to be able to access my system on whatever machine I'm on from a host
<Sorell> with min impact on said host
<Sorell> ( I'm looking into setting up a web front end. )
<PJiPhone> VNC is not hard
<PJiPhone> Sure it could be done via web
<Sorell> grabs gaming rig pulls out HDD and slips in clean disk.
<Sorell> * Starts node installation
<Sorell> anyone know if ubuntu can take advantage of cuda?
<Brian_H> how do you manage nfs share rights between users?
<Brian_H> with samba its pretty easy, and acls just work, however with nfs it seems that its not so easy
<__ruben> nfs uses the standard filesystem permissions
<andol> Brian_H: Of course, if you don't have the same uids and gids, yes then I'm sure it can be confusing :)
<Xpistos|work> Is there an FTP site to download Ubuntu Server? I can only find torrent and HTTP
<jpds> Xpistos|work: https://launchpad.net/ubuntu/+cdmirrors
<Xpistos|work> jpds: Thanks
<jdstrand> soren, kirkland: fyi, https://wiki.ubuntu.com/Virtualization needs some love
<kim0> Hi folks .. my preseed late_command seems to be not running some commands .. where do I look for hints why they're not running ?
 * soren hands jdstrand the "Understatement of the day" award
<jdstrand> :)
<kirkland> jdstrand: agreed
<kirkland> jdstrand: however, wiki.ubuntu.com contains all sorts of out of date old UDS spec cruft
<soren> For starters, we could move it to something like /UDS/Hardy/Virtualisation.
<soren> At least that way it doesn't make any promises it can't keep :)
<zul> lol
<jdstrand> kirkland: sure, but I don't think that was a spec
<jdstrand> do with it what you will, I was looking for the documentation for libvirt in karmic, and naturally looked there, and it was, uhmm, not relevant ;)
<kirkland> jdstrand: oh?  i thought it looked like the Hardy Virtualization spec
<jdstrand> kirkland: maybe it was, I didn't look to closely
<jdstrand> too
<kirkland> jdstrand: i think this is the spec that was used to decide to go with KVM rather than Xen in Ubuntu
<jdstrand> kirkland: ah
<jdstrand> kirkland: well, one thing the security team has done to clean these things up with things it cares about is create a SecurityTeam/Specifications page, with links to specs in it, then create landing pages for important topics
<jdstrand> kirkland: eg-- wiki.ubuntu.com/AppArmor was a spec for using AppArmor in Ubuntu
<jdstrand> it was horribly out of date
<jdstrand> so we moved the spec to SecurityTeam/Specifications/AppArmor, then created a new wiki.ubuntu.com/AppArmor page, with links all over
<jdstrand> kirkland: food for thought, I'm certainly not saying you have to do something similar
<kirkland> jdstrand: gotcha, thanks.
<kirkland> jdstrand: it does need some housekeeping, i agree
<jdstrand> and we didn't do this for *everything*, just things we notice as we go
<soren> jdstrand, kirkland: It was basically a collective braindump from the virtualisation discussion at UDS in Boston.
 * jdstrand remembers that session fondly
<soren> Man, I had /no/ clue back then :)
<jdstrand> heh
<LyonJT> Hey
<LyonJT> I'm having a few issues with my interfaces file and OpenVPN
<LyonJT> anyone able to help?
<mugginz> Anyone around who has info on Samba's installation policy?
<mugginz> Wondering what the current position is with respect to sharing folders on a default desktop install
 * soren calls it a day
<StrangeCharm> i've decided that i want to move /home, /var, and /tmp onto their own disks. is there a good tutorial for this?
<mushroomblue> StrangeCharm: cp -a * /path/to/new/var
<mushroomblue> then mount that path as /var, and update fstab
<mushroomblue> s/mount/remount/
<StrangeCharm> thanks, mushroomblue
<mushroomblue> yep.
<kblin> StrangeCharm: actually you'll want to make sure that once the data is oin the new location, you remove it from the old location
<kblin> otherwise you won't get back the disk space
<StrangeCharm> kblin, gotcha
<LyonJT> Does anyone have a interfaces file template?
<LyonJT> mines gone wrong and i need the template back
<__ruben> there's no "template", either start from scratch or find the error(s)
<LyonJT> __ruben: i just need one from scratch
<LyonJT> i.e. when u first install the OS
<LyonJT> then i can amend it from there!
<__ruben> it depends on the installation, whether or not dhcp was available or not for instance
<LyonJT> 9.10 and it was static
<LyonJT> i will amend the ip addresses etc
<kblin> man interfaces has a simple one, I think
<LyonJT> wiked cheers
<LyonJT> Nope man doesn't
<kblin> it does have a description, though
<LyonJT> okay
<uvirtbot> New bug: #369279 in vsftpd (main) "vsftp freeze the connection" [Undecided,Incomplete] https://launchpad.net/bugs/369279
<arthurjohnson> Okay, I have the ubuntu mini.iso and just ran a cli install.  What should I apt-get to be sure to have the "server" release?
<zash> arthurjohnson: "ubuntu-server" i think
<zash> or what, no such package in karmic?
<uvirtbot> New bug: #471364 in vsftpd (main) "test" [Undecided,Invalid] https://launchpad.net/bugs/471364
<incorrect> is acl being replaced by something else?
<blackxored> there's a git plugin for fusionforge?
<googa> if i have bind installed, will it get answers for queries directed to it?
<qman__> googa, only if you configure clients to ask it
<googa> so it resolves automatically
<googa> ?
<googa> without seperate configuration
<qman__> what do you mean
<googa> well, if you have a authrative name serer for some area, you have to make all these settings for the area and *yawn*, but if you want to set up a resolver for a network you only need to install bind a assign clients to it
<googa> ?
<googa> ye i guess so
<googa> it directs them to root servers or smoething, ye?
<googa> defined in named.conf
<qman__> you have to either enable root hints, or recursive queries, or a forwarder
<qman__> root hints are enabled by default
<googa> yesyes
<googa> thats all
<googa> thank u
<qman__> yep
<googa> :D
<leonel> I see that  kqemu is no longer supported in qemu.. what's the way to go for a non  VMX cpu ??
<leonel> this with karmic
<caseyd> is there a gui that comes with ubuntu-server edition.. or is it just a terminal interface
<leonel> caseyd: servers normally does not have/use  a monitor
<leonel> caseyd: you can install  any gui you like
<qman__> caseyd, you can install ubuntu-desktop if you want, but that is not supported in this channel
<bogeyd6> caseyd servers by definition use no gui, but using one such as xfce might now be so bad
<leonel> caseyd: sudo apt-get install ubuntu-destkop --no-install-recommends
<leonel> caseyd: that will give you only gnome
<uvirtbot> New bug: #471446 in qemu-kvm (main) "qemu segfaults with a -cpu option" [Undecided,New] https://launchpad.net/bugs/471446
<arthurjohnson> As far as I can tell, there is no "ubuntu-server" metapackage.  I installed a cli only system, I'll just install the linux-image-server and openssh-server.  That should be enough, right?
<qman__> arthurjohnson, linux-image-server is one of the kernel packages
<qman__> if your system is running you already have it
<caseyd> cool, thanks
<arthurjohnson> qman__: I have the ubuntu mini.iso, and installed a cli system.  I'm trying to install the "ubuntu-server" edition, or as close as I can.
<caseyd> I decided since im a beginner for linux, ill just install ubuntu desktop and then install lamp on it. Will be a little easier for me to configure. Thanks =)
<qman__> arthurjohnson, there's not much installed by default
<qman__> base system, and that's it
<qman__> SSH is an option but is not installed by default
<arthurjohnson> qman__: Okay, then I suppose I'm pretty close with the "cli" option and linux-image-server, maybe even a little leaner.
<dinger1986> darkpixel: i got it working but decided aginst it anyways hope your uncle is ok
<ruben23> hi
<ruben23> how do i change timezone on my ubuntu-server
<ruben23> anyone
<qman__> http://lmgtfy.com/?q=ubuntu+change+timezone+command+line
<Pici> qman__: Thats not helpful, this is a support channel.
<qman__> it most certainly is helpful, the first result has his answer
<ScottK> ruben23: IIRC it's sudo dpkt-reconfigure tzconfig, unless you are on Dapper
<Pici> ruben23: I believe  its sudo dpkg-reconfigure tzdata or tzconfig
<ScottK> qman__: It may be helpful, but it's not a very friendly way to provide help.
<ruben23> Pici:  it will not chnage after reboot...?
<Pici> ruben23: It shouldn't.
<cemc> theoretical question: I have a md0 (raid1). one of the disks gets poof... what happens if I try to add a new _smaller_ disk to md0 ? error message when I try to add, error at the sync's end, or what?
<bogeyd6> cemc different drives and speeds are fine
<bogeyd6> cemc you will be limited to the size of the smallest drive
<bogeyd6> cemc but what you can do is change the bad drive, then build, then change the smallest drive to the biggest and build
<cemc> I know. but what happens if I try to add a smaller drive to an active array?
<cemc> to an active md0 I mean
<bogeyd6> it depends on if the current data usage exceeds the limits of the smallest drive
<bogeyd6> my guess is you are trying to run it very close, and if you do, you will fail
<cemc> root@u910-ipv6:~# mdadm -a /dev/md0 /dev/sdb1
<cemc> mdadm: /dev/sdb1 not large enough to join array
<cemc> this is what I wanted to know :)
<cemc> thanks
<bogeyd6> yw
<bogeyd6> cemc is this software raid?
<cemc> yes
<cemc> and I made sdb1 smaller than sda1 to see what happens if I try to add it
<incorrect> stupid upgrade process
<Sorell> :(
<Sorell> something break?
<incorrect> libvirt didn't like the fact that i had users on ldap
<incorrect> the system rebooted
<Sorell> :(
<kirkland> smoser: ping
<smoser> hey
<incorrect> seems ldap upgraded ok, now i need to finish off i guess a dist-upgrade should do it
<smoser> kirkland,
<kirkland> smoser: do you have the ami-* id of the karmic GA image in ec2?
<smoser> si
<kirkland> smoser: or a pointer to where I could find it?
<smoser> http://uec-images.ubuntu.com/releases/karmic/release/
<smoser> kirkland, ^^
<incorrect> ok nothing major
<incorrect> i really should setup up a second ldap server
<Sorell> :)
<incorrect> and all my kvm's starting back up
<incorrect> sadly i only have one server in my garage
<aubre> are those images the same ones you get when you install from the Store in Eucalyptus
<aubre> ?
<incorrect> aubre, talking to me?
<Sorell> I think to smoser
<aubre> incorrect: sorry
<mathiaz> kirkland: hi!
<incorrect> wow even my zimbra server came back to life!
<mathiaz> kirkland: do we have a list of eucalyptus we're looking at for SRUs?
<aubre> smoser: are those images the same ones you get when you install from the Store in UEC
<mathiaz> kirkland: /SRUs/SRU/
<Sorell> incorrect: congrats
<smoser> aubre, they are, yes.
<incorrect> phew! my heart sank when libvirt didn't upgrade
<aubre> smoser: ok, they still say RC in the Store, but they work great for me
<incorrect> can you rsync to ubuntuone?
<incorrect> i think i will use that for my backups if i can simply just rsync
<Sorell> I posted this in the forum, does it make sense?
<Sorell> http://ubuntuforums.org/showthread.php?t=1311527
<ScottK> mathiaz: From reading my bugmail, it looks like Courier is deeply broken.  I don't have time to look into it, but it's probably a good area for someone to dig into.
<aubre> I'm thinking of writing a "client document" that I can use to hand hold users through the whole client process, since they don't really need to know all that we know about setting the system up
<smoser> aubre, there be a couple noticable fixes in release compared to rc.  bug 458850 was the biggest.  then there is another fix that happened in 'mountall' that i think would cause a x86_64 image to not boot.
<uvirtbot> New bug: #471660 in dhcp3 (main) "DHCP is very unreliable." [Undecided,New] https://launchpad.net/bugs/471660
<uvirtbot> Launchpad bug 458850 in ec2-init "UEC images do not mount ephemeral disk on /mnt at boot" [High,Fix released] https://launchpad.net/bugs/458850
<mathiaz> ScottK: hm ok. I'll keep that in mind then.
<ScottK> Thanks.
<aubre> smoser: hmm. I'll have to keep that in mind
<aubre> smoser: I am running release on my front end and my nodes
<incorrect> oh no my zimbra vm just vaporised
<aubre> smoser: I did notice that in the SC while you can specify the device you want the volume to have, it will assign you the next available alphabetical letter no matter what, i.e. I put --device /dev/sdh , I get /dev/sdb. I noted this in StorageController documentation, I didn't think it was a big deal
<aubre> Really when it comes to SC, I wouldn't be sad if it didn't pick my device name for me and just told me what to use.
<kirkland> mathiaz: hmm, good question
<kirkland> mathiaz: i think just the bugs that are targeted at karmic-updates
<mathiaz> kirkland: right - ttx asked to keep an eye on these and prepare an SRU while he is away
<kirkland> mathiaz: agreed, i'll help you with that
<mathiaz> kirkland: I've worked on a bunch of them
<kirkland> mathiaz: i think we should plan an SRU asap
<aubre> smoser: kirkland: mathiaz: how will images get put in the store, can users build/sell them like on Amazon, and are there specific store images that the team need to create?
<smoser> aubre, well, kit really can't do that. thats the thing. at least not without cooperation with the guest. i was told that it would work if you specified /dev/sdh.
<aubre> smoser: give it a try. Maybe I'm doing something wrong.
<incorrect> oh crud
<smoser> my euc is busted right now :-( not letting me run instances.
<aubre> smoser: doh :(
<kirkland> aubre: you should talk to niemeyer about that
<aubre> kirkland: will do
<aubre> kirkland: tyvm
<incorrect> weird none of the other vm's are going bang
<incorrect> sigh
<incorrect> oh wow i think it was acpid
<incorrect> grr
<incorrect> software with bugs! whatever next!
<aubre> hmm, does anyone remember that command that shows all the IPs you are using that is preferred to ipconfig ?
<aubre> I mean ifconfig?
<mathiaz> aubre: ip addr show
<aubre> mathiaz: ty
<aubre> mathiaz: Ok, I have a VM I can ssh into at a public IP address, and it lets me in, but when I do a ifconfig or a ip addr show it doesn't show that IP address, it only shows a 172.19.1 address. So when I go to start apache2, it gets confused.
<mathiaz> aubre: yes - that's normal.
<mathiaz> aubre: VM don't know about their public IPs
<mathiaz> aubre: they only know about their private IPs
<aubre> mathiaz: ok, how can I tell an apache2 setup to respond?
<qman__> aubre, configure apache to listen on the private IP
<mathiaz> aubre: public -> private mapping is done on the CC
<aubre> qman__: ok
<aubre> mathiaz: ok
<aubre> I love this - I learm more every day :)
<qman__> the conversion is handled entirely by the router, or in this case, the host OS
<qman__> it's the same as in NAT networking setups
<uvirtbot> New bug: #471735 in nagios3 (main) "package nagios3-common 3.0.6-5ubuntu3 failed to install/upgrade: le sous-processus script post-installation install? a retourn? une erreur de sortie d'?tat 1" [Undecided,New] https://launchpad.net/bugs/471735
<phoenixz> sudo fuser -vki /var/lib/dpkg/lock;sudo dpkg --configure -a    gives me this : http://pastebin.com/m46588684     How can I fix this?
<aubre> qman__: are UEC VMs not pingable?
<aubre> qman__: I am getting the feeling my VMs aren't visible to the outside world for some reason, I can connect to them from the CC
<aubre> hmm, I just tried to ping one and got no response
<aubre> I can ping it from the front-end
<uvirtbot> New bug: #471765 in kvm (universe) "Karmic: Desktop Host machine sound dies when guest is running sound" [Undecided,New] https://launchpad.net/bugs/471765
<jwindle> Is there anyone around that might be able to help with a networking interface bonding issue that has come up since using karmic that did not exsist in jaunty with the same configuration?
<jwindle> It seems like a problem with upstart trying to configure the bonding interface to soon durning the boot process. I continually get "bonding: bond0: Warning: Found an uninitialized port" from dmesg until I run /etc/init.d/networking restart. Networking doesn't work at all until this is done either.
<phoenixz> sudo fuser -vki /var/lib/dpkg/lock;sudo dpkg --configure -a    gives me this : http://pastebin.com/m46588684     How can I fix this?
<phoenixz> This happened right after I did a software upgrade over SSH and the connection got severed while DPKG was showing me some text user interface
<zoopster> mathiaz: list for eucalyptus sru's https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bugs?field.milestone%3Alist=12716
<uvirtbot> New bug: #471831 in dbconfig-common (universe) "package dbconfig-common (not installed) failed to install/upgrade: subprocess dpkg-deb --control returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/471831
<mathiaz> kirkland: why is there a patch directory in eucalyptus?
<kirkland> mathiaz: great question
<mathiaz> kirkland: it seems that some patches were directly applied to the source code?
<kirkland> mathiaz: i have already filed a spec on this
<kirkland> mathiaz: that we need to clean up the merging of eucalyptus
<kirkland> mathiaz: and reduce the diff between us and upstream
<mathiaz> kirkland: ok - so what's the current practice?
<mathiaz> kirkland: patch directly or quilt?
<kirkland> mathiaz: i think the patches dir is deprecated
<mathiaz> kirkland: ok
<kirkland> mathiaz: i have been modifying the source directly, since it's under rev control
<mathiaz> kirkland: right - do you keep track of which patch have been cherrypicked from upstrea>
<mathiaz> kirkland: ?
<kirkland> mathiaz: i suspect that the patches predated the bzr branch
<kirkland> mathiaz: what do you mean?
<mathiaz> kirkland: well - I'm gonna cherry pick version 933 from upstream
<mathiaz> kirkland: so I won't use bzr merge to do that
<kirkland> mathiaz: right
<kirkland> mathiaz: did you try the cherrypick command?
<mathiaz> kirkland: well - bzr doesn't support cherrypick
<kirkland> mathiaz: so i see...
<kirkland> mathiaz: hmm, well, i usually just create a diff from upstream for that one revision
<kirkland> mathiaz: try to apply it (hopefully it's clean)
<kirkland> mathiaz: then, in the changelog, i quote the other commit message and id
<mathiaz> kirkland: right - I just used bzr diff --old ../upstream ---new ../upstream -r 932..933 | bzr patch
<mathiaz> kirkland: ok - so you add the upstream revno in the changelog entry
<kirkland> mathiaz: yeah, for posterity
<mathiaz> kirkland: I've pushed bzr branches for relevant bug fixes in eucalyptus
<mathiaz> kirkland: https://bugs.launchpad.net/ubuntu/karmic/+source/eucalyptus/
<mathiaz> kirkland: working from this list^^
<kirkland> mathiaz: cool.  ready to roll an upload for -proposed?
<mathiaz> kirkland: I'm going to create merge request so that you can review them
<FirstSgt> is there a cool web-ui for configuring ubuntu services, i heard webmin is outdated/doesn't-work with debian-like systems
<kirkland> mathiaz: okay
<mathiaz> kirkland: well - some more work needs to be done to prepare the SRU in the bug
<FirstSgt> I am trying to setup pptp, and can't remember where my users are suppose to go
<FirstSgt> I thoguht it was in /etc/pptp.conf
<FirstSgt> hmm, found chap-secrets
<kirkland> mathiaz: the test instructions and such?
<mathiaz> kirkland: yes
<FirstSgt> there we go... starting to love ubuntu as a server too... debian is almost 100% adios
<mathiaz> kirkland: although some of the bugs may be difficult to reproduce - bug 454405
<uvirtbot> Launchpad bug 454405 in eucalyptus "the CC is returning incorrect networkIndex values on describeInstances" [High,In progress] https://launchpad.net/bugs/454405
<kirkland> mathiaz: https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/444352
<uvirtbot> Launchpad bug 444352 in ubuntu-release-notes "DB deadlock on reboot prevents UEC from working, temporarily - 403 Forbidden errors" [Undecided,Fix released]
<kirkland> mathiaz: i think we need to SRU fix that one
<kirkland> mathiaz: it's won'tfix right now ... i think it should be promoted;  i'm seeing it a lot now
<mathiaz> kirkland: right - I've seen it too in my testing
<mathiaz> kirkland: hopefully a fix can be found :)
<mathiaz> kirkland: I'm also going to create karmic branch
<kirkland> mathiaz: great
<mathiaz> kirkland: from bzr+ssh://bazaar.launchpad.net/~ubuntu-core-dev/eucalyptus/ubuntu/
<phoenixz> Anybody who could tell me how to solve this one? I have 4 ubuntu servers stuck in this.. sudo fuser -vki /var/lib/dpkg/lock;sudo dpkg --configure -a    gives me this : http://pastebin.com/m46588684     How can I fix this?
<aubre> what would cause my UEC instances to not be visible to the outside world?  they can see the outside world fine
<crohakon> is there an application that will show you real time who is accessing your web server and ftp server?
<aubre> I can't ping them, and I can't access their web services
<aubre> and they are using public IP addresses
<aubre> could it be some sort of firewall problem on the front-end?
<FirstSgt> how can i diagnose pptp to see if its even hearing the connection?
<crohakon> aubre; What is going on?
<crohakon> aubre; Are they hosting the web server on a residential account?
<crohakon> aubre; I know many ISPs (including my own) block incoming ports like 80, 8080, 21, etc... to stop people from running servers.
<aubre> crohakon: I think it is an issue with euca-authorize
<crohakon> the solution is to have the servers listen on other ports... for example my little play ground at home for web site design and such http://xxx.xxx.xxx.xxx:90/
<kirkland> mathiaz: okay, so you're just looking for me to spot check your eucalyptus changes, or what?
<FirstSgt> has anyone else configured a pptpd on a ubuntu server?
<aubre> port 80 is not blocked on this subnet
<mathiaz> kirkland: yes - if you could have a look at them and ack them that would be great.
<mathiaz> kirkland: I'll do the actual merge once you've ACK'ed them
<mathiaz> aubre: are your routes set correclty?
<kirkland> mathiaz: postconf -# ... that's a new one on me :-)   /me just read the manpage
<aubre> mathiaz: : I believe so - do I need to do a seperate euca-authorize for port 80 ? or the ping port?
<kirkland> mathiaz: [ -x /usr/sbin/invoke-rc.d ] && INIT="invoke-rc.d postfix" ... i find this strange, as you test for the executability of a particular path, and then call the invoke-rc.d from the $PATH
<kirkland> mathiaz: i'd expect you to either check the output of which, and call the one in $PATH
<kirkland> mathiaz: or to test the executability of a full path, and call that full path
<mathiaz> kirkland: right - makes more sense - I probably just copied'n paste from the postfix maintainer script
<kirkland> mathiaz: cool
<mathiaz> aubre: yes - you need to do a specific euca-authorize for port 80
<mathiaz> aubre: and allow for ICMP as well
<aubre> mathiaz: ok This might need to be in the docs somewhere.
<aubre> mathiaz: thanks
<kirkland> mathiaz: rest of https://code.edge.launchpad.net/~mathiaz/eucalyptus/k-fix-email-config/+merge/14328 looks fine
<kirkland> mathiaz: i left a comment in the merge notes
<mathiaz> kirkland: great - thanks.
<kirkland> mathiaz: https://code.edge.launchpad.net/~mathiaz/eucalyptus/k-fix-network-index-values/+merge/14329 looks fine
<kirkland> mathiaz: thanks for mentioning the revno in the merge
<kirkland> mathiaz: in the changelog, i mean
<qman__> oh no
<qman__> something happened on my file server
<qman__> some files disappeared and I'm getting read-only filesystem errors on a filesystem that is clearly mounted rw
<kirkland> mathiaz: https://code.edge.launchpad.net/~mathiaz/eucalyptus/k-eucalyptus-conf-support/+merge/14332  <---- \o/  looking forward to seeing that one in action!
<qman__> mdstat is showing two failed disks
<FirstSgt> my netstat shows tcp        0      0 rico.local:1723         68-118-209-54.dhc:50837 TIME_WAIT
<FirstSgt> so I know its getting by the router
<FirstSgt> dmesg doesn't show anything pertenant
<kirkland> mathiaz: regarding https://code.edge.launchpad.net/~mathiaz/eucalyptus/k-keep-network-state-on-restart/+merge/14331 ....
<gp> hi guys pl help my server has run out of space (ec2 instance ) ......i created a new partition and mapped home folder to it but its NOT working
<gp> pl have look my fstab ->>>>>>>>>>>> http://paste.ubuntu.com/308024/
<gp> earlier it was mapped to mnt
<gp> "/dev/sda2                                       /mnt            ext3    defaults        0       0"
<mushroomblue> anyone know how to inject a stub for a package in apt?
<gp> i copied to home folder to /mnt   and then renamed the home folder
<mushroomblue> trying to build FreeNX on PPC, and the nxagent source file creates a package called nxagent-source instead.
<gp> changed "/dev/sda2 /mnt ext3 defaults 0 0"  to "/dev/sda2                                      /home            ext3    nodev,nosuid    0       2"
<gp> but fstab is not mounting it
<gp> pl in the name of Gaint panda pl help me
<FirstSgt> my vista machine gets caught on verrifying username and password
<gp> its national emergency pl help me
<kirkland> anyone here running Karmic and qemu-kvm wants to help a guy out and test something simple?
#ubuntu-server 2009-11-03
<gp> can anybODY help ME ?
<gp> calling huston are you there
<Baversjo> When I try to install a package using pear or pecl on ubuntu server 9.10 pear/pecl stops after downloading the file. Tried apc and symfony, neither works.. Any ideas?
<erichammond> gp: What do you mean "fstab is not mounting it"?  What command are you typing?  What is the result?
<Baversjo> Could someone take a look at this? http://paste.ubuntu.com/308037/ As you can see, the package is never installed.
<phoenixz> Anybody who could tell me how to solve sudo fuser -vki /var/lib/dpkg/lock;sudo dpkg --configure -a    gives me this : http://pastebin.com/m46588684     How can I fix this?
<bventura> i bought a vintage 1U compaq proliant from the bargain bin at an electronics recycler and it ran ubuntu great for about a year, then all of a sudden it started having segmentation faults at random times and shutting down.  then it seemed to have gotten worse and now wont boot up at all.  I'm wondering what would cause this, bad disk, bad memory?  where to start with troubleshooting?
<orudie> is there a server guide for 9.10 ?
<zoopster> bventura: start with the memtest
<zoopster> orudie: http://doc.ubuntu.com/ubuntu/serverguide/C/index.html
<bventura> thx zoopster, am running it now.  anything to check besides memory and disk?  i can't think of anything besides power supply that would wear out over time
<zoopster> no bventura could be anything I suspect - those are hard to troubleshoot so it's random
<bventura> ok
<uvirtbot> New bug: #471975 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3 [modified: usr/share/bind9/bind9-default.md5sum] failed to install/upgrade: sub-processo script post-installation instalado foi morto por sinal (InterrupÃ§Ã£o)" [Undecided,New] https://launchpad.net/bugs/471975
<Michael123> Hey
<Michael123> is anyone not idle
<qman__> Michael123, just ask
<Michael123> How would I go about installing IRC server on my server?
<qman__> Michael123, sudo apt-get install [irc server of your choice]
<qman__> to get a list, apt-cache search ircd
<arrrghhh> hey all, i'm getting an error processing "ffado-mixer-qt4" when i try to update... i can't purge it, i'm not sure what to do with it!
<supertyco> I trying to use UEC
<supertyco> I just setup eucalyptus but I cant get a instance up and running
<supertyco> euca:UnassignAddress>
<supertyco> thats the error I get
<zoopster> that's not very telling of what you are doing when you get that error supertyco
<supertyco> I am trying to start my first instance
<supertyco> I am running non-managed vlan mode
<supertyco> I am assuming the instance is looking for a dhcp server
<supertyco> but if you follow these instructions
<supertyco> https://help.ubuntu.com/community/UEC/PackageInstall
<supertyco> a dhcp server is never started
<supertyco> which I assume is needed
<supertyco> am I correct
<zoopster> no supertyco
<zoopster> so supertyco what are you doing when you get an error
<supertyco> euca-run-instances emi-DFA2106F -k mykey -t c1.medium
<supertyco> running that command
<zoopster> and it comes back with that cryptic error message?
<supertyco> that error shows up in the log files
<supertyco> my instance goes from pending to terminated
<zoopster> and are you sure you have enough disk space to perform the operation? you will need 2-3x the size of the image
<supertyco> yes I have 200 gigs free
<supertyco> image is only 180 megs
<zoopster> 200g free in the SC
<supertyco> yes
<supertyco> its my first instance
<supertyco> 4006864 253767628   2% /
<supertyco> its 98% empty
<supertyco> here is the error on the nc
<supertyco>  Domain not found: no domain with matching name 'i-53E608B6' (code=42)
<arrrghhh_> hey all, i'm trying to upgrade my server and it dies on "ffado-mixer-qt4", says it's unable to process it.  i can't purge it with aptitude, what do i do?
<arrrghhh> crap i thought freenode was a separate network, sorry
<zoopster> supertyco: no other errors in the log anything related to hvm?
<supertyco> on the nc or main
<zoopster> nc
<supertyco> nope last 2 lines are these
<supertyco> [Mon Nov  2 21:02:39 2009][019311][EUCADEBUG ] walrus_request(): writing GET/GetDecryptedImage output to /var/lib/eucalyptus/instances/admin/i-53E608B6/disk
<supertyco> [Mon Nov  2 21:02:44 2009][019311][EUCAERROR ] libvirt: Domain not found: no domain with matching name 'i-53E608B6' (code=42)
<supertyco> if I look in /var/lib/euca/inst/admin
<zoopster> wondering if it's not vt related...that's the only place I see that error pop up
<supertyco> there is nothing there
<supertyco> vt?
<graytech> hi all ... I'm trying to get apache2 to handle mod_rewrite. I have used 'a2enmod rewrite' and it looks like rewrite is loaded but it is not working in the browser. Any ideas?
<supertyco> zoopster what is vt?
<graytech> btw, this is a new ubuntu server installation and I'm a bit new to ubuntu.
<zoopster> virtualization technology
<zoopster> vt is needed on the node controller
<supertyco> gray: use webmin to intall apahe modules
<supertyco> solves my problems usually
<zoopster> graytech: mod_rewrite engine needs to be turned on...did you do that?
<graytech> zoopster, well .. that might be the problem  ;)
<zoopster> supertyco: so w/o going through everything I'm not sure where your problem resides...
<zoopster> a2enmod only enables the module to be loaded... graytech
<supertyco> I have xeon processors I can check bios to see if anything is shut off
<zoopster> or just look in dmesg output supertyco
<zoopster> that will tell you if it's turned off in the bios
<graytech> zoopster, if you are talking about the 'RewriteEngine  On' directive in apache2.conf ... I forgot, I already did that
<qman__> graytech, that is the correct way to enable mod_rewrite
<qman__> are you sure your rewrite rules are correct?
<graytech> I'm pretty sure. I'm using the .htaccess file form a drupal install ... didn't touch a thing
<qman__> also, ensure that /etc/apache2/mods-available/rewrite.load exists
<qman__> that's probably where the problem is
<qman__> you need to configure it to allow you to define rewrite rules in .htaccess files
<qman__> IIRC that's not allowed by default
<graytech> qman, /etc/apache2/mods-available/rewrite.load exists and there is a symbolic link to it in /etc/apache2/mods-enabled
<qman__> then the module is definitely enabled
<drupalscott> does anyone have experience in setting up a ftp file server?  I'm new to ubuntu server, I'm using an old powerBook G4 with ubuntu 9.04 ppc
<qman__> it's probably an htaccess problem
<qman__> you need to allow htaccess to override the main settings
<qman__> I forget how
<graytech> hmm ... I'm stumped here as it looks like everything is as it should be.
<qman__> to test, you could set up a rewrite rule in the site configuration
<graytech> qman, there is a directive for htaccess in apache2.conf
<qman__> if it works, mod_rewrite is working properly and it's definitely an htaccess issue
<graytech> It's set
<graytech> hmmm ... I'm going to try some tests with htaccess and see if I can track it down.
<qman__> you can enable htaccess, but you still have to set up the site to allow htaccess to change any given settings
<zoopster> qman__: you talking about AllowOverride All
<qman__> if you configure a site with certain settings and allow override none (I think that's the terminology) htaccess won't work
<graytech> hmmm ... I haven't looked for that
<qman__> you can fine tune what is and isn't allowed to be changed with htaccess files
<drupalscott> I worked for several hours last night with 'dapper' and decided to re-install 9.04, so I'm starting over from scratch.
<zoopster> graytech: enable logging and that may help track it down
<zoopster> drupalscott: sure there's experience in here...just ask the question
<graytech> I'm going through the conf files from top to bottom right now
<drupalscott> I just want to be able to access photos, videos, etc remotely, is 9.04 ready 'out of the box' for ftp access?
<drupalscott> what 'apt's' would you recommend?
<arrrghhh> so no takers on ffado-mixer-qt4?  i don't even know what i need this for, but i can't remove it and it won't let update because it's failing.
<graytech> one sec ... brb ... I'm going to switch to a different machine with the irc client
<arrrghhh> drupalscott, you'd have to setup ftp, no version of ubuntu will come with that installed/ready-to-go "out of the box"
<drupalscott> okay thanks, what would you recommend I use?  I looked at 'proftpd'?
<drupalscott> any recommendations?
<arrrghhh> drupalscott, doesn't really matter.  i use vsftp.
<graytech> I'm back
<drupalscott> I'm behind an Airport Extreme 802.11n, will I have to adjust settings for this?
<graytech> ok ... I'm looking at the conf file and looking for overrides
<drupalscott> my server will be hard wired to the router
<arrrghhh> drupalscott, if you want to open up access to the "world", then yes.  you would have to setup a port on the firewall on ubuntu (i use ufw) and you'd have to open the port on your router.
<zoopster> arrrghhh: what prevents removal of ffado?
<arrrghhh> zoopster, i've tried using aptitude purge and apt-get remove, it fails.  let me get the exact error.
<arrrghhh> zoopster, http://pastebin.com/d6e5c73a8
<drupalscott> arrrghhh: is there anything that will help security wise when I do this?
<arrrghhh> i get the same "error while processing" when i try to update my server.
<zoopster> and reinstalling it fails arrrghhh
<arrrghhh> zoopster, yep.  want that output? :P
<zoopster> oh sure
<arrrghhh> drupalscott, it's a bad idea to open up ftp to the world, if you can help it.
<arrrghhh> zoopster, http://pastebin.com/d4e1018a8
<drupalscott> how else would I set up a file server?  I want to allow access for family mainly.
<graytech> I found the problem ... it WAS the AllowOverride setting in the default virtual host file
<arrrghhh> drupalscott, well there's other protocols depending on what you're doing.
<arrrghhh> drupalscott, http is probably the easiest... but uploading gets complex.
<drupalscott> I'm basically trying to get all family photos in one place.  I would like anyone I want to allow access, to be able to download and upload photos.
<graytech> I'm not sure who gave me that sugestion as I'm on a diff machine ... but thanks a bunch!
<zoopster> arrrghhh: wild...it depends on ffado-dbus-server, but that isn't installed...so it appears the best fix is to install ffado-dbus-server then reinstall ffado-mixer-qt4 then you can remove both
<arrrghhh> drupalscott, you can open up ftp, just keep in mind it's a very insecure protcol.  i'm not sure how sftp works, but i know it's much more secure...
<zoopster> graytech: np
<drupalscott> arrrghhh: would I have to create a 'frontend' or site to allow access.  If I used htt;
<arrrghhh> zoopster, interesting... i was thinking about trying that, just sounded nuts.
<drupalscott> http:
<arrrghhh> drupalscott, essentially, yes.  and you'd have a much better system... but it would take more work.  you could do it in drupal :P
<zoopster> arrrghhh: it is nuts...ffado-mixer-qt4 depends on ffado-dbus-server so the question is how did it manage to get installed w/o ffado-dbus-server?
<arrrghhh> zoopster, and of course, i can't install ffado-dbus-server.
<drupalscott> I'm actually a drupal developer, just too busy to do it, maybe you're right
<arrrghhh> maybe i need to purge ffado-dbus-server, not ffado-mixer-qt4...
<zoopster> arrrghhh: arrrgggghhhh
<zoopster> good point
<arrrghhh> drupalscott, you know how it works... you know how powerful it is.  i'm not saying you definitely shouldn't use ftp, i just recommend against it.
<drupalscott> let me re-phrase, I've had about a year's experience.  I mainly work with the dashMediaPlayer
<arrrghhh> damnit, i can't purge any of these pacakges zoopster...
<arrrghhh> drupalscott, that's cool.  i know my boss threw together a wiki in a weekend using drupal.  love it.
<drupalscott> what about ssh, could I go that route
<drupalscott> I'm new to servers, with the exception of setting up a mail server
<arrrghhh> drupalscott, kinda awkward to share files with ssh...
<drupalscott> oh, okay
<arrrghhh> ssh is more a replacement for telnet... it would work, but it would be... well, awkward lol.
<drupalscott> is there any way to tap into flickster, or any web based photo bucket
<zoopster> but using scp is an option...just as awkward as ftp
<arrrghhh> if you setup ftp, just do it as a temporary solution.
<arrrghhh> zoopster, i dunno, with the ftp clients for firefox like fireftp...
<arrrghhh> i haven't found anything that works as well, except for the paid-for sftp pro, which is windows only.  kinda ironic it connects to sftp and scp/ssh servers.
<zoopster> but you have those for nautilus and scp too and putty for windows
<drupalscott> I think I'm going the drupal route, it would be nice for the users-'family'.  It would make it easier
<arrrghhh> can you use putty to easily share files?  i guess i've never tried.
<qman__> drupalscott, ssh, scp, and sftp are all part of the openssh-server
<zoopster> share? no..scp, yes
<qman__> if you need ftp-like access, ssh/scp/sftp is the most secure option
<arrrghhh> drupalscott, i think for a more polished product, that would be the best.  obviously not the easiest, but probably the best.
<qman__> however, it's probably not the best interface for the situation you describe
<qman__> a web interface would probably be better
<arrrghhh> qman__, i didn't know sftp was part of ssh-server... you could go that route pretty easily it sounds like drupalscott.  i've ust never set it up.
<zoopster> arrrghhh: what error do you get purging the ffado-dbus-server?
<arthurjohnson> arrrghhh: http://www.expandrive.com/windows but it isn't free
<arrrghhh> yea
<arrrghhh> zoopster, lemme paste...
<arrrghhh> pretty much the same thing from the looks of it
<drupalscott> i agree, thanks for the input.  Sometimes you just have to talk it out
<qman__> you can use winscp or filezilla to connect to sftp on windows
<qman__> both free
<arrrghhh> zoopster, http://pastebin.com/d22b209a7
<arrrghhh> qman__, yea, i forget about winscp.  i used to use it all the time
<qman__> gftp is what I use on linux desktops
<qman__> not the prettiest client out there but it has bandwidth throttling
<arthurjohnson> qman__: You wanna talk not pretty, try lftp
<drupalscott> what is gftp
<orudie> what do i do to enable RewriteEngine other than specifying "RewriteEngine on" in /etc/apache2/sites-enabled/mysite.com ?
<qman__> a GUI FTP/SFTP/variants client
<qman__> based on gtk/gnome
<zoopster> arrrghhh: did you see this ffado-mixer-qt4: Depends: ffado-dbus-server (= 2.0~rc1-0ubuntu2) but 2.0~rc2+svn1569-2ubuntu1 is installed
<drupalscott> can i use that on the ubuntu 9.04 server
<arrrghhh> zoopster, i didn't.  what can i do?
<qman__> drupalscott,  no, you'd use that on the client
<qman__> on the server you use openssh-server
<drupalscott> ok
<zoopster> orudie: use a .htaccess file
<drupalscott> i access our servers everyday, they are secure as far as i know
<qman__> if you need a client on ubuntu-server, use the built in 'sftp' program
<drupalscott> we use key-pair
<arrrghhh> zoopster, let me know if you find anything, i have to get going but i'll bbl.
<uvirtbot> New bug: #472080 in krb5 (main) "Installs symlinks to files in non-dependency libkadm5clnt6" [Undecided,New] https://launchpad.net/bugs/472080
<zoopster> arrrghhh: ok...I can't hang too much longer
<drupalscott> thanks arrrghhh:
<drupalscott> now on to my next problem, I access servers all the time, but I have all the right information: ip address, login, etc..  This may sound stupid but how do I set that up from ubuntu
<qman__> what do you mean "set up"
<zoopster> arrrghhh: here's the problem -you have karmic's ffado-dbus-server installed and jaunty's ffado-mixer-qt4 so the only suggestion I have is either back-rev the server or upgrade the mixer to make them match...if you are still at jaunty, I would revert the ffado-dbus-server
<zoopster> arrrghhh: something blew up in your upgrade it appears
<drupalscott> just a moment qman__: and I'll explain.  I'm in the middle of a new install and it gives me the option to install predefined collections of software: DNS server, LAMP server, Mail server, OpenSSH server, PostgreSQL database, Print server, Samba file server, Tomcat Java server, Virtual Machine host.....any help on what I might need?
<qman__> drupalscott, it depends entirely on what you intend to do
<qman__> if all you need is sftp, then just choose openssh
<qman__> if you want a web page, choose lamp
<qman__> if you want local file sharing with windows and linux clients, choose samba
<drupalscott> by web page you mean if I'm going to install drupal
<qman__> yes, any web site
<drupalscott> what is a VM host?
<qman__> that's KVM
<qman__> for virtual machines
<drupalscott> I know what a VM is, but host?
<qman__> chances are you don't want that
<drupalscott> how would I use that?
<qman__> a VM host hosts virtual machines
<drupalscott> ok, probably won't be doing that
<drupalscott> where do I find the 'settings' I would need to sftp into my server from ftp client?
<qman__> you use local system accounts
<qman__> you create users on the system, and ssh uses those as logins
<qman__> the only catch here is they're not jailed, so you have to trust your users to not screw up your system, or go and set up a jail
<drupalscott> ok, what about the ip of the server?
<qman__> whatever your IP is
<qman__> that depends entirely on your network configuration
<drupalscott> jail, is definitely a must
<drupalscott> I'm behind a Airport Extreme
<qman__> I've never used one of those
<qman__> if it's like any other home router, you just need to port forward port 22 to the server
<drupalscott> my main ip right? 67.xx.xx.x
<qman__> and use your main IP
<drupalscott> ahhh ok
<drupalscott> how would a DNS server come in handy?
<qman__> as for the jail, it takes a little work, but it's not too hard
<drupalscott> I will look into jail
<qman__> if you need a local zone, or want caching or root hints, you'd install DNS server
<qman__> a DNS server is completely irrelevant to the file server setup you're working on
<qman__> if you want to hand out a domain name instead of an IP, you'd need a dynamic DNS service like afraid.org or dyndns
<qman__> for the jail, I use jailkit
<drupalscott> drupal uses a database,  do I need PostgreSQL then, we use mysqli?
<qman__> no, mysql is included in LAMP
<drupalscott> great!
<qman__> postgres is only if you want postgres instead of mysql
<drupalscott> awesome
<drupalscott> the Samba file server is good for local access only, right?
<qman__> or in conjunction, I suppose
<qman__> right
<drupalscott> got it
<qman__> samba is basically an open source implementation of windows file sharing
<qman__> so it has the advantage that it works with just about everything, but it's a LAN-only system
<drupalscott> right now my domain name is at goDaddy, can I move it over to my server with DNS
<drupalscott> or do I have that wrong
<qman__> that's a big maybe
<drupalscott> my understanding of DNS is minimal
<qman__> it depends on your ISP, your DNS provider, and what kind of setup you're really looking for
<drupalscott> I've moved a couple of them to our business server, EC2 cloud
<qman__> if you don't have a static IP at home, you will need a dynamic DNS service
<drupalscott> I would like to host my own site, if I'm going to build it with drupal
<drupalscott> I don't have a static
<drupalscott> DHCP
<qman__> also, you will need to ensure that your ISP doesn't block any important ports
<drupalscott> at&t dsl, I'll have to try a search for blocked ports
<qman__> 80 and 443 most notably
<drupalscott> I believe we access our servers through ssh, that's what I would be doing through drupal right?  openSSH server
<qman__> so, to use it on a dynamic address, I would sign up for an account on afraid.org, point my domain to afraid.org name servers, and use their dynamic DNS to update my address
<qman__> I don't know a lot about drupal, but for a web interface, you would not be accessing through SSH
<qman__> it would be over HTTP(S)
<drupalscott> drupal's file system resides on the server, I have to have access to it to add
<drupalscott> 'modules', add ons, etc
<qman__> if you mean access to the files the site uses, you could use openssh/sftp to upload/download files
<drupalscott> that's what I'll install then
<drupalscott> I really appreciate your input qman__
<qman__> no problem
<drupalscott> I was messing with this last night for hooouurrrrs
<drupalscott> I was afraid I junked it up too much, so I re-installed
<drupalscott> another question if you don't mind:  apache2, when would I need this
<qman__> apache is the web server
<qman__> it's included in the LAMP configuration
<drupalscott> once again, great, that makes it easy
<drupalscott> thanks again for your expertise!  if I have any more glitches I'll check in
<qman__> yep
<qman__> make sure when you look up documentation, that you use ubuntu or debian specific stuff
<qman__> other systems use vastly different config file setups and can lead to a lot of confusion
<drupalscott> I may have already run into that
<qman__> not that other guides aren't useful, but if you don't understand the differences it can cause you trouble
<drupalscott> I don't need anymore trouble than I have, I have to say I love linux though
<drupalscott> oh, I thought of something else...you still there qman__
<drupalscott> will I be able to add external storage to the server?  I would like to store all files on an external drive if I can
<qman__> sure
<orudie> whats a good way to isntall postfix/dovecot , is it with tasksel ?
<qman__> orudie, yes
<orudie> qman__, what would it be then ?
<orudie> tasksel install postfix ?
<qman__> orudie, the mail server task installs postfix and dovecot
<orudie> tasksel install mailserver ?
<qman__> not sure, hang on
<jmarsden> sudo tasksel install mail-server
<qman__> yep, that's it
<drupalscott> will ubuntu recognize the drive?  how do mount it
<drupalscott> if i have a domain name and want to set up postfix to use 'user@mydomain.com', can i do that?
<drupalscott> what else is required?
<jmarsden> drupalscott: A static public IP is pretty much required for a real email server.
<JanC> if you have a fixed IP and you can set the MX for that domain, then yes
<JanC> fixed public IP indeed  ;)
<drupalscott> can i, how do i set it static
<JanC> if you have a consumer DSL/cable line, it's most likely dynamic, if you are in a datacenter or with some business DSL/cable lines it's static
<jmarsden> You buy a connection to the Internet with a static IP from your ISP, ... unless you *are* the ISP :)
<JanC> jmarsden: unfortunately, most ISPs make you pay through the nose for that...
<drupalscott> ahhh I see
<JanC> it's actually often cheaper to put/rent a server in a DC than at home   :P
<drupalscott> DC?
<JanC> DC = datacenter
<jmarsden> I've seen getting a static IP cost US$10 or US$15 more than dynamic; it's hard to find colo for US$15/month -- but yes, at about US$20/month you might as well just get a small virtual private server at linode.com or similar and use that for a small scale email server.
<orudie> i should be able to send mail right after intalling postfix right ?
<jmarsden> orudie: Given working Internet connectivity and a sane configuration, yes.
<JanC> jmarsden: depends, but e.g. in Belgium no consumer offerings have static IP
<orudie> jmarsden, hmm.. The ubuntu server box is behind the router
<JanC> and business offerings include (supposedly) better support & all that, so they are expensive
<orudie> jmarsden, i am not seeing any errors in mail.log , however i'm not receiving mail to my gmail account
<jmarsden> Does your ISP block outgoing TCP traffic to port 25 except to its own mail servers, and did you configure postfix to use a smarthost or not...?
<orudie> jmarsden, if you still around, do you mind ? http://pastebin.com/m5e8e406f
<jmarsden> orudie: Looks fine at the transport/SMTP level, but the domain name mail.svovausa.home looks odd...  and doe snot appear to exist on the public Internet.  So Google probablu threw your message away.
<ScottK> Yep.  That log message means the message got to Gmail and whatever happened to it, they did it.
<orudie> oh i see
<orudie> i can test with a different domaini ?
<jmarsden> ScottK: But they had no way to tell you what they did, because the email has a non-existent domain name...
<orudie> my goal is to have multiple email domains on this host
<jmarsden> orudie: Use a real existing domain that you own and control DNS for, and it should work better
<ScottK> jmarsden: I think your speculation about why they vanished it is likely valid, but it's hard to tell anything for sure.  Whatever happens after 250 is a guess.
<orudie> yup i'll try it now
<JanC> actually, use something that points to the public IP of the server  ;)
<jmarsden> JanC: Well, while nice, that shouldn't be 100% necessary just for sending email out, unless the domain concerned uses strict SPF and the receiving mailserver checks SPF.
<JanC> right, forgot that he can't receive answers through that server
<JanC> OTOH, google should implement such policies during receiving IMO  ;)
<JanC> and AFAIK they do
<JanC> (with similar things)
<orudie> jmarsden, how can i send a test mai lfrom bash ?
<orudie> how do i send a mail message from within shell?
<JanC> with telnet or netcat
<JanC> e.g. http://www.village-elder.com/blog/archives/1-How-to-test-a-mail-server-by-sending-mail-with-telnet.html
<agc> hi. So i'm definitely not a noob to ec2, but i've got a problem i just cant get around... "I can't connect to my server on Amazon EC2" ... I just went through this article pretty throughly: http://alestic.com/2009/08/ec2-connectivity and I've had no luck... can anyone provide any advice?
<agc> I've ssh'd into my instance many times (it's been running for several months), but within the last several hours, im getting "port 22: Operation timed out"... the last thing i tried was rebooting (about 10 mins ago)... but still no luck
<uvirtbot> New bug: #472156 in mysql-dfsg-5.1 (main) "delete key generates ~ in mysql-client" [Undecided,New] https://launchpad.net/bugs/472156
<qman__> so, I'm trying to figure out what my best course of action is
<qman__> today, I had mdadm claim two disks failed an hour apart
<qman__> using mdadm -Af got the array to assemble in a degraded state, and the data is not corrupted at all
<qman__> according to smartctl, all the disks pass self-tests
<qman__> two disks have a lot of SMART errors logged, one has a few, and the rest have none
<qman__> should I replace all three disks? only replace the two with a lot of errors? mark them as OK and keep using them?
<qman__> most of the data is replaceable, and the critical stuff is all backed up
<qman__> so total failure would be massively inconvenient, but not catastrophic
<qman__> also, is there a good way to determine which disk is which? as in, which physical disk is sda, sdb, etc...
<qman__> they're all the same make and model
<qman__> ah, answered my own question, lshw is helpful there
<twb> qman__: hdparm -I and look at the serial numbers
<twb> lshw ought to have the same info, as you say
<smackdaddy> how to i renew dhcp from the command line
<twb> smackdaddy: ifdown ethX; ifup ethX
<smackdaddy> thanks..
<erichammond> agc: That article asks a number of questions to which you should provide answers if you are seeking help with an EC2 connectivity problem.
<smoser> agc, ec2-authorize default -P tcp -p 22 -s 0.0.0.0/0 ?
<erichammond> agc: You'll probably want to provide the instance id, traceroute, and complete console output on the EC2 forum http://ec2forum.notlong.com
<smoser> i go to bed now.
 * erichammond heads home
<agc> smoser: Client.InvalidPermission.Duplicate: The permission '0.0.0.0/0-1-22-22' has already been authorized on the specified group
<agc> THe result of "ec2-get-console-output i-1f542676" is here: http://pastie.org/681122
<erichammond> agc: What's the AMI id?
<agc> erichammond: ami-398d6b50 (thanks for the help, btw...)
<erichammond> That appears to be a private AMI(?)
<agc> ssh / telnet all time out..
<erichammond> agc: Can you ping the instance?
<agc> erichammond: yeah, sorry i was clear about that
<erichammond> What release is it running?
<agc> erichammond: ping times out
<leo_> ?
<erichammond> er, Ubuntu 9.10, etc
<erichammond> agc: Can you ping the instance from another EC2 instance?
<agc> I bundled from this ami: ami-0d729464
<agc> to create the private ami...
<agc> erichammond: pinging from another instance times out as well... both instances on in 'us-east-1c'
<erichammond> agc: Did you try to upgrade the instance to Karmic?
<agc> erichammond: no... i read your article too :-)
<erichammond> agc: Is there any chance somebody might have complained about your instance sending spam or being the URL in spam or phishing attacks?
<agc> erichammond: hmmmm.... my instance is running django, and it sends emails semi-often
<agc> erichammond: would amazon send me a warning email?
<erichammond> agc: Step 1: start working on a new replacement instance.  Step 2: Post the instance id and as much info as you can to the EC2 forum and perhaps Amazon can investigate.
<erichammond> agc: Yes, as far as I know they generally do send an abuse report notice.
<smackdaddy> when im starting bind i get this error....
<smackdaddy> rndc: connect failed: 127.0.0.1#953: connection refused
<erichammond> ...but there have been mistakes recently where they were not sent.  Amazon's cleaning up their abuse process flow.
<smackdaddy> what is that....
<erichammond> agc: It could also be a hardware issue, but only Amazon can determine that.
<agc> erichammond: i wonder if I should ask them, do you know the best place to ask?
<erichammond> agc: http://ec2forum.notlong.com (or pay for premium service)
<agc> related post (maybe?) around the same time: http://developer.amazonwebservices.com/connect/thread.jspa?threadID=38129&tstart=0
<erichammond> agc: With as many servers and customers Amazon has, somebody is experiencing problems all the time.  Even though it is a very small percentage of users, sometimes it's *you*.
<erichammond> er, hardware problems that is.
<agc> nooooooooo ;-)
<erichammond> With EC2, however, can you simply fire up a new server and throw away the old one.  You don't even have to worry if it was a hardware problem or not (until it happens several times in a row).
<agc> well, on a positive note, i've been using your ec2ubuntu amis for over a year now, and they are extremely awesome.
<ralphmichael17> ok i am looking for some good 1 on one help with setting up my ubuntu server, i am already familiar with desktop edition, anyone want to help?
<erichammond> agc: Glad to hear they've been working for you.  Since you're using Jaunty, I'd recommend migrating over to the Karmic AMIs which were just released.
<agc> erichammond: ok, will do... thanks for all the help
<crohakon> ralphmichael17; What is it you want the server to do?
<smackdaddy> what would be causing this error, bind9 ----------
<smackdaddy> rndc: connect failed: 127.0.0.1#953: connection refused
<smackdaddy>                                                                          [fail]
<ralphmichael17> ok, i have 1 server, 1 network hub, and 7 computers, i want to use ubuntu to network them together on an intranet where all client computers login through the server and can be monitered
<ralphmichael17> can anyone help with that?
<crohakon> So you want the server to act as a internet gate way that logs the activity of the other 7 computers?
<ralphmichael17> yes, and make it so any user can log onto their account from any of the 7 computers to access their files
<masshuu> so i was wonering if i actually needed somthing like fail2ban or denyhosts. theres only 1 user atm that can login via ssh and i have a long password thats a strong password(upper, lower, and symbols)
<joseph_> ralphmichael17; Sorry, I did something dumb and my computer disliked it. Had to reboot. Were you able to find help?
<poningru> ralphmichael17, kinda overboard but look into ltsp
<ralphmichael17> still no but found some interesting things on google
<ralphmichael17> ltsp talked about edubuntu, but thats an educational program
<poningru> ralphmichael17, the other thing you can do is have them login using something like ldap+kerberos
<poningru> ralphmichael17, yes... but you can use that too
<d1b> hi um i used the server upgrade release tool thingy to upgrade from 9.04 to 9.10
<d1b> and said server hasn't come back on a reboot
<joseph_> looks like LTSP is what he is looking for
<d1b> any ideas what could have gone wrong?
<ralphmichael17> im looking to use these computers in a business envirement, and i dont want the computers to use the all the servers memory, i would like them to use their own memory too, can ltsp do that?
<poningru> ralphmichael17, my understanding is that it can... though I have never used ltsp
<poningru> so I dont know for sure
<ralphmichael17> anyone here ever used ltsp?
<crohakon> http://www.ltsp.org/
<crohakon> read up on the sight
<crohakon> it seems the basic goal is to allow the clients to run diskless.
<crohakon> I am sure some of the processing and such must take place on the client though.
<ralphmichael17> ok if i put server edition on my server, do i need to install desktop edition on the other computers or any certain program
<poningru> ralphmichael17, again like I said... if all you are looking to do is login using the server then that can be accomplished with ldap+kerberos
<poningru> ralphmichael17, and then mount the /home as an iscsi or NFS
<poningru> so that you can have same profile across all the desktops
<crohakon> https://help.ubuntu.com/9.04/serverguide/C/kerberos-ldap.html
<Ash-Fox> Heh, not going to recommend him LTS?
<poningru> Ash-Fox, lts?
<d1b> ok... so no ideas from anyone...
<Ash-Fox> The Long Term Support versions of ubuntu - five year support. Just thought it was suprising you were showing a manual for 9.04 is all.
<twb> Five-year support for *some* packages
<Ash-Fox> The packages in main :)
<twb> Nope
<twb> Some packages in main, installed on an 8.04 LTS server, do not get five years of support
<Ash-Fox> I stand corrected.
<crohakon> Ash-Fox; ralphmichael17 is using 9.04 I believe, that is why I posted that link for 9.04
<twb> http://bazaar.launchpad.net/%7Enijaba/ubuntu-maintenance-check/trunk/
<qman__> d1b, we need more information than that
<qman__> logs, error messages, something
<twb> Ash-Fox: that's a little script that tells you what gets what support
<d1b> qman__: 9.04 system running just apache etc. i can't get at the box because it is not up atm and i don't have remote vmware access to the console
<d1b> qman__: it moved to 9.10, it had a static ip config etc.
<d1b> had no firewall / iptables configured.
<qman__> d1b, yes, but any number of things could have failed during the upgrade, so until you can get access to the console, there's really no way to determine what went wrong
<poningru> ralphmichael17, look into ltsp fat clients
<d1b> qman__: "a number" ...
<twb> d1b: a stock install will not have any netfilter rules active by default.
<d1b> it is booting my kernel erh a 2.6.31.5 or according to the grub list before i rebooted it was.
<d1b> i just let it update grub ..
<d1b> so the kernel isn't an issue / shouldn't be...
 * crohakon has heard about enough 9.10 upgrade failure stories to keep him from upgrading for a long while...
<d1b> crohakon: orly
<qman__> upgrading my desktop took some manual fixing
<qman__> though I did upgrade to the RC, not the final release
<d1b> like it has no real to fail.... is kind of my point atm. ill know when persons other than me poke at the vmware console.
<qman__> I'm going to wait a month or two before upgrading my jaunty server
<d1b> great...
<poningru> qman__, heh me too
<uvirtbot> New bug: #472257 in samba (main) "package samba-common 2:3.4.0-3ubuntu5 failed to install/upgrade:   - even before the upgrade the unistallation/installation didn't work. (I think I removed the directory /etc/smb/  and thereafeter it is impossible to unistalll or reinstall the packet) " [Undecided,New] https://launchpad.net/bugs/472257
<error404notfound> i have installed postgresql-8.3 but i can't find its dir in /etc, all i see is postgresql-common in there which contain no pg_hba.conf file
<error404notfound> if i do locate, the only one found is the pg_hba.sample one
<error404notfound> anyone?
<error404notfound> i have tried it even with --reinstall
<poningru> error404notfound, you can do a purge
<error404notfound> poningru, did that, no use...
<poningru> aptitude purge packagename
<poningru> did it spit out what was left alone?
<poningru> because if the folder isnt empty... as in if you have a modified file then it will not delete that file
<poningru> and will tell you about it
<poningru> I think the dpkg log or the aptitude log should tell you about that
<error404notfound> no errors or such...
<uvirtbot> New bug: #472318 in libapache2-mod-perl2 (main) "apache segfaults when performing stress test" [Undecided,New] https://launchpad.net/bugs/472318
<drcode> hi all
<drcode> whats up
<drcode> what is ubuntu cluad , is it like vmware esx?
<qman__> drcode, ubuntu cloud is most like amazon ec2
<drcode> I can put ubuntu worksation or server in the cloud?
<drcode> os is like grid?
<kwork> its virtualization with fancy marketing terms
<kwork> atleast i havent figured out the benefit yet
<qman__> it's basically clustered virtualization
<drcode> I see
<kwork> but the resources arent clustered
<drcode> I can load also windows os?
<kwork> rather you can move the vmws to other nodes
<drcode> or its more for appliction developement
<kwork> if kvm can load win so can that cloud
<drcode> I see
<qman__> it's more for running servers
<drcode> is there something like vmware esx in opensource?
<qman__> the primary application is when you need a lot of virtual servers, and want to make the most of your hardware by having less actual servers
<drcode> I see
<kwork> qman__,  can you move the virtual servers, painlessly from node to node ?
<qman__> or at least that's how I understand it
<qman__> I was under the impression it handled that automatically
<drcode> linux has project same like vmware esx?
<kwork> drcode,  if you want vmware go for vmware esxi
<kwork> its free
<qman__> drcode, if you want just one server hosting VMs, go for KVM
<drcode> ok
<drcode> tahxn
 * soren lunches
<incorrect> to run hardy under kvm do i need to install a special kernel like with 9.xx ?
<alvin> Well, I have a server running karmic and kvm here. Curerntly in production. What is this simple test that needs be done?
<alvin> (...and then I pressed the close button on Quassel.)
<uvirtbot> New bug: #466315 in bind9 (main) "bind9 missed a dependency with apparmor-profiles" [Undecided,Confirmed] https://launchpad.net/bugs/466315
<uvirtbot> New bug: #472472 in bind9 (main) "Start Fails - Permission denied (dup-of: 466315)" [Undecided,New] https://launchpad.net/bugs/472472
<incorrect> I've found a strange bug with kvm 9.10 hosting a 8.04 with kernel 2.6.24-25,  hard to explain as there is no error, the vm just vaporises 2.6.24-24 works fine
<incorrect> not sure if it was there in 9.04
<smoser> nijaba, "nodes need to have virtualization extentsions (Intel VT or AMD-V) active to work, which is not the case within any virtualization technology that we know of."
<smoser> thats not exactly true, right? http://www.linux-kvm.com/content/kvm-82-released-nested-virtualization
<incorrect> smoser, iirc you need it for hosting 64bit OS's
<smoser> incorrect, you do need vt extensions for UEC. that is true.
<smoser> i guess i didn't quote enough.
<incorrect> i do not know
<incorrect> best to ask in libvirt i guess
<smoser> no, i'm stating. that *is* true. for UEC you *do* need nodes to have vt extensions.
<smoser> nijaba, was responding to someone in an email that said (paraphrase) "nodes must be physical rather than virtual machines because" .. ... [see above quote]"
<smoser> a 'node' is the the thing that hosts the guests.
<zul> morning
<sommer> yo :)
<aubre> good morning
<aubre> smoser: lots of virtualization solutions, while not requiring VT-x or the AMD counterpart work much faster and more efficiently when they are available, and I think it would be folly for anyone to build a solution on hardware without it because what if you decide to change strategies over time?
<nijaba> smoser: regarting nested virtualizatin with KVM, have you tried it?  I would be a very happy fellow if it did work, but I must say that I have not tried :)
<smoser> i have not tried it, nijaba but in theory...
<smoser> it is something i would like to try.l.. i would like to spend some time on setting up a single machine (amd64) as a cloud, with vm for CC and node
<nijaba> smoser: in any case, it would be nice for testing, but not really for deployment
<smoser> agreed. i dont think anyone is thinking about nested virt as a production solutoin
<aubre> I visualize pointing mirrors at each other :P
<nijaba> smoser: if you can document this, I am sure everyone that need to do a demo once in a while would just start sending you flowers (or virtual beers) for no apparent reasons :)
<smoser> yeah. it would rock for testing.
<smoser> i've set this up, and it somewhat works for xen in kvm
<smoser> i had karmic host running rhel 5.3 xen guest running xen karmic paravirt kernels
<aubre> have you guys played with any of the overlaying technologies such as RightScale/Cohesive or even using Landscape?
<aubre> I did a free register with RightScale, but i haven't done much, I know it doesn't support storage management yet
<smoser> i think it would even be worth making an effort to get euc to be able to run qemu rather than kvm. at one point i'd done some of that also. again, not a production solution.
<smoser> aubre, there are people here who have done landscape, i've not used rightscale, but have interacted some with their developers, giving them info on how they could use our karmic images.
<uvirtbot> New bug: #471468 in nagios3 (main) "should recognize that exit code 126 means plugin is not executable" [Wishlist,Triaged] https://launchpad.net/bugs/471468
<aubre> smoser: ok, I'm just looking at getting to the next level, since I have UEC working well right now, to show the "powers that be"
<aubre> smoser: so we can get the go-ahead to build a large hopefully multi-rack Canonical supported system
<aubre> smoser: and go into production
<smoser> well of course that sounds good :)
<smoser> i'm sure the landscape folks would love to help you
<aubre> smoser: I'll have to contact them
<aubre> smoser: it would be nice to have a total solution that included autoscaling and the like
<uvirtbot> New bug: #466018 in mysql-dfsg-5.0 (main) "package mysql-server-5.0 5.1.30really5.0.75-0ubuntu10.2 failed to install/upgrade: subprocess post-installation script returned error exit status 1" [Low,Incomplete] https://launchpad.net/bugs/466018
<uvirtbot> New bug: #472681 in samba (main) "Samba returns NT_STATUS_NOT_SUPPORTED when trying to view list of shares" [Undecided,New] https://launchpad.net/bugs/472681
<smoser> soren, is it intended that vmbuilder require 2.5 ?
<smoser> python 2.5 or better, that is.
<smoser> bug 472090 is why i ask.
<uvirtbot> Launchpad bug 472090 in ec2-init "package ec2-init 0.4.999-0ubuntu7 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/472090
<lyhana8> hi, I fail to use the ChrootDirectory directive for ssh server, could someone help me ?
<incorrect> hmm, seems like a bug with kvm in 9.10, it can't run a stable 8.04
<cemc> incorrect: what does it do ?
<incorrect> just goes bang, no error, just stops
<incorrect> process gone
<incorrect> not error i can't see
<cemc> you mean when your start it, it just dies ?
<incorrect> only thing i can see different is that its running with slightly different options that the other vm's running 9.10
<incorrect> after some time it dies
<incorrect> started happening after i upgraded from 04 to 10
<incorrect> i created a fresh 8.04 and it also crashed
<cemc> incorrect: I'll install a 8.04 guest later tonight. I've installed 8.10, 9.04 and 9.10 guests and I didn't see any problems
<incorrect> i downgraded to an earlier kernel and it was more stable
<incorrect> i noticed there is no LTS virtual kernel package like the one provided in 9.10 etc
<incorrect> -M pc-0.11 seems to be the only difference
<incorrect> but pc is an alias for pc-0.11
<orudie> is there a server guide for 9.10 ?
<orudie> i'm having trouble finding it
<Pici> orudie: https://help.ubuntu.com/9.10/serverguide/C/ perhaps
<orudie> i installed postfix with tasksel , and configured it the usual way with dpkg-reconfigure postfix
<orudie> sending out mail to external works - there is no errors in mail.log However every mail message gets recognized as spam by the mail receiver
<Pixie79_> is this a good location to ask about ubuntu private clouds?
<orudie> its not even poshing it to the spam folder, it just blocks it
<orudie> i tried sending to gmail. and also another mail server that i set up myself
<orudie> for some reason spam assassin doesnt like it at all, and just blocks it
<kblin> orudie: is your server on a dial-up line or DSL or the like?
<orudie> kblin: yeah - verizon fios
<Pixie79_> using private cloud, is there a way to have snapshots be save to a different device to the volume
<orudie> kblin: you think that could be the problem ?
<smoser> orudie, have you verified receipt of said mail? what did you mean by "works" above.
<orudie> smoser: i'm watching the logs on both servers - one says gets sent successfully, the other says - receiving mail - blocked spam :)
<orudie> smoser: both ubuntu servers :)
<smoser> ah. ok. well then its getting there. :)
<orudie> smoser: yeah but i dont know wtf
<kblin> orudie: yeah. most spammers are using trojans on windows PCs. most of those sit behind a dial-up line. not accepting stuff that comes from a dial-up line is a common approach
<kblin> you need to set up a smarthost config that'll hand of your mail to a server with a static IP address
<orudie> its not a dial up line
<kblin> well, DSL is the new dialup, cable is pretty much the same
<orudie> yeah i dont remember having this problem with a static ip
<orudie> it worked right after install
<kblin> what you actually filter on is "dynamic IP address ranges"
<kblin> I can't send emails from my server at home either
<orudie> kblin: the way the router is set up is 10 and above is dynamic
<orudie> 1-9 is static
<smoser> orudie, make sure that your 'From' address is resolvable.
<orudie> the server has ip address 5
<kblin> no, that's not what I'm talking about
<smoser> and that it resolves to what that address.
<smoser> err.. maybe not the second part. i'll go away, kblin likely knows more. i've not done this in quite some time.
<orudie> kblin: i dont get it :)
<kblin> orudie: people tend to not accept mails that come in from IP addresses that e.g. Verizon hands out to their customers
<orudie> kblin: is there a work around ?
<kblin> depends
<kblin> I once set up my local mail server to hand off all my local mails to gmail
<kblin> if you only ever send from a gmail address, that works
<nijaba> woot...  Netcraft references 1.4 Million web servers running Ubuntu...
<kblin> or rather, if you only ever send from a single gmail address
<kblin> speaking of web servers, I've got a lighty here that crashes (without anything logged) when one user is trying to connect to it
<kblin> other people can use it just fine
<geekboxjockey> I'm having issues with LDAP, pam_ccreds and apache2 http-auth, if I log in to a system via ssh using my LDAP credentials, I can see that my info is cached via 'sudo cc_dump' however for users authenticating with http-auth on our site, their LDAP info is not being cached. Any ideas?
<geekboxjockey> I have apache2 set up to use /etc/pam.d/common-auth (which is where I have the caching configured)
<orudie> kblin: so there is actually no work around ?
<orudie> kblin: :)
<kblin> well, you could set up a server on a static IP address and configure your local servers to hand off email to that server with the static IP
<kblin> and of course configure the server on the static IP to only accept emails from your servers at home
<kblin> or whereever your trying to send mail from
<orudie> kblin: ok i get it, i'll try
<orudie> kblin: this will be a little project for me though :)
<kblin> I've not done this myself yet, hasn't been important enough so far
<kblin> it's easier to tell my email program to deliver right to my provider's servers, depending on the identify it's using
<orudie> kblin: yeah same here, i administer a VPS at work, its hosted in a data center never had a problem like this with it
<kblin> you could check if your current external IP is blacklisted
<kblin> but usually that's sort of a losing battle
<orudie> blacklisted where ?
<kblin> dunno, depends on what blacklists your filters are using
<kblin> my servers use the RBL, iirc
<kblin> spamassassin has that set
<heath|work> hello. I using Open LDAP and am able to add users to a group, but when I try and remove a user from a group using usermod I get {user}  not found in /etc/passwd
<orudie> kblin: i understand i can whitelist it on my own server, what about the rest of the world :)
<heath|work> which is true, so I was wondering how to remove a user from a group with ldap
<geekboxjockey> I'm having issues with LDAP, pam_ccreds and apache2 http-auth, if I log in to a system via ssh using my LDAP credentials, I can see that my info is cached via 'sudo cc_dump' however for users authenticating with http-auth on our site, their LDAP info is not being cached. Any ideas?
<geekboxjockey> I have apache2 set up to use /etc/pam.d/common-auth (which is where I have the caching configured)
<orudie> kblin: what about setting up certificates ?
<kblin> orudie: that's what I'd do for authenticating the mailservers to the smarthost
<orudie> kblin: i'm looking here https://help.ubuntu.com/9.10/serverguide/C/certificates-and-security.html#creating-a-self-signed-certificate
<orudie> kblin: this command returns error server.csr: No such file or directory
<kblin> won't help you for sending email
<orudie> k
<geekboxjockey> I'm having issues with LDAP, pam_ccreds and apache2 http-auth, if I log in to a system via ssh using my LDAP credentials, I can see that my info is cached via 'sudo cc_dump' however for users authenticating with http-auth on our site, their LDAP info is not being cached. Any ideas?
<fox__> hi all, i installed a minimal virtual 9.10 server, now i'm trying to install the vmware tools, but this fails already at mounting the cdrom woth the following error: mount: unknown filesystem type 'iso9660'
<fox__> can't figure out what i have to install to get iso9660 support, any idea?
<drupalscott> I'm new to linux servers but how did you burn the iso?
<drupalscott> are you on mac or pc?
<drupalscott> I ask because I had some trouble getting a 'good' ISO to use to set up my server on a G4 that I have
<drupalscott> I ask because I've had this problem
<elijahwright> fox__, does your kernel have support for iso9660 built into it, or is it a module?
<elijahwright> if module, is it loaded?
<fox__> i think the minimal kernel loads the cdrom support as module
<fox__> but which module to look for?
<elijahwright> it used to be iso9660.ko ;)
<fox__> there is no iso9660.ko on this minimal system, so my next question how to i find out what i have to install to get iso9660.ko
<Reepicheep> fox__: try running "sudo lsmod" and see if iso9660 is in the list
<fox__> no it's not
<Reepicheep> if it isn't you may need to run "sudo modprob iso9660" to load the module
<fox__> FATAL: Module iso9660 not found.
<Reepicheep> sorry run modprobe not modprob ^^
<fox__> i installed so far: fuseiso9660 and xfsprogs but none of those contains the module or a dependency to it
<Reepicheep> fox__: what kernel are you running?
<Reepicheep> uname -r
<Reepicheep> it looks like it recently changed to isofs instead of iso9660
<Reepicheep> i'm not sure when though
<Reepicheep> fox__: try running ..
<Reepicheep> sudo find /lib/modules/`uname -r`/ -name isofs.ko
<Reepicheep> see if it returns a path to the module
<Reepicheep> if it does try "sudo modeprobe isofs"
<fox__> nope there is also no isofs.ko
<smoser> nijaba, ping
<nijaba> smoser: pong
<Reepicheep> is there a iso9660.ko?
<Reepicheep> fox__: ^
<smoser> is it ok if i add a 'tips' entry to UEC documentation from https://help.ubuntu.com/community/UEC ?
<zul> smoser: fire away
<fox__> no there is no iso9660.ko
<nijaba> smoser: sure.  Feel free.  It's a wiki, so it is meant to be changed by anyone
<nijaba> smoser: I am subscribed to it anyway, so if I don't like it, I'll kill it :P
<zul> oh my god...you killed the wiki!
<zul> you bastard!
<Reepicheep> fox__: what kernel are you running? "uname -r"
<smoser> nijaba, well, maybe i'll get 15 seconds of fame before you delete me comments :)
<nijaba> hehe
<fox__> 2.6.31-14-generic-pae
<zul> fox__: the following should work sudo mount /dev/cdrom
<fox__> no it doesn't:  sudo mount /dev/cdrom
<fox__> mount: unknown filesystem type 'iso9660'
<fox__> it's a ubuntu 9.10 server 32 -> F4 -> minimal virtual machine installation, it is really minimal which is great (appart from the cdrom support)
<Reepicheep> that's interesting.. my minimal intalls of 9.10 include the isofs.ko module
<Reepicheep> my kernel is 2.6.31-14-server though and it is 64 bit
<fox__> did you choose the minimal or the minimal virtual option?
<Reepicheep> did you select the minimal install or the virtual machine minimal install?
<Reepicheep> oh.. I see it is the virtual machine sorry
<fox__> i did "virtual machine minimal"
<nijaba> fyi: More Ubuntu Server Edition statistics: http://bit.ly/4CKV0m
<Reepicheep> hmm.. I have never used that.. even on virtual machines
<fox__> ok i'll reinstall with just "minimal"
<Reepicheep> someone else my be able to explain what the minimal virutal machine is all about
<bogeyd6> ubuntu has a jeos that is more geared towards vm
<nijaba> Reepicheep: http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos
<Reepicheep> nijaba: bogeyd6 thanks
<Reepicheep> I've built jeos images with vmbuilder.. I kinda was thinking that is what the virtual marchine install option was for
<Reepicheep> but I wasn't sure
<fox__> but i can't find a description what's the difference between the two minimal options, will search a little bit more....
<Reepicheep> so yeah.. fox__ accounding to that page the JEOS edition has a "tuned kernel that only contains the base elements needed to run within a virtualized environment"
<Reepicheep> fox__: see the link that nijaba posted
<fox__> and where does it explain the difference, sorry cant see it
<bogeyd6> fox the ubuntu server minimal option is the default option and installs with no GUI, the virtualized option has the ability the install even more minimally and doing away with certain packages that are unneccesary in an VM.
<bogeyd6> for a specific website to detail everything please visit http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos
<bogeyd6> !jeos
<ubottu> JeOS (pronounced "Juice") is Just enough Operating System.  It is an efficient variant of the Ubuntu Server operating system, configured specifically for virtual appliances. See http://www.ubuntu.com/products/whatisubuntu/serveredition/jeos for more information.
<fox__> so what you try to tell me is that "minimal" is minimal and "virtual machine minimal" is jeos
<VirtualDisaster> fox__, yeah you got it
<VirtualDisaster> the jeos is to create appliances
<fox__> ok so back to my inital problem the, how to get cdrom support in the 9.10 jeos install?
<jcastro> kirkland, are you registered to attend UDS in launchpad? on the sprint page?
<VirtualDisaster> fox__, mount
<VirtualDisaster> fox__, btw are you sure youre needing to use the jeos version right
<fox__> sorry mount fails with: mount: unknown filesystem type 'iso9660'
 * VirtualDisaster has has never had to mount a cdrom, i always mount a iso and it just works
<newbuntu> I have my new server setup on my old G4, and I am able to sftp in, but I'm have permission issues.  Can anyone tell me the right way to set up a secure sftp for a user
<VirtualDisaster> newbuntu, http://www.google.com/search?client=opera&rls=en&q=sftp+multiple+users&sourceid=opera&ie=utf-8&oe=utf-8
<newbuntu> thanks, I'll check it out
<bogeyd6> fox__ sudo mount /dev/cdrom /media/cdrom
<kblin> sftp as in the ssh protocol addition or ftp/ssl?
<newbuntu> yes
<Pici> Isn't ftp + ssl ftps?
<newbuntu> ssh
<bogeyd6> !ssh @ newbuntu
<ubottu> Sorry, I don't know anything about ssh @ newbuntu
<bogeyd6> lol
<bogeyd6> !scp @ newbuntu
<ubottu> Sorry, I don't know anything about scp @ newbuntu
<bogeyd6> wtf
<Pici> bogeyd6: you want | not @
<bogeyd6> ah
<bogeyd6> !ssh | newbuntu
<ubottu> newbuntu: SSH is the Secure SHell protocol, see: https://help.ubuntu.com/community/SSHHowto for client usage. PuTTY is an SSH client for Windows; see: http://www.chiark.greenend.org.uk/~sgtatham/putty/ for it's homepage. See also !scp (Secure CoPy) and !sshd (Secure SHell Daemon)
<newbuntu> thanks, I thought I would have access as the user I setup on initial install.
<kblin> you should
<newbuntu> I tried adding a folder via sftp client and it wouldn't let me
<newbuntu> I can only add as 'root' on server machine
<newbuntu> I'm using ubottu's first link to set it up now
<jmarsden> newbuntu: The issue is probably who owns the directory inside which you were trying to create your new one.
<newbuntu> I was within /var/www trying to create /html.  I'm setting up a drupal install
<newbuntu> I can do it on the server directly but need ssh access
<jmarsden> newbuntu: /var/www is now likely to have been owned by your ordinary user, hence the need for root to create stuff in there
<jmarsden> *is not likely*
<newbuntu> it's owned by 'root'
<newbuntu> that's why, huh?
<jmarsden> Indeed.
<newbuntu> okay, I'll just specify which accounts can use SSH
<newbuntu> including my own
<newbuntu> would you agree it's important to choose a random port for ssh to listen on?
<pmatulis> newbuntu: a non-standard port you mean (not 22), not a random port.  yes, that can help confuse automated tools
<newbuntu> yes, that's what i mean
<newbuntu> I plan on setting up a key-pair
<pmatulis> use some high port, by default many scanners do not check very high ports
<pmatulis> yes, key-pair, that goes without saying
 * kblin shrugs
<kblin> I use denyhosts with the blacklist
<kblin> I don't get many attacks these days
<newbuntu> I've found information on disabling key authentication, not creating one. kblin- what's blacklist?
<newbuntu> denyhosts-blacklist?
<kblin> newbuntu: http://denyhosts.sourceforge.net/ check the "synchronization" feature
<newbuntu> thanks
<smoser> nijaba, kirkland i added ref about MAC filtering at https://help.ubuntu.com/community/UEC/Tips
<nijaba> smoser: neat.  I modified /UEC a bit, hope you still like it that way
<smoser> oh, i hate it! let the wiki war begin
<smoser> i mean, it looks fine
<nijaba> smoser: ROFL
<nijaba> I think we should start a little FAQ too.  Maybe I'll work on this tomorrow.
<uvirtbot> New bug: #472969 in qemu-kvm (main) "installs a broken man-page symlink" [Undecided,New] https://launchpad.net/bugs/472969
<newbuntu> does anyone know the right syntax for terminal to access myserver: ie. ssh -i xx.xx.xxx.x@user.....
<\sh> ssh <user>@<ip|host>
<nijaba> smoser: cheers for uec-tools
<newbuntu> cursor dropped to next line but does not ask for password
<ninjah> nijaba: What are uec-tools?
<nijaba> ninjah: https://code.launchpad.net/~ubuntu-on-ec2/ubuntu-on-ec2/uec-tools
<smoser> https://code.launchpad.net/~ubuntu-on-ec2/ubuntu-on-ec2/uec-tools
<smoser> oops. slow
<smoser> and the index updating in bzr is slow too. like hours slow
<error404notfound> i have redmine configured with mod_passenger. Since i configured that sometimes like in once a month or so, apache seems to fork a lot, causing memory to get full, any idea where cna i locate the cause if this issue?
<error404notfound> can i restrict the amount of ram apache can use?
<greenfly> hmm, has the partitioning syntax changed for kickseed in karmic?
<nijaba> smoser: yep, I cheered, then felt dispointed by the commit not being there yet :P
<ninjah> ninjaba: Ah.... I have an EC2 server but I can't remember what tools I used.
<greenfly> a config that worked fine for Jaunty doesn't seem to take affect, I get the dialog prompting me
<newbuntu> i changed my ssh port so I get port:22 Connection refused
<newbuntu> a tried to append to the end of ip--xxx.xx.xx.x:port
<nijaba> newbuntu: ssh user@host:port then
<smoser> ninjah, not a lot of tools there. right now just two. one to resize an image, one to take a tarball and put it into uec
<ninjah> smoser: I don't think I used these tools
<nijaba> ninjah: they are quite new...
<newbuntu> ssh user@host:port  gets :  nodename nor servname provided, or not known
<smoser> nijaba, there are much more extensive tools at https://code.launchpad.net/~ubuntu-on-ec2/ubuntu-on-ec2/ec2-publishing-scripts
<Reepicheep> newbuntu: try "ssh -p port user@host"
<smoser> they are what are used for ec2 publishing of nightly builds.  they're 'ec2-*' dependent right now (rather than euca2ools), but at some point i want to make 'xc2' (the abstraction layer) support euca and ec2
<Ash-Fox> Is there anything in ubuntu that will execute a bunch of applications in a directory on power events? Such as, switching to battery mode, executes scripts/programs, in directory X. On AC power, executes scripts in directory Z etc? If so, what are those paths/
<newbuntu> that worked!
<crohakon> newbuntu; of course it did
<newbuntu> why would it show me my RSA key???
<newbuntu> it spelled it out for me, isn't that bad for security
<crohakon> hehe
<newbuntu> hehe?
<crohakon> newbuntu; Its because we linux users believe in a free and open internet...
<nijaba> smoser: do we reference those anywhere?
<smoser> Ash-Fox, hthere are. http://live.gnome.org/GnomePowerManager/FAQ#head-a49ff0426bd01079d4f1ae269701b27a5f43ea33 thats for gnome-power-manager... not sure about for server (but 'battery mode' doesn't seem very "server" ish)
<crohakon> newbuntu; Why would you ever want to keep someone out? =)
<crohakon> smoser; UPS maybe... not why run a server on a laptop o.0
<Reepicheep> newbuntu: it's just showing you the public key that that machine your connecting to uses?
<smoser> nijaba, no. they're not sufficient for euca at the moment. but they're used a.) by me for ec2 b.) by the build scripts and some of them are quite generic.
<dhalsimm> hi, I'm getting locale errors, I tried /etc/environment, locale-gen command, actually I'm getting same issues with this post: http://ubuntuforums.org/showthread.php?t=1236418&highlight=locale,+locales .... I set tr_TR.UTF8 but I don't care it is turkish or english. I just don't want to see warnings or errors. any help?
<newbuntu> b1ack78
<smoser> crohakon, no reason not to run a server on a laptop.. i was just figuring you were actually asking aobut a desktop.
<newbuntu> are you in here?
<nijaba> smoser: ah, ok, too bad
<Ash-Fox> smoser, thanks for the link, but yeah, not very helpful with regards to a system that doesn't use a GUI. I'm essentially running a server off a laptop in what can be considered an unstable environment (the laptop in question was built to work in extreme conditions).
<smoser> i think if you're not running gnome-power-manager (then you want acpid
<crohakon> smoser; I was not asking anything... just commenting on the laptop/server comment you made
<smoser> Ash-Fox, /etc/acpi
<crohakon> Ash-Fox; oh, I guess that makes sense...
<Ash-Fox> /etc/acpi appears to only have the power button
<Ash-Fox> One of the first places I looked :)
 * Ash-Fox checks through ubuntu's packages, perhaps there is some laptop tools or something needed.
<smoser> Ash-Fox, i think that should work.
<smoser> at least on my laptop here, acpid is running, it is what passes events to gnome-power-manager (if it is running)
<smoser> Ash-Fox, maybe you want acpi-support
<smoser> pkg
<Ash-Fox> Nevermind, I missunderstood the /etc/acpi/events layout :)
<cxo> I have a retarded problem. When I had ubuntu-desktop installed I could get the wifi working. But using iwconfig, the damn thing just doesnt associate
<newbuntu> I'm on a mac trying to transfer my RSA key to it, ssh-copy-id <username>@<host>....what is the host?
<cxo> I'm giving it every damn param to iwconfig, but when i type iwconfig again, it looses it all
<newbuntu> I've tried my computer name and my ip
<newbuntu> I'm trying to do this:
<newbuntu> f you can log in to a computer over SSH using a password, you can transfer your RSA key by doing the following from your own computer:
<newbuntu> ssh-copy-id <username>@<host>
<newbuntu> Where <username> and <host> should be replaced by your username and the name of the computer you're transferring your key to.
<newbuntu> can anyone tell me where I can find the correct value for<host>
<Pici> newbuntu: host is the computer that you want to copy your ssh key to.
<cxo> FUK!!!!!!!!! It was Network-Manager, once i killed that, it all worked
<Pici> cxo: Please mind your language here.
 * cxo spent 5 hours on that
<cxo> Why the hell does network-manager keep messing with my wireless
<cxo> Pici, sorry
<newbuntu> Pici: is it referring to <computername> or <ip>?
<Pici> newbuntu: doesn't matter
<newbuntu> I've tried both of those?
<newbuntu> Is it because I changed my ssh port?
<newbuntu> was 22, now XXXXX
<Reepicheep> newbuntu: are you trying to run ssh-copy-id from the Mac or to the Mac?
<newbuntu> I only changed it on the server
<Pici> newbuntu: That would cause an issue. I don't see an arugment for ssh-copy-id to specify the port number.
<newbuntu> I'm trying to run ssh-copy on my MacPro through terminal, connected to my G4 server
<Pici> newbuntu: They're both running Ubuntu/
<Pici> ?
<newbuntu> I'm logged into the server with password
<newbuntu> no
<Reepicheep> k.. the reason I ask is because OS X does not have the ssh-copy-id command
<newbuntu> macPro is OSX
<newbuntu> oh
<Reepicheep> but you can always just copy it the old fashion way
<newbuntu> any ideas on copying RSA to my macPro off the server
<newbuntu> okay
<Reepicheep> from the machine that you want to copy the key from run:
<newbuntu> I want the ssh_host_rsa_key.pub, right?
<Reepicheep> scp -p port ~/.ssh/id_rsa.pub user@host:/tmp/
<newbuntu> thanks
<Reepicheep> then from the target machine run:
<Reepicheep> cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys
<Reepicheep> as the user you want to login as ^
<newbuntu> how do I look at the .ssh hidden dir
<newbuntu> on server
<newbuntu> cd ~
<newbuntu> ls
<newbuntu> nothing there
<Reepicheep> ls -a
<bptk421> I just upgraded my Jaunty server and for some reason it installed the generic kernel. Does this sound right? I'm still fairly new to Ubuntu server. thx.
<newbuntu> ahhh thank you
<newbuntu> which file do I want? id_rsa   or   id_rsa.pub
<newbuntu> private or public? i gues
<newbuntu> never mind, I see your post above
<newbuntu> Reepicheep: connection refused on port 22
<newbuntu> maybe need to change the ssh port back to 22 on server?
<newbuntu> then back again?
<Reepicheep> newbuntu: you set the port with -p on scp correct?
<newbuntu> no
<newbuntu> thanks
<Reepicheep> newbuntu: because you are not running the ssh server on the standard port you always need to tell your client to use the none standard port. whether the client is ssh or scp or some other client that uses ssh
<Ash-Fox> Wow, getting things to work via the /etc/acpi/events way is quite.. messed up
<Reepicheep> oh.. and newbuntu: "man" is your friend.  learn to use the man pages
<newbuntu> it's telling me the connection to the target machine is refused on port:22
<newbuntu> might be my router, checking that
<uvirtbot> New bug: #473062 in eucalyptus (main) "new node has eucalyptus-nc down (apache config ?)" [Undecided,New] https://launchpad.net/bugs/473062
<mathiaz> kirkland: hi!
<kirkland> mathiaz: yo
<mathiaz> kirkland: I've got a source package ready for the eucalyptus SRU
<kirkland> mathiaz: sweet
<mathiaz> kirkland: seems like the PPAs are backlogged
<kirkland> mathiaz: i'm leading an OpenWeek session in 4 minutes on Byobu
<kirkland> mathiaz: i'll review/test it after
<mathiaz> kirkland: ok - will you have some tiem for testing later?
<mathiaz> kirkland: great - thanks
<kirkland> mathiaz: sure
<jcastro> kirkland, just a few minutes until your session
<mathiaz> kirkland: I won't push to a PPA because of the long queue
<kirkland> #ubuntu-server: come join us in #ubuntu-classroom for a session on Byobu including a live demo in EC2!!!
<jcastro> heh
<kirkland> mathiaz: just do it, and ask an admin to bump the build prio
<kirkland> jcastro: i'm on it, cap'n
<newbuntu> disconnected
<newbuntu> Reepicheep: I've opened up ssh on my router, but I still get- :No route to host?
<jcastro> kirkland, I have to hop on a call, just take over when jono is done
<jcastro> you're all voiced up
<kirkland> jcastro: word
<jcastro> thanks!
<Reepicheep> newbuntu: keey in mind you router thinks ssh is running on port 22 and your aren't running it on port 22 anymore..
<Reepicheep> you may need to open the other none standard port..  I am away now..
<newbuntu> I changed everything back to 22, to take it out of the mix
<newbuntu> thanks for all you help
<tharis20> hey, i've installed ubuntu-server on a P2. The problem is that the font size is huge
<tharis20> does anyone know how to fix this?
<bogeyd6> tharis20 you need to edit /etc/default/console-setup
<bogeyd6> if memory serves correct
<qman__> tharis20, it's more likely the console resolution that's too low, you change that in /boot/grub/menu.lst
<bogeyd6> tharis20 you can also do a dpkg-reconfigure console-setup
<qman__> it defaults to an 80x25 terminal
<zul> smoser: are you doing a hardy refresh?
<qman__> add vga=791 to the kopts line, and run sudo update-grub
<smoser> :)
<smoser> zul, i was looking at that right now.
<qman__> when you reboot it should be 1024x768
<zul> smoser: coolness let me know if you need my advice
<bnjmn> i need to build a kernel module for karmic on ec2 that wasn't built. what's the best way to go about that?
<ninjah> I just reinstall mysql-server and mysql-common. Is it normal to see "cannot access /sys/module/apparmor: No such file or directory"?
<jetole> hey guys, I know this isn't too ubuntu specific (although I don't know whom else to ask). Is there a way to setup a pair of file servers to act as a raid 1 to each other? Not DRBD but something more hardware related like through host bus adapters?
<VirtualDisaster> jetole, DRBD is network raid1
<VirtualDisaster> or whats that other one...
<bogeyd6> !google
<ubottu> While Google is useful for helpers, many newer users don't have the google-fu yet. Please don't tell people to "google it" when they ask a question.
<jetole> VirtualDisaster: I know DRBD is
<jetole> VirtualDisaster: I use it
<jetole> Looking for some hardware related way
<jetole> In all honesty, I have done some research on Host Bus Adapters (HBA) but I am honestly still not sure what they are for.
<VirtualDisaster> jetole, they are network cards designed for storage thats all
<jetole> VirtualDisaster: and what do they do that a normal network card doesn't?
<VirtualDisaster> wikipedia it for a complete understanding
<jetole> I have. Have you?
<jetole> That article doesn't tell me much
<VirtualDisaster> mainly are used for SAN environments that need a lot of network storage like for virtualization
<jetole> which is exactly where I am but I don't know what it does.
<jetole> how does it differ from a network card if that is what it is closest to?
<VirtualDisaster> simplest way to understand it is that it is just a network card for primarily storage related tasks
<jetole> ok
 * jetole still doesn't get it but doesn't matter since thats not really what I need to know
<jetole> still trying to find a native way to keep disks in perfect sync on two different file servers
<jetole> I know DRBD does but I would hardly call that a native way
<crohakon> newbuntu; Every find what you were looking for lastnight?
<crohakon> ever*
<newbuntu> hey crohakon
<newbuntu> I almost have it working, ran into a problem I've been trying to fix for over an hour though
<newbuntu> I am setting up a id_rsa but can't get it copied over to my target machine
<newbuntu> are you there?
<crohakon> I don't know much about that, but I am sure someone in this massive room does.
<newbuntu> If you can log in to a computer over SSH using a password, you can transfer your RSA key by doing the following from your own computer:
<newbuntu> ssh-copy-id <username>@<host>
<newbuntu> Where <username> and <host> should be replaced by your username and the name of the computer you're transferring your key to.
<newbuntu> I get this error: port 22 Connection refused
<jetole> newbuntu: ssh-copy-id -i id_rsa.pub computer.domain.com
<jetole> oh well thats easy
<jetole> the port is closed
<crohakon> yup
<crohakon> lol
<newbuntu> I opened it up on my router?
<newbuntu> Airport Extreme
<jetole> connection refused means it's not firewalled but instead getting a RST/ACK packet
<newbuntu> port mapping
<jetole> newbuntu: I believe you
<ajaya> can anyone say why I shouldn't be using Karmic on EC2 as my production server?
<newbuntu> oh
<jetole> ajaya: it's not LTS
<newbuntu> RST/ACK? not sure what that means
<jetole> it means the computer, not the firewall or router but the computer is saying the port is closed
<jetole> @ newbuntu
<newbuntu> how do I open it?
<jetole> start ssh daemon
<newbuntu> if you don't mind
<jetole> sudo /etc/init.d/ssh start
<ajaya> jetole wonder it makes huge deal for a basic LAMP OR Rails server.
<jetole> ajaya: don't think it should
<newbuntu> in my terminal, right?  I already tried to start it that way, no success
<smoser> zul, ping.
<zul> smoser: pong
<smoser> looking at ec2-init in ec2-init-0.3.4ubuntu7~hardy1
<jetole> newbuntu: netstat -tpeln | grep 22
<jetole> newbuntu: run that on the server
<jetole> also on the server try connecting to your ssh locally
<jetole> i.e. ssh 127.0.0.1
<smoser> the init script runs (i think) after ssh
<smoser> $ ls -altr /etc/rc2.d/ | egrep "ssh|ec2-init"
<smoser> lrwxrwxrwx  1 root root   13 2009-04-25 06:25 S16ssh -> ../init.d/ssh
<smoser> lrwxrwxrwx  1 root root   18 2009-04-25 06:25 S90ec2-init -> ../init.d/ec2-init
<jetole> smoser: why -t
<smoser> but ec2-init regenerates ssh keys. and doesn't restart ssh.
<jetole> thats date based
<jetole> and yes it runs after ssh
<smoser> jetole, no reason... my fingers just type that any time they see a '-l'
<newbuntu> ssh 127.0.0.1 returns: port 22: Connection refused.
<zul> smoser: yep feel free to backport the karmic version to hardy
<jetole> anything in rc2 (or any other rc) suns based on number
<newbuntu> I changed my port
<jetole> i.e. S16 runs before S99
<newbuntu> on the server anyway
<jetole> newbuntu: then you need to tell your client to connect to a different port
<jetole> either ssh -p port
<jetole> or change ~/.ssh/config
<jetole> I run all my ssh on different ports so I store it in config
<smoser> zul, ok, so thats a known bug then.
<zul> smoser: i think so
<newbuntu> I'm a bit slow, so give me a minute to check your posts
<jetole> newbuntu: if you changed the server port to say 54321 then type "ssh -p 54321 my.server"
<crohakon> My server runs ssh on say... port 99... so when I log in I use: ssh -p 99 192.168.1.xxx
<newbuntu> on my server I've typed: scp -p 54321 ~/.ssh/id_rsa.pub <client_user>@<client_ip>:/tmp
<newbuntu> I get port 22: connection refused
<newbuntu> is that refusal on the client or server?
<jetole> ubuntulog: I don't think -p works in scp
<jetole> first off, thats not how you add a key
<jetole> you add a key using ssh-copy-id
<jetole> ssh-copy-id -i my.key my.server
<crohakon> which was mentioned once before...
<jetole> secondly, since you are doing that
<crohakon> <jetole> newbuntu: ssh-copy-id -i id_rsa.pub computer.domain.com
<jetole> create a file called config in the ~/.ssh directory
<jetole> chmod 600 config
<jetole> then add the lines:
<jetole> Host *
<jetole> Port 54321
<jetole> also if you only want this for one host you can use:
<jetole> Host my.server
<jetole> instead of Host *
<jetole> close the file and then ssh to the server
<jetole> if ssh works but asks you for a key then you know it knows the port
<jetole> I mean if it works but asks for a passwords
<jetole> once that works then run ssh-copy-id to place the key
<newbuntu> thank you, trying now
<jetole> let me know when it works
<newbuntu> I will!:)
 * crohakon pats Jetole on the back
<crohakon> Nice work.
<jetole> thanks
<jetole> lol
<jetole> no offense to newbuntu but this is childs play
<soren> smoser: When you say vmbuilder, do you actually mean ec2-init or is there a connection to vmbuilder in that bug that I'm just not seeing?
<newbuntu> I've only been at this for a few days, new to this
<crohakon> jetole; Yes, in terms of knowledge, but not everyone has grown out of their linux pampers. Me for example, I just started walking. =)
<VirtualDisaster> newbuntu, its a learning experience
<jhan> i'm using ubuntu 9.4version,how do i configure apt-get server in my machine
<jetole> newbuntu: like I said, no offense to you
<jhan> please give me steps
<VirtualDisaster> newbuntu, ive been using linux for 5 years and still have to get help
<crohakon> 9.04?
<jetole> I remember my first beer
<jetole> ;)
<VirtualDisaster> jhan, read the documentation on the ubuntu web site
<newbuntu> gotta start somewhere, not claiming to have the knowledge you all have
<crohakon> lol @ jetole
<smoser> soren, you're referring to something i said like 8 hours ago, right? i thikn youi're right, that that shoudl have said ec2-inti
<jhan> k
<crohakon> newbuntu; your fine, no worries.
<jetole> newbuntu: I know. I am not saying anything bad about it/you
<newbuntu> that's why I'm here, thanks for your help though
<jetole> instead I am helping
<newbuntu> I appreciate it!
<soren> smoser: Uh, yeah, it's been a while. I've been internet deprived.
<jetole> sure
<newbuntu> stupid question?  The following is done on the server/client:  create a file called config in the ~/.ssh directory
<newbuntu> chmod 600 config
<newbuntu> then add the lines:
<jetole> right, from the terminal, type chmod 600 config
<jetole> config is the actual config file
<jetole> so you will need to be in the .ssh directory of your home
<jetole> chmod 600 means make this file read/write by me and only me
<zul> soren: going through withdrawls?
<crohakon> sudo nano ~/.ssh/config
<jetole> otherwise ssh will not accept it
 * jetole rolls eyes @ nano
<newbuntu> okay, thanks
<crohakon> he, I like nano
<jetole> vi is the editor of the gods
<crohakon> yeah, but you also need a book to learn it.
<crohakon> nano is easy, so for him it is good.
<soren> zul: It's getting upgraded and there was some sort of problem, so now I'm leeching off of a neighbours open wifi :)
<jetole> I know I know
<jetole> I work with a programmer who can't stand vi
<zul> soren: good on you ;)
 * VirtualDisaster loves vi
<VirtualDisaster> simple
<jetole> and a dozen other programmers that don't know what it is
<VirtualDisaster> jetole, lol
<crohakon> jetole; I know what is is... but prefer nano as it is really simple and I don't need much more.
<jetole> VirtualDisaster: it is the most capable editor I know
<soren> smoser: But no, clearly no reason to fail on python2.4. I didn't even think we shipped 2.4 anymore, but I see that we do.
<jetole> crohakon: I know, just saying I agree with you sorta since I know lots of people feel the same
<jetole> vi is not simple
<crohakon> *nods*
<jetole> vi is instead complete
<VirtualDisaster> jetole, agreed
<smoser> yeah, i think for /usr/bin/python to be 2.4 it was probably a upgrade from something old
<crohakon> Well, time to go get food.
<jetole> I'm thinking time for bed
<jetole> I'm taking today off after working 70+ hours in the last 8 days
<zul> soren: quick question for you does window 7 work as a kvm guest?
<crohakon> yeah, not fun. My last job I was managing two restaurants. I was working 130 hours a pay period (every two weeks) between march and october
<crohakon> Now, I am un-employed and poor. =)
<crohakon> bye
<jetole> Virtual, wow!
<newbuntu> jetole: Port 22
<newbuntu> Host alias
<newbuntu> IdentifyFile <key-pair I'm currently using>
<newbuntu> HostName <domain of site>
<newbuntu> User root
<jetole> I'm setting up a new cloud and SAN infrastructure
<jetole> :D
<newbuntu> I already have this info in that file, can I just add to it?
<jetole> for the love of god don't use root
<jetole> or IdentityFile
<jetole> Identity file is not a big deal but if you have ~/.ssh/id_rsa.pub then ssh uses it automatically
<soren> zul: don't know for sure. I think I've heard of someone who did it, but I'm sure I heard about someone for whom it failed.
<soren> smoser: Probably, yeah.
<zul> soren: reason im asking is so I can test samba for lucid better
<soren> smoser: ...so why the heck is he installing ec2-init? :)
<jetole> and yes, you can append to that file but also don't specify IdentityFile until after you know it's working before the identity file is needed
<soren> zul: Well... Try it and let me know :)
<smoser> yeah, and why did he install it on that old distro and thn upgrade
<kirkland> mathiaz: okay
<kirkland> mathiaz: done with my session
<kirkland> mathiaz: should i just pull your branch and build locally?
<newbuntu> do I add: Host 1 2 3 4 or...
<newbuntu> host 1
<newbuntu> host 2
<newbuntu> host 3
<soren> smoser: People are nuts. :)
<zul> soren: I just need a copy of it
<zul> umm...legal copy of it
<jetole> newbuntu: all commands apply for the host hey are listed under...
<dhalsimm> Hi, I can't  connect to ssh using nautilus or gftp (other than terminal) except root user. I'm using jaunty
 * smoser thinks zul watched the windows 7 torrent party video
<jetole> so if you want something to apply to all hosts, list it under Host * and make sure Host * is at the bottom
<zul> smoser: mayyyybe
<jetole> Host is like the group breaker
<zul> smoser: maybe im just converting all my boxes to windows
<jetole> each Host line represents a new machine
<jetole> for everything under it until the next host line
<newbuntu> oh, got it
<newbuntu> thanks
<smoser> zul, all my boxes are already upgraded to windows 7.
<newbuntu> okay, I'm connected to my server through ssh in Terminal!!!
<jetole> lol
<jetole> cool
<newbuntu> now how do I get access through ftp/ssh client
<Reepicheep> newbuntu: nice.. did you get your public key copied over?
<jetole> newbuntu: don't use ftp
<jetole> use scp
<newbuntu> doing that now
<newbuntu> trying... anyway
<jetole> scp file my.server: (copies file to home directory on server)
<jetole> scp my.server:/home/newbuntu/this.file ~ (copies this.file on server to your ~ directory)
<jetole> newbuntu: also look at sshfs + afuse
<Reepicheep> newbuntu: do you still have sshd listening on a different port?
<newbuntu> yes
<newbuntu> i do
<Reepicheep> I think I told you incorrectly how to switch ports with scp earlier
<Reepicheep> use -P not -p
<jetole> it's all in the man page
<Reepicheep> so "scp -P port user@hostname:/path/to/file
<jetole> man scp
<jetole> Reepicheep: he is using a proper ssh config file now though so I don't think he needs it
<jetole> newbuntu: also man ssh_config for more things to change
<Reepicheep> so newbuntu set it up to so his clients use it system wide in the /etc/ssh config files?
<BerRMaNyA> Hii i have a problem when i try config exim4 with smarthost, somebody can helpme?
<JavaJimFL> New to Linux in general, Ubuntu in particular:  new 9.1 server install, single OS, ok till Grub install, at which point the install menu loops on that selection till I select 'no bootloader' and then the server won't start after the install.  Any pointers?  Thanks.
<jetole> Reepicheep: he could but instead place it in ~/.ssh/config instead of /etc/ssh/config
<jetole> /etc/ssh/config should only be used for all users
<Reepicheep> yeah.. that would probably be better anyway
<newbuntu> I thought I had to use ssh-copy-id <username>@<host>
<jetole> newbuntu: no
<BerRMaNyA> Hii i have a problem when i try config exim4 with smarthost, somebody can helpme?
<jetole> ssh-copy-id -i key.file your.host
<Reepicheep> newbuntu: are you still trying to copy the public key from your Mac?
<jetole> for example ssh-copy-id -i ~/.ssh/id_rsa.pub my.server.com
<jetole> did you just say mac?
<newbuntu> I am trying to copy the public key from my server to my mac so I can have access
<newbuntu> I created the key on my server
<newbuntu> is that right?
<Reepicheep> so you want your server to be able to connect to your mac via the ssh keys?
<newbuntu> yes
<jetole> ok, I don't know much about ssh on mac other then my dad has one and the configs in /etc don't work the way they do on every other computer
<BerRMaNyA> Hii i have a problem when i try config exim4 with smarthost, somebody can helpme?
<Reepicheep> BerRMaNyA: can you paste your exim router configs in a paste bin?
<Reepicheep> newbuntu: I just want to make it clear you want to connect from your ubuntu server to your mac not vice versa?
<newbuntu> no, I'm sorry...I want to be able to access the server via the mac
<Reepicheep> that's what I thought
<Reepicheep> you need to generate the key on the client.. not the server
<Reepicheep> so in your instance the client is your Mac
<BerRMaNyA> What is the file of configuration?, i execute sudo dpkg-reconfugyre exim4-config
<Reepicheep> newbuntu: and OS X does not have ssh-copy-id so you have to do it by hand.. the old fashion way
<newbuntu> oh, I was thinking of it backwards!
<Reepicheep> BerRMaNyA: I use exim but I have never used the configs made via dpkg-reconfigure so I don't know if I can help a lot
<Reepicheep> I can help you edit the files by hand.. but you may want to do it the ubuntu way as you have tried with dpkg-reconfigure
<BerRMaNyA> Reepicheep wait, i'll upload the config file
<Reepicheep> when you run dpkg-reconfugyre exim4-config does it give you an option to set it up using a smarthost as postfix does? BerRMaNyA
<Reepicheep> newbuntu: the first thing you need to make sure is that you have a public private key generated for your user an your mac?
<newbuntu> I generated both, but on the server
<Reepicheep> newbuntu: from the terminal type "ls ~/.ssh/" and is there an id_rsa.pub or id_tsa.pub file?
<BerRMaNyA> when i run dpkg-reconfigure, askme the ip of smarthost, but i dont know de smarthost ip
<newbuntu> no just my a config file and known_hosts file
<Reepicheep> s/id_tsa.pub/id_dsa.pub/ ^ sorry
<BerRMaNyA> I try put ip of isp
<BerRMaNyA> but dont work
<Reepicheep> BerRMaNyA: you will defiantly need that info to set up the smart host
<newbuntu> I have set this up with another server before
<newbuntu> appearantly
<Reepicheep> BerRMaNyA: you may be able to use the DNS name of the smarthost you would like to use
<Reepicheep> newbuntu: then you need to generate a key pair for your user on you Mac first.. use ssh-keygen
<Reepicheep> i.e ssh-keygen -t rsa
<newbuntu> Reepicheep: I don't remember why but the <known_hosts> file contains the other RSA I use for another server, not sure why I set it up that way
<BerRMaNyA> but i dont understand, i 'll try use the DNS of ISP, that is ok?
<Reepicheep> that's ok.. the known host contains the public key for every ssh server you have connected to and trusted said ssh servers keys
<Reepicheep> newbuntu: ^
<newbuntu> ahhhh
<Reepicheep> BerRMaNyA: do you understand what a "Smarthost" is?
<Reepicheep> BerRMaNyA: basically it is a server that will relay your mail to and from your existing server depending on your situation.
<Reepicheep> is that what you are after?
<uvirtbot> New bug: #473218 in sysstat (universe) "Please sync sysstat-9.0.5-1 from Debian unstable." [Undecided,New] https://launchpad.net/bugs/473218
<BerRMaNyA> mmm i think that smathost is a service  when i run mail() in php for example, mi smtp server relay the mail to smarthost, and smarthost redirect this mail to email account what specify in mail function
<BerRMaNyA> sorry my inglish is bad
<mathiaz> kirkland: avahi and eucalyptus uploaded to my ppa - https://launchpad.net/~mathiaz/+archive/eucalyptus/+packages
<Reepicheep> BerRMaNyA: are you setting up exim to host local inboxes? or just to send mail out to external email account?
<mathiaz> kirkland: so you can probably grab the source code from there and build them localy
<newbuntu>  so I just created a key on my client computer
<newbuntu> reepicheep
<newbuntu> ls -a
<Reepicheep> newbuntu: sweet.  now you need to get the contents of the ~/.ssh/id_rsa.pub file into the ~/.ssh/authorized_keys file on the server
<newbuntu> okay, doing that now
<Reepicheep> replace rsa with dsa if you created the keys that way ^
<newbuntu> no they are rsa, what's the diff
<Reepicheep> the easiest way is to use "scp"
<Reepicheep> scp -P port ~/.ssh/id_rsa.pub user@hostname:/tmp/
<BerRMaNyA> Reepicheep: I try config the local pc as server, i have static ip, when mi work now is config this machine with smtp server and pop3 server, I installed exim as smtp server, i try send the mail with PHP to my email account, and I recibe this mail in spam inbox
<Reepicheep> newbuntu: that will get the pub file over to your server in the /tmp/ directory
<BerRMaNyA> When i think that if setup smarthost i will recibe mail in inbox and NO spam
<Reepicheep> newbuntu: then just concatenate it to the end of the authorized_keys file
<Reepicheep> cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys
<newbuntu> now for a really dumb question?  is my host name not what I see when I'm logged into my server ie. root@testserver
<Reepicheep> BerRMaNyA: are you receiving this mail on an account hosted on the server with exim on it or in an existing email account that is hosted elsewhere?
<newbuntu> nevermind
<newbuntu> got it
<BerRMaNyA> i recive mail on gmail
<newbuntu> it asks for root@<my ip>'s password?  my pass doesn't work
<Reepicheep> newbuntu: that concatenate command should be run on the server as the user that you wish to login as after the key has been copied to the servers /tmp/ directory
<BerRMaNyA> when i enter to http://localhost/mail.php?to=bernacas@gmail.com i recive mail in spam
<BerRMaNyA> on gmail
<Reepicheep> BerRMaNyA: you may not need to run exim on your machine at all if you are sending to a gmail account
<lukehasnoname> Hey guys. Y'all know where I can get the raw Docbook XML for the server guide?
<Reepicheep> php should be able to use a smtp server provided  by your ISP
<newbuntu> it wants the root password
<BerRMaNyA> I use php to check if my smtpserver is running
<BerRMaNyA> if (mail("bernacas@gmail.com","test","test")) : echo "The mail is sent"; endif;
<Reepicheep> newbuntu: assuming that you have heard the warning about sshing to a root account... you can copy the file to the server as a non root user
<BerRMaNyA> This way check if my smtp server is on
<Reepicheep> then copy the contents to /root/.ssh/authorized_keys with sudo or as the root user
<Reepicheep> newbuntu: by default ubuntu does not set a root password
<newbuntu> hmmm, ok
<Reepicheep> BerRMaNyA: if you are just trying to send mail from php.. I'm not sure you really need a full MTA like exim running.  there probably are better ways of sending that mail out.
<newbuntu> sorry for the confusion but I created the 'id_rsa.pub' file in ~/.ssh/  logged in as my root, was that a mistake? Should I have created the keys in ~/.ssh/    logged in as my user?
<newbuntu> Reepicheep
<BerRMaNyA> Reepicheep: Now i just config the smtp server, but i now install pop3 server, i can create for example bermanya@IPSTATIC ?
<lukehasnoname> got it
<Reepicheep> newbuntu: it's usually best to connect to your server as an unprivileged user, then use sudo to execute things that need root privileges
<Reepicheep> so in the command I gave you .. "user" in "user@hostname" would by your username not root
<Reepicheep> than run the concatenate command as your user on the server
<Reepicheep> BerRMaNyA: in that case you do need an MTA
<newbuntu> so should the key files on my clientMac be stored in the root ~/.ssh/  or my User ~/.ssh/
<BerRMaNyA> exim is MTA true?
<jetole> user ssh
<newbuntu> the one's I just created?
<jetole> @ newbuntu
<newbuntu> ok
<Reepicheep> newbuntu: as the user
<newbuntu> well I messed up then, I did it as root
<Reepicheep> so /Users/<username>/.ssh/
<newbuntu> I can just delete and redo, huh?
<jetole> newbuntu: that only applies if you want the root user to be able to ssh which you can but that is against a lot of BOFH regulations
<jetole> newbuntu: I wasn't paying attention but you can delete and re create your certs as many times as you like
<Reepicheep> it doesn't hurt to have those keys in the /root/.ssh/ you just won't use them :newbuntu
<newbuntu> deleting and re-creating
<newbuntu> now
<BerRMaNyA> Reepicheep: do you have some tutorial that explain me that i looking for?
<newbuntu> that is also where I put the config file, need to change that
<jetole> if [ ${UID} -eq 0 ]; then echo "not as root"; exit 1; fi; sudo rm -rf /root/.ssh; ssh-keygent -t rsa; ssh-copy-id -i ~/.ssh/id_rsa.pub my.server
<jetole> @ newbuntu
<jetole> that needs a little work but thats the general idea of how to do it all over again
<Reepicheep> BerRMaNyA: not of the top of my head.. why is it that you settled on "exim" was it from a tutorial?
<newbuntu> a little over my head but thanks
<newbuntu> the if statement anyway
<Reepicheep> jetole: I like that.. that's a cute way to put it
<jetole> newbuntu: that should actually do it all except at the end change my.server to your server
<jetole> newbuntu: that will delete the root .ssh dir
<jetole> and recreate the new keys
<jetole> and copy them over
<jetole> assuming passwords still work on the server
<Reepicheep> jetole: the only issue is that OS X doesn't have ssh-copy-id :(
<newbuntu> I have them on for now, will turn them off when I get this working
 * jetole doesn't allow passwords on ssh on his servers but it's all corporate and I have keys backed up around the corner
<jetole> Reepicheep: wow... uh... that sucks
 * jetole points to www.openssh.org
<jetole> can download and compile from there
<jetole> as part of the openssh package
<jetole> newbuntu: just make sure you have backed up your keys very well before you do
<BerRMaNyA> I have opened 100000 tutorials but i cant make work exim, but I now open https://help.ubuntu.com/9.04/serverguide/C/exim4.html
<newbuntu> I will
<Reepicheep> jetole: that is why I was having newbuntu us scp to copy the public key to the server.. but I didn't realize it was the root user
<jetole> BerRMaNyA: the problem is exim != postfix
<jetole> ;)
<jetole> yeah me either
<jetole> never use root
<newbuntu> won't from now on
<BerRMaNyA> jetole which is the diference of exim and postfix?
<Reepicheep> BerRMaNyA: I love exim ... it is my MTA of choice .. but in your instance postfix may be better
<Reepicheep> newbuntu: that away to here the warning about using the root user ;-)
<BerRMaNyA> which is the diference between exim and postfix?
<jetole> BerRMaNyA: what is the difference between windows and linux? You are asking the difference between two different peices of software. You can put sendmail and the microsoft mail package in the question too. If you want a complete answer download both source packages and run diff -ur against the two directories
<Reepicheep> BerRMaNyA: they both accomplish the same thing..
<newbuntu> out of curiosity, why is it soooo bad for me to be logged in as root
<Reepicheep> but the ubuntu way tends to be use postfix.. so you will find more documentation that way
<jetole> newbuntu: because you don't need to be and by typing the wrong command as root you will destroy your system
<newbuntu> enough said
 * jetole has been using postfix for years and it just works 
<newbuntu> thanks
<jetole> newbuntu: also you don't want the root user accessible via ssh incase someone cracks in
<BerRMaNyA> Ok reepicheep, so i run apt-get remove exim and i 'll install postfix is that ok?
 * Reepicheep has been using exim for years .. but in this instance .. Reepicheep thinks BerRMaNyA should use postfix
<jetole> BerRMaNyA: great idea
<Reepicheep> BerRMaNyA: you will find plenty of tutorials showing you ubuntu-server + postfix + (dovecot | courier | cyrus | your choice of software)
<jetole> BerRMaNyA: also #postfix is an informative room
 * jetole votes for dovecot which also functions as the LDA
 * Reepicheep votes the same..
<jetole> well I'm gonna go poo
<jetole> bbiab
<Reepicheep> newbuntu: .. basicly you just need to run those two commands on your mac as you unprivileged user (ssh-keygen and the scp one)
<BerRMaNyA> Reepicheep thanks so much for your help, jetole same for you
<jetole> BerRMaNyA: I didn't offer much but enjoy
<newbuntu> I'm in the process now....
<BerRMaNyA> now i try install postfix and dovecat
<BerRMaNyA> dovecot
<Reepicheep> newbuntu: then concatenate the /tmp/id_rsa.pub file (make sure it's the new one and not roots) to the users .ssh/authorized_keys file
<Reepicheep> BerRMaNyA: find a walk through to help you with the configuration steps need
<kirkland> mathiaz: yo
<kirkland> mathiaz: okay, i'm downloading now
<newbuntu> I've got the key in my /tmp on server!  moving on...
<newbuntu> when I try to cd .shh (logged in as me) it tells me permission denied
<Reepicheep> what about "cd ~/.ssh" ?
<newbuntu> it's owned by root, why?
<newbuntu> denied
<Reepicheep> "pwd" returns your users home directory not "/root" correct?
<newbuntu> yes, correct
<Reepicheep> k.. lets start over on the server side..
<newbuntu> k
<Reepicheep> type "sudo rm -r /home/<username>/.ssh"
<Reepicheep> make sure it is the correct directory :[|
<Reepicheep> :-|
<newbuntu> it's gone..
<Reepicheep> k.. create a new one .. like by for instance typing "ssh -p port localhost"
<Reepicheep> and accepting the public key
<mathiaz> kirkland: well - I think everything is built now
<kirkland> mathiaz: yup, i'm installed
<kirkland> mathiaz: did you put together SRU testing instructions yet?
<mathiaz> kirkland: not for all the bugs
<mathiaz> kirkland: some of them have the testing instructions already
<newbuntu> made new /.ssh, it's owned by me now
<Reepicheep> sweet.. now lets make sure the id_rsa.pub file you your users and not root's
<Reepicheep> type "cat /tmp/id_rsa.pub" it should be the key
<Reepicheep> at the end it should have "username@your.mac.hostname" not "root@your.mac.hostname"
<newbuntu> it does
<Reepicheep> sweet.. k.. now:
<Reepicheep> cat /tmp/id_rsa.pub >> ~/.ssh/authorized_keys
<newbuntu> ok
<newbuntu> how do we check
<Reepicheep> and when that completes you should see the public key in /home/<username/.ssh/authorized_keys .. use "cat" to see it
<Reepicheep> if it's there you should have it setup.. now back on your Mac
<newbuntu> it's there!!
<Reepicheep> great
<newbuntu> wow, I really appreciate all your time
<kirkland> mathiaz: i'll write the SRU testing for mine (the powernap one)
<Reepicheep> ssh -p port username@server.hostname
<Reepicheep> from the Mac ^
<mathiaz> kirkland: ok
<newbuntu> ok
<geekboxjockey> I'm having issues with LDAP, pam_ccreds and apache2 http-auth, if I log in to a system via ssh using my LDAP credentials, I can see that my info I'm having issues with LDAP, pam_ccreds and apache2 http-auth, if I log in to a system via ssh using my LDAP credentials, I can see that my info is cached via 'sudo cc_dump' however for users authenticating with http-auth on our site, their LDAP info is not being c
<geekboxjockey> ached. Any ideas?is cached via 'sudo cc_dump' however for users authenticating with http-auth on our site, their LDAP info is not being cached. Any ideas?
<geekboxjockey> I have apache2 set up to use /etc/pam.d/common-auth (which is where I have the caching configured)
<Reepicheep> if the username is the same on both you don't need the "username@" part
<geekboxjockey> I'm having issues with LDAP, pam_ccreds and apache2 http-auth, if I log in to a system via ssh using my LDAP credentials, I can see that my info is cached via 'sudo cc_dump' however for users authenticating with http-auth on our site, their LDAP info is not being cached. Any ideas?
<geekboxjockey> (sorry, something got chopped up in my last message)
<newbuntu> it asked me for my server password? does that mean it didn't work?
<newbuntu> should it still ask for that?
<mushroomtwo> time to edit sshd_config
<Reepicheep> newbuntu: no it should just log you in
<newbuntu> had to enter password
<Reepicheep> double check to make sure that the key on your Mac /Users/<username>/.ssh/id_rsa.pub matches the key on your server /home/<username>/.ssh/authorized_keys
<Reepicheep> also make sure that it is still enable in the sshd_config file on the server
<newbuntu> looks as though they match, looking at a few characters in the beginning and end
<newbuntu> at the end of the RSA it has = user@computername.local
<newbuntu> should this be the ip?
<Reepicheep> nah.. that should be fine
<Reepicheep> have you edited /etc/sshd_config on the server?
<newbuntu> I want to be able to access this whether I'm on my home network or away, I guess that doesn't matter
<newbuntu> i will check the /etc/sshd_config
<newbuntu> PubkeyAuthentication = yes
<newbuntu> all I changed is the port
<Reepicheep> hmm. that should work..
<newbuntu> what is this: # HostKeys for protocol version2
<Reepicheep> let me make sure I can get it to work .. what version of OS X are you running?
<newbuntu> my has: HostKey /etc/ssh/ssh/host/rsa/key
<newbuntu> wait mis type
<Reepicheep> usually it is something like:
<newbuntu> t
<Reepicheep> HostKey /etc/ssh/ssh_host_rsa_key
<newbuntu> that's what I meant to type
<newbuntu> thanks
<newbuntu> I have a /know_hosts on my mac? does that mean anything?
<newbuntu> I'm running 10.6
<newbuntu> reepicheep
<DrNick_> is ubuntu server have "official" support on Sparc boxen?  or is it "officially" just i386/x64?
<DrNick_> err, * does
<Reepicheep> k.. let me test that.. btw. if you want you can have ssh listen on multiple ports. just put on "Port <portnumber>" line per port
<Reepicheep> newbuntu: ^
<newbuntu> I see a line in sshd_config: #AuthorizedKeysFile %h/.ssh/authorized_keys.
<newbuntu> there is nothing under it
<newbuntu> Reepicheep^
<newbuntu> does my key path need to be there?
<Reepicheep> newbuntu: by chance is it asking you for the password you gave when generating the ssh key pairs with the ssh-keygen command?
<newbuntu> no, just my user pass
<newbuntu> well, they might be the same?
<newbuntu> i'm not sure
<newbuntu> was that not my user pass?
<newbuntu> I figured it was trying to authenticate me as a user before generating
<newbuntu> Reepicheep^
<Reepicheep> because if you give a set a password when creating the keys with ssh-keygen it will prompt you for that password every time you use the key
<newbuntu> can I turn off the password authentication in the sshd_config file and try to login again?
<newbuntu> will that tell me anything
<Reepicheep> if you want to connect in "Passwordless" if that's a word.. you need to create the ssh_key pair without a password.. but .. there are security concerns doing it that way also
<newbuntu> i don't mind typing in the password, just wanted to make sure I was actually connecting with the key pair
<newbuntu> Reepicheep^
<Reepicheep> you probably are.. it is just prompting you for your key pair password not your user password on the server
<Reepicheep> btw.. it works fine for me from a 10.6.1 Mac to an ubuntu server 9.10
<newbuntu> I just turned of pass auth in sshd_conf on server
<newbuntu> restarted ssh
<newbuntu> tried to log in from mac
<newbuntu> permission denied (publickey)
<newbuntu> confused
<uvirtbot> New bug: #473332 in openipmi (universe) "Startup failed to load ipmi_devintf module" [Undecided,New] https://launchpad.net/bugs/473332
<newbuntu> ls
<newbuntu> do I need the key in known_hosts?
<newbuntu> Reepicheep^
<newbuntu> on my mac
<newbuntu> oh wait, it's there
<Reepicheep> yeah.. that is the servers public key
<newbuntu> it's there
<newbuntu> nevermind
<Reepicheep> that is what you are prompted to accept the first time you connect to a host
<newbuntu> do I need the config file on my mac or the server?
<newbuntu> I don't have it on my mac
<newbuntu> Reepicheep^
<Reepicheep> you don't need to adjust anything on your Mac.. you just need the user to generate a key pair .. which you have done
<newbuntu> k
<Reepicheep> DrNick_:  I don't think sparc hardware is officially supported
<newbuntu> any ideas? Reepicheep
<DrNick_> ok.  however it still has community support currently?
<Reepicheep> newbuntu: I must of missed the question.. is it still not working?
<newbuntu> no it's not working
<Reepicheep> DrNick_: I would suppose.. as best you can get
<newbuntu> I just turned off pass auth in sshd_conf on server
<DrNick_> only i seem to remember a time when ubuntu was officially supported on x86/x64, ppc and sparc.  i can understand them dropping ppc, with apple going intel but sparc i would have hoped might continue
<newbuntu> restarted ssh
<newbuntu> tried to log in from mac
<newbuntu> permission denied (publickey)
<DrNick_> there was some fanfare a while ago about ubuntu-sun lovin', i guess that is no more.  esp' with sun going to oracle
<Reepicheep> newbuntu: so it prompts you for the password for your keys.. you enter that .. then it gives your the "permission denied (publickey)" error?
<newbuntu> no- I enter: ssh -p port user@ip      hit enter
<newbuntu> Permission denied (publickey)
<Reepicheep> DrNick_: I have run linux (not ubuntu though) on sparc hardware for awhile .. but I have taken most of them out of production in the last couple years.. it worked pretty well though
<DrNick_> well, thanks for the info anyway Reepicheep
 * newbuntu Invalid PEM structure, '-----BEGIN...' missing.
<DrNick_> cdimage.ubuntu.com seem to have a variety of different architecture's to install, all community supported.  there's even one for the ps3 lol
<newbuntu> this is what I get when I try to get in using ftp client
<newbuntu> ssh
<newbuntu> sftp
<newbuntu> whatever
<Reepicheep> newbuntu: have you mess with the keys in /etc/ssh on the server?
<DrNick_> even PA-RISC is there
<newbuntu> no I haven't
<Reepicheep> DrNick_: yeah I have seen that .. I have used the PPC one a few times .. I even have download the sparc one. burned the disk .. it's sitting on top of an old sunfire machine on my bench.. but I have yet to install it.. :-|
<DrNick_> :-)
<DrNick_> boot it, see what happens
<Reepicheep> newbuntu: your scp command worked earlier to copy the id_rsa.pub file from the mac to the server correct?
<newbuntu> at the end of my ssh_host_rsa_key.pub..... it is root@myserver
<Reepicheep> DrNick_: I will sometime.. I just haven't got around to it
<newbuntu> is that wrong
<newbuntu> yes it did work
<Reepicheep> newbuntu: that is fine.. that is the system keys used via the openssh server
<newbuntu> oh
<Reepicheep> they are auto generated when you install the openssh-server package
<Reepicheep> you shouldn't need to mess with them
<newbuntu> ok, i see
<Reepicheep> the only keys you need to care about are the keys in your home directory's .ssh/ folder
<Reepicheep> newbuntu: can you try running the scp command from the mac again.. just copy any file to the server's /tmp/ folder
<newbuntu> my key is in the file authorized_keys
<newbuntu> yes
<Reepicheep> newbuntu: correct .. the public key for the user on the client (your Mac) should be in your user's authorized_keys file on the server
<newbuntu> permission denied (publickey)
<newbuntu> Reepicheep^
<newbuntu> I will have to turn passAuth back on i guess
<newbuntu> in sshd_config
<newbuntu> what is invalid PEM structure
<newbuntu> Reepicheep^
<newbuntu> the other key I'm using is keypair.pem
<newbuntu> this on is keypair.pub
<newbuntu> could that be anything?
<newbuntu> Reepicheep^
<Reepicheep> newbuntu: afaik. pem files are files that combine the public and signed certificate in ssl  .. I have never used them in the ssh realm
<RoyK> hm.... it'd be fine the day linux has something like zfs
<Reepicheep> where is it that you see the keypair.pem file?
<newbuntu> ok
<newbuntu> I use one to log into another server I use, for business
<RoyK> if any of you work with storage, take a little look at what's in opensolaris
<RoyK> it eats linux for breakfast
<newbuntu> I also get this error when trying to sftp: into my server:
<Reepicheep> RoyK: I agree I really wish sun could release zfs with a linux compatible license
<newbuntu> Reepicheep^Invalid PEM structure, '-----BEGIN...' missing.
<Reepicheep> newbuntu: does it happen to be secure ftp like ftp over ssl ... which is different then sftp over ssh
<newbuntu> it might be
<newbuntu> have a question
<RoyK> Reepicheep: well, they don't want to, so I'll stick with opensolaris for storage
<newbuntu> if I'm getting 'Permission denied (publickey) when I try to scp to the server?  On which side does the problem lie?
<Reepicheep> newbuntu: for copying files from your make to a machine with ssh you should look at Macfusion .. it uses fuse to make the connection but it integrates into your finder
<newbuntu> cool
<newbuntu> did you see the post just above your last?
<Reepicheep> newbuntu: is the /etc/ssh/sshd_config and /etc/ssh/ssh_config files pretty standard on your server other then the port change?
<RoyK> the nfs4 stuff in opensolaris is quite a bit better than what's in linux, so .......
<newbuntu> yes, I changed nothing from the install except port: and passwordAuthorization
<Reepicheep> try changing passwordAuthorization back .. and see what it does
<newbuntu> k
<mathiaz> smoser: any news from upstream on bug 461156?
<uvirtbot> Launchpad bug 461156 in euca2ools "User data is not parsed correctly by Eucalyptus in some cases" [High,In progress] https://launchpad.net/bugs/461156
<mathiaz> kirkland: ^^?
<kirkland> mathiaz: latest i know is in that bug
<kirkland> mathiaz: i'm still testing your ppa packages
<kirkland> mathiaz: i'm running into some weirdness
<kirkland> mathiaz: but i don't know if it's your fault yet :-)
<mathiaz> kirkland: weirdness?
<mathiaz> kirkland: do you have issue with dns resolution to connect to the cc?
<newbuntu> Reepicheep^
<kirkland> mathiaz: haven't tried that
<kirkland> mathiaz: i'm testing the little powernap one, which should be a no-op really at this point
<newbuntu> this is what I get when I restart ssh: Could not load host key
<kirkland> mathiaz: but i couldn't get powersave working at all at first
<newbuntu> start stop dameo: warning: failed to kill: operation not permitted
<newbuntu> Reepicheep^
<newbuntu> this is what I get when I restart ssh
<newbuntu> [ok]
<kirkland> mathiaz: which ones have SRU test instructions already?
<mathiaz> kirkland: bug 458904
<uvirtbot> Launchpad bug 458904 in eucalyptus "When installing a node, euca_find_cluster fails to locate the cluster controller if instances are running" [High,In progress] https://launchpad.net/bugs/458904
<Reepicheep> newbuntu: what does "sudo netstat -tlpn | grep sshd" return ?
<mushroomtwo> anyone know why, after swapping switches, a 9.04 server box will refuse connections via ssh?
<mathiaz> kirkland: yeah - that's all - I'm writing up the other SRUs
<kirkland> mathiaz: i filled in most of https://bugs.edge.launchpad.net/ubuntu/+source/eucalyptus/+bug/458163
<uvirtbot> Launchpad bug 458163 in eucalyptus "[regression] euca_rootwrap fixes affected eucalyptus power management (powerwake)" [Wishlist,Fix committed]
<newbuntu> tcp 0.0.0.0.0:myPort
<newbuntu> is that what you were looking for
<Reepicheep> newbuntu: now stop the ssh server and run the same command see if it goes away
<newbuntu> my ip isn't there
<newbuntu> ok
<Reepicheep> newbuntu: 0.0.0.0 is all ipv4 interfaces
<kirkland> mathiaz: SRUs are so much fun :-)
<newbuntu> operation not permitted
<newbuntu> cant' stop
<newbuntu> still there
<Reepicheep> what command are you using to stop ssh?
<newbuntu> g
<newbuntu> hang on
<newbuntu> </etc/init.d/ssh stop>
<newbuntu> wouldn't let me type without <>
<Reepicheep> try: "sudo service ssh stop"
<newbuntu> did it
<newbuntu> output grep | not there any more
<Reepicheep> k.. now start it
<Reepicheep> replace "stop" with "start"
<newbuntu> k
<newbuntu> started
<newbuntu> now that I have turned my passwordAuth on in sshd_conf I can transfer files via scp
<Reepicheep> newbuntu: check out the Macfusion .. it may be what you want
<newbuntu> i will, thanks for all your help
<uvirtbot> New bug: #473439 in mailman (main) "canÂ´t start mailman" [Undecided,New] https://launchpad.net/bugs/473439
<newbuntu> could it be because I used a passPhrase when I created the key
<newbuntu> Reepicheep
<newbuntu> do i need a passphrase?
<Reepicheep> newbuntu: you can try creating a new key without a passphrase if you want, it would be one less layer of security.. but it would then allow you to login with out being prompted for a password
<newbuntu> I've already tried
<Reepicheep> did it work?
<newbuntu> I started over from scratch, following all your instructions, created new key and everything.....when I try to access the server through terminal ssh -p 5555 ............ I get
<newbuntu> Permission Denied
<newbuntu> (publickey)
<newbuntu> still
<newbuntu> resetting router, be right back
<newbuntu_> removing port mapping on router
<newbuntu_> I'm at a loss, if you have any idea I would appreciate it
<newbuntu_> I can get in with the password, but not the publickey
<newbuntu_> I've got to figure this out because I'm going to have to set this up on about 10 other machines.  PC and MAC
<newbuntu_> they all need access to the server
<kblin> newbuntu_: you're not getting your home dir mounted during login or fanyc crap like that?
<newbuntu_> home dir mounted?
<kblin> at university the /home share is on a network mount, so there's no access to $HOME/.ssh during login
<kblin> at my university, that is
<newbuntu_> I'm at my house, I'm behind a router if that matters
<newbuntu_> I can get through with my password, just not the publicKey
<kblin> ok, so no network shares for /home?
<newbuntu_> key pair
<newbuntu_> by network shares you mean, other machines on the network sharing my /home
<kblin> yeah
<newbuntu_> no, I don't have it shared on my local network
<kblin> what's the name of the private key you're using?
<newbuntu_> key_pair.pub
<newbuntu_> I made one up
<Reepicheep> newbuntu: would it be to much to start completely over even with the ssh server and keys on the server?
<Reepicheep> and the config files in /etc/ssh/
<kblin> and what's your ssh command?
<kblin> the full command line?
<uvirtbot> New bug: #236757 in postfix (main) "openldap2 vs openldap when installing kolabd" [Undecided,New] https://launchpad.net/bugs/236757
<newbuntu_> no, I'd be willing to try anything.  I would like to rule out my router though, could it be causing me problems?
<Reepicheep> for you testing is the router between you and your server?
<newbuntu_> kblin: ssh -p <myPort> user@<myIP>
<kblin> aha
<newbuntu_> Reepicheep: yes
<newbuntu_> well I think
<kblin> try ssh -p <myPort> -i key_pair user@<myIP>
<Reepicheep> is your Mac and server on the same network?
<newbuntu_> they are
<newbuntu_> I'm trying to access as if I am not on same network though
<newbuntu_> how?
<Reepicheep> let's get it working internally before you through the router/port forwarding into the mix
<kblin> yeah, and try the -i key_pair thing
<newbuntu_> kblin:  that worked!!
<kblin> figures
<newbuntu_> no password needed, not denied permissions
<kblin> you've used a non-standard name for the key file, so you need to tell ssh to use it
<newbuntu_> so how does that work
<Reepicheep> newbuntu_: have you messed with any of the system ssh settings on your Mac?
<kblin> see the -i option in man ssh
<newbuntu_> system ssh settings, no I don't think so , let me look
<Reepicheep> newbuntu_: what is the name of your key_pair?
<newbuntu_> kblin: how do I log in from my sftp client?
<Reepicheep> have you edited anything in /etc/ssh_config on the Mac?
<kblin> Reepicheep: key_pair/key_pair.pub, newbuntu_ said so a few minutes ago
<kblin> that has nothing to do with the ssh_config
<kblin> newbuntu_: what sftp client?
<kblin> scp?
<newbuntu> cyberDuck
<newbuntu> on mac
<kblin> never heard of that
<newbuntu> like fileZilla
<Reepicheep> kblin: sorry I missed that
<kblin> it'll have an option to specify a key pair, if it's any good
<kblin> Reepicheep: happens, no worries :)
<newbuntu> it does, but does it matter that I named it diff
<Reepicheep> newbuntu: I have used cyberduck.. let me see if you can set it to use a non standard key pair
<newbuntu> that's what I was wondering
<newbuntu> Reepicheep
<Reepicheep> newbuntu: it may be easier to use the standard key pair names thought...
<newbuntu> this may be my whole problem, that's what I get for trying to organize things
<Reepicheep> if that is possible
<newbuntu> yea, I can redo it, if that will fix my problem
<newbuntu> no worries, now that I know what caused it
<newbuntu> I only need one key per machine, right:
<newbuntu> ?
<kblin> "In the Connection Dialog or the Bookmark editor in Cyberduck select Use Public Key Authentication and select the private key in your .ssh directory. "
<newbuntu> can I use the same key for every machine?
<newbuntu> I have about 10 I need to connect to the server?
<Reepicheep> btw.. newbuntu cyberduck lets you select a key to use.
<Reepicheep> under "more options"
<newbuntu> I saw that and tried to select it, it wouldn't work
<Reepicheep> "use public key authentication"
<newbuntu> let me try again.....one minute
<kblin> newbuntu: I tend to create one key per machine
<newbuntu> better option then passing around one key?
<newbuntu> kblin^
<kblin> newbuntu: then I can selectively allow/disallow logins from specific machines
 * Reepicheep does the same as kblin.. one key pair per machine
<newbuntu> got it, I  like that option
<newbuntu> I like to have control
<Reepicheep> newbuntu: you just need to add the public key from each machine to the authorized_keys file on the server
<newbuntu> so, when setting up a new machine though, I will have to leave the passwordAuthorization set to 'yes' while I am setting up all the machines?
<Reepicheep> usually it is ~/.ssh/id_rsa.pub on the client
<newbuntu> I won't be able to access the server remotely on a machine that doesn't have a keyPair?
<Reepicheep> you may.. you just need some way to get the public key onto the server
<tharis20> qman__: which line is the kopts line?
<Reepicheep> copy and paste works also..
<kblin> or copy over the public key from a machine that can log in :)
<newbuntu> all the machines are at diff locations
<newbuntu> to make it easier should I turn off password after they are set up?
<Reepicheep> newbuntu: that may be the easiest way
<newbuntu> then it wouldn't matter, right?
<kblin> newbuntu: so put the existing public keys somewhere you can get at without password..eg. on a web server
<newbuntu> ok, just checking
<Reepicheep> get it set up then make it more secure ..
<newbuntu> that's a good idea kblin
<kblin> read-only, obviously
<newbuntu> Reepicheep: I think I'll do that
<newbuntu> right kblin"
<newbuntu> i'm going to try to cyberDuck it
<Reepicheep> that's true.. the public section of the key can be printed on a bus if you wish.. it doesn't need to be kept secret
<kblin> but yeah, I tend to switch off password-based auth after copying over my key file
<samlpet_> i just created a uec setup and my instances are hanging on the "waiting for meta-data" when they are starting.  all of the bug reports i have read say this should be fixed.  am I just messing something up?
<Reepicheep> you can even email it to your self if you choose .. then put in on the server from a machine that is already set up
<newbuntu> on cyberDuck: here's the error...
<newbuntu> I/O Error: Connection failed
<newbuntu> Invalid PEM structure, '-----BEGIN...' missing.
<kblin> ugh
<kblin> that tool seems to use a different key format then
<kblin> anyway, bedtime for me, good luck with that duck
<newbuntu> Reepicheep
<newbuntu> thanks kblin
<Reepicheep> let me see if I can get cyberduck working with standard keys.. I had to update cyberduck.. it's been awhile since i used it
<newbuntu> cool, thanks
<tharis20> qman__: I added vga=791 and some green squares appear on the screen and I can't do nothing...
<newbuntu> even when I select the key from my ~/.ssh it doesn't work
<Reepicheep> newbuntu: it works fine
<Reepicheep> these are the settings I used
<newbuntu> with id_rsa.pub
<Reepicheep> Open Connection -> SFTP (SSH File Transfer Protocal)  -- I set hostname & Port # under more options I checked "Use Public Key Authentication" then I selected .ssh/id_rsa
<Reepicheep> use id_rsa on the client side.. that is the secret one
<Reepicheep> id_rsa.pub is for the other machine to use
<Reepicheep> and make sure it is SFTP and not FTPS
<Reepicheep> FTPS is FTP over SSL not what your after
<deizel> when i go into `screen`, i can't see bash prompts and error messages, only what i type and what programs output.. wtf?
<deizel> (it was fine before i restarted)
<newbuntu> uuughhhh I was using the .pub
<newbuntu> thanks, Reepicheep, I assumed I used the same one
<newbuntu> I'm in!!!!
<Reepicheep> sweet.. you will figure it out.. that is how key pairs work
<newbuntu> okay, last thing, well for now anyway....I'm using a 10.x.x.x IP to connect to the server, that's through my router, right?  Do I use the same when I'm at a remote location?
<Reepicheep> the client uses the secret key.. while anyone you connect to uses the public key which doesn't need to be secured as long as you don't let anyone else have you secret key..
<newbuntu> Reepicheep^
<Reepicheep> newbuntu: that is a whole nother ball game..
<newbuntu> well crap
<Reepicheep> I assume that both your client and server have a 10.x.x.x address atm correct?
<Reepicheep> and they are both in the same subnet
<newbuntu> yes, they are both on the router
<iarp> www.ipchicken.com
<Reepicheep> so they can talk to each other without involving the router
<iarp> will tell you your external addy
<newbuntu> I have to be able connect remote machines though
<Reepicheep> true.. you will need to use your external address.. as iarp has shown one way to get your external IP
<newbuntu> I know my external, but how do get through the router
<Reepicheep> that IP is the IP that your NAT router has on it's external interface
<newbuntu> that's for a diff IRC
<newbuntu> yes, I know that one
<Reepicheep> you will need to make sure that you forward a port from the external interface to the internal server:port that ssh is on
<newbuntu> can I just substitute it?  Not that easy I'm sure
<Reepicheep> then connect to your external IP when you are not inside your NAT router
<newbuntu> can I give it a name, instead of typing 67.xx.xxx.xxx
<Reepicheep> is it a dynamic address?
<iarp> www.no-ip.org you can make up host redirects(fre)
<Reepicheep> if so you may need to look at some dynamic DNS client
<newbuntu> yes it's dynamic
<iarp> they also have a software download to keep host redirects updates to your proper ip adress
<newbuntu> www.no-ip.org is free?
<iarp> ya, but you'd need to use one of thier domains, so like i have on for vent.myvnc.com
<Reepicheep> newbuntu: you can use something like zoneedit if you wish to use your own domain
<Reepicheep> I also use dyndns.. although I believe it's not free anymore
<Reepicheep> some routers even support some dynamic dns providers on the router itself
<newbuntu> we have an account with dns made easy I think
<Reepicheep> see if they have a dynamic client you can use..
<Reepicheep> for instance I use ddclient
<Reepicheep> but I don't see dns made easy as a supported provider for that
<newbuntu> so I need a nameserver IP
<newbuntu> I already have name servers assigned to one of my domains, is that what we are talking about?
<Reepicheep> it's more difficult than that.. you need a nameserver that supports dynamic updating of the records from the client when the client realizes that it's external IP has changed
<iarp> are you hosting the website on a server yourself or do you pay for someone to host
<newbuntu> I'm trying to do this on my server that I've been setting up today
<Reepicheep> not just any nameserver will work, that's where one of the dynamic dns providers come in
<newbuntu> DNS made easy has Dynamic DNS, is that what I need?
<newbuntu> I see it turned on in our settings
<Reepicheep> do they provide or recommend a client to use?
<newbuntu> I can create an A Record there, and give an IP
<newbuntu> I'm looking at our main site, that is set up there, It's an A Record
<Reepicheep> the problem with setting a static "A" record is that it doesn't change when your router changes IP addresses
<Reepicheep> newbuntu: ^^
<newbuntu> i see
<newbuntu> so how can I get around hosting my domain with a 3rd party, can I do it on my newly created server?
<iarp> buy the domain through a provider like no-ip.org and install eithor software which updates their records to your external ip address
<deizel> when i go into `screen`, i can't see the bash prompt or any error messages, only what i type and what programs i run are outputting.. any suggestions?
<iarp> deizel: what profile are you using for screen
<Reepicheep> deizel: you may try moving your .screenrc file out of the way and start over with it .. if you haven't put much into it
<Reepicheep> something like "mv ~/.screenrc ~/.screenrc.old
<deizel> iarp: well thats a problem actually, i installed it long ago and it just worked .. so i can't remember
<deizel> iarp: since it wasn't working just there, i removed screen and reinstalled it
<iarp> deizel: just follow what Reepicheep said lol that's faster and easier
<Reepicheep> move the .screen-profiles out of the way also
<deizel> iarp: well, this time it installed some screen-profile stuff and i get stuff like: /usr/bin/select-screen-profile: 176: cannot create /dev/null: Permission denied
<deizel> Reepicheep: will try
<deizel> okay, there wasn't a .screenrc, and moving the .screen-profile directory didn't work either
<Reepicheep> deizel: and it used to work?  did screen get updated or anything?
<deizel> yeh it was working fine like an hour ago before i restarted my jaunty vps
#ubuntu-server 2009-11-04
<Reepicheep> deizel: do you notice any other apps not working on it?
<iarp> if you didn't make any customizations to screen, you could try purging screen rather then remove, and then reinstalling
<jetole> does anyone know a good linux load balancer?
<Reepicheep> jetole: we use LVM
<jetole> aside from LVM?
<Reepicheep> well fine then.. :-p
<jpds> jetole: ipvsadm ?
<jetole> I am load balancing windows servers
<jetole> thanks jpds
<Reepicheep> ipvsadm is lvm
<jetole> oh
<deizel> Reepicheep: well its primarily a webserver, but all the webapps seem to work (apache2/php/mysql), and irsii, and quassel
<jetole> wait
<jpds> Reepicheep: I thought LVM was... The Linux Logical Volume Manager ?
<jetole> isn't lvm the disk manager
<jetole> right
<jetole> lol
<iarp> phew... i thought i was loosing my mind when you said lvm
<jetole> LVS?
<Reepicheep> jetole: sorry its actually lvs.. yeah
<jetole> is that it?
<Reepicheep> opps my bad
<jetole> yeah, ok lol, I thought LVS too when you said LVM
<jetole> then I thought about it and "... wait a sec. Thats not right"
<Reepicheep> ipvsadm = LVS Linux Virtual Server
<jetole> so what about a load balancer that isn't LVS?
<Reepicheep> I didn't even notice it .. I just type some times and don't think
<Reepicheep> well fine then ;-p
<jetole> seriously, I'm not load balancing just linux boxen
<jetole> brb, need to turn the AC cooler
<deizl> okay, i purged and reinstalled.. but i can't choose a session because of this message "/usr/bin/select-screen-profile: 176: cannot create /dev/null: Perm"
<deizl> session=profile
<deizl> that last bit says Permission Denied
<Reepicheep> deizl: try purging like iarp suggested.. make sure that you remove the ~/.screen files and directories also make sure that /etc/screenrc doesn't exist
<jetole> deizl: no idea what you are trying to do but do you have a /dev/null with rwx for everyone
<jetole> ?
<deizl> jetole: 2899622093 crw-------  1 root   root    1,   3 Aug  5 19:06 null
<Reepicheep> jetole: what are you trying to load balance?
<jetole> deizl: thats wrong
<deizl> wtf
<jetole> sudo deizl: chmod 666 /dev/null
<jetole> deizl: null needs to be read/write by everyone
<jetole> !
<jetole> Reepicheep: http/https
<Reepicheep> jetole: you use apache?
<Reepicheep> if so you could use the proxy_balancer
<jetole> Reepicheep: and if a http server goes down?
<jetole> will proxy_balancer route around it?
<Reepicheep> yeah.. HA would have to be handled elsewhere
<jetole> ah
<jetole> crap
<jetole> that sounded good
<Reepicheep> jetole: I'm not sure how it handles failures .. now I curious
<Reepicheep> btw.. we do do that very thing with LVS..
<jetole> yeah I am looking it up now
<jetole> WINDOWS!!!!!
<deizl> yay it work, thanks guys
<jetole> :P
<jetole> deizl: np
<jetole> now figure out why it was wrong in the first place
<deizl> how would my /dev/null permissions have changed.. i swear i never touched that
<jetole> that is a very important perm
<jetole> something has
<jetole> nothing is designed to
<jetole> no software should have changed that without you clicking the wrong button
<jetole> like I said, thats an important perm
<Reepicheep> jetole: so the web server is a windows box?
<deizl> i installed this today.. sudo apt-get install libqt4-dev libqt4-sql-psql
<deizl> it had a lot of dependencies..
<jetole> Reepicheep: some, it's actually a cluster of servers
<jetole> deizl: no!
<jetole> nothing, and I mean NOTHING does it by default
<deizl> i hear you
<jetole> no software even has that option
<Reepicheep> jetole: well that shouldn't eliminate LVS if you need
<jetole> something has to manually be done to change it
<jetole> Reepicheep: I can use LVS to load balance a windows server?
<jetole> I'm looking at haproxy now
<jetole> http://haproxy.1wt.eu/
<jetole> just something that came up in google
<deizl> this is a bit over my head tbh.. it wasn't me, so either my server is compromised, or my hosts vps software does some stuff when i restart
<jetole> what is VPS?
<Reepicheep> jetole: .. you should be able to put a LVS directory in front of any web server .. regardless of what it is
<Reepicheep> VPS = Virtual Private Server
<jetole> hmmm, so I guess I should read up more on LVS
<Reepicheep> acronym soup here
<jetole> deizl: if your VPS did it then it's a bug
<jetole> If you are compromised then it's an idiot
<deizl> lol
<jetole> seriously, that is just something that should never have it's permissions changed so everyone cannot read/write to it
<jetole> all it is, is a character device that everything disappears into when you write to it
<jetole> it's the void
<jetole> but it has tonnes of legitimate uses like for screen right now which just failed when it could not use it
<deizl> all my /dev/tty* files are crw------- also.. is that okay?
<jetole> that should be fine, let me look at mine
<jetole> my tty1-6 are like that
<jetole> everything higher is rw for everyone
<Reepicheep> jetole: one of those load balancers should work .. I know we use LVS with stuff like mon scripts to handle failures
<jetole> but then again tty 1-6 are reserved on my system as they are running a getty and the higher ttys are used
<jetole> Reepicheep: I think I need to do some reading on it
<Reepicheep> and you can use heartbeat and mon to allow a HA director just in case your director dies..
<Reepicheep> anyway.. good luck with that.. I gotta run
<deizl> hm, i don't really know what tty is, but since my system is a virtual machine i will just leave it as is and keep a note for future
<jetole> deizl: a tty is a virtual terminal
<jetole> for example if you have linux running on your desktop then the GUI is on tty7
<jetole> if you ctrl+alt+f1 then you switch to tty1
<deizl> ah okay, yeah i've done that on a desktop before.. but not on this
<jetole> the gui disappears and you are now at a console only terminal
<jetole> on almost all linux systems tty1-6 is gui, tty7-whatever is open
<jetole> x11 uses the first open one which is almost always 7
<jetole> tty can also apply to a serial port
<deizl> did you mean to type "tty1-6 is gui"?
<jetole> no
<deizl> k :)
<jetole> ah shit
<jetole> lol
<jetole> tty1-6 is console
<deizl> cool
<jetole> ttyS0 is your first serial port or com 0 on windows
<jetole> wow, the latest news on the home page for LVS is 363 days old
<jetole> thats not very comforting
<jetole> the introduction page was last updated on sept 19 2005
<jetole> good to know they stay current
<jetole> home page was last change 11/08/08
<arrrghhh> zoopster, hey can you help me today?
<arrrghhh> doesn't seem to be here.  well, i'm having an issue with the package ffado-mixer-qt4.  i guess my version of ffado-dbus-server is for karmic, and ffado-mixer-qt4 is for jaunty, and it's causing issues that are preventing me from upgrading.
<cxo> arrrghhh, apt-get remove whatever that annoys you
<arrrghhh> cxo, it won't...
<arrrghhh> i've tried EVERYTHING.  i can't get rid of it.
<arrrghhh> i use aptitude purge anyways.
<cxo> use dpkg manually then
<arrrghhh> that couldn't remove it either.
<cxo> What does it say?
<arrrghhh> tells me i should reinstall it before removing it.
<cxo> --force
<arrrghhh> the package is in a "bad state" it claims.
<arrrghhh> hrm
<arrrghhh> ok
<arrrghhh> tells me the same thing.
<cxo> --force-all
<cxo> can you pastebin the whole saga
<arrrghhh> hrm
<arrrghhh> i don't think ffado-mixer-qt4 is installed.
<cxo> You're just trying to upgrade to 9.10?
<arrrghhh> i thought i did upgrade, but it went poorly evidently.
<cxo> just remove all your ffado stuf, and then try complete the upgrade and then install it back
<arrrghhh> i still have 500-some packages to upgrade.
<arrrghhh> grrrr
<arrrghhh> it won't let me purge the ffado-tools because of ffado-mixer-qt4
<cxo> pastebin the whole thing, so i have some context
<arrrghhh> oh sure, sure.
<arrrghhh> 1 sec
<arrrghhh> cxo, http://pastebin.com/d53391017
<arrrghhh> dpkg: dependency problems prevent configuration of ffado-mixer-qt4: ffado-mixer-qt4 depends on ffado-dbus-server (= 2.0~rc1-0ubuntu2); however: Version of ffado-dbus-server on system is 2.0~rc2+svn1569-2ubuntu1.
<arrrghhh> that's the important piece i do believe.
<cxo> try --force-remove-reinstreq
<arrrghhh> what's the whole command?  dpkg --remove?
<cxo> with dpkg, i dont know if apt uses that
<arrrghhh> sudo dpkg --purge --force-remove-reinstreq ffado-tools <CR> dpkg: warning: ignoring request to remove ffado-tools which isn't installed.
<cxo> try give it a wild card after -tools
<cxo> ffado-tools.*
<arrrghhh> same error.
<cxo> well remove  ffado-mixer-qt4 first
<arrrghhh> cxo, http://pastebin.com/d3c12246b
<cxo> wtf is xdg-desktop-icon
<arrrghhh> i don't get what's going on with my system.  my user.rules and user6.rules for ufw keep "disappearing"
<cxo> apt-get install xdg-tools
<cxo> I think the control scripts for those ffado packages are not very robust
<arrrghhh> xdg-utils?
<cxo> yeah, it provides a tool that the remove script in ffado is looking for
<arrrghhh> do you mean xdg-utils is what i'm asking.  there is no xdg-tools.
<arrrghhh> i can't install it if i wanted to.
<cxo> go to /bin
<arrrghhh> k
<cxo> and create an empty bash script called xdg-desktop-icon
<cxo> chmod +x xdg-desktop-icon
<cxo> #!/bin/bash
<cxo> exit 0
<arrrghhh> k
<cxo> Basically i want to stop that remove script from crashing
<arrrghhh> what do you want me to try now?
<cxo> sudo dpkg --purge --force-remove-reinstreq ffado-mixer-qt4
<arrrghhh> k
<arrrghhh> holy crap i think it worked
<arrrghhh> i'm updating now.
<cxo> delete that empty script you made now
<cxo> well make sure, its empty before you delete it
<cxo> just in case the OS has already replaced it
<arrrghhh> k
<arrrghhh> yea, it's updating
<arrrghhh> sheesh i hope this fixes my ufw issue.
<cxo> What ufw issue were you having?
<arrrghhh> my user.rules and user6.rules were disappearing, i have no clue why.
<arrrghhh> so ufw couldn't start after a reboot, and this system is headless.
<arrrghhh> so no ssh access :D
<cxo> I know this is not a solution, but don't use ufw. Stick to straight iptables
<arrrghhh> hrm
<arrrghhh> it's supposed to be uncomplicated :P
<cxo> well lets see if it all works after the update
<arrrghhh> certainly
<arrrghhh> i do appreciate the help.  creative solution, to say in the least.
<cxo> Its called the Hammer technique
<arrrghhh> lmao
<cxo> Just hit everything as hard as you can, and then hope it works
<arrrghhh> well, so far it worked.
<lwizardl> hi
<arrrghhh> !hi | lwizardl
<ubottu> lwizardl: Hi! Welcome to #ubuntu-server! Feel free to ask questions and help people out. The channel guidelines are at http://wiki.ubuntu.com/IrcGuidelines. Enjoy your stay!
<lwizardl> does this channel support help for all servers (web, data, file servers, etc) or just the web servers?
<arrrghhh> lwizardl, it's general ubuntu-server help.
<arrrghhh> like i have a basic apache server setup, and i could probably help with basic apache issues, but there's also a channel dedicated to apache i'm sure.
<lwizardl> ok so basically if it runs the unbuntu distro and acts as anytype of server then its fair game
<arrrghhh> there's an ubuntu-server specific download from the ubuntu site...
<lwizardl> arrrghhh, yeah I know i use that disc often
<arrrghhh> lol ok
<arrrghhh> i've only used the disc once... but i must say i use the server every day!
<arrrghhh> i guess i'm not sure what your issue is.  you still haven't asked any question.
<lwizardl> I was just checking so I'm able to ask the question
<arrrghhh> ask away.  if we can't help, we'll usually point you in the right direction ;)
<lwizardl> I'm in the process of running my own retail store and was wondering if anyone here would know how to configure an ubuntu server to act as the main source of data for the POS system
<cxo> heh
<arrrghhh> i guess it depends on how you need to connect to the server...
<lwizardl> basically like the main server in the backroom and the POS systems would be the clients
<arrrghhh> cxo, btw, i seem to be good.  i can ssh after a reboot.  yay!
<arrrghhh> lwizardl, well, you can use samba, nfs... i'm sure there's others.
<arrrghhh> what are your needs as far as connecting the clients to the server?
<lwizardl> arrrghhh, well like my webhost uses mysql and they do not allow direct access to outside connections to the mysql server. so I would have to use an API layer to do the connection
<lwizardl> but thats as far as my knowledge goes so far
<arrrghhh> hrm.  well you could run mysql on the server, no problem.  but i have no idea how to answer your question because i'm still fuzzy on how you want the pos clients to connect to the ubuntu server.
<newbuntu> any ideas on why i have (drwxr-xr-x) permissions in my terminal, but (rwxr-xr-x) when I access the server via cyberDuck(sftp)
<newbuntu> I need to be able to create sub-folders through sftp
<arrrghhh> newbuntu, different user accessing the server.
<iarp> sure you checked the right file/folder?
<twb> newbuntu: d means directory
<twb> newbuntu: it is not a permission
<lwizardl> arrrghhh, all i know for sure is this much. the main source of data storage for the POS system would be the web site's mysql database. so I would need to take my POS system and connect it using the API Layer (which ever one I end up using) and would want it to update the listings on the MySQL server when ever sold and also track the transactions number in the database
<arrrghhh>  yea those permissions look the same now that i looked closerly.
<lwizardl> arrrghhh, hopefully that was what you was looking for
<arrrghhh> lwizardl, hrm.  not really, but i'm no guru by any stretch of the word.
<arrrghhh> like i said, you can certainly setup a mysql server on the ubuntu-server.  how you want to update it, well that's up to you.  most use php i believe.
<lwizardl> arrrghhh, yeah me neither. I've been using Linuix for about 6 years now but i'm just starting in the messing with server stuff
<newbuntu> "d" means allowed to create sub-directories
<newbuntu> this is not the case?
<newbuntu> all I know is I can through terminal, but when using sftp I can't
<newbuntu> any Ideas?
<arrrghhh> newbuntu, and this is the same user you're using?
<newbuntu> yes
<arrrghhh> hrm
<newbuntu> logged in through key pair
<newbuntu> when I look at the permissions side by side that  is the only diff
<newbuntu> 755
<newbuntu> right?
<cxo> 4=read, 2=write, 1=execute, 4+2+1=7, 4+1=5, 4+1=5
<newbuntu> on my other server i log in as root (yes I know) keyPair, on this one I am just a user....can that be the diff
<twb> newbuntu: d is not a permission
<newbuntu> comparing two diff one's now
<twb> newbuntu: it means "this is a directory".  It is not always listed.
<newbuntu> that's what I'm told
<newbuntu> ok
<twb> In ls -l, d means dir, - means file, c and b mean character and block devices, l means symlink, etc.
<twb> It's just an indicator of the file type
<newbuntu> okay, I was wrong, I can't create folders either way
<newbuntu> how do I get access to create folders, files etc?
<newbuntu> 755 should work, right?
<twb> The execute and write bits determine whether you can create and rename files in a directory.
<iarp> are you in your own home folder
<newbuntu> yes
<newbuntu> well, my home server folder
<newbuntu> maybe not
<newbuntu> I'm trying to create a dir in: /var/www     /html
<iarp> sudo it
<newbuntu> okay, that works through terminal, but what about sftp
<twb> newbuntu: your user probably does not have write access to /var/www/.
<twb> newbuntu: if you are just creating personal files, try using ~/public_html.
<newbuntu> guess it has to be root
<newbuntu> thanks
<twb> newbuntu: you may need to configure your httpd to allow users to have a ~/public_html.
<twb> If you are installing software, such as a crummy PHP web app, you should use aptitude.  Do not install stuff from an upstream source by just dropping it in /var/www unless you have absolutely no other choice.
<lwizardl> Anyone know how to do this ? I need to use an API layer to update the MySQL database on my Web Host everytime a transaction happens on my POS system
<twb> By "POS" do you mean "Point of Sale" or "piece of shit"?
<lwizardl> point of sale
<lwizardl> cash register
<snth> twb: The other day I saw a car license tag says "POSCAR" I was dying laughing at it.
<snth> I didn't even know that he can legally do that.
<lwizardl> snth, was it a ford ? lol j/k
<iarp> and to add to that, why are you using a web host mysql? unless this pos system is hosted on a website
<twb> ITYM Lada
<snth> heeeyy .. ford can be good. sometimes :)
<lwizardl> iarp, I was going to share the inventory between the site and store
<snth> twb: It seems like you teach me a new acronym every night .. what's ITYM?
<lwizardl> so if one sells in the store then the site doesn't list it also
<twb> I Think You Mean
<twb> http://en.wikipedia.org/wiki/Lada
<uvirtbot> New bug: #473636 in apache2 (main) "Apache2 doesn't handle ErrorDocuments set from a .htaccess file properly" [Undecided,New] https://launchpad.net/bugs/473636
<ralphmichael17> anyone here familiar with starting a dhcp server?
<twb> Not that quickly
<snth> haha .. http://hannahmontana.sourceforge.net/Site/Home.html check it out when you have time :)
<twb> I think I can find more profitable uses of my time.
<snth> twb: Always good to hear :)
<Sorell> agrees with twb
<snth> Me too
<Uso> hello
<Uso> what servers are preinstalled in the 9.10 release?
<twb> None.
<twb> Well, I suppose if the "standard" task is left checked, you might get portmap and inetd and such.
<Sorell> what about postfix/dovecot ?
<Uso> whats different to the normal version then? other than that there comes no gui with it
<Sorell> they where in the 9.04 right?
<twb> Uso: basically when you do the install, near the end a checkbox should ask you "what services do you wanna run?"
<twb> Sorell: I don't think they are installed by default.
<Uso> will apached, phpd and mysqld be under the,?
<twb> Sorell: postfix *might* be installed and left unconfigured by default.
<twb> Uso: Ubuntu doesn't install services by default because it is easy to ask for them to be installed once you can boot, using aptitude.
<twb> This is not like Microsoft SBS, where you get stuff like a fax server turned on by default even if you don't want it.
<twb> I think there is a "LAMP" or "web server" option in the tasksel dialogue.
<Uso> alright thanks
<adamdv> I'm back :P
<AdamDV> join ##googlewave
<AdamDV> Oops
<MTecknology> I've been using logwatch and every week I get this MASSIVE list of failed messages. I don't know how to fix these issues... http://paste.ubuntu.com/309104/
<AdamDV> Anyone need a wave invite?
<AdamDV> I got 8.
<foxbuntu> AdamDV, I would take on
<foxbuntu> one*
<MTecknology> sure
<AdamDV> PM me your email.
<AdamDV> (s)
<foxbuntu> AdamDV, done.
<ScottK> MTecknology: What packages do you use that have logwatch profiles (I'm actually in the middle of adding one to a package and could use examples).
<MTecknology> ScottK: I just went w/ defaults
<ScottK> MTecknology: OK.  Some packages ship filtering rules to make the logs less verbose.
<MTecknology> ScottK: oh... I should check that then....
<MTecknology> ScottK: I just liked the pretty summary - I have it send weekly summaries; then I have a daily logcheck
<MenZa> what generates /etc/motd in -server?
<twb> MenZa: sysvinit scripts
<twb> MenZa: /etc/init.d/bootlogs:   # Update motd
<JJman6> how can i see what ports are being used on my machine!
<KurtKraut> JJman6, netstat
<JJman6> got it.  thx.   how can i cahnge the port mysql runs on now  ;-)
<JJman6> i looked in my.conf and the port htat is set there isn't what netstat is showing mysqld is running on
<masshuu> im trying to setup pptp clinet on my server, but i get a "Couldn't open the /dev/ppp device: Permission denied
<masshuu> " when i run pon
<masshuu> along with
<masshuu> /usr/sbin/pppd: Sorry - this system lacks PPP kernel support
<twb> masshuu: are you using sudo?
<masshuu> well i just read a forum post from 10-12-09 saying OpenVZ doesn't support pptp VPN
<masshuu> but while i know its a no-no, im actually loged in as root :p
<twb> Oh, VPN
<twb> I mean *Oh, VZ
<masshuu> lol
<twb> My head was full of OpenVPN
<twb> JJman6: pastebin the output of ss -l or netstat -nap
<JJman6> twb, give me a minute i'm reconfiguring some other ports
<Coosh> 3
<uvirtbot> New bug: #473790 in rabbitmq-server (main) "rabbitmq server fails to start after being installed via aptitude" [Undecided,New] https://launchpad.net/bugs/473790
<jgoppert> can anyone tell me how to manage cdrom/ admin/ sudo groups with ldap
<psteyn> anyone know how I can configure vsftp to chown all uploaded files to a certain user?  I set chown_uploads=YES and I've set chown_username=www-data , but this seems to only work for anonymously uploaded files.
<uvirtbot> New bug: #463684 in openldap (main) "dpkg-reconfigure slapd wizard configuration isn't complete" [Low,Incomplete] https://launchpad.net/bugs/463684
<error404notfound> what possoble tool could i use to attach a tar.gz file and email it using command line? I am on a server and need to email a backup file to client, but can't remember the name of the program i used lasttime
<error404notfound> its mpack :D
<mr_mojo> hi guys, does anyone have experience with pptpd here?
<_ruben> pptp ... yuck ... that's a no for me, btw :)
<mr_mojo> __ruben, what would you recommend instead?
<_ruben> i currently use openvpn (ssl based) for roadwarriors and openswan (ipsec based) for site-to-site connections
<atomic_1> i use openvpn for both cases
<mr_mojo> i was originally planning on using that but i need something that is, unfortunately, workable without an extra client on winblows
<atomic_1> it's a bit tricky to pull out multipoint with it
<atomic_1> but its doable
<mr_mojo> i really have no idea why ptppd isn't working. i can connect to the vpn and authenticate but it doesn't get network access
<_ruben> with windows the options are pptp or l2tp-over-ipsec (openswan + xl2tpd for instance)
<_ruben> unless the client is windows 7, which does native ipsec iirc
<uvirtbot> New bug: #473976 in php5 (main) "php5 crashed with SIGSEGV in start_thread()" [Undecided,New] https://launchpad.net/bugs/473976
<mr_mojo> ok. new plan to get this working. what i want to do is create a virtual network with ip addresses in the 192.168.0.x range, then use NAT to route these over one of the static IPs connected to my server
<mr_mojo> instead of using actual internet routable IPs as my pptp client IPs
<mr_mojo> is that a good plan?
<mr_mojo> i think i'll need to do this anyway since I only have 5 routable IPs on my server, and I'll need more than 5 clients connected concurrently
<_ruben> pptp and NAT aren't the best of friends afaik
<mr_mojo> _ruben, i thought as much but openwrt does it this way
<mr_mojo> as far as i can gather
<fwest> can i run my own launchpad server internally?
<maxb> That is really a question for #launchpad
<fwest> oops
<kwork> hello, with what do you guys monitor your boxes centrally, to see what version of packages are installed/what services are running
<fwest> i use cacti, nagios and munin
<kwork> fwest, with what you see kernel version
<fwest> kwork, depends on the machine i am monitoring
<kwork> some nagios plugin to get it via snmp ?
<kwork> im currently using cacti/nagios aswell
<kwork> will check out the munin
<kwork> seems interesting
<fwest> munin gets more info out of a box and its easy to write plugins to generate graphs
<fwest> but i wouldn't use it to monitor snmp devices
<fwest> i wonder if the -generic kernel will provide a more stable kvm server than -server
<fwest> what would be nice are kernels for certain hardware, amd64,core2 etc
<kwork> you can build it yourself if you really want
<fwest> i do, i am getting lazy these days
 * soren lunches
<nijaba> soren: hello.  Do you think that bug 450044 would qualify for a SRU?
<uvirtbot> Launchpad bug 450044 in euca2ools "euca-bundle-vol does not create essential tmpfs mounts when bundling Ubuntu images" [Medium,Confirmed] https://launchpad.net/bugs/450044
<Jeeves_> soren: You the kvm guru, right? :)
<Jeeves_> root@kms2:/opt# ifconfig eth2 mtu 9000
<Jeeves_> SIOCSIFMTU: Invalid argument
<Jeeves_> eth2 is an virtio NIC
<Jeeves_> Can I conclude that this patch [1] is not included in the ubuntu build of kvm?
<Jeeves_> [1]: http://kerneltrap.org/mailarchive/linux-netdev/2008/11/26/4239974
<incorrect> ok so i changed to kvm server to use the -generic kernel rather than the -server kernel, seems to be stable hosting my 8.04 vm now
<incorrect> at least it hasn't vaporised yet
<mrchrisadams> hi guys, I notice that the new ubuntu releases have a really tricked out screen setup now
<mrchrisadams> as in screen, the session manager
<mrchrisadams> how would I pull that down without updating an entire server?
<incorrect> you want a fancy boot screen on a server?
<incorrect> you can always back port it i guess
<mrchrisadams> no
<mrchrisadams> I've never got round to writing a good .screenrc file
<incorrect> oh sorry screen command
<incorrect> just backport it
<mrchrisadams> so i figured it's worth learning the default one, as the ppl working on it have probably thought about it longer than I
<mrchrisadams> incorrect: at the risk of revealing my noobishness - how would I do that?
<incorrect> if i want something i create a chroot of the target OS, change its sources to use the version i want to backport from,
<mrchrisadams> I'm running ubuntu server 8.10
<incorrect> apt-get source the package, apt-get depends (i forget the exact command)
<incorrect> imho i would upgrade it will be easier
<incorrect> rather than learning how to backport
<mrchrisadams> incorrect: that does make sense
<mrchrisadams> ill get by without screen for now
<incorrect> backporting can be hard if the target version doesn't have the right supporting libs
<incorrect> screen might be easy, however 1 year of libs might be tough to alter the package if you haven't done it before
<mr_mojo> mrchrisadams, there is a ppa
<mr_mojo> https://launchpad.net/~byobu/+archive/ppa
<mr_mojo> add the apt line from that to your apt sources.list and it should update to the latest versions
<mr_mojo> including all libs
<mrchrisadams> mr_mojo: I'm sorry I'm not sure I follow
<mrchrisadams> that adds the sources for the latest versions of screen?
<mr_mojo> yes
<mr_mojo> basically
<mr_mojo> deb http://ppa.launchpad.net/byobu/ppa/ubuntu intrepid main
<mr_mojo> deb-src http://ppa.launchpad.net/byobu/ppa/ubuntu intrepid main into your sources.list and then run apt-get update and apt-get upgrade
<incorrect> ah someone has done the hardware for you mrchrisadams
<mrchrisadams> oh, sweet on stick
<incorrect> always take care when using a PPA, they can break things
<incorrect> PPA = personal package archive
<mrchrisadams> incorrect: i think I'll run this on a vm before I try it on a server that's in use
<mrchrisadams> but thanks
<mrchrisadams> you guys rock!
<incorrect> mrchrisadams, just remember be careful if there is an update
<incorrect> yes i rock, i drank too much coffee
<mr_mojo> a lot of the time with ppa's all they are doing is pulling down new stable versions so they have been somewhat tested. but yes be somewhat wary
<incorrect> and remember the person can get bored doing builds for old releases
<incorrect> i guess i can't directly upgrade from 8.04 to 9.10 ?
<mr_mojo> incorrect, correct :)
<mr_mojo> i think it's 8.10 -> 9.04 -> 9.10 :(
<incorrect> i thought as much
<incorrect> hmm, there is some weird issue with kernel 2.6.31-14-server and kvm running an 8.04 vm
<zul> soren: have you seen this? https://lists.ubuntu.com/archives/ubuntu-devel/2009-November/029494.html
<soren> zul: Yup.
<zul> soren: what do you think of it?
<soren> I haven't looked closely enough yet to tell.
<soren> Unbelievable.
<soren> I bought a new 1 TB external hard drive because my 320 GB one was filling up.
<soren> It arrived this morning.
<soren> I go to copy the contents of the old disk onto the new one.. And the old one started failing overnight.
<pmatulis> soren: damn
<soren> pmatulis: Damn, indeed.
<soren> pmatulis: I didn't have anything on there that couldn't be replaced, but it's going to take a while to recreate my debmirror, for instance.
<Jeeves_> soren: Did you see my question about virtio-net and mtu changes?
<soren> Jeeves_: Sorry, must have missed it.
<soren> Jeeves_: When?
<soren> Jeeves_: I've been switching my IRC setup around a bit, so tiny bits may have gotten lost along the way.
<Jeeves_> np
<Jeeves_> 12:09 < Jeeves_> root@kms2:/opt# ifconfig eth2 mtu 9000
<Jeeves_> 12:09 < Jeeves_> SIOCSIFMTU: Invalid argument
<Jeeves_> 12:10 < Jeeves_> eth2 is an virtio NIC
<Jeeves_> 12:10 < Jeeves_> Can I conclude that this patch [1] is not included in the ubuntu build of kvm?
<Jeeves_> 12:10 < Jeeves_> [1]: http://kerneltrap.org/mailarchive/linux-netdev/2008/11/26/4239974
<soren> Jeeves_: No idea. I can check.
<Jeeves_> I can also check it, if you hint me where to find it :)
<ricdanger> hi there
<__CACO> hi there, can anybody tell me is it recomended to install and use webmin on ubuntu 9.10 or not?
<ricdanger> are cron.daily scripts guaranteed to run every day?
<soren> Jeeves_: Nope, we do have that patch applied.
<soren> Jeeves_: Which kernel are you running?
<soren> __CACO: It's not.
<Jeeves_> soren: root@kms2:~# uname -a
<Jeeves_> Linux kms2 2.6.24-25-virtual #1 SMP Tue Oct 20 08:53:33 UTC 2009 i686 GNU/Linux
<Jeeves_> hardy
<soren> Jeeves_: Oh. Then no.
<Jeeves_> :)
<Jeeves_> Only on the -server kernel?
<__CACO> thanks, can i ask why?
<soren> Jeeves_: Dude, the patch is from November 2008. Hardy came out in April 2008.
<soren> :)
<soren> Jeeves_: No.
<soren> Jeeves_: Not in Hardy. At all.
<soren> Jeeves_: We /are/ cool, but we do not have time machines.
<incorrect> damn it, the generic kernel keeps a kvm 8.04 up longer than -server, however things still go bang
<Jeeves_> soren: ;)
<soren> __CACO: Because webmin is not support in Ubuntu. It's not in the archive.
<Jeeves_> soren: The kernel was updated in the meantime, with point releases :)
<soren> incorrect: Using libvirt?
<incorrect> soren, yes
<soren> incorrect: Anything useful in /var/log/libvirt/qemu/name_of_your_vm.log ?
<soren> incorrect: Or in dmesg?
<soren> incorrect: Is it amd64 or i386?
<soren> incorrect: (The host, that is)
<__CACO> soren: Yea, I noticed that :) but there is a deb package in webmine site, because that i asked
<incorrect> amd64, and nothing useful anywhere
<Jeeves_> incorrect:  14:54:29 up 146 days, 13:06,  1 user,  load average: 0.08, 0.03, 0.01
<Jeeves_> That's a vm, in libvirt
<soren> __CACO: We cannot (and will not) support debs that random people put on their website.
<incorrect> Jeeves_, i bet you aren't using 9.10
<incorrect> 9.04 it was stable
<soren> 9.10 is not quite 146 days old yet, so that seems a safe bet.
<Jeeves_> incorrect: No, this vm is 8.04.2
<Jeeves_> soren: :)
<Jeeves_> I've got two issues left:
<Jeeves_> * MIgration still doesn't work
<incorrect> Jeeves_, why don't you try upgrading to 9.10 and see if you 8.04 vm's are stable
<__CACO> Therefore what do you guys recomend for begginer like me. I have so much trouble getting things work in console :(
<Jeeves_> * ubuntu-vm-builder doesn't seem to understand /dev/vda and grub
<Jeeves_> incorrect: I just did, I'll let you know :)
<soren> __CACO: ebox.
<incorrect> it seems more stable on a generic kernel than a server kernel
<soren> incorrect: Perhaps we have different ideas of what is "useful". Can you post dmesg and the libvirt log, please?
<incorrect> soren, sure
<Jeeves_> soren: Does that /dev/vda - grub - issue sound familliar to you?
<zul> mathiaz: who is running the meeting?
<mathiaz> zul: me
<zul> coolio
<soren> Jeeves_: Not off the top of my head. Can you be more specific?
<zul> hopefully it will be pretty quick ;)
<Jeeves_> When running ubuntu-vm-builder with a template to use virtio-disks, grub doesn't seem to add that disk to /boot/grub/devices.map, and thus doesn't install grub in the mbr
<__CACO> soren:  wow, thanks for that i will check it out.
<Jeeves_> The grub inside the builded vm, that is
<soren> Jeeves_: No idea, really.
<soren> Jeeves_: Sorry.
<__CACO> Can I doo al the stuff like in webmin, like manage DNS,Postfix,apache...?
<Jeeves_> Also, the fstab holds /dev/sda entries, and not /dev/vda
<soren> __CACO: Probably not.
<ricdanger> what is the current size of an ubuntu mirror?
<soren> __CACO: You haven't said anything about what you need.
<soren> ricdanger: Depends.
<Jeeves_> __CACO: Webmin and ebox are quite differenty
<soren> ricdanger: How many architectures and release series?
<incorrect> http://pastebin.ubuntu.com/309506/
<Jeeves_> __CACO: Best is to just try and understand the configfiles :)
<ricdanger> x64 + x86, and releases > intrepid
<incorrect> a few groans about an .iso that a different vm is using
<soren> incorrect: there's only that one line in the libvirt log?
<incorrect> soren, that line repeats for every time i've restarted it
<soren> ricdanger: I have hardy, jaunty, karmic, and lucid, i386, amd64, and source packages in around 170 GB.
<ricdanger> uhmmm
<soren> ricdanger: No intrepid.
<ricdanger> with universe and multiverse?
<soren> ricdanger: ...but it'll probably be roughly the same (assuming hardy and intrepid are about the same size).
<soren> ricdanger: main, restricted, universe, multiverse, and all of -updates, -proposed, and -security tossed in as well.
<incorrect> sorry, i see it says virtio-net truncating packet
<__CACO> Jeeves: yes i know that, but i am trying to get postfix to work for 2days now, with webmin i did it in two hours :)
<incorrect> i bet its virtio
<incorrect> i bet an e1000 nic will sort it out
<soren> I bet it could be a number of things.
<incorrect> well it doesn't help there is not error
<incorrect> might be worth backporting the virtual kernel from 9.x
<_ruben> 212GB for hardy - karmic here
<incorrect> i knew i would have problems upgrading my kvm server
<soren> incorrect: Err.. Which is it: Are there no errors, or does it complain about truncating packets?
<Jeeves_> __CACO: First smart thing would be to ditch postfix and run exim, imho :)
<incorrect> its complaining
<lamont> Jeeves_: I'd have said "ditch webmin"...
<Jeeves_> lamont: Sorry, that one seemed to obvious for me :)
<adamdv> Webmin is as useless as windows without virtualmin.
<incorrect> soren, that is why i thought changing it to use an e1000 driver rather than vritio
<soren> incorrect: Seriously. I can't help you if you keep information from me.
<soren> incorrect: If I ask for a log file (after explicitly saying that we may have different ideas of what is interesting there), it's not helpful if you only give me a fraction of the logfile.
<incorrect> i didn't exactly mean to miss that message
<incorrect> wasn't a long long file
<soren> I'm just saying, that if I ask for a log file and you give me something else, at the very least say that you've only given me part of said logfile.
<incorrect> i did communicate that after i noticed i hadn't pasted everything
<incorrect> i resized the terminal and saw the line break as it wasn't clear the way i had the terminal
<AdamDV> incorrect: Full screen emuator ftw.
<incorrect> i use terminator, just i had a weird layout
<soren> Whee! My previously completely dead hard drive has sprung to life again for a little bit.
<AdamDV> Woo!
 * soren hopes he can salvage everything from it in time before it decides to throw in the towel for good
<zul> go hard drive go hard drive its your birthday
<smoser> nijaba, in my opinion, euca-bundle-vol is destined to be buggy and or broken.  you simply cannot generically take a running filesystem and cleanly rebundle it.
<smoser> of course, some here will say "its good enough'.
<nijaba> smoser: well, loads of people have been using successfully on EC2, and would expect to do the same on UEC
<incorrect> zimbra runs so hot all the time
<AdamDV> zimbra is so very nice.
<AdamDV> I have a multi server setup.
<smoser> it makes large assumptions like "/var should not be copied *at all*" (apparently, from that bug)
<AdamDV> Running on CentOS.
<incorrect> AdamDV, i roll out zimbra every time i know someone who wants an email server and can't afford exchange
<AdamDV> Yea.
<AdamDV> I actually prefer ZImbra over exchange
<incorrect> in fact i like it more than exchange apart from one thing
<AdamDV> And, in most cases, over Postfix+Dovecot
<AdamDV> Whats that?
<AdamDV> I run a web design company, that provides web hosting.
<AdamDV> And, we provide cPanel + Zimbra for mail.
<AdamDV> WIth custom mx records.
<AdamDV> And round robin DNS.
<AdamDV> 2 MTA's
<AdamDV> 2 mailstores
<AdamDV> 1 master ldap.
<incorrect> exchange does one thing right, it allows you to associate an account with email addresses, so user abc can have email of john.smith@example.com
<AdamDV> Very nice setup.
<incorrect> zimbra your user name has to be your email address
<AdamDV> I prefer it that way.
<AdamDV> More porfessional, IMO.
<incorrect> this sucks for ldap integration,  i had to create username aliases for each user
<AdamDV> You know you could use virtualhosts per the domain, right?
<incorrect> that is a massive security issues for webmail, i know i can attack your webmail this way
<AdamDV> So that it detect which domain its being accessed from, and adds that, instead of using full emails?
<incorrect> AdamDV, its the username to address that doesn't work
<AdamDV> I see.
<AdamDV> Yea, I know what you mean
<incorrect> also the address book breaks as it only uses the account name
<AdamDV> I would prefer to be able to use john.smith in the LDAP db instead of john.smith@example.com
<incorrect> but can be worked around with aliases in your ldap server
<lamont> AdamDV: does zimbra still stomp around in the internals of postfix?
<AdamDV> Slightly.
<incorrect> no no that isn't what i mean
<incorrect> the ldap server is not zimbra's ldap server, i have an n-way replicating setup with openldap for systems and other web apps
<AdamDV> Ohhhh.
<AdamDV> I get what you mean.
<AdamDV> So, you have to manually alias each user in zimbra.
<AdamDV> I see.
<uvirtbot> New bug: #450044 in euca2ools "euca-bundle-vol does not create essential tmpfs mounts when bundling Ubuntu images" [Medium,Confirmed] https://launchpad.net/bugs/450044
<AdamDV> Anyone know a good graphic designer?
<incorrect> so jsmith has an alias of john,smith in the company wide ldap, and zimbra has a user of john.smith so the address book works
<incorrect> well my 8.04 vm has not crashed out yet
 * soren takes a break
<quizme> for some reason i can't get passwordless login to work.  I think sshd is not configured correctly. can somebody look at my sshd config file?
<AdamDV> quizme: Why would you want a passwordless login through ssh?
<AdamDV> O.o
<quizme> AdamDV Public Key Authentication ... it's convenient
<PJiPhone> Something I want to configure for automated backups
<AdamDV> quizme: Ah
<Pici> quizme: You shouldn't need to modify anything in sshd for key based autoentication to work.
<quizme> Pici: somebody else modified it
<quizme> Pici: i'm trying to unmodify the modification that makes it not work  or at least that's what i think i'm doing.
<aubre> Good morning
<Jeeves_> soren: 2009-11-04 17:04:04,938 DEBUG   :  Running "install /boot/grub/stage1 (hd0) /boot/grub/stage2 p /boot/grub/menu.lst "... failed
<Jeeves_> 2009-11-04 17:04:04,938 DEBUG   : Error 22: No such partition
<Jeeves_> 2009-11-04 17:04:04,938 DEBUG   : grub> EOT
<Jeeves_> That's why my vm's don't boot :)
<soren> Jeeves_: How are you getting into this? You said something about virtio disks?
<Jeeves_> soren: Yes, virtio and i386 arch
<Jeeves_> i tried fixing it with my own templates, but that didn't help
<Jeeves_> The strange thing is, it did work, sometime ... :)
<soren> Jeeves_: Are you building these inside a VM?
<Jeeves_> soren: No
<soren> then I don't get it. I didn't think u-v-b knew anything at all about virtio.
<Jeeves_> I'm building on a normal machine, on which the vm's should run. Storage is on /dev/disk/by-path/iscsi-url
<Jeeves_> Well, the templates seem to be for dapper
<soren> How do you figure that?
<Jeeves_> ls /etc/vmbuilder/ubuntu/
<Jeeves_> dapper_fstab.tmpl
<Jeeves_> the templates created contain sda-notation, not vda
<soren> I'm very confused now.
<soren> Which version of ubuntu-vm-builder are you using?
<soren> this all looks very non-hardy-like.
<Jeeves_> http://pastebin.ubuntu.com/309646/
<Jeeves_> root@kvm3:/target# ubuntu-vm-builder --version
<Jeeves_> 0.11.353
<soren> ?!?
<soren> You said hardy!
<Jeeves_> No, I said the vm's will be running hardy, the host is running karmic
<soren> I see.
<soren> I'd love to chat about this tomorrow or later this evening. Right now, I have to run.
<incorrect> ok my 8.04kvm has been running for 2 hours now i changed away from using virtio
<Jeeves_> soren: okidoki :)
<Jeeves_> I'll be online tonight and tomorrow, so :)
<ward-> is there any good review of ubuntu cloud computing?
<ward-> what exactly it does etc
<ward-> can't seem to find much info on it yet
<leonel> is there a qemu ppa with  kqemu module enabled ? I need to use qemu on a non VMX cpu
<jabalsad> hi.. what can i type in the command line to check whether i'm running server or desktop?
<smoser> jabalsad, its not really that easy of a question (at least i dont think).
<jabalsad> :/
<smoser> tasksel --list-tasks | grep server
<smoser> that'll tell you if you have the 'server' task
<flyback> say you downgraded your cpu from 686 arch type to 586 tyoe, is there a way to boot a rescue cd etc on the new box to then transfer I guess it's the root env to the local filesystem so you can apt-get a new kernel etc
<smoser> tasksel --list-tasks | grep ubuntu-desktop
<flyback> I gotta get ready for work so I will check back in a bit, I don't mean to be rude just can't be late
<jabalsad> smoser, i see a bunch of servers one of which is called 'Edubuntu server'
<smoser> will tell you if you have desktop task. but either could be installed onto either. its not a hard separation.
<jabalsad> this is a clean install
<jabalsad> done on a dedi in another country
 * flyback switches to a nice embedded board in case anyone wants "wtf did you downgrade for"
<smoser> acutally, i realize i was wrong about my advice anyway. the 'server' task isn't installed on my installed 'server' (which i did from media).
<smoser> but the server does not have the 'ubuntu-desktop' task, where the laptop does
<jabalsad> :/
<jabalsad> i see the ubuntu desktop task
<jabalsad> but maybe it was installed afterwards?
<smoser> as i said, it could be.
<jabalsad> damn
<jabalsad> i found a thread on the forums, i'll look into that quick
<jabalsad> 'lsb_release -a' and 'uname -a' .... but it doesnt really seem conclusive :D
<jabalsad> if i find that i have desktop installed, should i rather request to install the server version?
<tarnfeld> Hello
<tarnfeld> Anyone here?
<flyback> well I gotta run but thx anyways
<flyback> :D
<zul> mathiaz: have you done any blueprints for lucid yet? Im looking for a template to follow
<mathiaz> zul: hm - not yet
<mathiaz> zul: just use a name that starts with lucid-server
<mathiaz> zul: just use a name that starts with lucid-server-
<mathiaz> zul: and we'll take it from there (we can always rename them if necessary)
<zul> sounds good to me
<mathiaz> kirkland: were you able to retrieve the GPG public key of my eucalyptus PPA?
<kirkland> mathiaz: i didn't try
<kirkland> mathiaz: would you like me to?
<mathiaz> kirkland: well - jsalisbury is trying to add the public key and it doesn't work
<mathiaz> kirkland: apparently the key server is down
<kirkland> mathiaz: oh
<cemc> I had some problems with it myself
<cemc> the last couple of days/week
<cemc> it takes a loong time to get a key
<cemc> it times out even a couple of times
<kirkland> mathiaz: i'll try
<kirkland> mathiaz: jsalisbury: http://pastebin.ubuntu.com/309764/
<kirkland> mathiaz: worked fine for me
<everythingdaniel> Hi, I am trying to install Ubuntu Server. I get a screen like http://pastebin.com/m54e9003a  and no matter what I select, the box goes away, and else nothing happens. Its not frozen up, I can do a ctl-alt-del  and the kernel shuts down properly
<everythingdaniel> That box coes up right after the loader bar that scrolls by saying its setting up partitioner
<jsalisbury> kirkland: mathiaz:  I'll try again.
<kirkland> jsalisbury: what are you using to import the key?
<kirkland>  sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 094D0420
 * kirkland thinks launchpad should print that on the ppa page itself, for easy copy-n-paste
<jsalisbury> kirkland: http://pastebin.com/dcb391ac
<jsalisbury> kirkland: looks like the server is down, but I can ping it.
<kirkland> jsalisbury: proxy problem?  firewall problem?
<cemc> jsalisbury: try it a couple of times, it will get it eventually
<jsalisbury> kirkland:  no proxy, maybe a switch is blocking.  Does this use a special port?
<kirkland> jsalisbury: i'm not sure
<jsalisbury> cemc:  Ok, maybe I'll write a script and have it try in a loop ;-)
<cemc> jsalisbury: I'm not kidding, it usually took me 5-10 minutes and 3-4 tries to get it
<jsalisbury> cemc:  Okay, thanks.  I'll give if several tries.
<cemc> and I've installed 3 different ubuntu guests, and had 2 more systems I wanted to install from a ppa and on every system it took forever
<mathiaz> sommer: hey - if there is a bug in the server guide, where should I assign it?
<cemc> I wanted to report it, wasn't sure whereto exactly
<mathiaz> sommer: (the openldap section hasn't been updated to the new way slapd is setup in karmic - bug 463684)
<uvirtbot> Launchpad bug 463684 in openldap "dpkg-reconfigure slapd wizard configuration isn't complete" [Low,Incomplete] https://launchpad.net/bugs/463684
<everythingdaniel> A little extra bit of info, I am doing a minimal install
<sommer> mathiaz: ya, I've been meaning to get to that.  ubuntu-docs should be the package
<sommer> mathiaz: I was thinking of trying to push for an SRU, but will need to coordinate with the DocTeam for translations
<adelie42> I am setting up a pxe server for a second network card. what do I need to specify in /etc/dhcp3/dhcp3d.conf to tell it which network card to listen on?
<mathiaz> sommer: right - seems like a good candidate for a SRU
<sommer> mathiaz: I'll try to get that done by the end of the week
<sommer> or at least started :)
<jsalisbury> kirkland: Did you happen to open a separate bug for the issue you had listed in commend #6 in Bug 455625 ?
<uvirtbot> Launchpad bug 455625 in eucalyptus "Eucalyptus Loses Public IP Address" [Medium,Incomplete] https://launchpad.net/bugs/455625
<jsalisbury> kirkland:  I just ran into the same issue immediately after upgrading to the PPA from mathiaz
<mathiaz> jdstrand: right - this is another bug.
<mathiaz> jsalisbury: ^^
<pmatulis> where is mdadm (raid) information stored and how should it be backed up?
<mathiaz> jdstrand: nevermind
<kirkland> jsalisbury: i don't think i opened another bug
<jsalisbury> kirkland:  Do you think I should, or just add another comment to 455625?
<mathiaz> jsalisbury: what have you exactly seen?
<mathiaz> jsalisbury: are the ip addresses still on the CC (via ip addr show)?
<mathiaz> jsalisbury: or is just that euca-describe-instances doesn't show them?
<jsalisbury> mathiaz:  I did an apt-get upgrade eucalyptus -  however, my instance was still running.  Both the public and private IP addresses changed to 0.0.0.0
<mathiaz> jsalisbury: right - this is probably bug 460089
<uvirtbot> Launchpad bug 460089 in eucalyptus "network state is lost if the cluster controller (CC) is stopped" [Medium,In progress] https://launchpad.net/bugs/460089
<kirkland> jsalisbury: mathiaz: i'm not sure my issue was a real one, as I still have another DHCP server on my network (rather than disabling it like Eucalyptus requires)
<kirkland> jsalisbury: mathiaz: I strongly DISLIKE this requirement of UEC, and hope we find some way around this for Lucid
<mathiaz> jsalisbury: could you check whether the CC still IP addresses configured?
<kirkland> jsalisbury: mathiaz: this means that I sometimes have funky network problems that I chalk up to my dhcp/router
<jsalisbury> mathiaz:  using which command?  euca-describe-addresses?
<mathiaz> jsalisbury: ip addr show on the CC
<jsalisbury> mathiaz: one sec
<mathiaz> jsalisbury: I'm trying to by pass eucalyptus heere
<stlsaint> mathiaz: excuse me
<mathiaz> jsalisbury: and see the routing and firewall configuration of the CC
<jsalisbury> mathiaz:  The ip addresses still look defined with ip addr show on the CC
<jsalisbury> mathiaz: I can also still ping the public IP Address that was assigned to the instance.  It just isn't reported by eucalyptus.
<mathiaz> jsalisbury: right
<mathiaz> jsalisbury: what the firewall rules show on the CC?
<mathiaz> jsalisbury: iptables -Nl -t nat
<pipedream>  
<mathiaz> jsalisbury: iptables -nL -t nat actually
<jsalisbury> mathiaz: Okay
<mathiaz> jsalisbury: do you still see the firewall rules for the public instances?
<mathiaz> jsalisbury: if so - you've run into bug 460089
<uvirtbot> Launchpad bug 460089 in eucalyptus "network state is lost if the cluster controller (CC) is stopped" [Medium,In progress] https://launchpad.net/bugs/460089
<mathiaz> jsalisbury: which is addressed in the SRU
<jsalisbury> mathiaz:  no, I don't.
<jsalisbury> mathiaz:  one second and I can paste the output.
<mathiaz> jsalisbury: so - *before* the upgrade: if you do an eucalyptus stop, firewall rules are removed, but not the public IPs?
<mathiaz> jsalisbury: yes - could you paste the output of: ip addr show
<mathiaz> jsalisbury: and iptables -nL -t nat
<mathiaz> jsalisbury: on the CC
<jsalisbury> mathiaz:  sure, just one sec.  it takes a little bit because I'm working on systems on different networks and my IRC is setup through a vnc session.
<mathiaz> !paste | jsalisbury
<ubottu> jsalisbury: For posting multi-line texts into the channel, please use http://paste.ubuntu.com (or !pastebinit for CLI) | For pasting !screenshots use http://tinyurl.com/imagebin Please give us the URLs for your posts!
<jsalisbury> mathiaz: http://pastebin.ubuntu.com/309832/
<mathiaz> jsalisbury: 172.23.46.78 is the public IP of the running instance?
<jsalisbury> mathiaz: yes
<mathiaz> jsalisbury: ok - thanks
<sbeattie> mathiaz|zul: sorry I missed your meeting; I reviewed the nut and ipsec-tools SRUs a couple of weeks ago. I'm unable to change the overall status on the merge or upload, so I'm not sure what the next step from here should be.
<mathiaz> sbeattie: right - I think only the submitter can do that
<mathiaz> sbeattie: have you set your own status to approve?
<sbeattie> I haven't seen any new SRU merge reviews come way since then.
<sbeattie> mathiaz: yes
<sbeattie> https://code.launchpad.net/~sbeattie/+activereviews is the reviews I've looked at, the approves listed are all from me.
<zul> sbeattie: its on my to do list to update those test cases
<sbeattie> zul: okay, thanks, that is appreciated.
<mathiaz> sbeattie: yeah - we need to tune the process a bit to make sure things are moving swiftly
<mathiaz> sbeattie: overall it still makes sense to have you review the SRU+bzr branch at that point in the process?
<sbeattie> mathiaz: yeah. I meant to raise the issue a couple of weeks ago, but some australian animal got in the way.
<mathiaz> sbeattie: yeah - we should be more lucid from a now on
<sbeattie> anyway, I just wanted to make sure there wasn't something missing on my part that was holding things up.
<zul> sbeattie: a kangaroo? ;)
<Jeeves_> soren: The issue with ubuntu-vm-builder seems to occur only when installing on raw-devices
<vladanian_> Hey guys, I'm trying to get UEC hooked up to elasticfox, and I'm getting an error
<Jeeves_> soren: https://help.ubuntu.com/community/KVM/CreateGuests says 'Ubuntu-vm-builder doesn't allow you to create the VM on a raw block device yet'
<Jeeves_> Is that still the case?
<BerRMaNyA> I have a problem to install dovecot with mysql, somebody can helpme ?
<incorrect> yay! my finally my 8.04 vm is stable under 9.10
<everythingdaniel> Hi, I am trying to install Ubuntu Server. I get a screen like http://pastebin.com/m54e9003a  and no matter what I select, the box goes away, and else nothing happens. Its not frozen up, I can do a ctl-alt-del  and the kernel shuts down properly
<everythingdaniel> (reposted question)
<Reepicheep> BerRMaNyA: did you find a tutorial to follow?
<mneptok> everythingdaniel: how are your disks conected to the motherboard physically?
<everythingdaniel> ide
<BerRMaNyA> Reepicheep i asked in #dovecot, they answered that upgrade the version to 1.0
<everythingdaniel> one disk, set as master
<BerRMaNyA> i have a 0.9
<mneptok> everythingdaniel: RAID card or ... ?
<everythingdaniel> ide to motherboard
<Reepicheep> BerRMaNyA: what version of ubuntu server are you using?
<mneptok> everythingdaniel: look in your BIOS and see if there is a way to alter the IDE settings. if it is set to IDE, try setting it to RAID mode. this may allow Ubuntu to identify the chipset differently and load a different driver.
<mneptok> conversely, if the BIOS is set to RAID, set it nack to IDE.
<BerRMaNyA> I dont have ubuntu server, but when i asked in #ubuntu they answer that i should join #ubuntu-server, but i have ubuntu 9.04
<everythingdaniel> ohh okay
<everythingdaniel> Ill check that when I get back over to that box
<everythingdaniel> thank you
<mneptok> np
<mneptok> everythingdaniel: and be sure to checksum the .ido you downloaded and/or run the physical media check. it would be frustrating if you spent hours trying to fix a disc that is just badly burned. ;)
<mneptok> *.iso
<everythingdaniel> haha, true
<everythingdaniel> godo tip
<Reepicheep> BerRMaNyA: it looks like 9.04 contains dovecot 1.1.11 in the repos
<BerRMaNyA> how i can know the version of my dovecat?
<BerRMaNyA> I follow this tutorial http://bliki.rimuhosting.com/space/knowledgebase/linux/mail/postfixadmin+on+debian+sarge
<BerRMaNyA> but now i trying configure dovecat whit this tutorial http://johnny.chadda.se/2007/04/15/mail-server-howto-postfix-and-dovecot-with-mysql-and-tlsssl-postgrey-and-dspam/
<Reepicheep> BerRMaNyA: did you install it with apt?
<BerRMaNyA> yes
<Reepicheep> try "sudo aptitude show dovecot-common"
<BerRMaNyA> i have version 1.1.1.11
<BerRMaNyA> I dont have 0.9 :S
<Reepicheep> and  "State: Installed"
<BerRMaNyA> yes
<BerRMaNyA> but
<Reepicheep> now run "dovecot --version"
<BerRMaNyA> 1.1.11
<BerRMaNyA> yes
<BerRMaNyA> but when i add this lines in dovecot.conf
<BerRMaNyA> auth_userdb = mysql /etc/dovecot/dovecot-mysql.conf
<BerRMaNyA> auth_passdb = mysql /etc/dovecot/dovecot-mysql.conf
<BerRMaNyA> first_valid_uid = 106
<BerRMaNyA> default_mail_env = maildir:/home/vmail/%d/%n
<BerRMaNyA> and i try run /etc/init.d/dovecot restart
<BerRMaNyA> I saw this
<BerRMaNyA> Error in configuration file ... : Unknow setting: userdb
<Reepicheep> why in #dovecot did they think you were using version 0.9?
<BerRMaNyA> i dont know
<BerRMaNyA> see this
<BerRMaNyA> BerRMaNyA>	pastie.org/683685
<BerRMaNyA> 	<BerRMaNyA>	is my dovecot configuration
<BerRMaNyA> 	|<--	feisar has left irc.freenode.org ("Leaving")
<BerRMaNyA> 	<BerRMaNyA>	so someone have a idea?
<BerRMaNyA> 	<tss>	berrmanya: you really shouldn't be using dovecot v0.99
<Reepicheep> BerRMaNyA: I'm assuming that you got dovecot-mysql configured
<BerRMaNyA> mmm
<BerRMaNyA> dovecot-mysql ?
<BerRMaNyA> I never run apt-get install dovecot-mysql
<BerRMaNyA> and i try run install dovecot-mysql dont find the package
<Reepicheep> oh.. I think I see why they said that.. auth_userdb must be something used in an older version of dovecot.. use passdb instead
<Reepicheep> I bet your tutorial is a bit out of date
<Reepicheep> BerRMaNyA: btw.. dovecot-mysql should already exist.. it's just a config file
<BerRMaNyA> i try now whit this tutorial, http://johnny.chadda.se/2007/04/15/mail-server-howto-postfix-and-dovecot-with-mysql-and-tlsssl-postgrey-and-dspam/
<Reepicheep> you need to put your mysql specific stuff in that file than tell dovecot to use the passdb from mysql in dovecot.conf
<BerRMaNyA> passdb sql {
<BerRMaNyA> args = /etc/dovecot/dovecot-sql.conf
<BerRMaNyA> }
<BerRMaNyA> userdb sql {
<BerRMaNyA> args = /etc/dovecot/dovecot-sql.conf
<BerRMaNyA> }
<BerRMaNyA> that its ok?
<Reepicheep> yeah.. sorry dovecot-sql.conf not dovecot-mysql.conf
<Xpistos|work> Exuse me, but how do I create a user account from the command line that can use sudo when needed?
<Reepicheep> BerRMaNyA: btw.. if you got more then a couple lines pastebin it .. thanks
<Reepicheep> the original paste bin you sent to the #dovecot channel had examples lower down in the file. it's pretty well documented
<Reepicheep> reed through both the dovecot-sql.conf file and the original dovecot.conf file.. you will need to undo many of the changes you already have made to the dovecot.conf file
<Xpistos|work> would htis work? sudo adduser -G admin USERNAME
<Reepicheep> s/reed/read/ ^ BerRMaNyA
<jcastro> mathiaz, who's handling the scheduling for server track UDS things?
<BerRMaNyA> thanks reepicheep
<Reepicheep> np
<mneptok> mathiaz: if you'd like, you can make maria-captains the assignee for that MariaDB blueprint
<mathiaz> mneptok: we don't need an assignee for now
<mathiaz> mneptok: just a drafter :)
<mathiaz> mneptok: and an approver (probably mdz)
<mneptok> mathiaz: whatever you think is best, dear.
<mneptok> mathiaz: wait, you're not my wife. damn this programming.
<uvirtbot> New bug: #474660 in drbd8 (universe) "drbd8-utils not dependent on drbd8-source" [Medium,Confirmed] https://launchpad.net/bugs/474660
<alex88> i have a vps and i want to offer some free shells, is there a package that can help me in shell limitations, limit user space etc?
<nothing_clever> Some one think they can help me configure apache2 use /home/user_name/apache2www instead of /var/www?
<alex88> nothing_clever: you can use /home/user_name/public_html for every user
<alex88> link www.site.com -> /var/www and www.site.com/~username/ -> /home/username/public_html
<Reepicheep> alex88: have you looked at rssh?
<preesident> yes............quem bom deu certo a instalaÃ§Ã£o do server
<preesident> agora cade o povo para me ajudar;;;;;
<alex88> Reepicheep: nope, i'll search for it
<preesident> como faÃ§o para mudar a senha do su
<alex88> preesident: english please
<preesident> sorry
<preesident> hello anyone...i am finish start the ubuntu serve now, how can i change the password to su root
<alex88> sudo passwd root if you're in sudoers, if you are root just passwd
<preesident> after instalation how can i change this password...
<preesident> i put only one user and pass i dont put any password to su, anf to myqsl
<preesident> during instalation i put two password, one to user, other to mysql
<alex88> yeah, and what you want to change? root pass?
<nothing_clever> alex88: What do you mean I can use public_html? Don't I need to change some thing some where to do that?
<preesident> when i put su in terminal ask to password
<alex88> preesident: so you have to do "sudo passwd root" than enter the password you want as root
<preesident> hum...its exctly what i want to do, put this pass...
<alex88> nothing_clever: you can use userdir mod if you want that every one has their public_html folder..
<alex88> nothing_clever: but you want to change the site root dir of apache?
<preesident> ok, now its clear, thanks very much to send me this informations, i am happy with your words.
<preesident> alexx88
<preesident> sorry alex88
<preesident> please, how can i make configurantions by graphical in another computer via ssh
<alex88> preesident: using graphical menus etc?
<preesident> yes
<alex88> i think that you have to install a graphical envoirment...and use X11 forward via ssh..what you want to graphical configure?
<preesident> is it, i need make configurations to hotspot server, i have two ethernet here in this server and one its to conect internet and other its to conect AP (public clients), and i want to do this configs.
<alex88> so configure something like dhcp, dns and internet forwarding?
<prohibited> hi
<preesident> yes
<preesident> firewall, CBQ, SQUID,
<nothing_clever> alex88: Here's what it is. I am trying to get ampache (web based music broadcasting program) up and running. The last step needed is to give it access to a music folder. I want to use the folder out of my home directory. ampache will only see what it can see from the web on the server. My plan is to put the root directory web page in my home folder then place my music in there leaving a symlink to it in my home folder.
<prohibited> how can I set the display size on ubuntu server 9.10 (I'm running it on VMWare Fusion)
<alex88> preesident: oh..mmhh..you have to install on the server a graphical enviroment..then remote desktop to it
<preesident> its like winbox and mikrotik configurations, do you know...?
<alex88> preesident: nope, never tried
<alex88> nothing_clever: you have to set only the music dir on all the ampache root?
<prohibited> someone for my question ?
<alex88> prohibited: resolution?
<prohibited> yes
<prohibited> in console mode
<alex88> mmhh..never used ubuntu server with a desktop enviroment
<prohibited> no
<prohibited> wihout desktop environment
<alex88> uh console mode..wait
<nothing_clever> alex88: I need to make http://localhost/Music go to /home/user/apache2www/Music to make ampache work correctly.
<prohibited> I tried with Grub 2 config. But it didn't work
 * zul is begining to hate windows 7
<alex88> nothing_clever: tried to make a symlink a use FollowSymLinks in apache
<prohibited> And with dpkg-reconfigure console-setup, I can set font size, but the min value is too high
<nothing_clever> alex88: Not even remotely going to work.
<prohibited> zul: why ?
<zul> prohibited: because it doesnt play nice with samba
<prohibited> lol
<uvirtbot> New bug: #474423 in samba (main) "Files no longer visible from a Mac OS-X.5.8 Public Share" [Undecided,New] https://launchpad.net/bugs/474423
<alex88> prohibited: tried with vga=xxx in grub config?
<preesident> whci one graphical enviroment do you know ?
<preesident> which one ?
<alex88> preesident: i use gnome with unbut desktop..never used in server
<prohibited> alex88: I tried. But it's for grub legacy. With Grub 2, you have to set an option in /ect/default/grub
<prohibited> but it doesn't work
<preesident> ok, but how can i make configurations of server configurations via graphical in gnome, have any soft to do this ?
<alex88> with grub_gfxmode?
<prohibited> yes
<mushroomblue> zul: does win7 play nice with a Ubuntu PDC with OpenLDAP/Samba?
<prohibited> i tried
<zul> mushroomblue: it shoul
<zul> should
<preesident> ok, i undestand about server with no graphical, but how can i config every steps in server, like firewall, band control, users, hotspot....etc etcv....
<preesident> which one distro its the best to do this hotspot wireless server ? please.
<alex88> preesident: read the ubuntu wiki..
<preesident> ok
<preesident> alex88 do you have make this configs ?
<alex88> preesident: if i've done it?
<alex88> you can use ebox..it's a web interface that can really help you
<prohibited> alex88: I search on forums, with google etc. I can't find a solution. I hoped someone have the solution here. But I think the last ubuntu is very different so I have to wait. Maybe the solution is to use SSH (but it's crazy to do that when you have a windows displaying the guest OS)
<preesident> help me to undestand how can i make this configs, firewall, CBQ, users control login....
<alex88> try to install ebox, it's more simple to configure a server with it..
<preesident> how can i get this ebox
<mushroomblue> you people are recommending ebox? on purpose?
<mushroomblue> do you actually like it?
<mushroomblue> it makes my soul ache.
<ScottK> Worse than webmin?
<mushroomblue> far worse.
<mushroomblue> but that's just me.
<ScottK> OK.
<alex88> sudo apt-get install ebox-all..try it
<alex88> mushroomblue: if you have better solutions talk, or if you want you can configure all to him
 * ScottK has yet to have to try to figure of a postfix bug caused by ebox dorking up config files.  Not true for webmin
<preesident> ok, i dont have conection internet in the server , i am in other computer,
<preesident> i am in search page finding
<mushroomblue> I was told that suggesting webmin, even if it doesn't pollute all sorts of places on your install like ebox, isn't allowed.
<preesident> please take a look in this page
<preesident> http://trac.ebox-platform.com/wiki/Document/Documentation/InstallationGuide
<preesident> its waht a want ?
<xperia2> hello to all. i have problems with my bind9 server that i have setup. it should now all works but for some reason it tell me that my dns server si not availble
<xperia2> my domain is www.wificom.ch
<preesident> oh my god, wich one i can use ebox or webmin ?
<alex88> preesident: that's the page
<xperia2> and my fix ip adress is 80.254.182.249
<xperia2> this here is my iptables
<mushroomblue> here comes the flood
<xperia2> http://pastebin.com/d28fff019it looks all right !
<xperia2> http://pastebin.com/d28fff019it looks all right !
<xperia2> http://pastebin.com/d28fff019
<xperia2> it looks all right !
<xperia2> dont know where the problem could be
<alex88> xD
<xperia2> this here show me that the dns server is alive at least from the lan
<xperia2> http://pastebin.com/
<xperia2> whats the problem. why can my dns not resolve dns querys from the wan ? it looks like it dont answer !
<xperia2> i have followed the wiki page for settng up a Primary Master Server DNS https://help.ubuntu.com/community/BIND9ServerHowto
<alex88> xperia2: tried with firewall conf?
<alex88> restarted firewall?
<alex88> does it listen from all interfaces? try with "netstat -tap" to check it
<xperia2> http://pastebin.com/dd1a4fb
<xperia2> this is from my web server
<xperia2> i will do now the same on the router
<xperia2> http://pastebin.com/d7f754b3b
<xperia2> this is from my router
<xperia2> hmm is this normal that i dont have the port 53 listed in the laspastebin
<alex88> 192.168.1.90:domain && localhost:domain it just listen to localhost and lan
<alex88> is it connected to internet with lan? (192.168.1.90??)
<xperia2> i have followed this ubuntu wiki howto
<xperia2> https://help.ubuntu.com/community/BIND9ServerHowto#Primary%20Master%20Server%20configuration
<alex88> 0.0.0.0:domain so your router is listening to port 53.. tell me the ip please
<xperia2> the ipadress of the dns server is 80.254.182.249
<alex88> ok, port 53 is open
<xperia2> great then this must be a missconfiguration ! but how can this be i followed every step as described in the wiki
<alex88> "www.google.it A record query refused by zux182-249.adsl.green.ch" have you forward to other dns set?
<xperia2> give me a moment only
<xperia2> the file named.conf was not changed and looks as follow http://pastebin.com/d45314a2e
<alex88> you have to edit named.conf.options
<xperia2> named.conf.options was changed and looks as folow http://pastebin.com/d5435dbe0
<xperia2> named.conf.options looks as folow http://pastebin.com/d4e0eb478
<xperia2> maybe this is the problem
<alex88> uncomment lines 13,14,15
<alex88> restart
<alex88> and re-try
<StrangeCharm_> what's the program that's like screen, with with the sweet tabbar along the bottom?
<xperia2> alex88: i have tested the dns server at the domain registrator page and this is what it tell me http://pastebin.com/d5d232ef5
<vladanian_> Hi guys, where's the best place to ask about UEC?
<alex88> xperia2: have you done what i've said?
<xperia2> yes i have done it. controlling it again
<xperia2> yes it was done. the changed file looks like this http://pastebin.com/d5d232ef5
<xperia2> and i have also rebooted the bind9 erver as follow
<alex88> that' the registrator page report
<xperia2> sudo /etc/init.d/bind9 restart
<xperia2> i have found a command called dig and this is here the output http://pastebin.com/d75f484b8
<bogeyd6> xperia did you check the named.conf to make sure your dns server is listening on all ports?
<bogeyd6> xperia wificom.ch.             604800  IN      A       192.168.1.90
<bogeyd6> 192.* is an internal IP address only
<alex88> bogeyd6: yeah it's working..but it refuses queries..
<alex88> look here:
<bogeyd6> k
<alex88> host www.google.it 80.254.182.249 -> www.google.it A record query refused by zux182-249.adsl.green.ch
<alex88> host wificom.ch 80.254.182.249 -> wificom.ch              A       192.168.1.90
<xperia2> bogeyd6: i dont have any entry in the fille named.conf that contain the server ip number and my domain name
<alex88> so it's just misconfigured
<mushroomblue> anyone know why I can ssh to a machine internally, but it refuses/times out if connected through a NAT?
<mushroomblue> according to router and switch, NAT is passing traffic through to the server
<mushroomblue> last time this happened, I reinstalled, and it magically responded.
<mushroomblue> but that's not exactly a fix.
<xperia2> why that i have followed the ubutu help wiki page for setting up a primary dns server and there was no mention to edit this file
<bogeyd6> mushroom you cannot go internal external internal
<mushroomblue> bogeyd6: I don't think that's what I'm doing.
<bogeyd6> xperia2 the ip address of 192.* is not a valid internet address (unless you are using internal only)
<xperia2> this is the file named.conf http://pastebin.com/d45314a2e
<alex88> xperia2: post named.conf.local and named.conf.options
<xperia2> alex88: named.conf.local http://pastebin.com/d45314a2e
<bogeyd6> and /etc/bind/named.conf.options ?
<xperia2> named.conf.options http://pastebin.com/d332c44b7
<alex88> xperia2: named.conf == named.conf.local???
<bogeyd6> host wificom.ch localhost
<xperia2> ohh sorry my mistake
<bogeyd6> why is forwarding setup if you want this to be your dns server?
<alex88> bogeyd6: cause it tell me that it's the dns of its lan, cause it own domain is resolved
<xperia2> named.conf.localhttp://pastebin.com/d5797d6b9
<bogeyd6> xperia2 what is the results of host wificom.ch localhost
<bogeyd6> host wificom.ch localhost"
<bogeyd6> sans the "
<xperia2> http://pastebin.com/d31381535
<bogeyd6> i am gonna go back and look at your iptables
<bogeyd6> am i to assume you dont have a gateway/firewall/router that you didnt configure?
<bogeyd6> xperia2 it says "domain"
<xperia2> this here are the iptables of my router http://pastebin.com/d6dbf558e
<bogeyd6> xperia2 explain how you connect to the internet from the dns server
<bogeyd6> everything says it should be working
<alex88> bogeyd6: the server is accessible from outside..
<alex88> bogeyd6: but it doesn't resolv anything else than it's domain
<xperia2> well i have my server connected to my router with a static ip adress 192.168.1.90
<bogeyd6> xperia2 http://pastebin.com/d5d232ef5  says the dns server is unreachable
<xperia2> well alex88 told me that he was able to see my dns server from outside if i am not wrong
<xperia2> so the firewall should be not the problem
<xperia2> or i am wrong
<bogeyd6> ok you are right, i tried 80.254.182.249
<xperia2> did you tryed also port 53
<xperia2> port 80 is working great
<bogeyd6> then what are we doing?
<bogeyd6> http://80.254.182.249  does not work
<bogeyd6> dns://80.254.182.249  does work
<xperia2> strange inside the lan http://80.254.182.249 works
<bogeyd6> i stand corrected, it does work, just very slowly
<alex88> Starting Nmap 4.76 ( http://nmap.org ) at 2009-11-04 23:10 UTC
<alex88> Interesting ports on zux182-249.adsl.green.ch (80.254.182.249):
<alex88> Not shown: 998 filtered ports
<alex88> PORT   STATE SERVICE
<alex88> 53/tcp open  domain
<alex88> 80/tcp open  http
<xperia2> ahhh okay
<bogeyd6> !pastebin | alex88
<ubottu> alex88: pastebin is a service to post multiple-lined texts so you don't flood the channel. Ubuntu pastebin is at  http://paste.ubuntu.com | To post !screenshots use http://tinyurl.com/imagebin | !pastebinit to paste directly from  command line | Make sure you give us the URL for your paste - see also the channel topic
<xperia2> dont know what exactly  the problem is but in last time ubuntu server has heavy lags
<bogeyd6> xperia2 are we to assume you want people to be able to go to www.wificom.ch
<alex88> the problem is the domani config, cause it refuses everything else then wificom.ch
<xperia2> why is that a problem? as first i want to run only this domain as i dont have others
<alex88> xperia2: paste /etc/bind/db.wificom.ch
<xperia2> in some days i want to be able to run some subdomains but this is a second class problem
<xperia2> okay i will past it
<bogeyd6> we should invent a pastebin command line tool
<xperia2> alex88: http://pastebin.com/d1f8af47b
<bogeyd6> should wificom.ch resolve to 80.254.182.249 or 192.168.1.90
<smoser> erichammond, at some point i think you gave a url to some cloud search site... that like crawled images available on different cloud offerings and aggregated them
<smoser> any idea what that is/was?
<alex88> 80.254.182.249 i think
<bogeyd6> it depends on who is using the dns server, internal or external
<xperia2> it need to be as first external
<xperia2> and if possible only also internal
<bogeyd6> change the A records to be 80.254.182.249 not the 192.*
<xperia2> okay
<bogeyd6> restart named
<bogeyd6> erp :P
<xperia2> just restarting the bind9
<bogeyd6> do a sudo /etc/init.d/bind9 restart
<smoser> erichammond, never mind. for anyone else: http://thecloudmarket.com/
<xperia2> okay restarted
<bogeyd6> ok the records are resolving correctly
<xperia2> should i try again to test again now with the domain registrator tool if the dns server is working correct ?
<bogeyd6> now you must go to your registrar and set up your host to be the name server
<bogeyd6> Typically, depending on who you registered with you setup a host called ns and then you set your nameserver for the domain to be ns.wificom.ch
<xperia2> ahh okay i have this allready. i was able to register a nameserver for my domain called ns.wificom.ch that point to my ip static ip adress
<bogeyd6> sometimes they make you set two name servers (all mine have) and you just make two hosts at the registrar for ns and ns2 but make them the same ip address
<alex88> xperia2: that's what you need
<bogeyd6> ns.wificom.ch doesnt resolve to an ip address
<alex88> www.wificom.ch A record has zero ttl
<xperia2> hmmm strange but it should. on the other side it could be that it dont work becouse i need it to pay it first. i can check at least if dns is working on the domain page
<bogeyd6> LAWL
<bogeyd6> xperia2 you need to call the registrar and have them fix it
<xperia2> okay gimme a second to test now the dnsserver if ir works. but on the other side if ns.wificom.ch dont resolve it will probably not work
<preesident> alex88 thanks for all, you are a grat person .
<preesident> great
<uvirtbot> New bug: #370877 in chkrootkit (main) "package chkrootkit 0.48-5 failed to install/upgrade: short read in buffer_copy (backend dpkg-deb during `./usr/lib/chkrootkit/strings-static')" [Low,Incomplete] https://launchpad.net/bugs/370877
<alex88> preesident: no problem man.. glad to help! XD
<preesident> if you want anything from Natal Brazil, call-me.
<xperia2> bogeyd6: it looks now much better ! some errors disapeared http://pastebin.com/d112826bc
<preesident> only i can send arm, drugs and woman....but the rest i can... :-)
<preesident> i cant send
<xperia2> this is the old test http://pastebin.com/d5d232ef5
<alex88> preesident: damn, i'm in italy..and all that i want are women... =)
<bogeyd6> xperia2 you need an A record for ns.wificom.ch
<xperia2> i need a A record ?
<xperia2> isnt this allready in the file ?
<bogeyd6> ns     IN      A       80.254.182.249
<xperia2> let me check
<bogeyd6> then restart bind9, then rerun your dns tool
<xperia2> wooow why does ubuntu server hangs for at least 5 seconds everytime i try to sudo
<bogeyd6> lets finish dns first
<bogeyd6> !noroot
<ubottu> We do not support having a root password set. See !root and !wfm for more information.
<bogeyd6> although i always set one and just SU root, but i come from the SuSe world
<alex88> SU root is fine also in ubuntu...have one too..XD
<xperia2> okay this is my actual file db.wificom.ch
<xperia2> http://pastebin.com/d682bb46
<mushroomblue> !wfm
<ubottu> Common Sense: Just because you can, does not mean you should (and especially recommend to others). Think before you do. "Works for me" does not mean it is ok. The latest version of everything is not always useful if you aim for stability. Please see http://geekosophical.net/random/worksforme/
<mushroomblue> hah.
<xperia2> now if i understand right i need to add this line here
<xperia2> ns IN A 80.254.182.249
<xperia2> right ?
<bogeyd6> right
<xperia2> this line here dont has anything to do with this as it has also already ns ? @       IN      NS      ns.wificom.ch.
<xperia2> or should i delete it ?
<bogeyd6> leave it in
<bogeyd6> ns record is a neccessity
<xperia2> okay i will now reboot bind9 then
<alex88> in irc to use a custom virtual host should i config my reverse query in my dns?
<bogeyd6> yay xperia2
<xperia2> does it works :-) ?
<bogeyd6> you should now rerun your registrar tool
<xperia2> okay :-)
<xperia2> woooow it looooks much much beter now ! it tell me a good sign with a small text "The name server does not fulfill all our recommendations." will now check the test result
<bogeyd6> running one nameserver on one ip address is bound to cause some errors
<bogeyd6> alex88 you should configure your reverse to get IRC to show it, They want to do a look up on the IP address and find a host name
<xperia2> bogeyd6: you are absolutley right. this is the only thing what it warn about all other things are okay ! http://pastebin.com/d31a479ab
<xperia2> WOOOOWWW i have now my own hosting solution ! you people here are great !
<bogeyd6> ok now you need to tell the registrar to set the ns.wificom.ch to your name server
<bogeyd6> or however you have that part going
<xperia2> okay
<xperia2>  will look for this
<bogeyd6> !apache2 @ xperia2
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<bogeyd6> !apache2 | xperia2
<ubottu> Sorry, I don't know anything about apache2
<bogeyd6> !apache | xperia2
<ubottu> xperia2: LAMP is an acronym for Linux-Apache-MySQL-PHP. However, the term is often used for setups using alternative but different software, such as Perl or Python instead of PHP, and Postgres instead of MySQL. For help with setting up LAMP on Ubuntu, see  https://help.ubuntu.com/community/ApacheMySQLPHP - See also the Server CD installation process (different in Edgy+)
<bogeyd6> you are going to need that next for virtual hosts and etc....
<bogeyd6> adios
<xperia2> i have allready running virtual hosts
<xperia2> okay bogeyd6: cant tell you how much i want to tank you and alex for the help
<xperia2> you have done a great job !
<alex88> glad to help..XD
<alex88> going to bed..cya tomorrow guys
#ubuntu-server 2009-11-05
<alex88[sleep]> xperia2: r u on?
<xperia2> yes i am ! wish you a good sleep alex. we see us sure tommorow
<alex88[sleep]> xperia2: thanks...btw, last thing, what you mean with virtual hosts?
<alex88[sleep]> for example redirect www.site.com to /var/www and mail.site.com to /var/www/mail? something like that?
<xperia2> exactly !
<xperia2> i need this for running then my subdomains
<xperia2> like page1.wificom.ch -> /var/www/page1  page2.wificom.ch -> /var/www/page2
<xperia2> think it must work
<alex88[sleep]> xperia2: it should..xD good luck so, when i'll buy my domain i'll use some nice irc vhosts..xD
<alex88[sleep]> btw...goodnight really now..
<xperia2> okay bye alex88
<Bookman> I am looking to get my LPIC certification so that I might be able to enter the Linux job market and was just wondering if there is an up to date self study course available online.  I am using IBMs developerworks, but it seems a bit dated as it is from 2005 I believe.
<qman__> from what I've seen, the LPI exam itself is a bit dated, so you should be fine
<qman__> they still cover 2.4 kernels AFAIK
<qman__> unless the exam has seen a major overhaul in the last year or two, you've got nothing to worry about
<Bookman> qman__: apparently the last exam version is current as of 2009-04-01
<qman__> ah
<Bookman> Not sure of what was updated though.  I do see things like /proc/pci no longer being used.  Obsoleted by lspci.  Things like that.
<qman__> yeah, when I was last dealing with LPI, it was way out of date
<qman__> covered stuff that's completely obsolete
<qman__> that's why I didn't bother taking it, figured I'd wait until they caught up and covered stuff I actually know
<Bookman> Well, I assume I cannot go too wrong continuing then.
<qman__> you might want to look up a newer source and compare
<mushroomblue> Bookman: URL for the developer works LPI study course?
<qman__> but if you're pretty familiar with the inner workings of the system you should be ok
<qman__> also, be aware of redhat and debian specific stuff, as opposed to just plain linux
<qman__> ubuntu is to the point where you never even bother with most of the stuff they cover, because it's all automated
<qman__> play with some less refined distros
<mushroomblue> yeah.
<mushroomblue> just install/compile gentoo
<mushroomblue> that'll get you ready for your LPI.
<qman__> gentoo, slackware
<qman__> maybe even freeBSD
<qman__> while BSD is considerably different from linux, it does require you to learn a lot about manually compiling and installing software
<Bookman> http://www.ibm.com/developerworks/linux/lpi/
<Bookman> mushroomblue: actually that is a great idea.
<mushroomblue> Bookman: gentoo is awesome, if I can say that without getting b&d
<qman__> gentoo certainly taught me a lot
<qman__> but it's not practical for most applications
<qman__> good toy and learning tool, though
<Bookman> There was also a build your own linux type of distro.  You start from the bottom and work up.....
<Bookman> Linux From Scratch or something like that
<qman__> gentoo is basically like that, except that it automates the downloading and compiling
<Bookman> Got it.  Would this all work in a VM or should this be really done on a play machine?
<qman__> well
<qman__> you should probably work on a real machine at least once, so that you encounter problems with your hardware
<Bookman> Good point
<qman__> I know that seems counter intuitive but dealing with that is an important thing to learn
<qman__> learning how to figure out what you need in your kernel and such
<Bookman> No, not really.  You never really learn about your car until you break down
<qman__> make sure whatever you use actually works in other linux distros first though
<qman__> test with ubuntu or whatever
<Bookman> So try a few distros is the best way.
<Bookman> Not just Debian based.
<qman__> yes
<Bookman> Thank you both for your advice.
<everythi_> mneptok: thanks for the advice earlier, but its still causing the error. (just for fun I tried a Xubuntu alternate install cd, same result)
<smoser> erichammond, or anyone else interested, there are hardy (8.04) ec2 testing builds available http://paste.ubuntu.com/310111/
 * erichammond dances a jig
<smoser> even pretty daily build output: http://uec-images.ubuntu.com/hardy/20091105/
<smoser> gah!
<smoser> they dont think they're "enabled" for ec2-init :-(
<smoser> phooey.
<preesident> ok alex88 i will see how can i send woman to Italy.... :-)
<preesident> lets the challenger....this situation, lets post the best out.
<preesident> machine with ubutun server instaled, dont have internet, dont have webmin, dont have winbox,
<preesident> how can you make browse configurations ?
<uvirtbot> New bug: #474523 in bacula (universe) "Bacula Version 3?" [Wishlist,Triaged] https://launchpad.net/bugs/474523
<smoser> well, those images were bad :-(. i pulled them, but started a build and push with a fix.). new images (listed http://uec-images.ubuntu.com/hardy/20091105/ ) have been sniffed, ssh access working.
<rags> Is there a way to configure sbackup to send mail alerts for every backup job completed?
<rags> or failures for that matter
<KurtKraut> rags, that will probably require some shell scripting.
<rags> KurtKraut: I am surprised...I mean it's something very basic...I thought I just missed a config option somewhere..but seems like the tools just doesn't provide this feature.
<JJman> can anyone tell me why mysql server would be running on a different port then is set by the config file (the default of 3306)  but netstat isn't showing that as the port thats mysqld is using??
<KurtKraut> rags, you should request it as a feature for sbackup developers.
<rags> KurtKraut: Yeh..I will...but I see many requests already...now to find the compelling reason y it's not implement..
<KurtKraut> rags, the s in sbackup stands for 'simple'. This can be a demonstration that the project meant to be really simple. I'm sure there is other feature rich backup solutions.
<rags> But a report is a must..at least an "OK backup complete"
<JJman> can anyone tell me why mysql server would be running on a different port then is set by the config file (the default of 3306)  but netstat isn't showing that as the port thats mysqld is using??
<KurtKraut> JJman, try lsof -i
<JJman6__> KurtKraut: ok.  this shows a completely different port than netstat showed.
<KurtKraut> JJman6__, could you paste the output netstat gave you and lsof gave you? I wouldn't expect different results.
<JJman6__> lsoft  gave me:  mysqld     2428    mysql   10u  IPv4   5236       TCP localhost:mysql (LISTEN)
<JJman6__> netstat gives: unix  2      [ ACC ]     STREAM     LISTENING     5237     /var/run/mysqld/mysqld.sock
<JJman6__> so 2 diff ports 5236 & 5237
<JJman6__> and well the config file says it should be running on port 3306
<KurtKraut> JJman6__, try lsof -i -P
<JJman6__> mysqld     2428    mysql   10u  IPv4   5236       TCP localhost:3306 (LISTEN)
<JJman6__> hmm ok
<JJman6__> i'm still confused
<JJman6__> as to which port i should be using to try and connect to  mysql (trying to connect phpmyadmin to DB on a different server)
<KurtKraut> JJman6__, Please use pastebin.com or pastie.org to paste me the full output of there two commands: lsof -i -P and netstat --ip -n
<JJman6__> k
<Maleko> hi. could anyone recommend me a simplest and lightest webserver out here? i just need it to host some files
<KurtKraut> Maleko, fnord, thttpd and monkey
<KurtKraut> Maleko, I belive fnord is the smallest and simplest.
<JJman6__> KurtKraut: http://pastebin.com/dac1a3b6
<JJman6__> that netstat output doesn't show anything useful
<JJman6__> just my remote connection
<KurtKraut> JJman, so netstat shows only this?!
<Maleko> KurtKraut: i will give fnord a try, that thttpd looks good too but it's last updated was 2003, and i cant find site for monkey
 * flyback is retiring from helping people on irc till further notice, I have had enough
<JJman> Yep
<JJman> with the cmd u gave
<JJman> netstat -l shows more
<KurtKraut> Maleko, http://www.monkey-project.com/
<KurtKraut> JJman, well, I rely more on lsof.
<JJman> i see that shows localhost:3306  but why then does it show 5236 for 'Device'
<JJman> i've tried connecting to mysql remotely using all 3 of those ports and none work
<KurtKraut> JJman, If I'm not mistaken, mysql only respond to localhost requests by default.
<qman__> ^^ this is true
<uvirtbot> qman__: Error: "^" is not a valid command.
<JJman> umm.
<qman__> uh, ok
<JJman> so it won't even accept external requests from phpmyadmin even.
<qman__> you have to configure mysql to listen on an IP if you want remote connections
<JJman> any idea how i can change that
<qman__> most LAMP configurations have the web server and database on the same server, so it only listens local by default for security reasons
<JJman> i want remote connection through phpmyadmin mainly
<JJman> (which is on a server behind same firewall)  so could i just use internal IP
<qman__> you always use internal IP
<qman__> external IP translation is handled by the router
<JJman> yea we've seperated the DB & web server out into seperate machines to improve security
<qman__> that actually creates a security risk
<qman__> but to each his own
<qman__> a proper firewall and well-configured SQL server can reduce that risk
<qman__> you're introducing network-based connections to your SQL
<qman__> where previously they were local only
<JJman> True.  but i was taught that this is the best way to do it.  Since your web server opens a number of potential risks especially since PHP runs on it.  so if ppl gain access to your webserver and your DB is sitting on the same machine they've got full access to your data
<qman__> not any more or less so than if the database is on another server
<qman__> because you have to open up the access to the database anyway
<qman__> database security comes down to the configuration
<JJman> not to mention its not very scalable to have your web & DB server on the same box
<qman__> that's the only good reason to do it that way, if you need the performance
<qman__> it is not at all better for security, and is actually worse for security
<qman__> and involves more work, and creates more poitns of failure
<qman__> points*
<JJman> I dunno
<qman__> though PHP, you have the same access to the database regardless of which system it is on, local or remote
<qman__> also, if someone roots your web server, your sql server is still accepting connections from it
<JJman> i can't really rebut that.   I can say for sure which way or another is better.   Just how i was taught
<qman__> so you haven't gained anything
<qman__> yeah
<qman__> I just want to make it clear
<JJman>  i meant i can not say for sure
<qman__> the only reason to separate your SQL and web servers is performance
<JJman> which in itself is a good reason
<qman__> a properly configured single-server setup is more secure than a properly configured multiple server setup
<JJman> although i've never seen any hard #'s  to indicate what a single machine can handle versus seperate web & db can handle
<qman__> it all depends on the hardware you're using and the site you're running
<qman__> it's a very tough thing to figure out and basically requires a test bed setup
<JJman> what about the bottleneck of your NIC.  sharing both web & db
<JJman> just slap in a dedicated NIC for web & DB?
<qman__> in a single server setup, database traffic never hits the network
<qman__> it stays local
<qman__> so you actually reduce your network load
<JJman> hmmm i guess that makes sense
<qman__> though the network card itself is very rarely a bottleneck for a web server
<qman__> more likely is the internet connection
<JJman> cause your not really going to have a DB request without the web first requesting it
<JJman> at least for web based apps
<qman__> the web based apps only return web traffic
<qman__> all the database traffic stays on the local machine
<qman__> and you only return web pages
<JJman> Well you definately present some valid points.  Now i wonder why i've wasted so much time configuring these servers seperatly
<JJman> yea thats what i meant
<qman__> the idea is, in a secure configuration, users can't directly request from the database
<qman__> they request a web page, which renders the information from the database
<JJman> Yep
<JJman> still comes back to at what point would a seperate DB be required for performance reasons
<qman__> if you get a whole lot of complex queries
<qman__> if you have a large database, querying it takes longer than sending the request and returning the result
<qman__> and eats up CPU time
<ninnypants> I'm trying to set dovecot as the MDA for postfix but keep getting this error
<qman__> so, you might not be able to handle both the database and the web server on the same hardware
<qman__> you have to have a pretty heavy load or application to need this kind of setup though
<ninnypants> postfix: fatal: /etc/postfix/main.cf, line 49: missing '=' after attribute name: "dovecot   unix  -       n       n       -       -       pipe     flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -d ${recipient} "
<qman__> and if you do, you'll probably use multiple web and database servers
<JJman> Well i'm going to be running Joomla based websites  So its a lot of data related stuff.  most everything is stored in the DB.  But we are hoping to grow rapidly and have in excess of 100k hits a day
<qman__> what kind of hardware are you running on?
<JJman> Well we haven't purchased our final hardware.   so i can't give exact specs  ;-)   We are starting out on some low end stuff.
<qman__> well that's what it all comes down to
<qman__> if you have quad xeons and whatnot, you could do it all on one server no problem
<JJman> but within a few months we will probably get a pretty hard core quad-core machine
<JJman> we are running multiple VM's
<qman__> if you're going with bargain bin single core athlons, you probably need more than one server
<JJman> our production server will definately be quad-core server stuff
<JJman> i'm setting up development & test servers right now
<JJman> which are on just old machines
<qman__> in your situation I would actually recommend, if one server is too slow, that you use two single-server setups and distribute the sites across the servers
<qman__> since there are a lot of databases, but each one is just for one site
<JJman> We aren't live with anything yet so we have no current load
<JJman> but our production server will have a good pipe.  100Mb+
<qman__> yeah
<JJman> if u don't mind my asking what kind of work do you do..  what are you qualifications  ;-)
<qman__> Am I correct in assuming your setup will be a whole lot of instances of one site and its database together?
<qman__> and not any large databases used by multiple sites?
<qman__> well
<qman__> I was the apache2/mysql admin on the baker college cyber defense team, we won the national level competition two years in a row
<JJman> Well its likely we will do the multiple instances scenario but haven't quite thought that far ahead
<qman__> http://nationalccdc.org/
<qman__> well, what I'm getting at is
<JJman> but its just as likely we will use a single large DB to handle all the sites.   I dunno at this point.   It comes down to how well the first site does and how large hte DB gets and what kind of performance requirements it will have when we are cruising all full speed
<qman__> if each site has its own smaller database, and you're not sharing information from one database across multiple sites, it's probably more efficient to run single-server LAMP setups, just more than one of them, and distribute the sites over the servers to balance the load
<JJman> Its probably easier to manage all sites with one DB
<JJman> oh they wouldn't need to be sharing information most likely.  they would be seperate
<qman__> I doubt that, keeping everything in one database for multiple ecommerce/CMS/web apps is a very bad idea
<qman__> it can get really messy
<JJman> in on DB server but seperate DB's on that server of course
<qman__> ok
<qman__> yeah, I would just set up a bunch of LAMP servers, rather than setting up remote mysql
<JJman> Like i said i really don't know how big to expect our growth to be on the back end.  so its hard to predict
<qman__> in what you're looking to host, it's scalable
<JJman> which would be easy through VM's
<qman__> it's not that hard to move databases from one server to another, if you need to move a site
<JJman> since thats how we plan to manage everything through VM's and snapshots
<qman__> and if your LAMP servers are VMs, they'd be easy to load balance across real hardware
<qman__> so
<qman__> server1 hosts 50 sites and the databases for those sites
<qman__> server2 hosts 50 more sites and the databases for THOSE sites
<qman__> etc...
<JJman> but you'd recommend we have seperate VM's environments per each site basically with its own web & db server
<qman__> no, not separate VMs
<qman__> that's way too much overhead
<qman__> I'd have a few VMs, depending on how many real servers you have
<qman__> and on each of those VMs, have a given number of sites with their databases hosted
<JJman> we will start with 1 powerful production server which should be able to handle all we need for some time
<JJman> we aren't going to have  a lot of sites really
<qman__> yeah but a VM per site is way too much
<JJman> k
<qman__> unless you're serving VPS
<qman__> just running one VM takes more resources than a dozen sites or more
<JJman> true
<JJman> ok.  so we will most likely be able to handle all of our sites iwthin 1 vm
<qman__> really you don't even need VMs for this setup, they only help if you want to set something up like an ec2 cloud
<JJman> The main thing i see growing is the DB needs
<qman__> where the VMs are dynamically load balanced on real hardware
<JJman> cause we might have a dozen or 2 sites at most i predict
<qman__> well, what you're going to run into, if you have an issue, is that too many databases are hosted on one VM
<qman__> which would happen the same regardless if you split it up my way, or if you had a separate DB VM
<JJman> right
<JJman> so whats the best way to handle the growth
<qman__> so, by just putting a few sites per VM (going on your figure of 12), with single-server LAMP configurations, you can distribute the load across VMs
<qman__> and then distribute the VMs across real hardware
<JJman> thats why it seems better ot just start out with seperate DB vm's
<qman__> but see, it's not any different than having full LAMP VMs
<qman__> which would be easier to configure and inherently more secure
<qman__> one more question
<qman__> does each site have its own IP?
<qman__> or just domain names
<JJman> so lets say for example you have 3sites in 1 VM and the DB for one site is getting too big and affecting performance of other sites.
<JJman> they will have their own IP's i'm sure
<qman__> ok
<qman__> continue with your example
<JJman> would it then just be time ti migrate say the big site tahts hogging resources to a VM & along with its DB
<qman__> yes
<JJman> so you'd then have 2 VM's  1 w/ 2 sites & 1 w/ the big site
<qman__> if the one site is too big and clogging the whole thing up, it's just actually easier to move the whole site with DB than it is to move the DB to a dedicated DB VM
<qman__> right
<JJman> Yea i think so
<qman__> in this way, it doesn't require much configuration change
<qman__> you literally just move the site configuration, files, and db
<qman__> and all you have to change then is the IP
<JJman> It'd be pretty easy.  just clone the 1 VM and kill the extra sites in new VM
<qman__> of course, it's worth noting that in this configuration, the VMs themselves are going to be the biggest performance hit
<JJman> Yea.  But it will gives us a good gauge as to when we need to expand our hardware needs also.  ;-)  when our VM's become maxed out means we need more server
<JJman> I reckon it will take us more than a year for sure to max out our first server!
<JJman> since we are buildinga  business from teh ground up
<qman__> well, not sure about real-world time
<qman__> but relatively, a nice quad core server is going to last you a while
<qman__> and when you max it out, you can get another, and move some VMs over to it
<JJman> Yea.   Ram is probably the first thing to go with VM's  I don't have a ton of VM experience.  but iknow Ram is the # one thing that gets eatin up with new VM's
<qman__> yes
<qman__> make sure you overdo it with the RAM
<JJman> yar.  for sure.  we'll probably start with like 16Gb  or so
<JJman> Min of 8Gb
<qman__> yeah
<qman__> with a quad core I'd start with no less than 8GB
<JJman> This will actually help reduce our requirements at first.  Since will only need 1 VM to start really
<qman__> that CPU is capable of quite a bit
<JJman> Rawr.  I want to build myself a quad-core machine for my dailey use
<JJman> So your a student?
<qman__> yes, about to graduate actually
<qman__> but I do this for more than just coursework
<qman__> it's a hobby and a profession :)
<JJman> yar
<JJman> ditto
<JJman> i've been in and out of hte industry.  i went back to school recently to refresh some stuff.  now i'm helping build a company (As a Web & DB developer)
<JJman> But since we have no linux ppl  on the team i'm also stuck with all the network server setup as well.
<JJman> actually i think i remember just before i left school like 6months ago.  our instructor had asked for volunteers for a competition that sounds like what you did.
<JJman> It was a DB Admin class i was in
<qman__> ah
<JJman> Might have been the same event
<qman__> yeah, actually my degrees are with microsoft minors, but I can confidently say I'm better with linux than windows
<JJman> lol.  Yea i used to work for Microsoft
<qman__> I would have taken linux minors but they weren't offered due to lack of interest
<JJman> Yuppers
<JJman> I've drop kicked microsoft products now and use Linux exclusively
<qman__> I'm definitely linux powered, I only keep windows around for games
<JJman> Counter Strike Source  Rawr
<JJman> Yep me too
<JJman> I've been meaning to try and get CSS running in Kubuntu,  but been too busy with work stuff & trying to make money
<qman__> I used to run my games on linux back with 6.10
<qman__> it actually worked well then, but then some changes went through and wine just wasn't keeping up
<JJman> I run a few windows programs in KDE now.  some with marginal success
<qman__> so I keep the one windows box
<JJman> I play poker online.
<JJman> Full Tilt used to work in Wine but hasn't worked for me in last 2 versions.  Fortunately PokerStars still works well
<terin_webchat> why des -server install x11?
<kblin> what did you select as additional packages?
<terin_webchat> kblin: nothing... hint enter instead off the spacebar when i wanted to select OpenSSH
<qman__> I think there are a couple x11 packages it depends on for console fonts
<qman__> but it should not be installing X server at all
<kblin> I just see the x11-common and x11-client libs
<terin_webchat> kblin: ok... i just freaked
<kblin> terin_webchat: the server packages are called xserver-xorg-*
<kblin> you shouldn't see any of those
<terin_webchat> kblin: i changed my mind about the encrypted $HOME... easiest way to turn that off (new, mint, system)
<qman__> easiest? reinstall
<qman__> if you haven't done anything
<terin_webchat> qman__: and wait for installation again?
<qman__> ten minutes isn't so bad
<terin_webchat> qman__: 10 minutes, ha!~
<kblin> terin_webchat: I'm sure you can turn that off, but I've never turned it on, so I don't know what "encrypted home directories" actuall does
<qman__> 10 minutes is a liberal estimate
<terin_webchat> kblin: it uses encryptfs to encrypt home... sounded like a great idea... until i remembered what machine i was on
<qman__> I've brought a production LAMP server in 10 minutes, site, database, and all
<terin_webchat> qman__: interesting
<qman__> if it
<qman__> 's taking considerably longer than that
<qman__> you have a pretty significant hardware bottleneck
<kblin> you're on a lousy internet connection?
<kblin> :)
<terin_webchat> qman__: i think it's the old CD drive i dug up for installation
<qman__> I always skip networking during the install
<qman__> speeds it up immensely
<kblin> terin_webchat: ok, I take /home is not actually an encrypted partition?
<qman__> set it up after reboot, then update
<terin_webchat> kblin: encrypted directory (or file, or something)
<terin_webchat> qman__: the installer does it for me
<kblin> qman__: the last few servers I installed, I created root filesystems on SD cards :)
<terin_webchat> guess i could pull the cable
<qman__> kblin, how does that go for longevity? I've wanted to do something similar but was worried about burning them out
<qman__> I've got one server with a 4GB hard drive of old
<kblin> qman__: as long as you don't write lots of data to it, you should be fine
<qman__> my concern is the logs
<kblin> hm, so far I haven't seen any problems, and one of the boxes is running for a year now
<qman__> oh, nice
<qman__> I suppose I could use two, and put /var on a separate one
<qman__> just in case
<qman__> backup the logs nightly and if it tanks, just replace that card
 * kblin nods
<kblin> basically for a couple of bucks a card, I didn't worry too much
<qman__> oh, it's not really the cost I'm worried about, it's the hassle and downtime
<qman__> but if you've had one up for a year, that's long enough for me
<terin_webchat> so far my server's been down more than it's been up
<kblin> terin_webchat: about the home dirs, can you pastebin /tec/fstab?
<Jeeves_> Morning
<terin_webchat> kblin: i would, but seeing as how mkfs just went to the disk
<kblin> ok, no worries then
<soren> ttx: Welcome back.
<ttx> soren: o/
<Jeeves_> soren: If you've got time to debug ubuntu-vm-builder somewhere today, please let me know
<soren> Jeeves_: Can you start by showing me the exact command line you're using?
<Jeeves_> soren: Doing a full run now, i'll pastebin stuff in a few minutes
<terin_webchat> kblin: i named my box nouptime
<Jeeves_> soren: http://pastebin.ubuntu.com/310395/
<Jeeves_> That's the complete output, including some stuff I do configuring the iscsi lun
<Jeeves_> cmdline is at line 29
<soren> Jeeves_: Could you try not using the --raw option?
<soren> It has... um... issues :(
<Jeeves_> soren: What should I use to get it on a device than? :)
<soren> Jeeves_: Let's deal with that afterwards. So far, you've claimed it was all about virtio and whatnot, and I'd like to debunk that first.
<terin_webchat> anyone know how to lookup a user's groups from the CLI?
<soren> terin_webchat: groups
<soren> terin_webchat: groups name_of_user
<terin_webchat> soren: now i feel like an idiot
<Jeeves_> :)
<soren> :)
<Jeeves_> soren: http://pastebin.ubuntu.com/310405/
<soren> Jeeves_: So it worked? Great.
<soren> Jeeves_: One option now is to simply move the image onto your device. "kvm-img convert" can do this for you until I fix this properly in VMBuilder.
<Jeeves_> Yes, it did
<Jeeves_> root@kvm3:~/kms-vms/ubuntu-kvm# qemu-img convert disk0.qcow2 -O raw /dev/sdf
<Jeeves_> qemu-img: Error while formatting '/dev/sdf'
<soren> I wonder what that means.
<Jeeves_> :)
<soren> Could you try stracing int?
<soren> it?
<Jeeves_> http://pastebin.ubuntu.com/310411/
<soren> Jeeves_: Sorry, hit the wrong button there :)
<Jeeves_> Hmm?
<soren> Jeeves_: Oh, you're using -O raw. Use -O host_device instead.
<Jeeves_> https://help.ubuntu.com/community/KVM/CreateGuests that might need altering too than
<Jeeves_> That seems to work better, it takes more time. :)
<Jeeves_>   13  br3                      453.03KiB       7743     116.47MiB      13810
<Jeeves_> Writing quite fast too :)
 * soren wonders what caused him to /PART that time.
 * soren blames empathy
<Jeeves_> empathy sucks, if you ask me
<Jeeves_> irssi++ :)
<Jeeves_> Ok, the converted disk works
<terin_webchat> well... printing a document then going down... will finish setting up the server in the morn
<soren> Jeeves_: Yeah, I use irssi too. I've started using bip as a proxy (since yesterday), and wanted to see how it worked if I had more than one client connected to it at a time. Specifically, I was hoping to use empathy purely for notifications, and leave the actual IRC usage to a local irssi, but apparantly, I'm not clever enough to use this.
<pwnguin> screen+irssi + libnotify ftw
<Jeeves_> soren: Just stick to the console :)
<soren> pwnguin: That's what I've been doing so far.
<pwnguin> although i guess its not smart enough to discard notifications when you're connected to the screen session
<Jeeves_> soren: Anyhow, it seems that indeed the --raw function is giving me troubles
<Jeeves_> soren: No quick fix for that, I'm afraid?
<soren> pwnguin: Well, sort of. I've configured irssi to dump anything that would usually get hilighted into a file, and have a script that tails that file. When something turns up in it, it calls out to notify-send.
<soren> Jeeves_: Sorry, no.
<soren> Jeeves_: Not that I know of, anyway.
<Jeeves_> soren: Might be handy to disable that feature than
<pwnguin> soren: right, but it still pops up if you're at the console in question
<soren> pwnguin: Yes? That's what I want.
<soren> I don't actually close my IRC session, I just don't stare at it all day.
<soren> but when people say my name, I probably want to go look at it.
<pwnguin> soren: what i mean is, in situations where youre already paying attention to irc, you dont need a popup
<soren> If I close my IRC session, it's because I do /not/ care about IRC.
<soren> pwnguin: meh
<pwnguin> anyways, its bed time for me
<pwnguin> i gotta write a resume and philosophy of teaching doc tomorrow =/
<soren> pwnguin: To fix that, something would have to inquire whether the window in which my irc sessions runs is partly or fully visible. Way too many layers of goo to work through. It's a mild nuisance at worst. I hadn't even thought about it until you just mentioned it.
<alex88> morning all!
<alkisg_work> To connect a serial UPS to my ubuntu server, do I need to `modprobe serial` or anything similar? I.e. is the serial module needed for UPSs, and/or loaded by default?
<Jeeves_> alkisg_work: Serial works by default, usually
<alkisg_work> Jeeves_: thanks - should I be seeing it with lsmod? I only see "serio_raw"...
<Jeeves_> alkisg_work: I would be looking at /dev/ttyS0 or /dev/ttyS1, not lsmod :)
<alkisg_work> Ah, thanks. /me has no clue about serial modules & UPSs... :(
<Gorlist> Morning
<Gorlist> ive got a slight proftp concern, today in my logs ive had a number of logins to user "ntml" (which shouldn't doesn't exist), they are then chroot over to a specific subdomain directory. Its coming from allot of different IP address - but I can't track the user at all. How can block this?
<Jeeves_> Gorlist: You can try fail2ban
<Gorlist> already running
<Gorlist> the problem im having is their is no authentication - so its not failing
<Gorlist> example:
<Gorlist>  pam_unix(proftpd:session): session closed for user ntml  pam_unix(proftpd:session): session opened for user ntml by (uid=0)
<Gorlist> they only login 1 time, each time with a new ip address
<Gorlist> right ntml does exist
<Jeeves_> Than there's nothing you can do, except /etc/init.d/proftpd stop
<jhan> how do i configure apt-get server in ubuntu 9.4machine
<jhan> apt-get client also.i going to update all packages only server, not for internet
<Gorlist> thanks Jeeves, solved the problem. Some smeghead on the server has gotten their ftp password compromised, so someone had logged in changed and been trying to empty the database.
<Jeeves_> Gorlist: You do realise that all '/etc/init.d/proftpd stop' does is stopping the ftp-server?
<Gorlist> yes yes
<Gorlist> sorry was monitoring the logs
<alex88> hi all, i have my server ram increasing, and reboot is the only solution to reboot...how can i solve this problem?
<Gorlist> what happens if you just leave it
<Gorlist> have you checked top
<Gorlist> to see what app might be sucking it up
<alex88> greenfly: yeah, running top i have some app using about 6-9 % of ram like apache, bind etc..
<alex88> for example, now i't 55% used, after restart about 25-30% but apache etc are already running
<maxstirner> Hello, I got an ubuntu server with a drupal6 package on it, and I've been manually adding security updates to it. As & when the package gets updated, does this conflict in some manner? What's the "proper way" of handling this?
<uvirtbot> New bug: #475288 in samba (main) "Cannot unmount share if host is down" [Undecided,New] https://launchpad.net/bugs/475288
<Skaag> I have an ibm serveraid 6i controller, one of the drives in the raid is faulty, but I can't find a utility that will talk to the ips kernel module and give me information
<alex88> if i have a vps with domain, how can i configure my own dns to get custom hostname in irc connection?
<kwork> is there something like cpu-z for linux, where you can see the memory slots and the modules details
<Daviey> alex88: you need to set the reverse dns, or PTR record
<Daviey_1> alex88: like this?
<Spajderix> hi
<Spajderix> i have fresh 9.10 installation, installed mysql, and configured it to use multiple mysqld instances with [mysqldN] configuration, with mysqld_muliti everything works fine, so i added link to /etc/init.d and made my system to stat it on boot, but after restart i find that it's not running and folder /var/run/mysqld is missing, anyone has any idea what might removed me this folder ??
<Spajderix> to make it clear, after creating /var/run/mysqld folder everything goes to normal till next reboot, tested multiple times with start/stop/report
<alex88> Daviey: ok thanks man
<alex88> i'll do it later..in italy to register a domain you have to send a fax to .it registar... -.-
<alex88> Daviey: Daviey in named.conf.local i have to add zone "98.198.94.in-addr.arpa"
<Daviey> alex88: it would be worth checking first the ability to set PTR for your IP is delegated to you
<alex88> and in the db file "82      IN      PTR     irc.alexnetwork.it"
<alex88> Daviey: it is, in my domain i can choose dns servers to use
<alex88> and i can use my own
<Daviey> alex88: but for the IP address?
<alex88> what you mean?
<Daviey> alex88: check if it works, but if it doesn't you need to speak to the owner of the IP address.
<Daviey> (range)
<alex88> Daviey: ok thanks for help, i'll do it..
<spiekey> Hello!
<spiekey> my fs claims to be full, but i still have 40% space left.
<spiekey> am i running into some other limits?
<_ruben> inodes possibly
<_ruben> which could happen if you have lots and lots of small files for instance
<ghankstef> tryning to set my system clock and having no luck.   What's the best way to do it?  tried date --set "2009-11-05 08:33:00"  but doesn't take
<Vash108> I am attempting to install Server for the first time. When looking at the walk through instructions it shows a GUI, my install does not use this and I downloaded the newest ISO. What am I doing wrong?
<ghankstef> Vash108, my server has no GUI
<Vash108> This is what it is showing on the install page
<Vash108> https://help.ubuntu.com/community/GraphicalInstall
<Vash108> My install looks different
<Pici> Vash108: That page is not for the server install, its for the desktop install.
<acalvo> hi
<Vash108> ah
<acalvo> how's it going around here?
<Vash108> i just caught that
<Vash108> Do you know of any place that has a server install walk through?
<Vash108> I am having trouble with the partition setup. This will be my first linux server install ever. I am a fish out of water sadly on this.
<acalvo> Vash108: what are your questions?
<acalvo> is pretty straight-forward
<Vash108> I am telling the installer to use the entire disk and it creates a partition, but it keeps failing when I try to continue
<acalvo> what version are you trying to install?
<acalvo> jaunty?
<acalvo> karmic?
<Vash108> Ubuntu Server 9.10
<uvirtbot> New bug: #475457 in tomcat6 (main) "Adding JSVC_CLASSPATH to /etc/default/tomcat6" [Wishlist,New] https://launchpad.net/bugs/475457
<aubre> I think I want to set the console color of my ubuntu servers to brown
<acalvo> aubre: check ~/.bashrc
<acalvo> man bashrc
<aubre> acalvo: ty
<aubre> acalvo: thanks
<JJman> i had to reinstall phpmyadmin and now i have 2 .conf files with different info in them.  Not sure if i can delete one of these nor what should really be in there.  as i'm getting an error on my page about "Connection for controluser as defined in your configuration failed."
<gioele> is there a way to tell to the ubuntu server installer to install a certain list of packages?
<nijaba> gioele: yes, through pre-seeding or kickstart.  I talk about it in the automated deployment WP @ http://www.ubuntu.com/products/whitepapers
<gioele> nijaba: they are exactly what I was looking for. Thank you
<acalvo> JJman: do a diff and check the changes
<JJman> i can see the diff.  the user & pw are diff.
<JJman> i'm experimenting changing it as i changed hte name of root anyway!
<JJman> but i'm getting another error message in phpmyadmin (browser):
<JJman> Your PHP MySQL library version 5.0.75 differs from your MySQL server version 5.1.31. This may cause unpredictable behavior.
<acalvo> JJman: maybe you should update your mysql DB of phpmyadmin
<acalvo> to the new one
<acalvo> http://localhost/phpmyadmin/update would be a guess
<JJman> i did.  i installed 5.1 at the same time i installed phpmyadmin
<acalvo> JJman: check the php-mysql library
<JJman> how  ;-)
<acalvo> dpkg -s php5-mysql
<JJman> 5.2.6.dfsg.1-3ubuntu4.2
<acalvo> JJman: which version are you using? 8.04? 9.04? 9.10?
<JJman> 9.04
<acalvo> same as I do
<acalvo> try to reinstall the package
<JJman> i had to reinstall mysql-server  i installed the mysql-client-5.1 & server-5.1
<JJman> when i reinstalled phpmyadmin it uninstalled mysql (was not happy about that)  and it tried installing mysql 5.0
<acalvo> weird
<acalvo> should'nt do that
<JJman> shouldn't but it did
<acalvo> what version of phpmyadmin are you trying to use?
<JJman> if i had actually had any data in there i would have been PISSED
<JJman> whatever version it installs by default  ;-)
<acalvo> JJman: deleting a package does not remove its data
<acalvo> 4:3.1.2-1ubuntu0.2
<JJman> i purged
<acalvo> does not matter, data that does not come with the package is not deleted
<JJman> mysql  Ver 14.14 Distrib 5.1.31, for debian-linux-gnu (i486) using  EditLine wrapper
<JJman> thats the version i want.  thats whats installed
<JJman> but i don't know why phpmyadmin is having problems with that
<JJman> Your PHP MySQL library version 5.0.75
<JJman> so what i do to make them happy.
<acalvo> JJman: try to purge phpmyadmin
<acalvo> then delete anything it can leave
<JJman> ugg thats exactly what i already did
<acalvo> mmm
<JJman> ok trying again.  should i deconfigure db?
<acalvo> mmm
<acalvo> try to remove the DB from mysql
<acalvo> but not mysql
<nxvl> kirkland: question about encrypted home directory: if i boot a livecd and change the password by hand (crack the user login using a livecd) will that password decrypt my home directory aswell?
<JJman> arg it fails
<JJman> prolly cause my user is no longer called root
<acalvo> JJman: mysql root?
<JJman> yea i renamed it
<JJman> reinstalling
<acalvo> oh
<acalvo> well, does not matter
<JJman> ok here's the problem.  when i install phpmyadmin it wants to REMOVE mysql 5.1 client & server & install 5.0
<JJman> I DON"T WANT 5.0  why the 3)($@#)$(*@#() is it doing this
<acalvo> JJman: the problem is not related to phpmyadmin
<acalvo> Depends: libapache2-mod-php5 | php5-cgi | php5, php5-mysql | php5-mysqli, php5-mcrypt, perl, debconf (>= 0.5) | debconf-2.0, dbconfig-common
<JJman> why is it downgrading mysql version then.
<mathiaz> smoser: bug 475354
<uvirtbot> Launchpad bug 475354 in eucalyptus "Hostname not set correctly on UEC cloud due to IP address in local-hostname manifest data" [Undecided,New] https://launchpad.net/bugs/475354
<mathiaz> smoser: I think we've already discussed this around release time - what was the outcome again?
<JJman> The following packages will be REMOVED:
<JJman>   mysql-client-5.1 mysql-server-5.1
<JJman> The following extra packages will be installed:
<JJman>   mysql-client mysql-client-5.0
<acalvo> JJman: it seems that some other package needs mysql-5.0
<JJman> its not even reinstalling mysql server  only the client.  This is fubar
<smoser> mathiaz, i think we determined that it wasn't release critical.
<mathiaz> smoser: agreed.
<smoser> and i dont really have a great idea on how to solve it. local-hostname pretty clearly is "local hostname"
<mathiaz> smoser: IIRC it was an issue in ec2-init
<smoser> well, the bug is very clear and does a good job of explaining.
<smoser> on ec2, the 'local-hostname' metadata includes a local hostname
<smoser> on euc, it contains an ip address
<smoser> so when ec2-init consumes this, and sets hostname, it uses the first dot-delimited token of the ip address
<mathiaz> smoser: ah right. It's an issue with UEC meta-data service then
<smoser> obviously we could be more forgiving in ec2, but ideally euca would provide a hostname in something labeled 'hostname'
<smoser> the issue is that i'm not sure if euca deals with hostnames at all right now
<JJman> so does this mean phpmyadmin is useless if i want to use the mysql 5.1
<smoser> ie, i dont know that they provide a dns service for the local names where such a generated hostname would resolve
<acalvo> JJman: no, since I've it installed correctly
<JJman> errr whats that then
<mathiaz> smoser: re bug 421707 - up to hardy landscape-client (and its dependency such as smart) wasn't in the official archive
<uvirtbot> Launchpad bug 421707 in landscape-client "landscape-client cron job is broken" [Undecided,Fix committed] https://launchpad.net/bugs/421707
<mathiaz> smoser: they're published in the landscape PPA/archive instead
<smoser> mathiaz, right. thus the need for copying to ppa. you need to read the bug, mathiaz
<smoser> they're *not* there :)
<mathiaz> smoser: they're at http://landscape.canonical.com/packages/hardy
<smoser> hm... why the dual maintenance ? ppa and above
<smoser> that said, i talked with free, and the ppa is in the process of being updated.
<mathiaz> smoser: great.
<mathiaz> smoser: in the past, PPA weren't signed
<smoser> ah.
<mathiaz> smoser: and back in the hardy/dapper timeframe PPA didn't exist at all (not sure for hardy)
<kirkland> ttx: nurmi: zoopster: http://pastebin.ubuntu.com/310696/
<lenios> nxvl, the newly generated password won't be able to decrypt the data
<nxvl> lenios: that's what i thought
<acalvo> JJman: try searching another package
<acalvo> JJman: BTW, did you update or is a fresh install?
<MagicFab> anyone with IPMI here ? I can't seem to access IPMI information from the LAN. -I open work fine though.
<MagicFab> Can't ping the IPMI IP either, this is on a Dell PE 1850
<Reepicheep> MagicFab: I use IPMI,  it's kinda a love hate relationship .. just not on a dell
<Reepicheep> if you can't ping .. it probably isn't configured correctly
<Reepicheep> does your IPMI use a dedicated nic or does it share one of the system nics?
<timrc> MagicFab: You're clearly another early adopter bloodied by Ubuntu's Karmic Koala, even if you aren't even using Karmic Koala :)
<MagicFab> Reepicheep, shared
<MagicFab> Reepicheep, at boot it reports DHCPing to a valid network address on my LAN though
<MagicFab> timrc, nice troll
 * timrc wipes a tear from his eye and goes back under his bridge
<Reepicheep> does Dell provide you with a configuration utility that runs from linux? or do you have to configure it from the bios or boot media of some sort?
<Reepicheep> I have never actually used ICMP with DHCP.. I have always set static IP on them
<jmedina> Reepicheep: try http://linux.dell.com/
<Reepicheep> jmedina: thanks, I guess that came across as me asking the question .. I don't actually use dell servers. the question should of been directed at MagicFab
<alex88> mmhh.. x forwarding, installed gedit on server, ssh -X, #gedit -> Gtk-WARNING **: cannot open display: any help?
<ghankstef> I have this in my crontab for the aegir user: /usr/bin/php '/var/aegir/drush/drush.php' hosting dispatch --php="/usr/bin/php" --root='/var/aegir/hostmaster-0.4-alpha2' --uri=http://aegir.advanceitmn.org
<ghankstef> but get a mial form cron saying: cannot open ?php: No such file
<ghankstef> mail
<ghankstef> where did I go wrong
<ghankstef> ?
<ghankstef> runs fine from the command line as aegir user
<ghankstef> hmm this appears related http://drupal.org/node/615364
<ghankstef> looks like putting SHELL=/bin/bash at top of crontab may do the trick  - would explain why it works when running as aegeir iser from command line as I gave aegir the bash shell
<jcastro> kirkland, 15 minute warning sir!
<kirkland> jcastro: word
 * kirkland fills up coffee cup
<greenfly> anyone noticed karmic kickseed seeming to ignore kickstart-style partitioning?
<greenfly> same partition config that worked with jaunty stopped working on karmic
<greenfly> just generated a new partition section from system-config-kickstart in case syntax changed, and it still pops up with the standard partition dialog
<netrat> i'm using postfix along with spamassassin and procmail. i have postfix set to hand over email to procmail with mailbox_command = /usr/bin/procmail.... my procmail configuration file is in /etc/procmailrc, everything is working except the user's .procmailrc in their home directory is not processed. can you have a global procmail configuration and per-user at the same time?
<xperia2> bogeyd6-: are you online ? have added to my bind9 domain conf fil db.mydomain.com the mx line for resolving mails on my ubuntu server as i want to send and recieve mails on my server. but for what exactly is the number 10 good in this line
<xperia2> IN      MX      10      smtp.example.com.
<xperia2> isnt it better having @    IN      MX      smtp.example.com.
<Reepicheep> xperia2:  the number is the priority
<palt> I have a karmic server and have configured /etc/network/interfaces to use a static ip. When I run /etc/init.dnetworking restart I get the correct static ip, but after some time, the server have taken a new dhcp ip. Why is that?
<Reepicheep> the lower the number the higher the priority
<Reepicheep> xperia2: the @ sign usually just indicates a record for the domain itself opposed to a record for a host within that domain
<uvirtbot> New bug: #475230 in dhcp3 (main) "/etc/dhcp3/dhclient.conf suggestion" [Undecided,New] https://launchpad.net/bugs/475230
<Reepicheep> palt: can you pastbin your interfaces file?
<xperia2> ahh okay in this case i dont need this @
<xperia2> for the mail resolving
<Reepicheep> xperia2: I usually explicitly define the domain where the @ sign is just to be safe.. something like this:
<Reepicheep> example.com. IN MX 10 smpt.example.com.
<palt> Reepicheep: http://pastebin.com/d1bcb7ca4
<smoser> kirkland, ping
<palt> I have a lot of debian servers and there I only need to change the /etc/network/interfaces to configure the static ip's :)
<kirkland> smoser: very occupied in #ubuntu-classroom right now
<smoser> ah
<smoser> k
<Reepicheep> palt: that looks ok.. you are after a 23bit mask, is that correct?
<xperia2> Reepicheep: interessting ! could it be that you have a working mail server on your ubuntu. this is something that i am trying at the moment to do. i can send mails allready over my isp mail gateway but i need to recieve mails on my server using my domain
<smoser> later then.
<zul> wheee did my first merge with bzr-builddeb
<Reepicheep> xperia2: you should be able to test your DNS settings with dig to verify that the MX records are set correctly
<Reepicheep> they need to be set before you will be able to receive mail
<xperia2> Reepicheep: thanks for the hint. i have chaged the line as you described and executed dig for testing my dns
<xperia2> this here is the output http://pastebin.com/d3ff99c95
<xperia2> it looks like that my mx entry is not working
<palt> Reepicheep: As far as I can remember yes :)
<palt> Reepicheep: I could add that this is a virtual machine, but it is the only one on the host with this problme
<jcastro> greenfly, an installer person would probably know better, evand perhaps?
<palt> *problem
<jcastro> greenfly, I don't use partitioning in my kickstarts so I can't really check
<Reepicheep> xperia2: call dig this way to check your MX records "dig example.com MX"
<greenfly> jcastro: I know cwatson has done a lot of work on it as well
<xperia2> Reepicheep: thanks will test again !
<jcastro> greenfly, yeah it's either one or the other
<greenfly> jcastro: just weird that it all just stopped working
<greenfly> it's like the clearpart command takes effect but any part lines are ignored now
<jcastro> do we know if it changed upstream?
<jcastro> I recall a spec at some point about catching up to upstream kickstart commands
<jcastro> but it's all a blur right now
<greenfly> jcastro: that's why I tried to test with system-config-kickstart assuming if the syntax changed it'd be reflected in there
<greenfly> if the syntax /has/ changed, it hasn't made it to that package
 * jcastro nods
<xperia2> Reepicheep: WoooW ! it looks great now :-) http://pastebin.com/d2b9e0dfd
<jcastro> greenfly,  my upgrade went fine, however I haven't tried a kickstart since then
<jcastro> if I find something I'll let you know
<greenfly> thanks. if you use the automated partitioner schemes you probably won't notice anything
<jcastro> I do
<greenfly> but if you want to do anything outside of that, like add a /home or /opt or whatever, it seems to not work
<jcastro> I choose the "blow up my disk for all I care" option
<xperia2> need now to open the smtp port on the router and test if i am able to receive mails :-)
<greenfly> tried to revert to a preseed config too and that didn't seem to be seen either
<greenfly> jcastro: yeah I blow away any existing partitions, but it's more like it's just not reading the part lines
<Reepicheep> xperia2: yeah.. according to that you have your MX records defined correctly on your name servers
<Reepicheep> xperia2: it looks like you are using an internal name server.. if you want email from the Internet you need to make sure that your public Name servers for your domain resolve correctly
<Reepicheep> xperia2: in addition to your internal name server
<netritious> Hi, i installed iptables in karmic server i386, but I receive the error 'FATAL: Module ip_tables not found.' (full error: http://pastebin.com/m7e502f61 ). iptables -h returns the help text so it is installed. I think it's configuration but not sure...how to fix?
<xperia2> Reepicheep: thank you for this clarification ! at the moment the webdomain is not activated but it will be in the next 2 days. testing at the moment if it will work to send a mail like to test@x.x.x.x (staticip) and if it will works for at least to know if everything works good on the ubuntu server
<Reepicheep> netritious: what kernel are you running?
<netritious> 2.6.31-14-generic-pae
<jmedina> a
<Reepicheep> netritious: is that a minimal JEOS install then?
<netritious> Reepicheep: yes..I used mode 'minimal vm' for install
<netritious> Reepicheep: running in a VMware Server 1.0.9 vm
<Reepicheep> netritious: that kernel may not include that module
<Reepicheep> netritious: run this to see if the modules even is there for that kernel
<Reepicheep> find /lib/modules/`uname -r` -name ip_tables.ko
<netritious> Reepicheep: empty return
<Reepicheep> netritious: the JEOS install is very stripted down .. even the kernel is
<xperia2> well with thunderbird sending a mail to a adress like this test@x.x.x.x (staticip) dont work at least have to wait till the domain is activated
<netritious> Reepicheep: hm, so reinstall or recompile kernel?
<Reepicheep> netritious: you may be able to install the server kernel in the JEOS install
<netritious> Reepicheep: I'm definitely interested in something expedient
<netritious> Reepicheep: however, I'm not so far in that I can't just reintall
<Reepicheep> netritious: well backup anything important first.. but you may be able to just run:
<Reepicheep> sudo apt-get install linux-image-server
<smoser> soren, zul ping
<zul> smoser: yeeeeeees?
<smoser> what do you think about this... we build hardy images with ubuntu-on-ec2 ppa
<zul> smoser: we are doing that now arent we?
<smoser> the existing images (20090422) do not have said ppa in their /etc/apt/sources.list
<smoser> should that be "fixed" ?
<zul> yeah that was on purpose
<zul> afair we only wanted the basic /etc/apt/sources
<zul> besides if you happen to upload a "corrupt" image with a broken ec2-init then you will have some upset users ;)
<smoser> right. thats what i was thinking... although, that is the case with the real archive too
<smoser> and if we did put the ubuntu-on-ec2 ppa in, we'd need to get the keys in there also
<netritious> Reepicheep: apt replied that it required linux-image-generic-pae, which in turn required linux-image-image-2.6.31-14-generic-pae..installing atm
<zul> smoser: true but the other use-case is that these can be throw away iamges
<smoser> what is "these" ?
<zul> smoser: the images sorry im context switching between multiple things
<smoser> the reasoning i'd have for this is that you have software from a repository installed on /, i think ideally the repository from which it came is in your sources.list. but i wont go against the existing solution now. especially since it is only for hardy (ie, no need for this in karmic/lucid)
<zul> ok
<smoser> just wanted to see if you thought it was just overlooked and badly broken. i'm happy knowing someone else thought aobut it
<zul> smoser: no problem
<zul> thanks for asking
<netritious> Reepicheep: ok, it's stange to me this worked, but apt-get install linux-image-`uname -r` did the trick
<netritious> Reepicheep: well that and a reboot
<netritious> Reepicheep: oh, and before the reboot i did follow that up with apt-get install linux-image-generic-pae and apt-get install linux-image-server...
<netritious> Reepicheep: after reboot sudo iptables -L does not return an error (works as expected)
<netritious> Reepicheep: there seems to be a 'gotcha'...on boot I receive this error now: ACPI: I/O resource piix4_smbus [0x1040-0x1047] conflicts with ACPI region SMB_ [0x1040-0x104b]..this happened with hardy and jaunty (all vairants)..the only ill affect being a 20-30 sec latency on boot
<netritious> Reepicheep: I was pleasantly surprised when I used the minimal_vm mode for install that this the issue was resolved...so is there to track down the offending module and disable it?
<netritious> *is there a way
<kirkland> smoser: back now
<kirkland> smoser: wazzup
<smoser> regarding perisstent network storage
<smoser> you mentioned NFS or iscsi
<smoser> but impllied that the guests disks were stored as images on a filesystem
<smoser> (as they are right now)
<kirkland> smoser: right NFS clearly being a joke
<kirkland> smoser: right
<kirkland> smoser: it could be iscsi as a disk image itself
<smoser> right. the other option is that the instance actually is given a block device that the host also sees as a block device
<smoser> and that block device is detached and attached to migrated-to host
<smoser> i think that is more "how the big boys would do it"
<netritious> pace_t_zulu: how's it going?
<pace_t_zulu> netritious: good ... u?
<netritious> good :)
<smoser> i'd be surprised if that were achievable in lucid, but that allows you to so much more take advantage of high end storage. kirkland
<smoser> and, kirkland, how'd your class go ?
<kirkland> smoser: well enough ;-)
<kirkland> smoser: i think that's an excellent approach
<kirkland> smoser: and agree with "big boys" comment
<kirkland> smoser: maybe "big people"
<kirkland> smoser: hmm, that's probably offensive too
<smoser> true
<kirkland> smoser: "adults"?
<kirkland> smoser: offends kids....
<smoser> cool kids
 * kirkland gives up
<kirkland> smoser: ah, but that offends the geeks and dorks
<kirkland> smoser: anyway, you should respond on thread with that
<kirkland> smoser: or add it to the wiki
<smoser> but really,thats not going to happen in lucid
<kirkland> smoser: mdz indicated that persistent network storage is not required for lucid either
<kirkland> smoser: so we should keep it tracked as wishlist
<smoser> yeah... that sucks
<kirkland> smoser: but i agree, that we'll need it for UEC to really hit the "big time"
<smoser> cause copying GB of disk isn't going to be performance friendly
<kirkland> smoser:  and to accomplish that would be *phenomenal*
<kirkland> smoser: nope; i agree
<smoser> especially when you're doing multiple of those copies at once
<kirkland> smoser: and we're the ones who are going to be dev'ing and testing it
<smoser> :)
<smoser> i'm not certain that kvm live migration does this anymore, but at least xen used to...
<smoser> they dont stop the machine and then copy the memory
<smoser> they copy it and sync it in place
<smoser> then stop and do a refresh
<smoser> much faster than copying 512M (or 8G) all at once
<uvirtbot> New bug: #475747 in apache2 (main) "Apache2 initscript gives wrong output" [Undecided,New] https://launchpad.net/bugs/475747
<Reepicheep> netritious: did you get it figured out.. I was away for awhile
<netritious> Reepicheep: np, i really appreciate your help..iptables appears to work now, but a new problem has popped up..on boot I receive the error I mentioned above: 'ACPI: I/O resource piix4_smbus...'
<kirkland> mathiaz: do we have a wiki page dedicated to Server testing?
<Reepicheep> netritious: I don't know if I can help you much with that one.. but it looks like it is a known issue via the message it outputs
<Reepicheep> and it doesn't look like it is serious.. I'm would guess it never showed up before because that part of the kernel probably didn't exist in the striped down JEOS kernel
<netritious> Reepicheep: I've seen the error on all VMware Server vm's with Ubuntu 8.04+ including jeOS/minimal until today when I tried the minimal_vm install mode with karmic..
<netritious> Reepicheep: the error appeared after apt-get install linux-image-`uname -r` linux-image-generic-pae linux-image-server...
<netritious> Reepicheep: so now I'm wondering exactly what's the difference is before/after the commands in the system config..i'm not certain how those commands affect the system to be honest
<xperia2> hello to all.i have a small question about autobuilders. can somebody tell me what for a autobuilder this here is http://tinderbox.openembedded.net/search/
<soren> smoser: If you're fixing up the hardy images, we should get whatever packages are in the ppa SRU'ed into Hardy proper.
<Reepicheep> netritious: that makes sence .. it must be something with ACPI and VMWare.. eigther the VM JEOS kernel has it fixed or just doesn't load what ever is causing the message
<Reepicheep> the issue for you is that the VM JEOS kernel doesn't include iptables support
<soren> smoser: The PPA was a temporary measure.
<netritious> Reepicheep: exactly
<smoser> soren, well, for landscape, i'd leave that up to the landsape folks. for ec2-init i wasn't planning on SRU and inclusion
<smoser> but if you think that is something that is acheivable then we should probably target that.
<Reepicheep> netritious: accourding to what it printed out the only issue is a delay at boot
<smoser> actually, soren i dont know.
<smoser> https://launchpad.net/~ubuntu-on-ec2/+archive/ppa
<smoser> it would be a major undertaking to get all of those in. ec2-init , ec2-api-tools, ec2-ami-tools, linux-xen, landscape-client, smart
<netritious> Reepicheep: true, but any error on boot irks at me, at least until I give in and move on :)
 * Reepicheep does the same..
<smoser> soren, you think we want to do all of that into hardy proper ?
<netritious> Reepicheep: ok, so for kicks and giggles I ran apt-get install linux-image-virtual, rebooted and the ACPI/SMB_ conflict error is gone, but iptables is not loaded lol..what a vicious cycle
 * netritious may not have his cake and eat it too
<Reepicheep> netritious: you can always compile your own kernel ;-)
<netritious> Reepicheep: i know, but i'm a big chicken lol
<smoser> Reepicheep, netritious (regarding compiling your own kernel): http://xkcd.com/456/
<zul_> smoser: you can probably get them into hardy-backports though
<zul> smoser: also you only really need ec2-init, ec2-api-tools, ec2-ami-tools, landscape-client, smart  SRUed
<zul> linux-xen can be worked around
<smoser> well, not so much. it is installed in the image and provides kenrel modules.
<zul> smoser: you could use the standard xen kernel on hardy
<smoser> and the point getting this somewhere else would be to *not* workaround.
<zul> you just need a work around
<netritious> smoser: lmao, that pretty much sums up what I've read about it
<smoser> zul, maybe i'm missing something then.. what do you mean use standard xen kernel on hardy ?
<smoser> and if that works, then why do we have what we have in ppa ?
<zul> kirkland: hardy ships a dom0/domU kernel
<kirkland> zul: ?
<zul> smoser: because the requirements at the time was only to have domU
<zul> s/kirkland/smoser/g :)
<zul> kirkland: sorry is there a wiki page for things that should be tested for in lucid?
<kirkland> zul: hmm, like what?
<kirkland> zul: are you referring to mdz's question on the list?
<kirkland> zul: i was asking mathiaz for a pointer, before I go create one
<zul> kirkland: indeed i am
<soren> smoser: smart?
<zul> kirkland: ah ok...maybe i should stay off the caffine ;)
<kirkland> zul: seems that mathiaz has disappeared though
<smoser> soren, dependency of landscape-client
<zul> kirkland: ok i have a couple of ideas to add as well when the page goes up
<soren> smoser: Err... I had /no/ idea we had that in there as well.
<soren> $ wget -q -O - http://launchpadlibrarian.net/25136184/smart_0.52-2_1.1.1%7Ebzr20081010-0ubuntu0.8.10.1%7Eppa1.diff.gz | zcat -d | diffstat | tail -n 1
<soren>  168 files changed, 50005 insertions(+), 40443 deletions(-)
 * soren is not unambiguously excited
<Reepicheep> smoser: that's funny.. (and that's comming from a long time gentoo user)
 * Reepicheep is a recent convert to using ubunt on the server side of things
<xperia2> anybody here with experinece for installing and running the autobuilder software tinderbox or simillar ?
<mathiaz> kirkland: hm - not really.
<mathiaz> kirkland: we used to have https://wiki.ubuntu.com/Testing/Server
<mathiaz> kirkland: that page is empty now though
<mathiaz> kirkland: https://wiki.ubuntu.com/ServerTeam/KnowledgeBase#Tester%20resources
<mathiaz> kirkland: ^^ may need to be updated for more Testing ressource
<kirkland> mathiaz: okay, i'll create one
<cemc> kirkland: how can I specify an .iso file for a guest in virt-manager when installing? I can't seem to find a way to browse to where the iso file is
<smoser> nekro_, around ? i'm looking for insight to bug 461156.
<uvirtbot> Launchpad bug 461156 in euca2ools "User data is not parsed correctly by Eucalyptus in some cases" [High,In progress] https://launchpad.net/bugs/461156
<kirkland> where did zul go?
<kirkland> mathiaz: https://wiki.ubuntu.com/Testing/Server
<kirkland> mathiaz: just a first draft
<mathiaz> kirkland: cool - thanks
<ruben23> hi tried to install wubi for my ubuntu desktop, but during installtion i get error occurred---> permission denied on the installation process in windows
<xperia2> Reepicheep: do you know why i cant resolve some names on my ubuntu server ? the following command svn co http://svn.exactcode.de/t2/trunk t2-trunk give me this error messagesvn: OPTIONS of 'http://svn.exactcode.de/t2/trunk': Could not resolve hostname `svn.exactcode.de': Host not found (http://svn.exactcode.de)
<smoser> kirkland, you want ec2 mentioned there ?
<kirkland> smoser: yeah!
<xperia2> nslookup of svnexactcode.de give me this here http://pastebin.com/d6b332965
<kirkland> smoser: that list was not exhaustive :-)
<smoser> y
<smoser> editing
<qvqvqv> hello
<Reepicheep> xperia2: does the "host" command and dig both also return the correct IP?
<stephanee> hi all
<qvqvqv> i have a quick question, was just wondering if ubuntu server 9.10 comes with a statically linked sh anywhere in the filesystem?
<stephanee> I've just installed an ubuntu server 9.10 but I can't install php5.3 dotdeb' packages because of a broken libapache2-mod-php5. I have already installed it the same way last week and it worked all out fine. Does someone can help me ?
<xperia2> Reepicheep: dig works good http://pastebin.com/d622c1464
<xperia2> host works also good http://pastebin.com/d26cd82f8
<xperia2> strange before some miuntes i was able to access the svn repository on a another pc
<Reepicheep> k.. and nothing funny in your /etc/hosts file?
<Reepicheep> and are you running nscd anywhere?
<xperia2> http://pastebin.com/d191e3989
<xperia2> i have bind9 running for resolving my new domain for my server
<xperia2> i want somehow a own small hosting server with dns, web and mail
<xperia2> for multiple webservices
<xperia2> for nscd i have to look wih top
<Reepicheep> xperia2: and your running svn from a client that is using the server running bind as it's nameserver?
<Reepicheep> check your /etc/resolv.conf file
<xperia2> what i can say my ubuntu is having the last days heav lags. if i execute a command over ssh to the server i need to wait till 1 minute till i get a response
<xperia2> yes i am conected to the server over ssh and i am executingall this commands as a client  over ssh
<xperia2> good
<xperia2> resolv.conf => http://pastebin.com/d31bba1f2
<xperia2> the same lag happen also if i execute a command direct on the server by using the keyboard
<Reepicheep> so that resolv.conf is the one from the server? and your are running svn on the server, correct?
<xperia2> yes you are right
<Reepicheep> xperia2: you may make sure that the hostname of the server is in the /etc/host file
<MagicFab> hi all - where would someone install some third party application.. /usr/local/ ? As in "I want the next sysadmin to know it's there"..
<Reepicheep> make sure it can resolve itself also
<sommer> MagicFab: I like /opt... but that's just me :)
<xperia2> Reepicheep: thanks for the hint.
<Reepicheep> MagicFab: if your not gonig to install it from packages /usr/local is a good place. or /opt is common also
<MagicFab> I can't find any reference to that in Ubuntu docs or in LSB's.
<MagicFab> tx I'll look for references top /usr/local
<xperia2> Reepicheep: should i use 127.0.0.1 as a ip or the lan ip together with the hostname ? what is better ?
<xperia2> my file looks now as follow http://pastebin.com/d38a960d9
<andol> MagicFab: I would say /usr/local is the right place for you to install stuff yourself. /opt is more for none-distro installers, kind of
<xperia2> hostname give me this here:
<andol> MagicFab: http://www.pathname.com/fhs/pub/fhs-2.3.html#USRLOCALLOCALHIERARCHY and http://www.pathname.com/fhs/pub/fhs-2.3.html#OPTADDONAPPLICATIONSOFTWAREPACKAGES
<xperia2> $ hostname
<xperia2> wificom.ch
<MagicFab> andol, great! thank you.
<xperia2> Reepicheep: It works ! you are great man :-)
<FFEMTcJ> When I try to install a PPA on ubuntu server, I get the error add-apt-repository: command not found.. Is there a package I have to install for it to work?
<andol> FFEMTcJ: python-software-properties
<FFEMTcJ> thanks andol
<nijaba> smoser: heya.  I think that the email you sent to the ubuntu-cloud should also be sent to ubuntu-ec2.  WDYT?
<smoser> wdyt?
<smoser> yeah, i think it should be, and will send it there.
<Reepicheep> xperia2: np
<smoser> nijaba, done.
<nijaba> smoser: great, thanks a lot
 * smoser is so lame, i had to google wdyt
<smoser> but didn't understand why you were talking about a charlotte talk radio station
<kane_> hah
 * nijaba googles acronyms all the times but never tells anyone :P
<Aw0L> does the current LTS release have an option to encrypt partitions during the install?
<nijaba> Aw0L: yes, you can set up encreypted partition in 8.04LTS
<nijaba> Aw0L: but not just home directories as in 9.10
<Aw0L> nijaba: 9.10 only allows for encrypted home directories, but not / ?
<nijaba> Aw0L: 9.10 allows both
<Aw0L> oic, I misunderstood - thanks!
 * nijaba was not that clear either
<ninjah> Aw0L: I think you need the alternate CD
<Aw0L> okay, I'll test it out in a VM
<nijaba> ninjah: nope, that's straight in the strandard server installer
<Aw0L> thanks
<mneptok> Aw0L: encrypted partitions on a server install should use a random key, not a passphrase.
<ninjah> nijaba: Oh, well why would you need that on a server
<ninjah> ???
<lenios> random key?
<ninjah> once the system is running everything is unencrypted
<nijaba> ninjah: in case someone steals your server?
<mneptok> Aw0L: otherwise you will need physical access to the machine every time it boots.
<ninjah> nijaba: I see...
<Aw0L> that makes sense
<Aw0L> normally how swap partitions are encrypted no?
<mneptok> correct
<nijaba> ninjah: this happens more often that you think, btw
<mneptok> Aw0L: of course, using a random key means anyone that steals your server just has to boot it.
<nijaba> Aw0L: yes, if you need security, then please encrypt swap or you'll have a lot of your ram laying unencrypted on your disk.
<Aw0L> mneptok: true, but they would then have to find some way of breaking into your box - they can't just boot off of a live flash drive and mount your drive
<nijaba> Aw0L: kirkland is the expert on the subject if he has a few cycles to spare
<lenios> mneptok, i don't follow you with that random key
<mneptok> Aw0L: correct. but any server that can reboot unattended only needs the power button pressed to gain access
<ninnypants> I'm trying to run dovecot as the mda for postfix but I keep getting this error:
<ninnypants> postfix: fatal: /etc/postfix/main.cf, line 49: missing '=' after attribute name: "dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/user/lib/dovcot/deliver -f ${sender} -d ${recipient}"
<mneptok> lenios: what is unclear?
<Aw0L> mneptok: howso?
<lenios> what is this random key? how is it generated?
 * nijaba switches to a star filled frequency...  have a good one...
<mneptok> Aw0L: if you want a server to boot without a human being physically present to grant access to partitions, then all someone has to do is take the machine, and plug it in and power it on elsewhere.
<mneptok> lenios: http://publib.boulder.ibm.com/infocenter/lnxinfo/v3r0m0/index.jsp?topic=/liaai/secure/liaaisecureencryptswappsles.htm
<Aw0L> mneptok: are you referring to someone gaining access to unencrypted partitions?
<mneptok> Aw0L: no, encrypted partitions.
<ninjah> Aw0L: I don't see the point of encrypting partitions on a server.
<mneptok> Aw0L: dm-crypt uses a passphrase or random key.
<mneptok> Aw0L: if you encrypt using a passphrase, every time that server boots someone will have to be sitting in front of it and enter the passphrase. not a good idea.
<Aw0L> right
<mneptok> Aw0L: if you use a random key, like for a swap partition, the machine will *automatically decrypt* those partitions when it boots.
<Aw0L> but when it's automatically decrypted, one would still have to break into the box to access files
<ninjah> if the server "automatically decrypts" the partitions then you have no security at all.
<mneptok> i come to your datacenter. i steal you machine. i take it home, and boot to recovery mode and set a root password. i restart the machine. the encrypted partitions are *automatically decrypted* and i have access.
<lenios> oh, the random key is for the swap
<Aw0L> ah
<ninjah> Encrypted partitions are good for workstations and laptops. I don't see any reason to encrypt a server drive.
 * mneptok nods
<Aw0L> I was thinking moreso a separate partition to stick sensitive files
<Aw0L> still doesn't seem worth it when I can use file encryption when necessary
<mneptok> well, then choose whether you want to have to be physically present every time the machine starts, or have worthless security. :)
<Aw0L> well if it's not a critical partition, it wouldn't need to be mounted at startup
<Aw0L> could be decrypted from the cli
<Aw0L> of ssh
<Aw0L> still, periodic file encryption seems more pratical
<Aw0L> thanks for the input
<kees> heya mneptok
<mneptok> kees: heya!
<mneptok> kees: i assume you'll be at UDS?
<kees> mneptok: totally :)
<mneptok> smashing
<adurity> where can I find some solid documentation on using upstart?
<lenios> http://upstart.ubuntu.com/getting-started.html ?
<adurity> lenios, thanks
<ninnypants> I'm trying to run dovecot as the mda for postfix but I keep getting this error:
<ninnypants> postfix: fatal: /etc/postfix/main.cf, line 49: missing '=' after attribute name: "dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/user/lib/dovcot/deliver -f ${sender} -d ${recipient}"
<ninnypants> from the walkthroughs I've found adding that line to postfix's main.cf should allow me to use dovecot as the mda but I keep getting that error and can't find anything on it
<kirkland> nijaba: i'm here now, but i see that Aw0L has left
<jmedina> ninnypants: could you please pastebin de dovecot line in master.cf?
<ninnypants> jmedina: http://pastebin.org/51261 sorry it took so long I ran into one of the greatest uses of javascript ever
<adurity> I'd like to run a script based on the presence of certain hardware at boot.  Can upstart help me do this today?
<foxbuntu> adurity, what exactl are you trying to accomplish?
<adurity> I'd like to change my xorg.conf file based on which video card is installed
<lenios> you're changing the video card between boots?
<adurity> lenios, yes. well really, i'm booting both as a VM and a physical machine, so in effect I have multiple video cards
<foxbuntu> adurity, what?
<foxbuntu> adurity, Im not sure I follow, thats two machines, two configs
<foxbuntu> unless you are converting back and fourth
<adurity> using VirtualBox, you can link a physical disk to a virtual machine.  By doing this, I am able to boot the same ubuntu install either through a VM or by directly booting.
<jmedina> ninnypants: this is wrong
<jmedina> user=vmail:vmail
<jmedina> it doesnt use chown sintax :)
<jmedina> change it to user=vmail
<jmedina> and this is argv=/user/lib/dovcot/deliver
<jmedina> that should be /usr...
<ninnypants> still gives the same error
<ninnypants> but if I put an = after dovecot it doesn't error
<jmedina> show the new line
<ninnypants> doesn't error: http://pastebin.org/51266 your suggestions: http://pastebin.org/51266
<ninnypants> sorry second link should be http://pastebin.org/51267
<jmedina> did you restart postfix?
<jmedina> try
<jmedina> postfix check before restart
<ninnypants> yeah I did
<ninnypants> what does check before restart do?
<JJman> i have errors installing package and apt-get install -f  aren't fixing it.  what else can i try to get this unstuck
<jmedina> :)
<jmedina> man postfix
<jmedina> I was mean "postfix check"
<ninnypants> you had it right I just wrote it wrong
<ninnypants> ok tried it and the onlything that doesn't return an error is adding the = after dovecot
<jmedina> ninnypants: is this the last line?
<jmedina> flags=DRhu user=vmail argv=/usr/lib/dovcot/deliver -f ${sender} -d ${recipient}
<jmedina> dovecot is mispelled
<jmedina> you missed a "e"
<ninnypants> ahh spelling is always the worst
<ninnypants> still doesn't get rid of the error though
<jmedina> what error
<jmedina> please provide details
<Gorlist> evening, spot of bother. Someone is doing a brute force on mysql, had to shut it down
<nxvl> kirkland: around?
<Gorlist> however theirs nothing in mysql log file?
<kirkland> nxvl: hi
<nxvl> kirkland: hi, just hited kinda of a funny thing with encrypted home
<nxvl> kirkland: when i enter a chroot it's not being able to mount my home dir
<nxvl> to work from it on the chroot
<nxvl> using sbuild
<nxvl> have you seen somthing like this
<nxvl> (it's completely expected to have that behavior, but i mean, are the workarounds?)
<ninnypants> same as in the begining
<ninnypants> postfix: fatal: /etc/postfix/main.cf, line 49: missing '=' after attribute name: "dovecot unix - n n - - pipe flags=DRhu user=vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}"
<Gorlist> they are putting in massive amounts of querys and killing it
#ubuntu-server 2009-11-06
<ninnypants> also these are the last couple entries from my mail.log file Nov  5 23:59:29 Directories postfix/smtpd[24093]: warning: problem talking to service rewrite: Success
<ninnypants> Nov  5 23:59:29 Directories postfix/master[6788]: warning: process /usr/lib/postfix/trivial-rewrite pid 24122 exit status 1
<ninnypants> Nov  5 23:59:29 Directories postfix/master[6788]: warning: /usr/lib/postfix/trivial-rewrite: bad command startup -- throttling
<ninnypants> sorry thought I'd copied the link http://pastebin.org/51273
<jmedina> and what about postfix check?
<ninnypants> it gives me this postfix: fatal: /etc/postfix/main.cf, line 49: missing '=' after attribute name: "dovecot unix - n n - - pipe flags=DRhu user=vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}"
<ninnypants> unless I format it like this: dovecot=unix - n n - - pipe flags=DRhu user=vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
<ninnypants> which is incorrect
<JJman> i need to reinstall a program (mysql)  whats the best way to remove & reinstall should i do a reinstall or remove or purge or autoremove?
<Reepicheep> JJman: are you interested in starting over.. configs and all?
<JJman> Reepicheep: yea thats fine cause i have to reinstall phpmyadmin afterwards.
<Reepicheep> JJman: then you may as well just go ahead and purge it .. then if you want to get rid of the data make sure /var/lib/mysql and /var/lib/mysql-cluster are both removed or moved out of the way
<JJman> will the data be overwritten if there are changes in the install to user?  only user added/changed is root i changed its name
<Reepicheep> JJman: are you refering to the data in the database?
<JJman> yar.
<jmedina> ninnypants: what ubuntu version?
<JJman> since i renamed the 'root' user
<ninnypants> 8.4
<Reepicheep> JJman: If you want to preserve that you better back that up first
<jmedina> I recommend migrato jaunty or karmic and install postfix-dovecot
<jmedina> it is preconfigured :)
<Reepicheep> JJman: root as in mysql root user, correct?
<JJman> yep
<JJman> i can recreate it its no biggie.  just the 1 user
<ninnypants> jmedina: can't not my server
<Reepicheep> well when you install mysql-server it will create a root user for that mysql install
<JJman> I purged both client & server but i still can run mysql from cmd.  although it won't connect. as there's a socket error
<Reepicheep> JJman: I'm curriuos why you renamed the mysql 'root' user?
<JJman> so it obviously didn't purge
<JJman> errr because everyoen know's 'root'  so its obviously more secure to rename it
<JJman> rule #1 rename your root
<JJman> ;-)
<Reepicheep> oh.. I see.. I useually just make it so only localhost can login as root.. and also set a root password
<JJman> ok now mysql is gone.  i had 2 versions of the client installed
<Gorlist> does mytop come standard with mysql?
<Reepicheep> JJman: you may also see mysql-common installed
<JJman> this is the problem i'm having i want mysql 5.1 installed but when i go to install phpmyadmin it uninstall's 5.1 and installs 5.0
<JJman> its extremely annoying
<JJman> how can i search what mysql* related packages are installed
<jmedina> dpkg -l
<Reepicheep> JJman: you may want to install phpmyadmin from source instead of the package then
<Reepicheep> it's pretty straight forward to setup
<JJman> ok .   whats this dpkg -l showing me.  thats not stuff thats only installed, right.  cause its showing the packages i just purged
<Reepicheep> JJman: do an "aptitude show <package-name>" on one of the questionable packages, see if it claims to be installed there
<Reepicheep> JJman: what does the like in "dpkg -l" start with?
<JJman> i think the problem i'm having with phpmyadmin has to do with the version conflict in php5-mysql  that appears to be using an older version
<JJman> not sure what u mean
<Reepicheep> when you do a "dpkg -l" and it displays say the package "mysql-server" does the line stat with "ii" or something different
<Reepicheep> if it start with a "u" it is not installed
<Reepicheep> JJman: "aptitude show mysql-server | grep State" may be handy also
<JJman> yea i see ii
<JJman> for most things except for mysql 5.1  has rc in front
<JJman> 5.0 says ii
<Reepicheep> JJman: "ii" => Desired: installed ; Status: Installed
<JJman> & rc
<geoffmcc> maybe its a dumb question or maybe its just so the user can have more customization over ubuntu but i recently started using ubuntu server to host my own webpage. one thing i noticed is that there is no or seems to be no firewall by default, why is this?
<JJman> there's apparmor
<JJman> not sure thats the same
<jmedina> a Firewall wont protect you agains http attacks
<jmedina> at least not a IP firewall
<Reepicheep> JJman: "rc" => Desired: Remove ; Status: Config-files
<geoffmcc> i just figured a firewall would normally be desired
<JJman> mod_security is supposed to help i think in that regard
<Reepicheep> JJman: this might help http://paste.ubuntu.com/311068/
<JJman> thx
<JJman> attempting to install phpmyadmin now from source.  (skeptical that this will help as i think the problem lies in php5-mysql library
<Reepicheep> JJman: when I say install phpmyadmin from source I meen get your mysql server setup, get your web server setup with PHP then go to sourceforge and download phpmyadmin from there
<JJman> i've done that
<JJman> web server already installed & setup with php5
<JJman> i reinstalled mysql 5.1
<JJman> now i'm trying to install latest version of phpmyadmin
<Reepicheep> ok.. sorry so it's the php5 that is causing the problem with mysql 5.1 then?
<JJman> Well i 'think' it is.  this is one of the errors i was getting in phpmyadmin:
<JJman> Your PHP MySQL library version 5.0.75 differs from your MySQL server version 5.1.31. This may cause unpredictable behavior.
<JJman> as it seems that the php mysql library is part of the php install perhaps
<kirkland> mathiaz: still around?
<mathiaz> kirkland: yes
<kirkland> mathiaz: you don't have VT on your laptop, do you ?
<mathiaz> kirkland: nope - I do *not* have VT on any of my laptop
<kirkland> mathiaz: well that's something you should fix sometime :-)
<kirkland> mathiaz: oh well
<Reepicheep> jjman what does it return for the version when you do a "dpkg -l mysql-server"
<mathiaz> kirkland: well - if Dell had chosen an Intel graphic instead of pouslbo driver for the mini 10, I would have VT extension on my dell mini
<JJman> Reepicheep: pn  mysql-server         <none>               (no description available)
<JJman> thats odd since i just installed 5.1
<JJman> mysql --version
<JJman> mysql  Ver 14.14 Distrib 5.1.31, for debian-linux-gnu (i486) using  EditLine wrapper
<Reepicheep> yeah.. that's interesting, does the "mysqld" command exist?
<Reepicheep> if so run "mysqld --version"
<JJman> mysqld --version
<JJman> mysqld  Ver 5.1.31-1ubuntu2 for debian-linux-gnu on i486 ((Ubuntu))
<Reepicheep> JJman: what command did you use to install it?
<JJman> sudo apt-get install mysql-client-5.1 mysql-server-5.1
<JJman> i'm able to loginto db (it kept renamed root even)
<Reepicheep> ah.. ic.. try "dpkg -l mysql-server-5.1"
<JJman> ii  mysql-server-5.1     5.1.31-1ubuntu2      MySQL database server binaries
<Reepicheep> well if you didn't remove the data directory for the db .. it probably just kept the existing users and databases
<JJman> which is fine
<Reepicheep> the users are all stored in the "mysql" database
<JJman> this is wher ei think the problem will lie when i get phpmyadmin reinstalled:
<JJman> ii  php5-mysql           5.2.6.dfsg.1-3ubuntu MySQL module for php5
<JJman> yea i know in the users table
<Reepicheep> JJman: I'm not sure what else to do short or repackaging php5-mysql linked against the mysql 5.1 libraries instead of the 5.0 libraries
<JJman> we'll see.  if this doesn't work then i'm scrapping 5.1 and going back to 5.0 where it will work with no problems
<Reepicheep> and .. everything may work fine the way that it is
<JJman> true
<Reepicheep> even with that warning.. I wouldn't know though .. that would be a question for the phpmyadmin people or even maybe the mysql people
<JJman> yea if anyone in those channels were of any help  8-p
<JJman> I've been trying to ask for more than a day
<Reepicheep> well that's no fun.. I don't know if I have been any help either though..
<JJman> More than most  ;-)  appreciate it
<Reepicheep> np.. but the issue now is that you have reminded me how late it is.. I gotta get going
<JJman> k
<JJman> peez
<JJman> i'm installing new version of phpmyadmin should i set www-data.www-data as the owner for all the files as root now owns and they aren't accessible?
<decoy_> #ubuntu
<uvirtbot> New bug: #476063 in php5 (main) "package libapache2-mod-php5 5.2.10.dfsg.1-2ubuntu6.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/476063
<jefferai> I'm having an issue where I can't get into any services from the outside
<jefferai> after a reboot
<jefferai> I had this problem before, and figured it out
<jefferai> but that was a few months ago, when I first installed it
<jefferai> and can't remember what :-|
<jefferai> ufw isn't installed, iptables isn't installed...
<jefferai> but it's behaving like there's a firewall
<uvirtbot> New bug: #476069 in krb5 (main) "segfault" [Undecided,New] https://launchpad.net/bugs/476069
<Atula> hi all
<Atula> I install ubuntu server
<Atula> but i copy a file with charaset  utf-8
<Atula> it's no dipslay ubuntu server
<Atula> can i help you
<JanC> I think utf-8 should work
<JanC> maybe you need to change the default encoding
<JanC> do you have an example of this problem on-line?
<Atula> yes
<Atula> example
<KurtKraut> Atula, if you are having a hard time to communicate in english, I belive the guys on #ubuntu-vn speak your language.
<Atula> i make file with name : mkdir xÃ£
<Atula> it's no display
<JanC> seems to work fine here?
<Atula> i using winscp
<JanC> ah, maybe something get's lost in the translation from Windows to linux....
<Atula> copy file from my computer to server ubuntu 9.10 however it's display : "x?"
<JanC> see http://gparted-forum.surf4.info/x%C3%A3/test.txt for a test
<JanC> so the xÃ£ works there
<JanC> http://gparted-forum.surf4.info/xÃ£/test.txt
<Atula> i see
<JanC> (should do the same)
<Atula> ok i wiil check locale
<JanC> I think something goes wrong between windows & linux
<JanC> windows doesn't use utf-8
<Atula> window: Cp1258
<JanC> most filesystems don't "know" what filesystem is used, and filenames are encoded in whatever encoding a program assumes is okay  :-/
<Atula> ok thanks Janc
<JanC> so you need to find a program or program option that can convert between cp1258 & utf-8
<Atula> ok i see
<Atula> i can using unikey to convert
<JanC> maybe winscp can do it on-the-fly if told to, otherwise try other tools  ;)
<Atula> ok
<JanC> Atula: using Ubuntu on your desktop might avoid this sort of issues too  ;)
<crohakon> notepad++
<crohakon> Atula, yes, ditch windows.
<Atula> i using notepad++
<Atula> very good editor
<twb> Emacs and Vim both run on Windows.
<crohakon> If I still used windows I would use notepad++ for all my coding
<twb> FWIW I think current versions of Windows use UTF-16 as the native encoding.
<crohakon> Now I do most of my coding over SSH on my web server so I just use nano or vi.. mostly nano because it is simple and quick.
<JanC> twb: actually, they officially use UCS-2 with extensions that essentially mean they use UTF-16, or something like that  ;)
<twb> IIRC UTF-16 addressed UCS-2's inability to reference codepoints outside the first plane, or perhaps vice-versa.
<twb> Anyways, it doesn't matter.
<twb> All we really need to do is convince .jp to drop JIS
<JanC> twb: AFAIK Unicode is a JIS standard too  ;)
<JanC> one issue is that glyphs have some differences between Japanese, Chinese, Korean, etc., but are still classified in one "plane" in unicode
<JanC> at least, that's what I understood
<tonyyarusso> Hi, would someone be able to explain the differences between NFS, OpenAFS, and sshfs to me?
<JJman> can someone help me figure out why i can't get mysql reinstalled.  after several attempts to remove & reinstall.  now all i get is Aborting downgrade from (at least) 5.1 to 5.0.
<JJman> dpkg: error processing /var/cache/apt/archives/mysql-server-5.0_5.1.30really5.0.75-0ubuntu10.2_i386.deb (--unpack):
<JJman> But i DONT" have 5.1 installed anymore  i have removed all versions and i try to install clean and it just errors out with this
<guoxiaolong> oh no
<twb> JJman: downgrading isn't supported.
<JJman> i uninstalled 5.1  since i couldnt' get it working properly  but now i can't even install 5.0 as it errors out
<JJman> so i'm NOT trying to downgrade.
<twb> Did you use "aptitude purge"?
<JJman> apt-get purge yep
<twb> When it offered to delete your databases, did you tell it to do so?
<JJman> problem was when i was installing phpmyadmin it decided it didn't want to use 5.1  so it UNINSTALLEd and installed 5.0  and fucked things up
<JJman> nope.  is that the problem.  i kept the DB
<twb> That would be my guess, but I tend to avoid mysql because it's so horrible.
<JJman> lol.  why do u say that
<twb> You can also try #mysql.
<JJman> they are well not helpful there most of the time.  no one replies
<JJman> i'll try remove the DB and see if that helps
<twb> You waited a few hours for a reply?
<JJman> yes.
<JJman> i've waited days for a reply
<twb> Did you ask a Smart Question? (http://www.catb.org/~esr/faqs/smart-questions.html)
<JJman> #phpmyadminn #mysql are pretty useless channels in my experience
<JJman> tahts a relative term
<twb> Yeah -- #ubuntu* is amazingly useless.
<twb> I only lurk here so that I can pump a few clued people like ScottK for information
<JJman> #ubuntu is not so.  but i've gotten a lot of good elp here in ubuntu-server actually
<JJman> help
<JJman> i think #ubuntu just has too  many users to be helpful
<twb> Too many idiots, you mean.  A low SNR.
<JJman> that too
<JJman> although i often fall into that category as i've not been using linux for years like some of these folks
<JJman> whattya know that worked.  i got 5.0 installed again.  Thx.
<JJman> had to reinstall 5.1 to then purge it again  ;-)
<mneptok> MariaDB > MySQL  ;)
<twb> As for me, I would recommend sqlite (if you want simplicity) or postgres (if you want, you know, an actual database).
<mneptok> twb: MySQL and derivatives are "actual databases"
<twb> Does MySQL still use a non-atomic database format on Unix by default?
<mneptok> twb: it's nice you like Postgres, but try to avoid troll-ish FUD.
<mneptok> twb: depends on your storage engine.
<twb> I meant MyISAM vs. InnoDB
<twb> (IIRC; obviously I don't deal with MySQL much.)
<mneptok> MyISAM is atomic.
<mneptok> http://dev.mysql.com/doc/refman/5.1/en/storage-engines.html
<twb> Hm.  Maybe I was misremembering; Wikipedia indicates that MyISAM has an (optional?) "full ACID" mode, and merely lacks transactions.
<mneptok> i'd go with the official documentation over Wikipedia entries.
<twb> I believe Wikipedia more than primary sources for everything else.  I don't know why MySQL would be an exception.
 * ScottK is not a huge RDBMS expert, but when he works on projects with people who are, they seem to lean pretty heavily to postgresql over mysql.
<pwnguin> ScottK: its just a better place to start
<pwnguin> i have no idea why mysql is so damn popular
<ScottK> If popularity was related to quality, Windows would be about perfect.
<pwnguin> however, i think "certified" experts are going to mainly lean oracle
<twb> ScottK: that's pretty much the case for me, too.
<\sh> pwnguin, postgresql is more oracle like then mysql ;) so postgresql is a good solution...(but lacks really some nice stuff like cluster handling and easy master slave synchronization)
<twb> I think mysql is popular because it's easier to get going than postgres and more powerful than sqlite.
<twb> So people think they are getting an easy-to-use robust RDBMS rather than a hard-to-use toy
<\sh> twb, well, looking at some real world projects like booking.com it's a robust RDBMS...forget the lack of sequences...we had to make a decision in the past too...mysql or postgresql...both had pros and cons...and one of the cons for the mysql decision was the cluster package
<\sh> s/cons/pros/
<\sh> need coffee fast
<MenZa> we all do, shang
<maxagaz_> hi
<maxagaz_> i have installed a new disk to have more space on a server
<maxagaz_> how to prepare it
<maxagaz_> i meant, partition, format, mount
<maxagaz_> is there a procedure somewhere ?
<kaushal> hi
<kaushal> is there a way to get 8.04.2 version ?
<jmarsden> maxagaz_: https://help.ubuntu.com/community/InstallingANewHardDrive
<kaushal> http://releases.ubuntu.com/hardy/ gives me 8.04.3
<\sh> maxagaz, partitioning: parted <device> ; formatting: mkfs.<your favorite fs> <your new partitions> ; vi /etc/fstab -> add your new partitions to mountpoints
<maxagaz> jmarsden, thanks!
<jmarsden> maxagaz: No problem.  BTW, all I did was Google for ubuntu add hard drive ... you could have done that too :)
<tsrk> With vmbuilder, how do I specify the domain of a new VM?
<jmarsden> tsrk: --domain DOMAIN   ... man vmbuilder has this info.
<tsrk> jmarsden: that looks like it sets the networking domain... i'm trying to set the "name" of the VM, which I thought is also called the domain. I'm probably wrong about something here
<jmarsden> tsrk: name as in hostname?
<maxagaz> how to be sur of what /dev/sdx my system is booted on ?
<tsrk> jmarsden: the name that libvirt uses
<tsrk> maxagaz: mount
<pwnguin> \sh: i dont disagree, just saying certified DBA employees seem to have a second job as "oracle salesman"
<jmarsden> tsrk: Try --hostname HOSTNAME and also see https://help.ubuntu.com/community/KVM/CreateGuests in case that helps
<maxagaz> what is the code for ext4 partition, i can't find it in the list provided by cfdisk ?
<\sh> pwnguin, certified oracle DBAs ;)
<kaushal> checking in again for my query ?
<jmarsden> kaushal: I doubt many mirrors will carry 8.04.2 ISO images any more.  As soon as you do an apt-get upgrade you'll have 8.04.3 and later anyway, so I'm not sure it is all that useful to download 8.04.2 nowadays...
<jmarsden> maxagaz: I think you can use the same partition type code for ext4 as you use for ext3
<mario__> Hi, how can i get SMART information from an hard disk in 8.04.3?
<mario__> from console
<kaushal> hi
<kaushal> is there a way to know which package contains /etc/inetd.conf ?
<kaushal> on Ubuntu
<jpds> kaushal: dpkg -S /etc/inetd.conf
<jpds> !apt-file | kaushal
<ubottu> kaushal: apt-file is a program that can tell you which package(s) contain(s) a given filename. To install it and generate the database it needs, run "sudo apt-get install apt-file && sudo apt-file update"
<maxagaz> how to make sure a firewall allows incoming connections on port  5900 from localhost ?
<kblin> why would anyone filter on localhost anyway?
<maxagaz> kblin, nmap localhost -p5900 => close
<maxagaz> closed
<maxagaz> how to open it ?
<kblin> maxagaz: start a server on it?
<maxagaz> 5900/tcp closed vnc
<maxagaz> how to start it ?
 * soren lunches
<maxagaz> how to determine my X DISPLAY ?
<\sh> maxagaz, echo $DISPLAY
<alex88> mmhh...how can i configure my domain register to delegate dns to my vps? i've tried with NS myip but it's not working
<Brumle> alex88: the NS record uses DNSnames, not ip addresses.  The NS records on the registrar must be the same as in your SOA record
<alex88> mmmhhh..for example, in whois i have ns1.netsons.org ns2.netsons.org as nameserver, ad i can't change it.. in my dns panel i can add A AAAA CNAME MX TXT NS record..what should i do?
<soren> alex88: It needs to change in the tld's nameserver.
<alex88> so i have to change the ns1 and ns2 nameserver? can't delegate to my dns server with some kind of records?
<soren> alex88: Think about it.. How do I know to begin with to go and look at the current DNS?
<alex88> you mean how you can query it? or the current settings?
<soren> No.
<alex88> oh sry...my english is not so good..xD
<soren> Think about it. You can't put an explanation on how to find something on the thing itself.
<soren> If you want tell someone how to find your house, it doesn't help to put the map ON your house.
<soren> Same thing here.
<alex88> oh ok got it..
<soren> Ok.
<soren> So *something else* holds the information about which DNS to talk to for your domain.
<alex88> mmhhh..i'll open a ticket to my domain registar
<soren> If you want to talk to ubuntu.com, you (or a nameserver on your behalf) first asks the root name servers: "who knows somthing about .com.?". The response lists a number of name server that know about .com. You then ask those "who knows about ubuntu.com.?". You get back a list of nameservers. You can then ask talk to those about ubuntu.com.
<soren> See?
<soren> Changing the NS information on those final nameservers is not enough. You need to move one step back up the chain.
<soren> (This is not strictly how it works, but it's accurate enough to explain why you're having problems)
<alex88> oh ok, got it..
<alex88> but, in this case, querying www.ubuntu.com ask at ubuntu.com the ip of www right?
<alex88> i was thinking that changing some info in the ubuntu.com can delegate the www query to another nameserver..
<Creap> dist-upgrade do not update my server to 9.10
<Creap> how do I upgrade?
<andol> Creap: I would say do-release-upgrade is the command you are looking for.
<uvirtbot> New bug: #475641 in lm-sensors (main) "pwmconfig does not work after upgrade to 9.10 on TYAN server" [Undecided,New] https://launchpad.net/bugs/475641
<Creap> it tells me not to upgrade via ssh, but I don't have a graphics card, I hope there's usually no big problems with the upgrade?
<pmatulis> Creap: what about a serial connection?
<pmatulis> Creap: i have seen a jaunty-karmic upgrade fail spectacularly.  do you have backups?
<Creap> I don't have a monitor either ;D only laptop + server
<Creap> yeah the kubuntu upgrade failed on my work computer
<Creap> I guess I'll just not upgrade
<pmatulis> Creap: if there is no compelling reason to, you shouldn't upgrade a server, more so if it an important server, and even more so if you have no backups
<Creap> it's not an production server or anything like that
<Creap> looking at the changelog now
<Creap> I guess the only interesting part for me is ext4
<Creap> which I don't really need 9.10 for anyway so..
<incorrect> off topic, but can anyone suggest a good US ubuntu 9.10 vm provider?
<Pici> incorrect: Look into linode.
<incorrect> thanks Pici
<uvirtbot> New bug: #476491 in dhcp3 (main) "[karmic regression] Hostname not set by dhclient when no hostname defined in /etc/hosts" [Undecided,New] https://launchpad.net/bugs/476491
<cesco> Hi. Anybody with experience on DAT tapes?
<ghankstef> what is the best way to stay on top of security updates?  I heard there was an openssl flaw just discovered - but dont know if ubuntu server has a patch yet
<gioele> hello, is there an (official) PPA with VDE-enabled KVM packages?
<soren> gioele: I doubt it.
<gioele> soren: :(
<soren> gioele: Most of the time, you don't actually need vde.
<stgraber> gioele: if you install vde2, you can then use "vdekvm" which will make the vde network working inside kvm
<gioele> stgraber: vdekvm is deprecated upstread (vde) not the debian|ubuntu packages are not working anymore
<gioele> I mean they start but the networking fails to set up
<gioele> stgraber: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534321
<uvirtbot> Debian bug 534321 in vde2 "vde2: ioctl error on vde network" [Important,Open]
<stgraber> really ? I did all the iso testing for LTSP with two VMs using vde2 for virtual switching
<stgraber> (in Karmic)
<soren> stgraber: Why did you need VDE for that?
<gioele> stgraber: using the kvm in karmic?
<stgraber> yep
<soren> A bridge already acts as a virtual switch.
<gioele> soren: a bridge requires quite a bit of configuration
<stgraber> soren: sure but when you PXE boot, the delay between the time the interface joins the switch and the time it actually works is too long
<stgraber> soren: and so it fails 50% of the time
<stgraber> also, you need to be root to add a bridge
<gioele> stgraber: did you use vde_switch with --tap?
<soren> stgraber: You can adjust that delay..
<soren> gioele: You're kidding, right?
<soren> gioele: You think it's easier to setup vde than a bridge?
<gioele> soren: I'd say so: http://www.debianadmin.com/create-a-lan-for-virtual-servers-with-kvm-and-vde.html
<soren> With libvirt, the bridge is even already there.
<soren> The default for new VM's is to hook into the bridge. It can't possibly be any easier.
<gioele> soren: libvirt != a bridge. I was referring to a manual configuration
<gioele> stgraber: I just tested again: the two instances refuse to connect each other, each vdekvm says http://pastie.org/686485
<stgraber> gioele: i tried with vde_switch -sock /tmp/vde IIRC
<soren> gioele: Err.. No, I know that libvirt is not a bridge. It's a library (and a daemon). It sets up a bridge, though.
<stgraber> hmm, can't seem to make it to work again ... I used it last week (first time I used it) and it worked, not sure what changed in between
<smoser> kirkland, chat sometime today ?
<kirkland> smoser: sure, irc, or phone?
<soren> kirkland: Do you know if any laptop battery for any T-series will fit the one I bought from you?
<smoser> i was thinking phone
<kirkland> soren: any t6* series, yes
<soren> kirkland: Cool. Thanks.
<kirkland> soren: ie, not a t41p's battery
<kirkland> soren: want the docking station for $20?
<kirkland> smoser: give me 15 minutes
<smoser> kirkland, i'll give you $20 for it.
<smoser> in fact, please, i want to give you $20 for it.
<soren> kirkland: Sure.
<soren> kirkland: In fact, that would be awesome.
<soren> kirkland: I'm bringing a suit case anyway, so I've got plenty of room for once.
<uvirtbot> New bug: #476578 in samba (main) "After upgrade to karmic samba ignored /etc/samba/smbpasswd" [Undecided,New] https://launchpad.net/bugs/476578
<kirkland> smoser: soren: heh, well, you're going to have to duke it out :-)
<kirkland> or start a bidding war :-)
<smoser> $20.02
<soren> kirkland: Can't I pull rank or seniority or something? :)
<kirkland> :-)
<soren> Arm wrestle?
<kirkland> soren: that works better in the military
<soren> I'd probably lose that one, but it'd be fun.
<kirkland> you should have a hack off
<soren> realtimebattle
<soren> !
 * soren takes a quick break
<gioele> I'd like to recompile kvm and repackage qemu-kvm. Are there instructions on how to do that? Do you use bzr-builddeb?
<gioele> kirkland: I see you have a qemu-kvm-packaging branch in +junk, do you use that to package qemu-kvm?
<bogeyd6> gioele im probably only one alive, and i only ever used vmware
<kirkland> gioele: i don't use that yet
<kirkland> gigasoft: apt-get source qemu-kvm
<kirkland> gioele:  apt-get source qemu-kvm
<kirkland> gioele: cd *
<kirkland> gioele: debuild
<kirkland> well, sudo apt-get build-dep qemu-kvm
<gioele>  kirkland: ok, thank you. I hoped I could try this new bzr-builddeb toy ;)
<kirkland> gioele: bzr branch lp:byobu
<kirkland> gioele: cd byobu
<kirkland> gioele: bzr bd
<gioele> kirkland: great I'll try that soon (paid job first ;))
<gigasoft> <kirkland> why?
<kirkland> gigasoft: tab completion fail
<gigasoft> kirkland: what for?
<kirkland> gigasoft: i was trying to tab complete gioele
<gigasoft> why should i do that?
<kirkland> gigasoft: i mistakenly called your name
<gigasoft> ok
<flagg0204> are their ubuntu debs available for eucalyptus 1.6.1?
<kane_> flagg0204: yes, from eucalyptus.com: http://repo.eucalyptus.com/ubuntu/pool/universe/e/eucalyptus/
<flagg0204> kane_ ah cool thanks
<kane_> flagg0204: instructions here: http://open.eucalyptus.com/wiki/EucalyptusInstallationUbuntuJaunty_v1.6
<kane_> flagg0204: no problem
<dmacnutt> anyone with ltsp experience?
<dmacnutt> was able to install without issue, and can get the thin client to boot, but X fails to start, It stalls with the a busy mouse cursor
<flagg0204> kane_ am i correct in assuming that these instructions will work with karmic as well?
<flagg0204> kane_ or is that jaunty only
<kane_> flagg0204: i'm afraid this was just my google skills at work :) it'd stand to reason they'd work though
<flagg0204> kane_ ok.   well guess it worth a shot
<lukehasnoname> Good morning, gents
<lukehasnoname> Has anyone in this distinguished channel used FireHOL?
<lukehasnoname> I don't need help with it; I want to know if anyone else thinks it's exponentially cooler than ufw (though props to ufw on their improvements in Karmic)
 * ScottK just has his own iptables scripts.
 * jdstrand uses ufw
<ScottK> Right, you would. ;-)
<jdstrand> :)
<lukehasnoname> heh
<lukehasnoname> Given the number of mature frontends to iptables, I assert that all but the most complex of configurations (possibly /especially/ the most complex) need not use iptables directly.
<ScottK> lukehasnoname: My assertion is that I've had iptables scripts that work for me for years, so any switch away from using iptables directly would cause me more work, not less.
<lukehasnoname> True. It is all about what you know.
<doug_> I'm running ubuntu-9.10 server and just installed mysql-server.  However, there are no files in either /etc/mysql or /var/lib/mysql.  How do I get the configuration and initial database files added?
<lukehasnoname> doug_: Have you attempted logging in?
<flagg0204> lukehasnoname - agreed with iptables,  having to manage a 300-400 lines iptables script is a nightmare.  i'd also argue that if your rules are that comples, by a appliance based FW
<doug_> lukehasnoname:  I can't log into the mysql server....it won't start because of the missing config (and other) files.
<lukehasnoname> Possible. OR check out FireHOL. I have no personal gain in its gain in popularity, but seriously, it's pretty amazing. Not perfect, but it's very handy. the home page (google it) has a very nice example setup.
<lukehasnoname> doug_: OK, I kind of expected that. Hmmm, that's weird. This isn't the most popular method of fixing it, but if it's this broken... I'd say uninstall/reinstall the package and see what happens. Make sure it's calling in the right dependencies as well; 'mysql-server' is a metapackage
<doug_> lukehasnoname:  I've already done that several times....still doesn't install the files for /etc/mysql or /var/lib/mysql, and possibly others.
<lukehasnoname> I don't know what to tell you doug_
<lukehasnoname> is it installing all dependencies correctly?
<lukehasnoname> No messed up write permissions on those folders?
<doug_> luke:  I appreciate the help.  It's just wierd and frustrating that installing the packages leaves it in a state without the config files and unstartable.  :-)
<jkakar> I'm just reviewing the UEC setup instructions and wondering, is it possible to setup an all-in-one cluster controller and node on the same machine?
<jkakar> I just want to play with UEC, but I only have a single machine.
<doug_> I gotta run for now.  Thanks for the help and I'll be back later.
<lukehasnoname> doug_: later. jkakar: I don't know. I would think so, however, I would think it'd be beneficial to have at least two computers to play with for UEC
<jkakar> lukehasnoname: Yeah, it probably would.
<jkakar> I'm just wondering if things like network discovery of nodes will work if the node is on the same machine as the controller.
<m8> Hi, I can install vnc4server witouth xorg?
<_ruben> m8: so you want to vnc into text-only machine?
<_ruben> ssh seems way more suited for that
<m8> __ruben: yes
<m8> but a want a virtual desktop for some apps...
<m8> *i want
<_ruben> err, what would a vnc session to a text-only machine offer more than a ssh terminal window?
<m8> i want to run a Xfce virtual desktop accessibile whit vnc.... if there are alternatives... tell me!
<m8> __ruben.... offer to run some apps.. i need
<m8> :o
<_ruben> so you want to run xfce on a machine without X, im not sure i understand what you're trying achieve
<m8> xfce on virtual desktop
<_ruben> define "virtual desktop"
<m8> an istance of X
<m8> in a headless pc
<m8> :o
<_ruben> X on a headless pc? .. that doesnt make sense at all .. tho perhaps this is what you want: machine A (a desktop) has X running, machine B (a server) is text only, you want to run graphical apps on B, but use the screen of A .. ?
<m8> ....
<m8> i want to run a Virtual Desktop(an instance of vnc4server)
<kane_> m8: that's actually an x/y problem :) the solution to your real problem is running the vnc4server... what's the underlying problem? ie, what will you use the vnc4server for exactly?
<_ruben> exactly what im trying to find out, but am failing so to do so
 * _ruben moves on
<m8> kane_ :)
<m8> for run X apps on a headless pc :D
<kane_> m8: so you dont want to attach a monitor to the device. That still means you need X to run the graphical environment though.
<m8> ok
<m8> and I need xorg, right?
<kane_> m8: i think the vnc4server package already depends on the libraries you need.
<m8> ok :)
<m8> and i need to install a desktop manager
<m8> like Xfce4
<m8> it's right ?
<kane_> m8: the ubuntu forums actually have a thread about this here: http://ubuntuforums.org/showthread.php?t=690895
<zul> ttx: what would the Vcs-Bzr: line in the debian/control be now that apache2 is apart of the distributed development thing
<m8> wow
<m8> :D
<kane_> m8: yeah, you'll want a windowmanager -- you're basically setting up a 'normal' machine, except you're using your other pc as the screen
<ttx> zul: what does it currently say ?
<zul> there isnt one there is the svn one for debian
<m8> ok :)
<ttx> zul: I don't think you need to update it for DistributedDevelopment
<zul> I was just going to add Vcs-Bzr: https://code.launchpad.net/ubuntu/+source/apache2
<zul> meh I can always fix it later
<ttx> zul: it superfluous since in the end they will all be
<zul> true
<ttx> zul: but that's not incorrect ;)
<zul> ttx: thanks
<jcastro> kirkland, can you ask anthony to subscribe to "community-lucid-launchpad-upstream-improvements" and mark himself as essential, thus forcing it to be scheduled on a day he'll be there?
<jcastro> kirkland, I've got a solution to the patch thing I want to pitch to the lp team
<jcastro> having real upstreams there nodding profusedly would be sweet
<kirkland> jcastro: pasted your request to aliguori in #ubuntu-virt
<jcastro> kirkland, if there's any blueprint he feels he needs to be at making himself as essential will force the system to schedule it on those days
<kirkland> jcastro: cool
<uvirtbot> New bug: #476831 in samba (main) "package samba-common 2:3.4.0-3ubuntu5 failed to install/upgrade: subprocesso instalado o programa post-installation retornou erro do status de sa?da 1" [Undecided,New] https://launchpad.net/bugs/476831
<wwp> hello i have got troubles installing xen on x86_64 karmic (alternative / server kernel) - the problem is that i cannot boot using the xen kernel and grub (grub-pc) does not offer any options on boot
<wwp> and i'm new to grub2 - missing the menu.lst -.-
<jcastro> kirkland, let's hallway discuss your kvm testing thing at UDS
<jcastro> I've wanted something like that for a long time
<jcastro> except I envisioned it right in the GUI for virt-manager
<jcastro> New->Ubuntu->Blah 7.10
<jcastro> or whatever
<wwp> no ideas so far?
<pmatulis> anyone here use sbuild?
<zzz20092> ? what the hell is going on with amavisd setup, the config is scattered over hells half acre!!
<ScottK> zzz20092: Standard for the package we get from Debian.
<ScottK> zzz20092: It's actually a lot saner than it first appears.
<ScottK> Make your changes in (IIRC) 50-user and it over-rides anything in the earlier config files.  That way your changes never get over-ridden on upgrade.
<android6011> during the install hwo can I completely format all the disks including existing grub to mbr installs. Also, how can I pick which disk to install grub to
<zzz20092> ScottK: I tried putting my stuff in the 50-user, didn't do what i wanted it kept quarantining stuff rather than just discarding junk.
<zzz20092> ScottK: I have a similar problem with the postfix setup, I have 4 log files (mail.err, mail.info, mail.log, mail.warn) all contain the same info, but I cannot find out where to turn the them off.
<ScottK> zzz20092: Then it's an issue with what you are putting in the file, not which file you are putting them in.
<ScottK> zzz20092: For postfix, .err and .warn have subsets of .log
<ScottK> So they aren't the same.
<zzz20092> ScottK: the subsets contain the same info as the log, why bother just takes up space and confuses the issue.
<ScottK> Well if you are looking for just serious stuff, looking in .error or .warn is useful.
<ScottK> .error should be empty all the time anyway
<android6011> for data partitions what is a good filesystem.
<android6011> they will be doing a lot of network transfers
<android6011> and not losing data is very important even though I am doing backups
<zzz20092> ScottK: As a retired engineer I strongly believe in the KISS principal, and what I am seeing does not follow it.
<ScottK> zzz20092: Personally I think .info and .log is overkill, but I sometimes find a separate .warn/.error useful for troubleshooting.
<ScottK> Normally I only look at/grep .log
<ScottK> android6011: ext3 then.
<zzz20092> ScottK: ditto
<android6011> ScottK: why do you say ext3
<ScottK> Because it's the most reliable/supported in the kernel today.
<ScottK> ResierFS is essentially unmaintained and has been for years.  Ext4 still has open data loss bugs.
<ScottK> Ext2 isn't journaled.
<ScottK> Anything newer is just crack if you care about your data
<android6011> so no xfs or jfs?
<zzz20092> android6011: ext3 is probably the best for general use, but you haven't told use much about your data
<android6011> zzz20092: like what
<android6011> there are a lot of large video files etc I edit
<ScottK> android6011: I don't know enough about them to have confidence.
<zzz20092> androd6011: i'd stick to ext3, xfs/jfs might be an option if you were storing lots of small files as they have sub-block allocation.
<android6011> zzz20092: I do have a lot of small files too. I do web design on the side so I have tons of web projects stored at any given time
<zzz20092> android6011: how much Linux experience do you have?
<android6011> zzz20092: quite a bit
<zzz20092> android6011: then you could try setting up 1 partition with ext3 and another with xfs, mount the as video and web_dev and use appropriately, on the other hand you could just use ext3 for everything and save yourself some trouble.
<uvirtbot> New bug: #476935 in squid (main) "Massively parallel builds make for very unhappy buildds" [Undecided,New] https://launchpad.net/bugs/476935
<android6011> ok
<android6011> also, how can I spin down a hard drive after being idle for say 1 hour. And is smart enabled by default, if so where is the info logged? if not how do i enable it
<genii> !info smartmontools
<ubottu> smartmontools (source: smartmontools): control and monitor storage systems using S.M.A.R.T.. In component main, is optional. Version 5.38-3ubuntu2 (karmic), package size 323 kB, installed size 804 kB
<zzz20092> android6011: if memory serves smart is usually set in bios setup, you could also take a look smartmontools
<jmedina> zzz20092: you can enable SMART using command line toos
<zzz20092> jmedina: Ok, I just took a quick look at smartmontools and gsmat.... not particularly useful I<HO
<zzz20092> I<HO -> IMHO
<lamont> kirkland: thoughts on bug 445456? - heard a rumor you might have thoughts on it.
<uvirtbot> Launchpad bug 445456 in linux "kvm hangs booting windows XP Pro SP2 or later, since at least 2.6.28-15" [High,Triaged] https://launchpad.net/bugs/445456
<helfire__> i have a 8.04.3 LTS server, about every 2 weeks the load from apache goes through the roof and i have to do a forced restart. Any ideas why this happens?
<smackdad1y> .
<dfdfsd> l
<jmedina> helfire__: hard to guess without evidence, you need to look at your apache logs en syslog for related messages
<jmedina> probably a bad code application or a attack
<helfire__> jmedina: the weird thing is i dont see anything out of line in the logs, and it seams to be every 2 weeks to the day
<helfire__> but i'm going to browse through them again since it happened again today
<helfire__> my load always hovers around .20 even though nothing is running (atleast not shown in top or htop)
<kane_> helfire__: can you see wehre the load is coming from at least? cpu, disk, network?
<helfire__> kane_: not really. maybe i'm not looking with the right tool
<helfire__> in syslog i'm seeing alot of spam mail getting rejected from www-data@myserver.com, kind of odd
<jmedina> :)
<kane_> *from* the apache user?
<helfire__> ya
<jmedina> they are spmming trhgouth a web form or something?
<kane_> .. is your apache sending mail to you?
<helfire__> no, well i dont have it configured to
<helfire__> atleast not a box that's real
<helfire__> lots of postfix warnings: warning: SASL authentication failure: cannot connect to saslauthd server: Permission denied
<kane_> seems worthwhile to chase that down
<helfire__> hmmm, i may have my postfix configured badly...
<kane_> btw, htop should be good enough to show you what processees are causing the load and why
<helfire__> right before my forced reboot i have cron doing some mrtg stuff, and freshclam downloading new definitions
<helfire__> i am just shutting down my mail server as i dont use em :)
<helfire__> so i have cought about 100 apache2 proc's running before this happened, was too slow to get them with a kilall
<kane_> that's a lot of processes -- is that by design?
<helfire__> no
<helfire__> not sure how that many got spawned
<kane_> that's probably a good sign of resource exhaustion -- check the state of those... possibly they're zombies
<helfire__> [Fri Nov 06 03:00:28 2009] [error] server reached MaxClients setting, consider raising the MaxClients setting
<helfire__> that was near the lock up
<helfire__> looks like a bot trying to attack and find something
<helfire__> lots of weird requests and bad headers
<kane_> firewall hoooooo!
<helfire__> haha
<helfire__> lots of ip's too
<helfire__> :/
<helfire__> might have to change sshd to run on a different port too... noticing alot there
<helfire__> grep "an unknown filter was not added: PHP" apache2/error.log -c
<helfire__> 48916
<helfire__> hmm should take care of that :)
<helfire__> this sever has "just worked" since 06, needs some TLC
<zzz20092> ttt
<smackdaddy> how can i assign individual hostnames to each of my network cards
<lamont> smackdaddy: in what sense?
<lamont> as in, within what app?
<smackdaddy> well.. say a user connects via ssh to domain1.com it will show user@domain1.com...
<smackdaddy> on the console
<smackdaddy> and different fr each ip...
<helfire__> can i start up a backup sshd server incase changing ports on my default one messes up
#ubuntu-server 2009-11-07
<huuanito> hello, trouble installing RAID 1 on server 9.20, partition setting: 'use as physical volume for raid', when try to change bootable flag to 'on' just comes back to off. any ideas?
<ntwrkadm4r90> Anyone know of any problems with virt-manager not booting vms on system startup ubuntu 9.10?
<huuanito> is there some good reason why for RAID 1 the bootable flag can't be set to 'on' with partition setting 'use as physical volume for raid' when installing server 9.20 64 bit? apparently used to work on pre 9 versions. Is my only hope to install on a single disk then migrate to RAID 1?
<uvirtbot> New bug: #477062 in openldap (main) "package slapd 2.4.18-0ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [Undecided,Invalid] https://launchpad.net/bugs/477062
<norrec> is there a way to check the status of a hardware raid on ubuntu server? the hw raid is a raid 1 on a nvidia raid controller
<helfire__> i remember reading about doing a command line upgrade, you could start a backup sshd server, but i cant find how to do it
<spartan07> is it suposed to show 1 cpu for htop on a quad core?
<spartan07> im running ubuntu server lts
<helfire__> do you have the SMP kernel?
<spartan07> I just installed the one provided on ubuntu server for the 64 bit lts version
<helfire__> type uname -a
<spartan07> I installed the regular lts desktop and was going to add the packages i needed but the desktop kept freezing on me
<spartan07> 2.6.24-24-server #1 SMP
<spartan07> brb 1 sec
<smackd> .
<uvirtbot> New bug: #477118 in dbconfig-common (universe) "package dbconfig-common (not installed) failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/477118
<ScottK> Any Hardy or Dapper clamav users around?
<ScottK> I've got an updated version I need tested.
<dpreacher> how do I add a secondary gateway ip/remote address to a racoon tunnel such that it acts as a failover?
<Xpistos> can someone help me mount an SFS drive?
<jmarsden> Xpistos: Are you sure it is really truly definitely an SFS filesystem, not just a corrupted NTFS filesystem?
<Xpistos> jmarsden: It was an NTFS now it says SFS
<jmarsden> mount it as NTFS.
<jmarsden> It says SFS because Windows broke it slightly... it is not really SFS.
<Xpistos> let me try it
<Xpistos> jmarsden: let me ask this before. I want to have different users access the shares both windows and linux, should I make a different group for each user or just the user themselves
<jmarsden> I'm not sure I understand the question... or how it has anything to do with mounting a filesystem... ?
<Xpistos> jmarsden: Sorry, I am little distracted, my kids are acting up right now
<jmarsden> No problem.  Mount the filesystem so we know that issue is resolved.  Then ask the second question separately, to the channel, when you want to work on that, and see who can help with it.
<Xpistos> jmarsden: I am settting up my first server and I am little newbish
<jmarsden> Xpistos: That's not a problem.  I do recommend asking and working on just one question at a time, though :)
<Xpistos> jmarsden: Seriously
<Xpistos> jmarsden: My default user does not have any directories in the home folder. Is that normal?
<jmarsden> Xpistos: ls -la ~     # shows you nothing?
<Xpistos> all it says is total 0
<Xpistos> jmarsden: I am ssh in to the server right now
<Xpistos> jmarsden: I even signed into the server to make sure
<jmarsden> Xpistos: OK.  That's not necessarily bad, but I'm not sure it is "normal" either.  But this is now a third issue... returning to your first question: did the mount of the NTFS filesystem work?
<Xpistos> jmarsden: I didn't do it yet. I am not sure how to do it outside of fstab
<jmarsden> Xpistos: well, if you want, do it in fstab and then do sudo mount -a
<jmarsden> Xpistos: But this suggests to me you may want to learn a bit more about filesystems and mount before running a server?
<Xpistos> jmarsden: is it mount /dev/sdc1 /mount_point ntfs
<jmarsden> Xpistos: No, man mount for the specifics of mount options.
<Xpistos> jmarsden: it worked
<Xpistos> the fstab I mean
<jmarsden> Good :)
<Xpistos> jmarsden: Okay, no I need to make some samba shares for my wife's windows box and my ubuntu laptop
<Xpistos> jmarsden: so should I create both use groups and users or just users
<Xpistos> jmarsden: in otherwords, create a user for her and me in our own groups or just the user accounts
<jmarsden> I'd keep it simple if there are only two users -- just create a user for her, since you already have one for yourself.
<Xpistos> jmarsden: thank you for your help
<jmarsden> Xpistos: No problem.
<uvirtbot> New bug: #403775 in krb5 (main) "passwd fails when kerberos server points to an IPv6 host" [Undecided,New] https://launchpad.net/bugs/403775
<norrec> is there a way to check the status of a hardware raid on ubuntu server? the hw raid is a raid 1 on a nvidia raid controller
<jmarsden> norrec: That is usually controller-dependent.  nVidia doesn't make real RAID controllers, AFAIK, so the one you have is probably some sort of fakeraid?  See http://wiki.debian.org/LinuxRaidForAdmins for some info on real RAID controllers and where to find status on them.
<jmarsden> norrec: Also see https://help.ubuntu.com/community/FakeRaidHowto for more on fakeraid if that is what you really have.
<norrec> how do u tell the difference between a real raid and a fakeraid
<jmarsden> norrec: Did you read the howto?  Better yet, real hardware RAID costs real money -- how much did you pay for the RAID controller?
<norrec> jmarsden, hm well considering that it is just some crappy desktop mb i would have to say ive just answered my own question
<jmarsden> Yes, I'd say so :)
<norrec> jmarsden, so is it preferable to go with a linux software raid over the fakeraid, the howto on the fakeraid hinted that it might be but it didnt really seem to say
<jmarsden> norrec: On a machine that only runs Linux, yes, just use software RAID, it is easier and gets just as good performance on modern hardware.
<jmarsden> The only real reason for Linux fakeraid (in my opionion) is if you dual boot to Windows and already set up fakeraid and installed WIndows, and now you want to add Linux to the same set of disks...
<norrec> jmarsden, can i configure it after install, because one of my drives is dead, and it decided to do it upon an upgrade
<norrec> so i'll only have one disk for the install =/
<jmarsden> norrec: You can, but doing so is more complex for a newcomer than setting it up using the installer.  You can always wait a day and buy a new drive tomorrow... right?
<norrec> jmarsden, the drive is under warranty so i'm gonna rma it
<jmarsden> It's your choice how to proceed... if you can back up whatever you do with the server while it is on a single drive, perhaps to another machine or to an external USB drive or whatever you use for your server backups, then I'd say go ahead and install on one drive for now.
<norrec> jmarsden, when i put in the new drive, would i want to use something like this "mdadm --create /dev/md0 --level=mirror --raid-devices=2 /dev/sdc1 /dev/sde1" do build a new mirror partition?
<jmarsden> You'd want to read the documentation very carefully so you don't wipe your existing single drive partition... the time for the specifics is when you have both drives, not now.
<norrec> but theres nothing special that i need to do with the install right now, do i?
<norrec> jmarsden, i'm just trying to avoid having to reinstall again in a week
<jmarsden> No, you really can't set up RAID now, you only have one drive.  I'd do exactly that -- use the week for experimenting and getting to know Ubuntu Server, write down what you learn, and then redo the server install using your written notes when you have the two drives.  But it's your choice to try and convert from a single drive install to RAID1 if you want to attempt that.
<norrec> jmarsden, yeah, this isnt my first experience with ubuntu server, i installed this a couple years back and havent really touched it since
<norrec> jmarsden, the drive just happened to die when i was doing updates and now i cant boot to the system
<jmarsden> Hmmm, so much for the usefulness of your RAID controller...!
<norrec> jmarsden, and on top of that i have to find a way of installing and not the data, cause i didnt seperate the partitions for the system and the data
<norrec> jmarsden, yeah tell me about it
<jmarsden> So where are your backups?  On another machine?
<norrec> jmarsden, well this was the file server
<jmarsden> Yes... so what did you back it up to?
<norrec> jmarsden, that was the point of the raid
<jmarsden> No, RAID is *not* a substitute for backups, not even if you have good working expensive real RAID hardware!
<jmarsden> RAID protects against downtime caused by loss of one hard drive.  backups protect against all kinds of user mistakes including accidentally deleting files, etc.
<jmarsden> Those are fundamentally different things you are trying to protect against there...
<jmarsden> Maybe you should buy a new hard disk tomorrow, then when the RMAed one arrives buy a USB external case for it and make that your backup drive?
<norrec> jmarsden, *shrug* the data on there isnt super critical, i would just prefer to have it than not have it
<norrec> jmarsden, if it had been a production server i would have been more cautious, i would have actually payed for a raid controller
<norrec> and had a backup
<norrec> jmarsden, so what do u think of the 9.10 server edition, i know its not the lts...
<jmarsden> If you decide to install to a single drive and convert it later, look at https://alioth.debian.org/projects/rootraiddoc/ and download the rootraiddoc file and read it.
<jmarsden> I've not used 9.10 except for testing in virtual machines, it is too new for real server use at this point.  I haven't even converted my desktop to 9.10, never mind any servers :)
<norrec> lol, i'm using it on my gf's laptop, and it has a couple bugs still, but i like it better than 8.10, mostly because the gfx chipset actually works
<norrec> 9.04 had the bug with the intel gfx chipsets
<norrec> and a couple other problems, had to go back to 8.10 lol
<norrec> but i kinda wanted to use 9.10 for ext4 lol
<jmarsden> For home use if you can deal with the inevitable new bugs in a new release, that's fine, go for it.  For real servers... not yet!
<norrec> jmarsden, i'll be using the lts version on real servers till the next lts version is released lol
<jmarsden> Sounds fine to me.
<norrec> this is my play machine =p
<norrec> jmarsden, hey does fsck verify the integrity of the files?
<jmarsden> No, it can't tell whether the content of the file is valid, only that the structure of the filesystem (including length of files, are all blocks/extents of the file there, etc).
<norrec> is there a program to verify the integrity of the data within the filesystem?
<jmarsden> To verify file integrity you would compare with a backup, or failing that use a checksum based tool like tripwire or aide
<norrec> jmarsden, alright, thanks for the help
<jmarsden> But of course for all of those you need to have prepared in advance of needing the checks...  sure, no problem.
<norrec> yeah, i figured, doesnt really help to verify 2 checksums generated at the same time lol
<xander787> i have a system thats running ubuntu server 9.04. I also have gnome installed on it for a gui. the other day i upgraded to 9.1 karmic koala and everything on the system was working fine, but then i had to restart it and it didnt boot correctly. it would show the ubuntu logo (from gnome) and then just go to a blank screen with a cursor. and i cant type anything or get to a terminal using alt-ctl-f* or anything. and even when i boot
<jmarsden> xander787: (1) If you installed Gnome, your machine is not really a normal Ubuntu server any more, it is now a sort of hybrid desktop/server.  Ask in #ubuntu for help with GUI related stuff.  (2) When Ubuntu systems do not boot as you wish, boot into a recovery console and use that to see what is going on and fix the system up.  (3) If you can't get into a recovery console, boot from a Ubuntu liveCD and use that to f
<jmarsden> ix the real system.  (4) if that fails, use a special purpose system recovery tool such as SystemRescueCD.
<xander787> yea i tried booting into the recovery mode, but even then it didn't work, it just paused after a certain point then when i left it and came back i came back to a black screen...
<jmarsden> xander787: (5) the Karmic release is 9.10 (The tenth month of the year 2009), so 9.10, not 9.1
<jmarsden> xander787: OK, so boot from a CD and use that to recover your machine.
<xander787> o sorrryyyy.....
<xander787> and when i boot from the 9.04 CD should i select the recover broken system selection or is there something special i should do to try to fix my problem?
<jmarsden> Up to you; I tend to open a shell and poke at the disk subsystem with fdisk -l and then check filesystems and then chroot into the "real" system and look around, but I'm not sure how to specifically fix your issue.
<jmarsden> Not booting into the recovery console is pretty unusual.  Knowing what the "certain point" was might help a little with that.
<xander787> thts a good point, i'm gonna try to find that...because its after a certain line being printed that it just freezes and i dont know why
 * jmarsden wanders off to get some sleep...
<xander787> yea my point of failure is when it prints out attached scsi disk /newline/ attached scsi generic sg4 type 0, after that it just freezes and goes no further
<xander787> [23:45]    xander787: i'm running sort of a hybrid installation using ubuntu 9.04 with gnome installed for a gui. I recently upgraded to 9.10 and everything on the system was fine until i had to restart it today and now it won't boot properly. the ubuntu logo shows up (for gnome) but after that it takes me to a blank screen with a cursor and i cant type anything or get to a terminal using alt-ctl-f* or anything. and i also cant bo
<uvirtbot> New bug: #477257 in openldap (main) "package slapd 2.4.18-0ubuntu1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/477257
<googa> what is the difference between system user and just user
<qman__> googa, 'system user' generally refers to users that are stored in /etc/passwd and /etc/shadow, as in users on the local system
<qman__> whereas 'user' can refer to any users, on the system or otherwise
<googa> what is the benefit of creating groups for users
<qman__> groups allow you to define permissions for multiple users at once
<qman__> every user must belong to at least one group, and have a primary group
<qman__> by default, ubuntu creates a group for each new user
<qman__> on a small scale (a few users) this is a good setup, but on a large scale that's unmanageable and users should actually be grouped together
<guntbert> qman__: you can create additional groups and add user to them, each user can be a member of many groups
<macrocosm> Anyone here using Amazon EC2 &/or the Canonical Cloud Support service?
<macrocosm> I am curious as to what others think about it ... as I am considering taking the leap into both.
<macrocosm> no opinions?  Im contacting canonical now but figured an end user might be have interesting thoughts to share?
<erichammond> macrocosm: Do you have specific questions about running Ubuntu on EC2?
<macrocosm> Well not per se .. I was mostly wondering if I should go with canonical or amazon support to get started .. were looking to move all our web infrastructure to the cloud to start, but will begin building our private cloud next year.    I figure it may be best to go with the canonical support as we will further leverage ubuntu in the future, but im torn about who is going to be the best help...
<macrocosm> ...in getting started. Whats your opinion?
<macrocosm> I guess I may have one related question about ubuntu/ec2 Do you even require a physical server to do this?  Or can everything be virtual in EC2, it wasn't apparent in the ubuntu cloud documentation iv read so far.
<erichammond> Amazon manages the hardware infrastructure for you.  You'll need some sort of computer to kick things off (e.g., browser, command line).
<erichammond> It's similar to leasing dedicated servers from an old school hosting provider, but you can pay by the hour (with a lot more benefits).
<macrocosm> So im guessing that could be a potential bottle neck or does ec2 really take the brunt of the load?  Does that main computer need to scale as much as the cloud?
<erichammond> Your computer is not used by EC2.  You use your computer to tell EC2 to start systems, etc.
<erichammond> Once it's running, you can turn your computer off.
<macrocosm> ahh .. so like a remote
<macrocosm> ok .. that makes a good sense.
<erichammond> My company runs everything on EC2.  The only other hardware we have is laptops.
<macrocosm> sweet ... do you use canonical support?
<macrocosm> has the ec2 costing seemed decent to you?  The calculators make it seem cheap but you know how advertising can be! lol
<erichammond> macrocosm: not exactly. I kind of support Canonical :-)
<erichammond> EC2 can be cheaper than some options and more expensive than others.  The benefits are in the flexibility where you use what you need and pay for what you use.
<macrocosm> sounds pretty fair to me .. I just want to avoid being thrashed around on buying tons of hardware as the coming year is going see alot of growth in our infrastructure.
<macrocosm> Are you an ubuntu dev?  I just figured event the basic canonical support might come in handy for us.
<erichammond> macrocosm: It can be difficult to predict exactly what you need. Either you order and pay for more than you need, or you don't have enough in time to support the growth.  AWS/EC2 is perfect for that.
<macrocosm> Thats what Ive been thinking .. seems like the best solution for us now as we are in start-up mode and will be sometime until we have the budget for a real beast of a system in house.
<macrocosm> Thanks man ... I really appreciate your thoughts on the subject .. its helped a bunch.
<macrocosm> :)
<macrocosm> erichammond ... well im off to sign up for ec2 .. cheers!
<erichammond> Enjoy.  It can be a bit of a learning process, but there's lots of resources to help in the process.
<macrocosm> Think I may wait for the canonical cloud support until we start to build our private cloud next year.  Still may get a basic server support package for those wtf moments and all the goodies that come with it like landscape etc.
<uvirtbot> New bug: #477437 in bacula (universe) "package bacula-director-mysql 2.4.4-1ubuntu9 failed to install/upgrade: podproces installed post-installation script zwrÃ³ciÅ kod bÅÄdu 1" [Undecided,New] https://launchpad.net/bugs/477437
<martijn-nl> Does anyone has any experience with Kerberos/NFS?
<martijn-nl> I'm reading this tutorial: https://help.ubuntu.com/9.04/serverguide/C/kerberos.html
<martijn-nl> Everything is OK, until 4
<martijn-nl> When I enter 'kinit martijn/admin', it says: 'kinit(v5): Cannot contact any KDC for realm 'LAN' while getting initial credentials'
<kblin> martijn-nl: you need to set up either DNS or /etc/krb5.conf, it seems
<martijn-nl> Hi kblin, thanks for your reply
<martijn-nl> Here's my krb5.conf: http://pastebin.com/f52682c37
<martijn-nl> I don't think there is anything wrong with it..
<uvirtbot> New bug: #477315 in krb5 (main) "root-system-rootd has missing dependencies (dup-of: 462059)" [Undecided,New] https://launchpad.net/bugs/477315
<kblin> martijn-nl: can you resolve "poetie" ?
<kblin> martijn-nl: also, how about deleting all the stuf you don't need? :)
<martijn-nl> 'ping poetie' works as expected, if that's what you mean
<martijn-nl> Haha, I'll do it right now
<martijn-nl> ;)
<kblin> is poetie the full host name?
<martijn-nl> hostname -f --> poetie.lan
<kblin> try putting that into the krb5.conf
<kblin> and then set up the domain_realm part
<martijn-nl> I'm not sure what to put there..
<martijn-nl> Sorry :$
<martijn-nl> I've change poetie to poetie.lan
<martijn-nl> It's now:
<martijn-nl> [domain_realm]
<martijn-nl>         .poetie.lan = LAN
<martijn-nl>         poetie.lan = LAN
<martijn-nl>         .lan = LAN
<martijn-nl>         lan = LAN
<martijn-nl> So I *think* it should map correctly
<kblin> http://pastebin.com/m23dfb5be <-- this is my krb5.conf
<martijn-nl> OK, I'll try some options
<martijn-nl> http://pastebin.com/m12d7fae4 <-- Current config
<martijn-nl> netstat says something is listening on port 749
<kblin> is the kdsc running?
<martijn-nl> Can't find anything..
<martijn-nl> How to check?
<kblin> er kdc, sorry
<kblin> you should see something listening on port 88
<martijn-nl> root      5673  0.0  0.1   3176   544 ?        Ss   16:17   0:00 /usr/sbin/krb5kdc -4none
<martijn-nl> udp        0      0 192.168.178.20:88       0.0.0.0:*  <-- netstat
<kblin> looks good
<martijn-nl> :)
<kblin> and kinit is still giving the same error message?
<martijn-nl> martijn@poetie:~$ kinit martijn/admin@LAN
<martijn-nl> kinit(v5): Cannot contact any KDC for realm 'LAN' while getting initial credentials
<kblin> hmm
<kblin> this is mit kerberos?
<martijn-nl> AFAIK, yes
<martijn-nl> I've installed the package krb5-kdc
<martijn-nl> So it should me MIT
<martijn-nl> *be
<kblin> hm, that should work then
<kblin> it's been a while
<kblin> I don't currently have access to a box with a working kerberos client side set-up
<martijn-nl> Me neither ;)
<martijn-nl> Unfortunately..
<martijn-nl> Any other ideas?
<martijn-nl> Hmm
<martijn-nl> On another computer (so not on the server) I've tried to connect to it and it gives another error:
<martijn-nl> kinit: Client not found in Kerberos database while getting initial credentials
<martijn-nl> Is this a step forward or a step back? :P
<kblin> sounds like the kdc is working :)
<kblin> your hostname lookup is broken then
<martijn-nl> Oh
<martijn-nl> Oh well, I don't see why I should connect from the server to the server anyway
<martijn-nl> So, as long as it works on the clients I'm happy..
<martijn-nl> http://pastebin.com/m1c083f2f <-- I've added myself, but it still says I'm not in the database..
<kblin> sorry, I don't have my kerberos book in reach, I'm kind of stuck there myself
<martijn-nl> Ok, thanks for your help anyway!
<kblin> most of my recent kerberos work has been against active directory, I seem to be a bit rusty on plain kerberos
 * Liberty76 is still building a server, but wonders, what can I do with this server built for his home network
<crohakon> Why build a server if you have no need for it?
<Liberty76> I plan on using it to do some web development and back up some files, but I wonder about some more fun or exciting things to do with it
<Liberty76> Mostly building it to learn something
<crohakon> Liberty76, I respect that. That is actually why I have one running in my basement currently.
<crohakon> Stream media?
<Liberty76> the hardware is actually pretty much the same as my console .. so its recyclable
<crohakon> Send out mass mail and become the next spam king?
<Liberty76> I don't know if if my video can handle video streaming ..
<Liberty76> its a atom duo .. with with svideo
<Liberty76> would love to be able to feed my ruku box
<Liberty76> Roku
<crohakon> *shudders*
<Liberty76> its a "budget" system.
<crohakon> The linux based netflix player... yet for some reason they don't have linux compatibility for their "watch it now" service. F*ck microsoft and its drm stacks. =(
<crohakon> Yeah, I don't know what else you could do with it aside from the normal LAMP, FTP, and SSH
<crohakon> Maybe do your own DNS?
<Liberty76> I just trying to think of some fun things to do with it while I wait for my harddrive
<Liberty76> lamp will let my mount remotely?
<Liberty76> let me mount
<crohakon> LAMP = Linux, Apache2, MySql, PHP (or perl, or python)
<crohakon> LAMP = Web Server
<Liberty76> SAMBA is what does fileserver/print server
<Liberty76> ?
<crohakon> SAMBA and CUPs for printers
<crohakon> yes
<crohakon> SAMBA allows you to do windows file shares.
<crohakon> NFS <--  look into this if all your computers are linux
<Liberty76> I will probably load movies in server to watch from desktops
<crohakon> That was kind of what I meant by streaming media =)
<Liberty76> 1 linux desk 1 windows desk 2 winlaptops
<crohakon> ahh, so SAMBA might be the way to go...
<crohakon> How many different types of windows?
<Liberty76> I was thinking Real TV set ... but desktops are workable
<Liberty76> 3 vista 1 XP 1 karmiv
<Liberty76> karmic
<crohakon> I had issues file sharing between Vista and XP
<Liberty76> Vista is tough ..
<crohakon> I can only imagian the head aches you are in for getting XP, Vista, and Ubuntu sharing lol
<crohakon> Vista is tough?
<Liberty76> I don't know networking much either it will be a learning experiance
<crohakon> Vista is blotted
<crohakon> Don't get me wrong, I am not a die hard Microsoft hater...
<crohakon> like most linux users =)
<crohakon> But Vista was the reason I finally switched to linux 100%.
<Liberty76> Well I figure if I get it working on my Karmic machine .. the others I can work out later.. although I would really like to get cups working on everything
<crohakon> I was able to run Windows XP software in linux with wine better then I could run it in windows vista.
<crohakon> Not to mention software designed for 2000 and later.
<Liberty76> I was really amazed how easy printers install in ubuntu .. was terriblw in Vista or XP
<crohakon> Yeah, my HP printer had a hell of a time working in Vista. I had to use another printers drivers just to get basic printing with it in Vista x64
<Liberty76> iin the real world we have deal with windows, we don't have to like it :)
<crohakon> When I plugged the printer in to my Ubuntu laptop I was able to print in 2 seconds.
<crohakon> We don't have to deal with windows.
<crohakon> More and more business are moving towards linux.
<crohakon> I think the only real obstacle for most small businesses is their use of Quickbooks...
<Liberty76> I got my work place to shift to open office.. was easier than i even imagined
<crohakon> So if they are using open office why not get them to shift to an open operating system?
<Liberty76> Yes even if there was equivilent quickbooks its real hard to move
<Liberty76> Just takes time ... we will be putting some knew systems in ..
<kblin> what's quickbooks?
<Liberty76> financial software for small bussiness
<kblin> ah, rated garbage in wine, I see
<crohakon> even if it did run in wine I would be uncomfortable suggesting a business you it with wine... just because it is so relayed upon by small business. If for some reason wine got sick of it, the company would be angry. =)
<kblin> crohakon: I don't get that point. it's free software, just keep running the version that works for you
<crohakon> kblin, not talking about myself. I am talking about small business owners who rely on quickbooks. Getting them to switch to linux is difficult.
<kblin> oh well. dinnertime, bbl
<Liberty76> I find for the non geek linux is easier to support .. everything that needs back up seems to be in the home directory
<Liberty76> What sells Linux is the average user seeing compiz desktop,
<crohakon> yes...
<crohakon> Most average users care more about the eye candy then the functionality or security.
<Liberty76> whirl rth cube and see how fast an application loads ..
<crohakon> yup
 * crohakon gives the cube a spin for good measure.
<Liberty76> security don't sell to average user .. they don't understand how it relates to vri and worms
<crohakon> http://www.sql-ledger.org/ <--- this looks to have promise
<Liberty76> besides they believe buying norton is security
<crohakon> lol
<crohakon> I can't wait until the day I see Norton for Linux and start laugh my arse off.
<Liberty76> lol
<Liberty76> my only beef with ubuntu is that I find it dificult to write programs..  no standard IDEs .. make process is complicated..
<crohakon> ubuntu is not the desktop for developers. It was designed more for the "I just want a functional desktop" crowed.
<Liberty76> yup ..
<crohakon> And the Windows converts.
<crohakon> It has the eye candy and stability that windows users want.
<Liberty76> its very usable for standard apps..
<crohakon> Ubuntu has by far been the easiest distro for me to install and just enjoy without the headaches of figuring out why this and that is not working.
<crohakon> Which, is what will convert more from microsoft.
<dekoy> im trying ubuntu cloud private im on the step where you connect to the running instance via ssh  but i keep on getting no route to host
<Liberty76> I work in control industry. .I eventually want to make programs that read values and control motors and valves
<dekoy> any ideas ?
<crohakon> dekoy ports are open in the firewall(s)?
<crohakon> Liberty76, linux mint looks promising for the converts as well.
<dekoy> yep i did open port 22 according to the docs
<crohakon> Liberty76, seems to be designed to look a lot like windows and it comes with codex files installed and such.
<crohakon> is ssh running?
<crohakon> Are you connecting to the right IP?
<dekoy> crohakon connecting to the right IP
<dekoy> i use the image from the store
<crohakon> image from the store?
<dekoy> on the UEC  admin   there's a tab called store with premade images
<dekoy> i just installed used that for the instance im running
<crohakon> So you installed ubuntu server edition on a box... and you are wanting to SSH to it from a desktop?
<dekoy> nopes
<crohakon> okay..
<dekoy> I have a cloud controller and a cloud node using the ubuntu 9.10 installer
<crohakon> ahhh
<crohakon> Not sure I can help you, never used that software before.
<dekoy> okay thanks :)
<dekoy> not muc help on the logs too on the node or the controller
<crohakon> Liberty76, ----> http://en.wikipedia.org/wiki/SETI@home <---- for your server =)
<Liberty76> I haven't run seti in year .. a good idea.
<crohakon> or http://en.wikipedia.org/wiki/Folding@home
<crohakon> or http://en.wikipedia.org/wiki/Rosetta@home
<vraa> there is boinc too
<Liberty76> trying to figure out how to run them on a textbased terminal scvreen
<vraa> F@H ? or boinc ?
<vraa> F@H is relatively easy i've done it before, but boinc i havent tried
<Liberty76> is there instructions?
<vraa> http://fahwiki.net/index.php/Running_the_FAH_client_on_Linux
<vraa> also http://ubuntuforums.org/showthread.php?t=12071
<vraa> and i believe there diff versions/clients available depending on cpu and gpu type http://folding.stanford.edu/English/Download
<Liberty76> thanks
<vraa> np, after some headache with F@H i moved to boinc, but i use gui to install boinc manager and then set it up with a project manager, then use the online project manager to control which projects i run
<Liberty76> I was thinking about running it on my server once I get it it running
<Liberty76> server won't have a gui
<Basso> Hello
<Liberty76> basso: hi
<Basso> How do i change the apache port to 8080?, port 80 is blocked so outsiders cant reach it
<KurtKraut> Basso, if your por t 80 is blocked you're probably running a web server in a residential broadband conection. For such enviroment, I suggest you to try out other webservers, like lighttpd, nginx, fnord etc. They're lighter and easier to configure than apache.
<Basso> the server is on university fiber, but on a crappy vlan at the moment
<dekoy> basso changed either httpd.conf or apache2.conf in /etc/apache2  change Listen to another port
<Basso> seems i have changed to port to 8888
<Basso> but it seems to have problems finding the stuff inside the www folder
<Basso> nah it seems to have major problems finding index.html
<Basso> does it look in another folder or somthing?
<crohakon> its ports.conf
<crohakon> /etc/apache/ports.conf
<crohakon> KurtKraut, I run apache2 on a residential line for the sole purpose of learning how to use it.
<crohakon> Basso, are your permissions set correctly?
<KurtKraut> crohakon, I tend to avoid too much traditional projects like Apache, Squid etc. There are truly fascinating new projects like lighttpd, nginx, Polipo etc. They started from scratch with new ideas (and of course, new bugs :P)
<crohakon> in other words... does the apache account have permisson to access your www folder?
<Basso> i found out, had to change the namevirtualhost to the port also
<crohakon> KurtKraut, I am sure down the road I will check those out, but knowing how to configure and use apache2 is a useful skill.
<KurtKraut> crohakon, I'm sure it is. I don't like when people and documentation states that this is a 'needed skill' or 'the only way to do the job'.
<crohakon> KurtKraut, oh, I understand that 100%. But for someone like me that is new to linux servers learning the core applications first helps. Most hosting companies out there use apache(2).
<crohakon> Learning the LAMP configuration and then moving on from there.
<crohakon> Exploring alternatives.
<KurtKraut> crohakon, that seems a good approach
<crohakon> LAMP configurations are highly documented. So while they may be more confusing to someone just starting out there is more help available.
<unique> can anyone tell me why is it that courier-imap is not picking up my mail? i login via telnet and i type select INBOX.. and it tells me * 0 EXISTS and * 0 RECENT
<unique> but when i type "mail" in the shell i do see my emails..
<tsrk> Where do the vmbuilder template files get their variables (like $bridge) from?
<Strogg_> hello, is ubuntu supporting a groupware ?
<noobuntu> i got this message after I edited /etc/network/interfaces ::: postconf: fatal: open /etc/postfix/main.cf: No such file or directory
<lamont> did you configure postfix?
<noobuntu> i don't think so, this is first time I deal with ubuntu server (this is for home network)
<noobuntu> what I actually need is a LAMP for drupal CMS sites
<noobuntu> and following a tutorial on the web i run into this problem
<noobuntu> here is what I entered into interfaces (I changed IP values to my own, accordingly) http://www.howtoforge.com/perfect-server-ubuntu-9.10-ispconfig-3-p3
<noobuntu> after networking restart, i got this postfix message
<ScottK> noobuntu: sudo dpkg-reconfigure postfix and pick some option other than don't configure it.
<jmarsden> noobuntu: Setting up ispconfig for home use seems a somewhat odd choice... ispconfig => intended for use as a small ISP... ?
<noobuntu> locate main.cf tells that I have one instance of this file in /usr/lib/postfix
<lamont> dpkg-reconfigure -phigh postfix
<noobuntu> jmarsden: i work at home
<jmarsden> Either "this is first time I deal with ubuntu server (this is for home network)" was correct, or it was not.  If you just need a LAMP server plus drupal, forget the long and complex and unofficial HOWTO .  Instead, install a LAMP server (sudo tasksel install lamp-server) and then add drupal to it.
<noobuntu> jmarsden: well, I already have installed LAMP, but I want to be able to send mail from Drupal (i.e. to test automatic messages). Do I need to setup postfix to be able to do that?
<jmarsden> Yes, but a quick    sudo dpkg-reconfigure postfix    should take care of that.
<jmarsden> If you chose well during the initial install even that is not required.
<noobuntu> jmarsden: what to choose from choises: internet, internet with smarthost or satellite?
<noobuntu> choices*
<jmarsden> Which one matches your circumstances?  Pick that one.
<unique> anybody here knows what do i need to have in sendmail to have procmail going?
<jmarsden> Probably internet with smarthost, but I'm guessing.
<justanothercoder> i am trying to launch an amazon ec2 instance . i need a lamp install, i found the 9.1 karmic koala ec2 image and started an instance, but for some reason it seems quite different . i don't get options when i do sudo tasksel --section server.
<justanothercoder> it just says cloud instance and something else, how do i install lamp packages here?
<jmarsden> justanothercoder: man tasksel.  I do not think --section is a documented option to tasksel.
<justanothercoder> jmarsden : it is, thats what it normally says when you start ubuntu server
<justanothercoder> At the moment, only the core of the system is installed. To tune the
<justanothercoder> system to your needs, you can choose to install one or more
<justanothercoder> predefined collections of software by running the following
<justanothercoder> command:
<justanothercoder>                                                                      
<justanothercoder>    sudo tasksel --section server
<jmarsden> justanothercoder: man tasksel and tell me if you see --section in the list of options there.
<jmarsden> At least on my machine, it is not there, and hence is undocumented.
<jmarsden> justanothercoder: Did you try doing    sudo tasksel install lamp-server
<justanothercoder> jmarsden : um it shows when you install ubuntu server, in fact i even get a popup screen with all the options
<jmarsden> justanothercoder: If it is not in the man page it is undocumented.
<justanothercoder> but its a canonical image, and says it during bootup?
<jmarsden> Try   sudo tasksel install lamp-server      instead of trying to redefine what undocumented means.
<justanothercoder> jmarsden : sudo tasksel install lamp-server just doesn't give a message
<jmarsden> OK, what does    tasksel --list-tasks  say the available tasks are?
<jmarsden> Perhaps all the LAMP server components are already installed on your image?
<justanothercoder> jmarsden : says server, openssh-server, uec,
<justanothercoder> i think i might have used the wrong ami, is the cloud version different? and i am unable to find any other ec2 image for karmic koala on the ubuntu website
<jmarsden> If that's all, then the image you are using has some kind of modified tasksel setup for the cloud, I suspect.
<jmarsden> I'm not a "cloud person" I'm afraid :)
<justanothercoder> :) thanks
<jmarsden> You could try running   tasksel --task-packages lamp-server   on a normal machine and adding those packages to your clould image with sudo apt-get install, I suppose.
<justanothercoder> nothing seems to work, not even sudo apt-get install . just keeps saying package not found
<justanothercoder> i think i need to do something like create an instance or something
<jmarsden> justanothercoder: Maybe check the contents of /etc/apt/sources.list are sane and do sudo apt-get update   ?
<justanothercoder> that worked :D
<justanothercoder> after apt-get update, i can now do a tasksel intall lamp-server
<justanothercoder> thanks!
<jmarsden> No problem :)
<xander787> just recently upgraded from 9.04 to 9.10 (server but with gnome running) and now i get this error when i try to boot: mountall: symbol lookup error: mountall: undefined symbol: udev_monitor_filter_add_match_subsystem_devtype
<xander787> i've seen this around on the forums with other ppl getting the problem so i thought maybe there would be a solution to this other than having to clean install, cuz that would be a real pain for me
<xander787> is there no one here that can help me?
<jeffcutsinger> I'm trying to follow https://help.ubuntu.com/9.10/serverguide/C/openldap-server.html, but the step where it says to search the cn=config tree requires a password. I assume this was supposed to be set up earlier; but I don't see how. I've installed (and re-installed) slapd and run dpkg-reconfigure slapd multiple times, but it never prompts me for a password. What am I missing?
<terinjokes> hola! anyone know how to get wpa_supplicant started at boot?
<mneptok> terinjokes: wpa_supplicant can be invokd from within /etc/network/interfaces
<uvirtbot> New bug: #273463 in kvm (universe) "package kvm-source 1:72+dfsg-1ubuntu3 failed to install/upgrade: podproces post-installation script vrÃ¡til chybovÃ½ status 3" [Undecided,Invalid] https://launchpad.net/bugs/273463
<terinjokes> mneptok: i'm also getting an insane amount of disconnects
<poningru> terinjokes, what does dmesg say?
<poningru> terinjokes, if you are not noticing the same in the vendor provided drivers (i.e under windows) then it is probably an issue with the drivers
<poningru> if you are noticing the same issue under windows
<terinjokes> poningru: IDK... haven't you seen my insanely large amount of disconnects over in the lug channel?
<poningru> then it is probably an issue with the environment (e.g microwave, etc.)
<poningru> oh..
<poningru> lol I thought this was lug
<terinjokes> no... this is very much ubuntu-server
<terinjokes> :D
<poningru> hehe
<poningru> terinjokes, do other wifi devices have this much issue?
<terinjokes> poningru: not really... my iTouch gets into a fit were it won't see the router anymore, but besides that...
<terinjokes> poningru: i guess it could be overloading the router, it's only a consumer device, but i figured a wireless-N could handle the traffic (more the time, there's nothing really using the network)
<poningru> terinjokes, hmm
<terinjokes> poningru: no ideas?
<poningru> terinjokes, yeah no clue
<poningru> what does dmesg
<terinjokes> poningru: wlan0: deauthenticating by local choice (reason=14)
<poningru> terinjokes, what chipset?
<poningru> terinjokes, I am gonna assume it is bcm or b43
<poningru> because I remember that issue
<scott> hi folks.
<scott> I'm having an issue with apache
<scott> I'm trying to rewrite in a .htaccess: /cam/ to http://192.168.2.7/ using the proxy module
<poningru> scott, dont we all
<scott> lol
<scott> anyhow, instead of transparently showing the content, its forwarding
<scott> ie, 301
<poningru> oh hmm
<poningru> yeah I have no idea you could do aything other than forwarding
<poningru> s/have/had
<poningru> if you figure it out let me know
<scott> yeah, with [P] it should show the content from the url
<scott> will do
 * kblin sighs
<kblin> and here I was just wanting to ask about the same thing :)
<scott> :(
<scott> as a reverse proxy, it should just show the content
<scott> ie, on my production server:
<scott> http://code.tig.gr/earthquake/7day-M5.xml
<scott> that page is actually from the USGS site
#ubuntu-server 2009-11-08
<helfire> my 8.04.3 server, apache takes my load to 150+ when say 50 requests come at it, and the load wont go back down. This locks up my server every time google indexes it
<ghostlines> can anyone help me with a cod4 dedicated server setup?
<ikonia> whats the problem ?
<ghostlines> i run the server, but can't connect to it to join a game
<ghostlines> when i do a nmap scan the port isn't open so I'm not suprised
<ikonia> drop you're firewall
<ghostlines> netstat also doesn't show anything
<ikonia> nmap isn't the best tool to check
<ghostlines> the firewall in my router you mean?
<ikonia> then the server isn't running
<ghostlines> cuz i don't have ufw setup in ubuntu
<ikonia> if netstat doesn't show it listening, it's not running
<smackd> in squirrelmail im getting this error.. what does this mean..
<smackd> Transaction failed
<smackd> 554 5.7.1 <matt14213@yahoo.com>: Relay access denied
<ikonia> smackd: it means youre mail server is not setup as a mail relay
<ikonia> smackd: look at your smtp server settings
<ghostlines>  i don't have a firewall setup, unless ubuntu confifures one by default
<ikonia> ghostlines: it's not listening
<ikonia> ghostlines: that's the problem, not the firewall
<ikonia> if netstat doesn't show it as listening - it's not running
<ghostlines> my bad you said something about a firewall so i commented on that
<ghostlines> indeed it isn't running
<ghostlines> but in my cod4 console it does say that it's running strange
<ikonia> so there is your answer
<ghostlines> cool, I'll look into why the codserver is giving probs, thanks for your help
<xander787> i upgraded my ubuntu server 9.04 (with gnome) to 9.10 and now it wont boot and spits out the error: mountall: symbol lookup error: mountall: undefined symbol: udev_monitor_filter_add_match_subsystem_devtype
<XiXaQ> I'm wondering about this with encrypted home and mailserver. Will it work at all? Would it make it possible to setup a mailserver where even I cannot read the mail of my users at all?
<aperson> howdy: my server isn't serving up php files, my browser asks to download  phtml files
<aperson> I've gone through the troubleshooting with the ubuntuserverguide
<jmarsden> aperson: Is the issue with .php files, .phtml files, or both?  And which version of Ubuntu Server are you running?
<aperson> jmarsden, I am running ubuntu-desktop and I installed lamp via tasksel
<aperson> 9.10
<jmarsden> OK... and if you create a file called say test.php does that render correctly?
<aperson> yes
<jmarsden> But test.phtml does not.  Sounds like you just need to add a handler for .phtml files somewhere... let me explore ...
<aperson> I do not have any phtml files
<aperson> or at least everything is .php
<aperson> it's just the index.php that won't work
<jmarsden> AHA... then it is not PHP handling you need to change just the DirectoryIndex setting
<jmarsden> Note that saying "my server isn't serving up php files" when in reality you mean "my server is not serving index.phtml" is confusing to those trying to help you...
<aperson> sorry
<aperson> I didn't realize that it was just the index.php that wasn't working up until you said reminded me that the test.php worked
<aperson> wow, sentences, I apparently can't form them
<jmarsden> OK.  Try editing the file /etc/apache2/mods-available/dir.conf so the DirectoryIndex line has index.phtml at the end of it, and restart apache2 and retest
<aperson> nope
<aperson> still asks to download it
<jmarsden> Hmmm.  If you create a test.phtml file it definitely renders OK, right?
<aperson> let me double check
<aperson> anything specific I should put in there?
<jmarsden> some PHP :)
<aperson> sadly, I know none
<aperson> I'll change the test.php
<jmarsden> You are setting up a PHP web server without knowing PHP?  ... OK... try the contents of http://pastebin.com/f75a19f9f
<aperson> renders fine
<jmarsden> OK, so it is definitely indexing related.
<jmarsden> Where did you get the PHP you are working with and does anything else you did define DirectoryIndex somewhere?  a .htaccess file perhaps?
<aperson> I don't have any .htaccess files
<aperson> this is for an irpg
<aperson> it worked fine on my old server
<jmarsden> Old server as in Ubuntu 8.04 LTS?   Or something else?   I'll set up a fresh apache2 install in a VM and add index.phtml to that line in dir.conf and test here...
<aperson> I haven't edited any configs other than what you've had me do and creating a /etc/apache2/conf.d/fqdn
<aperson> I think I was running 8.10 at the time
<aperson> btw, thank you for your help so far
<aperson> maybe if I create a .htaccess for it to process the file?
<jmarsden> OK... let's see if I can duplicate this.  On my (Ubuntu 9.04 amd64) desktop index.php definitely works as expected...
<aperson> hmm
<aperson> I can try purging and re-installing everything
<jmarsden> Is the file named /var/www/index.php or is it somewhere else?
<aperson> just to be sure we have a clean install
<aperson> it's in /var/www/irpg/index.php
<aperson> let me see if it'll work in /var/www/
<aperson> that one works
<aperson> so it's just the other dir
<jmarsden> Ok, pastebin that config file you put under conf.d somewhere so I can see what is in it, please
<aperson> the fqdn?
<jmarsden> Yes, if that is what you called it.
<aperson> ServerName localhost
<jmarsden> No... use pastebin, don't put all of it here :)
<aperson> that is it
<jmarsden> Oh.  That's all?  OK...
<aperson> that was just to stop apache from complaining when I started it
<jmarsden> I'll have a fresh 9.10 server VM running here in a few minutes I can test with... if I can reproduce the issue I can almost certainly fix it too :)
<aperson> :D
<jmarsden> BTW a sane one line test.php or test.phtml or index.phtml or whatever would be    <?php phpinfo(); ?>
<aperson> that's what I was using :)
<jmarsden> OK... booting into my new fresh 9.10 server Vm now...
<aperson> huzzah
<aperson> virtualbox?
<aperson> ooh, permission error perhaps?
<jmarsden> Yes, virtualbox... and it works fine for me in /var/www/irpg/index.php  "out of the box", no config changes at all.
<aperson> blast
<jmarsden> well, at least it suggests you are not facing some new weird 9.10 bug :)
<jmarsden> You can try changing the perms on index.php but as long as they are at least 644 all should be well.
<aperson> no dice
<jmarsden> And perms on /var/www/irpg are sane too?
<aperson> yes
<poningru> aperson, what is the issue?
<poningru> reading up
<aperson> I 777'd everything just for now
<poningru> hmm
<poningru> I see
<aperson> poningru, I can serve index.php from /var/www/ but not from any folders below it
<poningru> oh?!
<poningru> wtf
<aperson> I wonder if it'd do the same for an index.html
<poningru> can you pastebin your apache2.conf?
<aperson> sure
<poningru> and your default-ssl from sites-enabled if appropriate
<aperson> http://pastebin.ubuntu.com/312929/
<jmarsden> Unchanged from the default, as far as I can see.
<poningru> looking
<aperson> off-topic: THERE'S A /etc/apache2/magic
<poningru> yeah
<poningru> lol
<poningru> btw yeah was re: jmarsden
<jmarsden> aperson: There is indeed, but it shouldn't have anything in it about PHP or PHTML
<aperson> I know it doesn't have to do anything with my problem, I just found it amusing
<aperson> still want the default-ssl?
<jmarsden> aperson: Sure.  Re magic files:   man file      to read about magic files and what they are used for :)
<aperson> http://pastebin.ubuntu.com/312931/
<jmarsden> aperson: You can even    man magic    :)
<aperson> I haven't changed anything from the defaults that I know
<jmarsden> Yes, that looks nice and boring too...
<jmarsden> aperson: Can you check the issue is with all subdirectories (maybe just irpg??)... sudo mkdir /var/www/somedir && sudo cp -p /var/www/irpg/index.php /var/www/somedir    and then browse to localhost/somedir/index.php
<aperson> will try 'er out
<aperson> it... works?
<aperson> now I'm bothered
<aperson> so it's the directory
<jmarsden> OK, so is there another file index.* under /var/www/irpg/   or is there a file /var/www/irpg/.htaccess ?
<jmarsden> actually, I'm relieved... it isn't apache, it is something you put in that directory :)
<aperson> last I checked I didn't have any .htaccess files
<aperson> there are no other files with the name index
<jmarsden> OK, you can check if it moves with the directory, so   sudo mv /var/www/irpg /var/www/irpg-new and then browse to http://localhost/irpg-new/index.php
<jmarsden> Basically from here we can narrow down the cause until we find it...
<aperson> could it be that the files aren't in the right group?
<jmarsden> For read access is shouldn't matter.
<jmarsden> Move irpg to irpg-new, test , then we can move somedir to irpg and retest that...
<aperson> will do
<aperson> moving it worked
<jmarsden> Hmmm.  So it works fine as irpg-new ?
<aperson> yes
<jmarsden> Then somewhere there must be something mentioning or configuring irpg by name...
<jmarsden> To confirm that, mv somedir to irpg and test browsing to irpg/index.php
<jmarsden> and it should fail.
<aperson> yeah
<jmarsden> OK.  So... who or what is configuring irpg "specially"?   Does grep -ri irpg /etc/apache2/    output anything?
<aperson> nope
<jmarsden> This is starting to feel rather odd... *something* is causing that index.php to not render correctly.  Can you pastebin the output of    ls -la /var/www/irpg/   for me, just in case that helps?
<aperson> http://pastebin.ubuntu.com/312944/
<jmarsden> Hmm, I was expecting a dir with just index.php in it... since at this point irpg/ should be the renamed somedir ... what happened?
<aperson> oh, I'be been moving things back and forth
<aperson> let me move things again
<jmarsden> That's ... not helpful :)
<jmarsden> also, the index.php in there is big, way more than just <?php phpinfo(); ?>
<aperson> http://pastebin.ubuntu.com/312946/
<jmarsden> That index.php is way big, too...
<poningru> aperson, quick question what does firefox say is the mime type of that file?
<aperson> oh, gah
<aperson> I moved the index.php from the irpg back into the irpg folder :/
<aperson> I forgot which folder I had the test one in
<jmarsden> aperson: It is really hard to work with you if you keep doing silent changes to the test setup!
<aperson> well, sorry
<aperson> I'm not doing anything major, just moving files around
<jmarsden> OK, let's retest with a /var/www/irpg that has just a one line index.php in it.
<aperson> doesn't make a difference
<jmarsden> Try restarting apache and retesting, just in case somehow that got cached
<aperson> nope
<jmarsden> OK, now  sudo mv /var/www/irpg/ /var/www/irpg2  and browse to that -- let's make sure that works fine.
<aperson> http://imgur.com/8gA2x.png
<jmarsden> aperson: Is this some sort of weird FF issue?  CAn you browse using lynx or some other browser and see if it makes any difference?
<aperson> I have on multiple computers and a couple of different browsers
<aperson> chromium mostly
<aperson> irpg2 works
<jmarsden> OK... so somewhere there seems to be something configuring Apache not to interpret index.php when it is in the irpg directory.  But any other directory name works fine.
<aperson> I haven't edited any config files specifically for anything related to that
<aperson> I can purge the server and re-install for sanity's sake
<jmarsden> OK... at this point I'm not sure what else to suggest :)
<aperson> but I *really don't recall* editing anything from the defaults
<jmarsden> FYI, someone else did complain about this kind of an issue here in #ubuntu-server last month, but then they said they'd research it some more.. and they didn't come back to say what they discovered...
<jmarsden> This kind of issue as in FF saying it got a PHTML file... not necessarily that it only happens in the irpg directory!
<jmarsden> It was tiger2wander on 2009-10-21, according to my logs.
<aperson> purged... now re-installing
<jmarsden> OK.
<aperson> weird, I'm in /var/www
<aperson> and sudo is telling me it can't get the working directory
<aperson> nvm
<jmarsden> cd /var/www   --- you are in an old deleted /var/www not the newly created on.
<aperson> just figured that :)  I shouldn't think out loud so much
<jmarsden> :)
<aperson> nope, doesn't work
<aperson> let me double check that
<jmarsden> Try testing without moving any of the old files, the real irpg/* files, back in.  Just create a one liner index.php and test with that.
<aperson> ok, so I looked inside the phtml file
<jmarsden> OK...
<aperson> I deleted the entire /var/www/*
<aperson> I used the test php for /var/www/irpg/index.php
<aperson> and the file that got spit out was the irpg index.php
<aperson> I tried that in two different browsers on two different computers
<aperson> and it's always a .part file from firefox
<jmarsden> OK... but uninterpreted.  That's what I'd expect if Apache is (somehow/somewhere) being told not to interpret that file...  Not sure about the .part thing, that is probably just a Firefox-ism.
<aperson> yeah
<aperson> but why would it be spitting out the file that isn't there?
<jmarsden> The file isn't there??
<aperson> I'm using the test php index.php
<aperson> not the irpg one
<aperson> it's spitting out the irpg one
<jmarsden> Oh, the big real one?
<aperson> yeah
<fxhp> I just followed this guide, but I'm unable to ping my vm: https://help.ubuntu.com/community/JeOSVMBuilder
<jmarsden> aperson: OK, so something is either caching it, or you have some config file somewhere changing how Apache is behaving.  Where on your machine do you currently have copies of that larger index.php ?
<aperson> on a flashdrive
<jmarsden> umount the flashdrive and retest
<aperson> same thing
<jmarsden> So either there is another copy, or something is caching big time... are you running squid or anything similar on this machine??
<jmarsden> Worst case you could reboot the machine, but that will make finding the real culprit harder.
<aperson> no squid
<aperson> I can reboot it
<jmarsden> First try stopping apache2 and then starting it ?
<aperson> too late
<jmarsden> Ok :)
<aperson> same thing
<aperson> where would the cache be?
<jmarsden> In some service that is doing caching... ?  Are you browsing to localhost or to a real IP address?  Does it make any difference?
<aperson> no difference
<jmarsden> aperson: If you stop apache completely and then browse to it, what happens?
<jmarsden> Maybe this PHTML is not really coming from your apache server at all??
<aperson> failed to connect
<aperson> it has to be coming from it
<aperson> I've been testing it on multiple computers
<jmarsden> aperson: well, you could theoretically have had another service sending it to all of them... but if stopping apache prevents it, that's somewhat conclusive.
<aperson> SUCCESS
<jmarsden> OK... what was it?
<aperson> sudo service apache start-htcacheclean
<aperson> thank you, tab-completion
<aperson> well, not out of the water yet
<aperson> I still need to test the site
<aperson> but it's serving the test php from /var/www/irpg
<jmarsden> Ok, well, at leats I was right about the caching :)  That's mod_cache ...
<jmarsden> Did you install that on purpose, or is it there by default?
<aperson> all I did was tasksel and selected lamp
<aperson> to install the server
<aperson> success!
<aperson> jmarsden, your patience is amazing :)
<aperson> and I think you much for stick with me through this
<aperson> s/stick/sticking
<jmarsden> Cool.  No problem, I'm glad we got there in the end :)  Now I can go eat!
<aperson> same here!
<aperson> I've been dying to eat
<aperson> wait
<aperson> well, don't
<aperson> GAAH
<aperson> it won't serve it again
<aperson> it's a problem with the config.php
<jmarsden> aperson: I'm back... what did you change in which config.php to fix it?
<aperson> setting: $BASEURL="/irpg/";
<aperson> causes the error
<jmarsden> Ah, Ok, so there really was a config file with the string irpg in it... but that file was where exactly on the machine?
<aperson> /var/www/irpg
<aperson> if you're really interested, I can pastebin the offending files, but I have it fixed for the moment
<jmarsden> OK.  That explains why searching under /etc/apache2/ failed to see it :)  No, that's fine, makes sense now.  Thanks.
<aperson> huzzah!  fixed my other error I was getting :D
<jmarsden> :)
<aperson> had to install php5-gd
<jmarsden> OK... looks like we're going out for coffee and dessert... glad it is all (finally!) working.
<aperson> thanks much jmarsden
<uvirtbot> New bug: #413285 in whois "Translations: no.po should be nb.po" [Low,Fix released] https://launchpad.net/bugs/413285
<ScottK> sommer: Are you going to update ldapscripts?  Debian is way ahead of us now.
<uvirtbot> New bug: #478142 in samba (main) "package winbind 2:3.4.0-3ubuntu5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/478142
<kaushal> hi
<kaushal> what are the causes for degradation in Hardware RAID ?
<davdm2010> hi, looking for some help. I am a newb, just want to clarify that up front.
<uvirtbot> New bug: #478378 in bind9 (main) "package bind9 1:9.6.1.dfsg.P1-3 [modified: usr/share/bind9/bind9-default.md5sum] failed to install/upgrade: sub-processo script post-installation instalado foi morto por sinal (Interrup??o)" [Undecided,New] https://launchpad.net/bugs/478378
<StrangeCharm> what's the name of the lamp metapackage?
<kblin> apache mysql-server php-cgi ?
<kblin> apache2, probably
<StrangeCharm> kblin, isn't there a metapackage that includes the correct packages
<kblin> StrangeCharm: not that I'm aware of.. though you can probably use tasksel to pick it
<StrangeCharm> kblin, tasksel is launched with sudo tasksel?
<kblin> I think so.. it's been years since I last ran it manually, I'm afraid
<terinjokes> hey guys, i think i have a configuration issue with fither interfaces or dhcpd
<terinjokes> my server box gets the internet from wifi and shares it over eth0... setting on the desktop, i can get the server (at 192.168.3.2) but not the internet
<terinjokes> s/setting/sitting/g
<terinjokes> no ideas?
<kane_> terinjokes: chances are your gateway's not setup properly.. a quick google offers this howto that might be helpful: http://www.ubuntugeek.com/sharing-internet-connection-in-ubuntu.html
<terinjokes> kane_: you mean the server?
<kane_> yeah, on the server
<terinjokes> kane_: from the wrkgroup i can connect to the server, and it's resources, but nothing past that
<kane_> right, that's the gateway issue; the server has to connect eth0 to it's wifi for you. take a read through the howto,it shoudl explain a lot
<terinjokes> kane_: if only i had internet :P
<kane_> terinjokes: i'm trusting you have internet, since you're on this *irc* channel :)
<terinjokes> kane_: from sshing to the server from that internet-less desktop :P
<kane_> apt-get install lynx to read webpages on the terminal
<terinjokes> kane_: i know, 'cept i perfer links
<terinjokes> looks like ubuntu.com when offline
<terinjokes> kane_: crossing my fingures
<terinjokes> nope, dropping the connection...
<terinjokes> kane_: tried setting up iptables, no luck
<baltadt> has anyone ever used Drupal?
<terinjokes> kane_: works better when i don't drop *every* thing from iptables
<terinjokes> kane_: E: Package ipmasq has no installation candidate
<terinjokes> going down
<ehazlett> greetings... can someone point me to docs on how to setup xen on 9.10 server?
<ehazlett> (just to get the boot correctly with grub 2)
<terinjokes> kane_: still there? tried https://help.ubuntu.com/community/EasyWirelessToWiredConnectionSharing which doesn't work either
<kblin> terinjokes: so your packages from the local network don't get routed via the wifi?
<terinjokes> packets, yep
<terinjokes> i feel like that USPS right now...
<kblin> er, packets..
<kblin> ok, you switched on ipv4 forwarding?
<kblin> and I assume you've set up masquerading?
<terinjokes> echo 1 > /proc/something/something/ipv4/ip_forwarding
<kblin> what does cat /proc/sys/net/ipv4/ip_forward give you?
<terinjokes> kblin: i've added a postrouting to the nat iptable
<RoyK> omg. the opensolaris community is even worse than some linux communities
<terinjokes> kblin: right now "1", i assume on reboot that would go back to 0
<kblin> yeah
<terinjokes> (well, 1, no quotes)
<kblin> but for now that should work
<kblin> can you pastebin the output of "iptables -t nat -L"
<terinjokes> sure... let me switch computers and reopen screen
<terinjokes> kblin: http://pastebin.ubuntu.com/313587/
<uvirtbot> New bug: #478649 in samba (main) "Files named cifsxxxx (x is various numbers) suddenly appear in many directories of cif mounts" [Undecided,New] https://launchpad.net/bugs/478649
<kblin> what is your wireless interface, and how did you set up the masquerading?
<terinjokes> kblin: wlan0
<terinjokes> kblin: that one was http://www.ubuntugeek.com/sharing-internet-connection-in-ubuntu.html
<terinjokes> kblin: if i follow https://help.ubuntu.com/community/EasyWirelessToWiredConnectionSharing i get http://pastebin.ubuntu.com/313591/
<terinjokes> (i was using -s 192.168.3.0/16 in the iptables command midway through that last page
<kblin> I jusdt want to see the iptables command you used
<terinjokes> iptables -t nat -A POSTROUTING -o ethX -j MASQUERADE *or* iptables -t nat -A POSTROUTING -s 192.168.3.0/16 -o wlan0 -j MASQUERADE
<terinjokes> i do *not* have dnsmasq or ipmasq installed
<terinjokes> kblin: and for good measure my interfaces and dhcpd configuration: http://pastebin.ubuntu.com/313597/
<kblin> perfect, I was just about to ask
<kblin> ok
<terinjokes> kblin: something wrong?
<ehazlett> greetings all... i am trying to get xen to run on ubuntu 9.10 server.  i can't seem to get it to boot xen
<smackd> why would netstat only show apache2 listening on tcp6  :::80 ?? and not 4
<terinjokes> kblin: anything?
<kblin> terinjokes: sorry, pinged out
<kblin> terinjokes: the second entry looks better, but not quite right yet
<kblin> do an iptables -t nat -F
<kblin> that will flush the old rules
<kblin> oh, and please pastebin the output of "iptables -L"
<kblin> then do an iptables -t nat -A POSTROUTING -o wlan0 -j MASQUERADE
<kblin> that together with the ip_forwarding setting should be sufficient to masquerade your clients out
<kblin> unless your firewall is acting funny
<ninjah> I'm trying to unmount a file system that's bussy
<ninjah> How do I find out why its busy?
<guntbert> ninjah: fuser -m <mountpoint> should help
<kblin> lsof might help as well
<ninjah> guntbert, kblin: lsof worked but fuser didn't give me much... Thanks!
<uvirtbot> New bug: #477795 in gnome-system-tools (main) "Please remove obsolete ntp servers from gnome time applet" [Undecided,New] https://launchpad.net/bugs/477795
<russlar> ninjah: fuser -cu
<terinjokes> kblin: http://pastebin.ubuntu.com/313636/
<kblin> terinjokes: looks good. should masquerade now if your clients are set up correctly
<kblin> need to change trains, bbl
<terinjokes> kblin: that's dandy... i wonder if i can get the PC to start with WOL
<sjefen6> How can I make ubuntu server turn off the screen on my laptop when the screen is not being used (using ubuntu-server on my laptop)
<uvirtbot> New bug: #478762 in lm-sensors (main) "lm-sensors don't work" [Undecided,New] https://launchpad.net/bugs/478762
<MenZa> Is it possible to make update-motd update the motd on login?
<MenZa> Specifically, I have a perl script I want to have executed on login. Perhaps I'm going about this the wrong way, so if there's a better option, please do point me towards it. :)
<MenZa> It seems to me that the contents of /etc/motd is just sent to the user, but not run if indicated as a script. Perhaps I need to include the script (perl /path/to/file > /etc/motd) on login?
<MenZa> Then again, that seems like a fairly bad solution
<pmatulis> MenZa: you should be working with your users' shell files, not motd
<MenZa> pmatulis: Why so?
<MenZa> pmatulis: I'm showing information about the system, including load, number of currently logged-in users, stuff like that
<MenZa> Makes perfect sense to have that information viewable on login.
#ubuntu-server 2010-11-08
<clusty> is it safe to upgrade a headless machine over ssh ?
<jpds> clusty: Always good to have a backup plan.
<jpds> clusty: But most of the time it should be safe.
<clusty> jpds: i remember it used to start it's own ssh server on some strange port
<clusty> in case one needed to update ssh itself
<jpds> I'm never seen/heard of that.
<clusty> jpds: http://pastebin.com/BLBWhaTz
<qman__> it usually works, but have a contingency plan
<qman__> don't go upgrading the production server in a datacenter hundreds of miles away when you need it going tomorrow ;)
<robert_light> any Eucalyptus folks out there?  I'm having UEC woes
<robert_light> mmm....not much chatter going on here...any Eucalyptus folks here?
<qman__> robert_light, there rarely is
<qman__> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-)
<qman__> !anyone
<ubottu> A large amount of the first questions asked in this channel start with "Does anyone/anybody..."  Why not ask your next question (the real one) and find out?
<qman__> this channel moves slowly, you have a much better chance of getting an answer if you just ask about your problem and wait
<databits> what is the best ircd to use ?
<qman__> databits, best is a matter of opinion, though unreal is very popular
<qman__> it's one of the more featureful
<databits> thanks that is the one that I just downloaded
<databits> had another questions... what is the usual directory to install daemons/applications ?
<databits> what is good practice ?
<twb> databits: that is not the correct way to install software in Ubuntu.
<twb> databits: you should *always* install stuff via apt-get, until you know enough to know when it's OK not to.
<databits> ok well how would I go about doing the sudo apt-get install command with unreal then ?
<twb> You would say something like "apt-cache search unreal", to find out the package name, then "sudo apt-get install <package name>"
<qman__> actually, looks like it's not in the repositories
<twb> (Unfortunately I can't see an unreal ircd there, so I suggest you pick a different one that IS there.)
<databits> I think I can manage compiling it myself
<twb> databits: I advise you not to do that.
<databits> what is standard practice for a directory
<qman__> well, you wanted to know best practice
<databits> twb: why ?
<qman__> best practice is not to compile software yourself
<toddnine> Hey guys.  I'm using Chef to manage my cluster and I'm having problems with iptables.  I'm adding this to the file "/etc/iptables.d/zookeeper" -A INPUT -p TCP --dst 10.0.1.179 --dport 2888 -s 10.0.1.177 -j ACCEPT
<twb> Because while you can compile the package and walk away, you probably aren't capable of properly integrating it into the existing package management framework, nor for monitoring upstream vulnerability notifications and backporting security patches to the version you compiled.
<qman__> especially with something like an ircd, you open yourself up to security holes by doing so
<toddnine> accept tcp on ip 10.0.1.179 from 10.0.1.177 right?
<toddnine> on port 2888
<twb> ...which is basically why you have a distro instead of compiling everything yourself
<databits> I can handle compiling the software myself... that is simple.  I just never picked up on which directory to use
<qman__> it's not about compiling it once
<qman__> it's about keeping up to date and fixing problems as they arise
<twb> toddnine: -d, not --dst
<qman__> and managing problems with other related packages in the package management
<twb> databits: if you want to do that, I'm not going to come around and break your arms in order to stop you.  But I do advise against it.
<qman__> there is no "directory to use" for self-compiled software, because self-compiled software is against best practice
<databits> well I see it as a good learning experience
<twb> As well as apt-cache, you can search by tags: http://paste.debian.net/99277/
<databits> ok if that is the truth then why am I reading that unreal is one of the better ircd's ? the only way you can use it is by compiling it yourself
<jmarsden> databits: Best practice would perhaps be to learn about packaging and then package the ircd and get it accepted into Debian and Ubuntu :)
<twb> jmarsden: +1.  Or file a Request For Package (RFP) bug.
<toddnine> twb: awesome thanks
<databits> in general say a peice of software uses apt-get where would it be stored ?
<jmarsden> In a repository
<databits> on my hd
<toddnine> one more question.  These are all nodes that use DHCP (just testing vmware nodes).  After they get an IP address, the ssh daemon isn't binding to the ip.  I'm using 10.04.  Is there something I'm missing in my config?
<jmarsden> Whereever the packager packaged it to install to.  Read the FHS (File Hierarchy Standard) and Debian Policy for details of what kinds of files go where.
<twb> toddnine: ssh doesn't bind to an IP/interface by default.  It listens to :* and ::*.
<twb> toddnine: if you've changed sshd_config to bind to specific intefaces, you'll probably have race problems due to the high level of asynchronicity in Ubuntu's init.
<jmarsden> databits: http://www.pathname.com/fhs/ and http://www.debian.org/doc/debian-policy/ch-opersys.html#s9.1
<twb> databits: you can use "dpkg -L <package name>" to find out where files are.
<twb> databits: for packages that aren't installed yet, you can use apt-file(1) or packages.ubuntu.com.
<toddnine> twb: haven't touched anything.  It's weird, if I leave it after boot I can't ssh in.  If I log in via the console and /etc/init.d/networking restart, everything is fine
<databits> thank you
<twb> toddnine: "after boot I can't ssh in" is different from "ssh isn't binding to the IP"
<twb> toddnine: "/etc/init.d/networking restart" probably (re)starts ssh as a kludgy side-effect
<twb> toddnine: what you ought to do is get out-of-band access to the VM's local console, and work out what's really going on in there.
<toddnine> twb: True, I also have a really strange issue where bash won't recall commands with the up key
<jmarsden> toddnine: Does it work with ctrl-p -- if so, you probably have a keyboard mapping issue or some kind
<twb> toddnine: hit ^P
<twb> As jmarsden says, it's probably because your TERM is wrong, or maybe because the other admin set root's default to bloody set -o vi.
<toddnine> jmarsden: ctrl+p does work
<twb> IMO you should just learn to use ^P :-P
<jmarsden> toddnine: Try    set -o emacs       and see if that fixes it?
<k-rad> is lighttpd a secure web server ?
<twb> k-rad: there's no such thing as a "secure" web server.
<toddnine> unfortunately now
<toddnine> not*
<toddnine> it works correctly over ssh
<k-rad> could i get an enlightened recommendation for a light http web server that isn't too insecure
<jmarsden> toddnine: in the session where it does not work, do     echo $TERM    and compare with the result in the ssh session
<k-rad> any opinions on boa web server ?
<k-rad> also is sqlite3 an acceptable SQL solution for web servers ?
<k-rad> the aim of what i'd like to accomplish is to easily setup a web server, secure, and provide all features that wordpress requires
<jmarsden> k-rad:    sudo apt-get install wordpress
<k-rad> wow.  thank you.  that includes web server ?
<jmarsden> k-rad: It pulls in the dependencies it needs.  Try it!
<k-rad> thank you
<jmarsden> k-rad: You're welcome.
<qman__> I noticed an error in the serverguide, here: https://help.ubuntu.com/10.04/serverguide/C/samba-fileserver.html
<qman__> it references /etc/init.d/samba, which no longer exists
<qman__> what should I do to resolve it?
<jmarsden> File a bug against ubuntu-serverguide and ideally then attach a patch correcting the issue :)
<qman__> ok, will do
<qman__> ah, already been reported
<qman__> bug 665763
<uvirtbot> Launchpad bug 665763 in ubuntu-docs "obsolete usage in example for restarting samba" [Undecided,New] https://launchpad.net/bugs/665763
<jmarsden> qman__: Cool, so just hot the "this bug affects me" button so it gets a bit more attention :)
<qman__> yep :)
<JasonMSP> Im using putty to login to my server.  I have a client that has uploaded some file names in Russian.  When I go into their home directory the names are all ???? as if the langhuage isn't installed.  How do I add the language/font for russian?  if I FTP i can read the russian, but in the shell its only '????'  Im running 10.04
<qman__> JasonMSP, it's probably on your client machine
<qman__> I have files with Kanji names that work fine on all my ubuntu machines with no special configuration
<qman__> for windows XP, it's in control panel, regional and language settings
<JasonMSP> On my windows machine im fine.  Its in the shell (im using putty) that the files come up as "????????"
<yann2> so the problem is it is not displaying unicode fonts on windows right
<yann2> maybe your FTP client and putty dont use the same font
<yann2> and you use a font in putty that doesnt have unicode
<qman__> yes, also possible
<qman__> I don't have any files to verify but I would bet money that the ubuntu server is not at fault here
<yann2> anyway this is not an ubuntu issue, but a windows one, I m afraid
<JasonMSP> if its windows I can figure it out
<qman__> ubuntu has always been great about other languages and special characters
<yann2> JasonMSP, there might be updates for you to install on windows update.
<JasonMSP> Ð³Ð»Ð°Ð²Ð½Ð°Ñ
<yann2> that displayed fine here ;)
<qman__> and here as well
<JasonMSP> thats one of the folders it displays fine except inside the shell
<JasonMSP> I guess putty more to be more acurate
<qman__> JasonMSP, http://oi53.tinypic.com/js2741.jpg
<JasonMSP> hmmm...
<yann2> I cant paste it in putty under linux though
<yann2> ok figured it out
<yann2> you need to select UTF 8 in translation
<yann2> in the options
<yann2> and then select a font where you have utf8 installed, in my case monospace instead of fixed
<JanC> why do you use PuTTY in linux?
<yann2> http://waste.mandragor.org/putty-utf8.png
<yann2> JanC, I don't, but it got me intrigued :)
<JasonMSP> im on a windows machine logged into my server
<yann2> JasonMSP, the screenshot is actually a putty window :) just need to select appropriate font
<yann2> and utf8 too
<JanC> somebody needs to fix PuTTY to use utf-8 by default, this is 2010 after all, not 1990 or so...  :P
<yann2> off to bed now, good night and good luck JasonMSP
<qman__> yeah, but windows doesn't always play nice with utf8
<JasonMSP> thanks
<JanC> qman__: it's a terminal emulator to connect to unix/linux systems, so it shouldn't care about Windows
<JanC> and especially not when run on linux  âº
<JasonMSP> didn't get it working.  I tried UTF-8 my font right now is console and none of the others I tried worked
<andres_> alguien en espaÃ±ol?
<qman__> !es | andres_
<ubottu> andres_: En la mayorÃ­a de canales de Ubuntu se habla sÃ³lo en inglÃ©s. Si busca ayuda en espaÃ±ol o charlar entra en el canal #ubuntu-es. Escribe "/join #ubuntu-es" (sin comillas) y dale a enter.
<andres_> gracias por el comentario, ya esoty en ubuntu-es y ubuntu-server
<andres_> solo que estoy pidiendo ayuda por estos tres canales
<andres_> para configurar el ldap se debe tener creado un dominio?
<andres_> somebody can help me whit ldap?
<andres_> i am following the guide from ubuntu oficial page
<andres_> but i have a problem when
<andres_> i add the entries
<andres_> somebody?
<twb> andres_: is there an error message?
<andres_> yes, this one
<andres_> ldap_bind: Server is unwilling to perform (53)
<andres_>         additional info: unauthenticated bind (DN with no password) disallowed
<andres_> do i have to configure the DNS?
<twb> That's saying you're trying to make changes anonymously.
<twb> You probably need to connect using the rootbinddn
<andres_> what do you mean?
<andres_> what is rootbinddn?
<twb> The rootbinddn is the name of the LDAP superuser
<andres_> mmmm
<andres_> i will try
<andres_> that user dont exist in my sistem
<twb> e.g. cn=admin,dc=example,dc=net
<andres_> and as root?
<twb> What command are you running?
<andres_> this :   ldapsearch -xLLL -b "dc=example,dc=com" uid=john sn givenName cn
<andres_> sorry
<andres_> is this
<andres_> sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif
<twb> So you're logging in as cn=admin,dc=example,dc=com.
<andres_> yes
<twb> Either you aren't providing a password, or you're providing the wrong password, or that account doesn't exist in ldap.
<andres_> i am following this guide
<andres_> https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html
<andres_> when i put that comamd line
<andres_> ldap ask me a pass
<andres_> but it dont have a pass, so i just press enter
<andres_> when i put a pass, it say me that is a wrong pass
<twb> Why don't you have a password?
<twb> That page sets the password to "secret"
<andres_> yes, but i write it, and it say that is wrongÃ§
<MTecknology> !info sphinxsearch
<ubottu> sphinxsearch (source: sphinxsearch): Fast standalone full-text SQL search engine. In component universe, is optional. Version 0.9.9-6 (maverick), package size 2417 kB, installed size 6640 kB
<MTecknology> !info sphinxsearch lucid
<ubottu> sphinxsearch (source: sphinxsearch): Fast standalone full-text SQL search engine. In component universe, is optional. Version 0.9.8.1-2 (lucid), package size 1462 kB, installed size 3888 kB
<twb> andres_: then I don't know.  Sorry.
<MTecknology> heh... 0.9.9 is kinda old..
<andres_> dont worry
<andres_> thank for your help
<andres_> a question
<andres_> i have to configure dns for ldap?
<twb> Not necessarily.
<twb> Indeed, is it technically possible for LDAP to replace DNS
<andres_> thank
<andres_> problem resolved
<andres_> i was wrong
<twb> What did you do wrong?
<eagles0513875> hey guys is it possible to install ubuntu cloud features on kubuntu
 * Datz wonders if system information on login is disabled even for multi core systems if load is above 1.
<uvirtbot> New bug: #672417 in cloud-init (main) "Correct grammar, punctuation in root authorized_keys message on EC2" [Undecided,New] https://launchpad.net/bugs/672417
<twb> Should be easy enough to test
<eagles0513875> hey twb is it possible to install the cloud computing features that server has on kubuntu
 * Datz has ubu-server on only a single core
<twb> Datz: my multi-core boxes are 8.04, so I can't check for you without pissing about with a VM
<twb> If you have qemu/kvm lying around, you can tell it to emulate multiple cores
<Datz> twb: ah, that's ok. Just curious. ;)
<Ganymede> Hello, I have a server here with tons of RAM but no hard drive. I'd like to run Ubuntu on it so I was wondering if there was some way I could start up Ubuntu from the LiveCD but then run it entirely out of RAM. I do not, at this time, have the capability to use a SAN or set up a DHCP server for network boot.
<Ganymede> As far as I know, if using the LiveCD, the LiveCD must remain in the tray and it gets accessed every now and then, which is slow. I'd like it to have the root filesystem in RAM so the CD never needs to be accessed.
<Ganymede> And I'm ready and willing to accept that if the power gets cut to this machine, I'll lose all my data on it.
<databits> anyone in here know of some good sick trance/\/bass track's ?
<databits> I need some sick tech to listen too
<twb> !offtopic
<ubottu> #ubuntu is the Ubuntu support channel, for all Ubuntu-related support questions. Please use #ubuntu-offtopic for other topics (though our !guidelines apply there too). Thanks!
<twb> Ganymede: casper and/or live-initramfs supports that
<databits> woops wrong window
<twb> Ganymede: at least some versions take "toram" as a boot option.
 * Datz remembers slax gives the option to run from ram at boot.
<Ganymede> twb: So if I'm understanding you correctly, all I need to do it supply BOOT=live as a kernel parameter at the boot prompt from a standard (desktop) LiveCD ISO and the additional options listed at http://manpages.ubuntu.com/manpages/lucid/man7/live-initramfs.7.html are also available to me?
<twb> Ganymede: last time I looked Ubuntu used casper, not live-initramfs/live-boot (the Debian fork).
<twb> The live CD will already be using boot=live or boot=casper, IIRC you hit F6 to edit the boot prompt from gfxboot.
<Ganymede> There's something very satisfying about being able to download ISOs from a non-local site in 63 seconds.
<twb> Pfft
<twb> optical media are obsolete
<twb> What's satisfying is BOOTING from a remote site in 60 seconds
<Eventyret> Morn RoyK
<RoyK> morn
<Ganymede> twb: Thanks...I may have gotten it working with adding toram after boot=casper...I can't really tell if it actually doesn't need the CD anymore.
<twb> You should be able to eject the CD if it worked
<Ganymede> I will try that now...I am currently testing on a VM so I don't know if VMWare player will eject the CD anyway regardless of whether the guest has it mounted.
<Ganymede> My guess is that it worked since I ejected the CD and Ubuntu didn't complain.
<Ganymede> Here is unrelated question. Suppose I'm on a Ubuntu machine will hard drive and swap with 24G physical memory. If I run a VMWare or VirtualBox guest with 16G physical memory, does all that memory need to be in physical RAM at once? Or can the 16G of pages for guest memory be selectively swapped based on usage?
<Ganymede> Or is this more a question for #vmware/#vbox? From what I can tell, VirtualBox grabs all the memory all at once but VMware grabs it as needed (grows dynamically) but I haven't done any futrher testing.
<twb> That's a question for #vmware
<Ganymede> Okay, thanks.
<RoyK> Ganymede: IIRC vmware doesn't allocate anything before it's used
<twb> The blessed VM tech for #ubuntu-server is kvm
<twb> IIRC vmware-server allows you to either allocate memory up-front or on-demand (ballooning)
<RoyK> it'd be nice to one day see KVM with the same possibilities as vsphere ESXi
<twb> RoyK: HTFS
<RoyK> ?
<twb> Hack The Fucking Source
<RoyK> twb: not my cup of tea - it'll take a little more than a few hacks to make that a reality
<twb> That's "hack" as in "work on", not "hack" as in "kludge"
<twb> Or employee someone to work on it, or whatever
<Ganymede> That sounds like a $10,000+ job.
<twb> Probably :-)
<Ganymede> Not that I know what the i in ESXi means...only ever used ESX without the i.
<twb> ESXi is ESX without the local GUI
<derknecht> i have a ubuntu 8.04 server, it crashes after some weeks, and then needs multiple startups to get it up and running again. I think that this is a hardware problem (maybe graphics card) but found nothing in the log files. is there a way to test hardware, or how should i trace this problem? Thanks for any advice.
<twb> derknecht: first of all, run memtest86+ for a day or two
<twb> derknecht: then, it's probably simplest to swap in new components
<twb> Or you could just remove the GPU -- you shouldn't be running a GUI on a server anyway
<derknecht> twb:  i know, but the customer want it. Thanks, i should try this
<twb> I hate customers
<twb> I know better than they do, dammit :-/
<derknecht> twb: me too :D  but they are pay me . . .
<derknecht> :D
<twb> I want a package like vrms, that will send me a monthly warning about server packages that don't receive five-year support.
<eagles0513875> hey guys anyone an expert with postfix?
<RoyK> eagles0513875: for general postfix   questions, just ask, but if you need "export help", try #postfix
<eagles0513875> RoyK: my issue is i configur eit according to the ubuntu wiki
<eagles0513875> the problem is outgoing email
<eagles0513875> i think it might be the version of squirrelmail that comes with ubuntu
<matti> :)
<eagles0513875> matti: ?
<matti> eagles0513875: ?
<matti> eagles0513875: I am just smiling :P
<eagles0513875> lol
<eagles0513875> ikonia: check your connection plz
 * EvilPhoenix pokes eagles0513875
<EvilPhoenix> :P
 * eagles0513875 waves to EvilPhoenix
<eagles0513875> hey guys anyone know able ot help me setup dovecot to work with sasl
<joschi> eagles0513875: what exactly doesn't work for you?
<eagles0513875> to configure sasl do i need to go through this https://help.ubuntu.com/community/PostfixDovecotSASL
<eagles0513875> cuz im having some issues following it
<joschi> eagles0513875: https://help.ubuntu.com/10.04/serverguide/C/postfix.html
<eagles0513875> im on that joschi
<eagles0513875> at the bottom of it it has this url https://help.ubuntu.com/community/PostfixDovecotSASL
<uvirtbot> New bug: #670526 in dbconfig-common (main) "phpmyadmin broken after hardy -> lucid upgrade" [Undecided,New] https://launchpad.net/bugs/670526
<cjwatson> kirkland: dunno, it's certainly supposed to be installed by default.  tasksel tasksel/force-tasks     string server
<cjwatson> kirkland: logs?
<raubvogel> Am I the only one still having issues with ureadahead and /var on its own partition?
<cjwatson> raubvogel: bug 523484
<uvirtbot> Launchpad bug 523484 in ureadahead "ureadahead requires /var on root filesystem" [Medium,Triaged] https://launchpad.net/bugs/523484
<raubvogel> I have been following that bug and 542334. In fact, I am going to add some stuff to 523484 if what I am about to try does not work out.
<raubvogel> What scares me is that I have 4 10.04LTS servers I installed /var on a diff partition during install and they work fine. Only this one I forgot to do that is causing me headaches
<raubvogel> If I need to, can I remove ureadahead without any harm to the system besides, well, slower boot?
<k-rad> has anyone successfully integrated some type of beowulf cluster with ubuntu or can tell me what that might involve ?
<cjwatson> raubvogel: ureadahead just speeds things up, it shouldn't be mandatory
<cjwatson> you could just turn off its upstart jobs if they're causing problems
<cjwatson> which is probably easier than removing the package => removing ubuntu-minimal
<k-rad> morning eagles0513875
<eagles0513875> hey k-rad
<k-rad> nice to see you :)
<k-rad> i lost that beowulf mailing list
<k-rad> ya think it'd be hard to do ?  with ubuntu a desktop and another computer assisting in its allocation of cpu/memory resources ?
<k-rad> there doesn't seem to exist a #beowulf channel on freenode that is functional
<k-rad> how are you this morning ?
<uvirtbot> New bug: #672523 in unixodbc (main) "package odbcinst1debian1 2.2.11-21 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/672523
<raubvogel> cjwatson, I honestly do not know if ureadahead is the guilty party. It might as well be it just happens to be the last thing shown on the screen before machine takes a dump
<raubvogel> But, I do not know where else to begin; it seems the people in those two bugs are in the same boat
<cjwatson> raubvogel: easy to experiment, right?
<raubvogel> if I can duplicate that in a VM, sure!
<raubvogel> For now I will have to leave that server alone. In about an hour it will start being used again
<cjwatson> I figured that if it wasn't booting properly it couldn't be in production ...
<raubvogel> Well, if i leave /var in /, as it was before, it works.
<raubvogel> cjwatson, Honestly I am concerned about the other servers. At first I thought this was just a careless move from my part. You know, edit fstab and be done with. I did not expect something like this be a bug
<qman__> I ran into a problem a while back when I used JFS on /var for a myth box
<qman__> it wouldn't mount /var because it couldn't mount JFS, because something was preventing it from loading
<qman__> didn't have time to investigate and just formatted without separate /var
<kirkland> cjwatson: http://people.canonical.com/~kirkland/installer.tar.bz2
<cjwatson> hmm.  it all *looks* ok.  guess I'll have to try it
<cjwatson> there was quite a big tasksel merge between lucid and maverick, so I suppose I might have broken something there
<user666> what setting file should i look into to allow password-less ssh connections
<user666> server is 9.10
<raubvogel> qman__, that is why I am leaving the system as is for now
<user666> i did generate ssh keys, i did cat the pub key to server, ect, no go
<raubvogel> user666, how about /etc/ssh/sshd_config?
<cjwatson> user666: see what /var/log/auth.log says when you attempt to log in
<raubvogel> Also ssh -vvv should tell you what happened
<cjwatson> raubvogel: ssh -vvv doesn't tend to tell you why authentication failed
<cjwatson> raubvogel: generally, if the server told the client the reason, it would be an information-leak vulnerability
<cjwatson> so you need to look in /var/log/auth.log on the server
<raubvogel> Agreed, but it would at least say if it even tried to do key authentication
<user666> ok, looking into sshd_config
<cjwatson> no, look at the logs first
<cjwatson> don't waste time guessing configuration before looking at the logs
<cjwatson> it might be something as simple as a permissions error
<user666> both auth files are chmoded to 640
<cjwatson> look at what the log tells you
<user666> logs dont show any attempts to find key pairs
<cjwatson> I usually 'tail -f /var/log/auth.log', hit Enter a few times so there's blank space, and then try to log in
<user666> ups, actually i found: Authentication refused: bad ownership or modes for file /home/playserver/.ssh/authorized_keys
<cjwatson> there you go
<cjwatson> 'man sshd' lists the required permissions
<cjwatson> note that it is not just the file itself you need to check
<user666> permissions for authorized_keys or what ?
<cjwatson> see the manual page
<Kudos> slightly off-topic, anyone know how to tell scp to use a specific device?
<Kudos> trying to pull from a VPN without sending all traffic through it
<Lord_Rahl> can anyone point me to a how on have one nic point to a separate network and one nic pointing to another
<cjwatson> Kudos: I doubt you can, wrong layer really.  it's probably easier to set up policy routing
<cjwatson> Kudos: ('man ip', I think)
<Kudos> cjwatson: damn, that looks complicated :P
<cjwatson> hopefully there's a simpler howto around somewhere.  I'm not an expert
<Kudos> ip neighbour add looks like it might be what i want?
<Kudos> cjwatson: you sent me down the right route, thanks
<Kudos> lololo, route
<raubvogel> Lord_Rahl, both static or dhcp?
<Kudos> geddit?
<Lord_Rahl> the nic are static one will be run a dhcp server. It is for asterisk server
<raubvogel> Lord_Rahl, so, you have 2 nics?
<raubvogel> Like eth0 and eth1
<raubvogel> As opposite to eth0 and eth0:1
<Lord_Rahl> I have two nics.
<raubvogel> Define them in /etc/network/interfaces
<Lord_Rahl> here is what I have in my interface http://pastebin.com/PdCQ9ZJP
<raubvogel> Shouldn't you use another gateway on line 19?
<cjwatson> Kudos: you're welcome
<Lord_Rahl> I guess so that is the phone network side it does not need to go to net. I guess I can point it back to itself
<Lord_Rahl> raubvogel, here is what I receive when I restart networking : root@Asterisk:~# sudo /etc/init.d/networking restart
<Lord_Rahl>  * Reconfiguring network interfaces...                                                                                                                                ssh stop/waiting
<Lord_Rahl> ssh start/running, process 29522
<Lord_Rahl> SIOCADDRT: No such process
<Lord_Rahl> Failed to bring up eth0.
<Lord_Rahl> raubvogel, Do I need to place them on a different subnet?
<raubvogel> Which is the gateway for each of them?
<Lord_Rahl> eth1 is use the real gateway. eth0 does not have a gateway on that network
<Lord_Rahl> or no way to get to it
<Eventyret> Anyone able to explain how to setup dns for a IRC Cloak i got a Rdns setup for my server.
<_ruben> Lord_Rahl: dont specify a gateway for eth0 then
<raubvogel> exactly, so it will use the default one
<Lord_Rahl> _ruben, OK i will try that
<Lord_Rahl> _ruben, that work you the man!
<Eventyret> any help on setting up a vhost ?
<therobot> I'm trying to backport wkhtmltopdf from lucid to hardy with prevu (in a hardy box), I'm just running prevu wkhtmltopdf/lucid but I get "Unable to find a source package" error, what I am doing wrong?
<uvirtbot> New bug: #672594 in clamav (main) "package clamav-daemon 0.96.3 dfsg-2ubuntu1.0.10.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/672594
<alfonx> Hi. I have been using Gentoo and now want to switch to ubuntu server. I wonder, how webapps (gallery, phpstuff, phpmyadmin etc tec) is managed for multiple "sites/domains/vhosts" on ubuntu. is there anything like "webapp-config" on gentoo. Can Ubuntu-server share one installation of a webapplication for multiple domains? Or do the webapplications have to provide this functionality?
<zealiod> How do I use ebtables to log which mac addresses are using certain vlans?
<hggdh> JamesPage: Qs for you re. Hudson deployment
<JamesPage> hggdh: fire away
<hggdh> JamesPage: (1) I have a server hat could be used; care to have a look?
<JamesPage> hggdh: yes please
<simplexio> alfonx: buntu is linux like gentoo.. so yeas. easily ? i dont know, but here is is vhost conf for apache
<mathiaz> Ng: hi - have you heard of Graphite - Enterprise Scalable Realtime Graphing - http://graphite.wikidot.com/?
<mathiaz> SpamapS: ^^?
<Ng> mathiaz: I've not personally tried it, but I've heard of it and like that it's Python. The DB isn't RRD, but is fixed-size though, which is a downside for us
<mathiaz> Ng: right - because you'd like to measure everything for ever ;)
<Ng> ye
<Ng> +s
<alfonx> simplexio: probably my question was not clear. when i do "apt-get install drupal6", can i then configure it independently for two "sites-enabled"? will one "apt-get upgrade drupal6" work for both sites? In gentoo the webapp-config tool is doing hardlink- and symlink-magic to share the application with thousands of vhosts, but it is only installed once.
<kirkland> cjwatson: shall I open a bug about this?  if so, against what?
<robbiew> kirkland: Daviey: and who ever else in San Antonio...leaving in about 20min, so should be there closer to 11:30/noon...I'll cover lunch ;)
<cjwatson> kirkland: a bug on tasksel would be good, I think
<cjwatson> for starters
<cjwatson> kirkland: can you poke Daviey about my query about a test case for bug 633015, from Friday or so?
<uvirtbot> Launchpad bug 633015 in dpkg "debian/source/include-binaries doesn't allow for inclusion of modified binaries" [Undecided,Fix committed] https://launchpad.net/bugs/633015
<light_> Anyone know why my node instance is stuck in BeaBIOS and doesn't boot up when started on a node-controller....yet when I bring up the same image in kvm...it works just fine?
<Daviey> o/
<Daviey> cjwatson: Will do that!
<Daviey> cjwatson: Can i use my heavy weight package, or can i use a sample foo package?
<Daviey> robbiew: Groovy
<zul> \\\\\\\\\\\\\\\\\\\\\\\\\
<cjwatson> Daviey: I just want something I can test reasonably easily for SRU verification
<cjwatson> since I want this SRU out of the way for something else :)
<cjwatson> (enabling xz support, which needs a backport to lucid-cat, and I'd rather do that on top of current -proposed)
<Mez> Suggestions for what to use to proxy SMTP for a bastion host?
<Daviey> cjwatson: I understand... will try and do that today, or otherwise tomorrow.
<Daviey> (currently sprinting)
<k-rad> can anyone give me some tips on how to link my fully qualified domain to a service such as dyndns.org (free) using CNAME so that i can make my wordpress/lamp installation functional here ?  or another dyndns.org type service which is free, that is supported by dd-wrt
<flohack> Hi! I'm trying to use selinux on maverick on Amazon EC2 and it seems to crash the machine. Is anyone using selinux on amazon ec2 here?
<simplexio> alfonx: you no idea. but symlink & hardlink magic is easy to by hand or by script
<zealiod> how can i just log traffic from certain vlan with ebtables?
<alfonx> simplexio: thanks
<ScottK> alfonx: I believe that the Ubuntu Server Guide (see /topic) covers some of this.  At least enough to give you an idea of how it works.
<ruben23> hi guys how do i check packages that are installed
<ruben23> on my ubuntu server
<alfonx> ruben23: start aptitude and slecet "installed packages" .. if you like to use some kind of text gui
<bluefrog> ruben23, dpkg -l
<ivoks> or, ls -d /usr/share/doc/* | cut -d\/ -f5
<ivoks> :)
<XeNoT> Is it possible to add a authorized_keys as a paramater with the vmbuilder command?
<SpamapS> mathiaz: I evaluated graphite for the UEC monitoring / monitoring framework stuff but rejected it for inflexibility I think.
<bluefrog> ivoks, except that you may be missing stuff
<ivoks> bluefrog: which one?
<bluefrog> ivoks, not talking specially of a server. taking example on my desktop. your line wll give 1370 hits, dpkg -l 1386
<ivoks> dpkg -l prints more than just installed packages
<ivoks> but my command doesn't provide exact output too ;)
<bluefrog> ivoks. got some rc with dpkg -l
<bluefrog> not only ii
<ivoks> exactly
<bluefrog> ok
<hggdh> zul: working today?
<zul> hggdh: yep in san antonio
<zul> hggdh: whats up?
<hggdh> zul: we need, later on, to discuss the SRU process for server, and what I can do there
<zul> hggdh: sure
<makomi> anybody see the error in samba? If I do a "dpkg-reconfigure samba" I get a "sed: -e expression #1, char 143: unknown option to `s'"
<uvirtbot> New bug: #672688 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: el subproceso script post-installation instalado devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/672688
<AivarasKivilius> Hello, I need to create new user and give for him premissions to lounch only irssi ir screen, How to do that?
<AivarasKivilius> User won't be able to do anything except that.
<jdstrand> hallyn: hey. I haven't had a chance to look at your next merge request yet, but came across this: https://www.redhat.com/archives/libvir-list/2010-November/msg00281.html
<jdstrand> hallyn: fyi only
<uvirtbot> New bug: #672717 in samba (main) "sed error after "dpkg-reconfigure samba"" [Undecided,New] https://launchpad.net/bugs/672717
<claude2> can anyone help with a xen question?
<claude2> i cant tell if you need any special modifications to make ubuntu 10.04 run as a domU
<claude2> im using the desktop ubuntu install presently
<claude2> im having some instability and io errors
<RoAkSoAx> claude2: afaik Xen is not supported in Ubuntu. sorry :(
<k-rad> how does one link a domain name with a LAMP installation.  i'm guessing there are better ways than forwarding with masking with dyndns.org
<SpamapS> k-rad: you just need to set a DNS name to the IP of the server. If its a dynamic IP, then that gets unreliable and difficult to manage.
<k-rad> SpamapS, how do i create my own dns name and link it to my server ?
<k-rad> i use godaddy would that do it ?
<raubvogel> AivarasKivilius, I think what you want is something similar to a restricted shell
<RoAkSoAx> k-rad: yes, just use  godaddy's dns's and add an entry pointing to the IP address of your server for your domian name
<k-rad> RoAkSoAx, thank you sir
<RoAkSoAx> welcom :)
<uvirtbot> New bug: #672731 in openldap (main) "impossible to install slapd" [Undecided,New] https://launchpad.net/bugs/672731
<k-rad> RoAkSoAx, sir, do you know a easy guide for someone who installs wordpress, and then, LAMP with it.  since its all installed with wordpress package, it skips any configurations any tutorial might be able to walk you through
<k-rad> i found a how-to.  i'm good.  thank you all
<Guest21908> hello, i just installed the server dist. what is the best way to communicate with it remotly? some kind of shell connection with ssh? please, kick me in the right direction, like a google search string
<RoAkSoAx> k-rad: there's lots of how-to's in google :). I personally installed it from source instead of using the ubuntu package
<Guest21908> openSSH? :)
<RoAkSoAx> Guest21908: yes, just ssh! sudo apt-get install openssh-server (if you haven't done so already) and you are pretty much set
<RoAkSoAx> Guest21908: of course you'll have to tune it up, (such as change ports and stuff)
<Guest21908> RoAkSoAx: thanks! i think its there from the installer. ill fire it up and google thru laptop then
<Guest21908> thanks for answering on a thousand-asked-question
<RoAkSoAx> lol no problem :)
<k-rad> the irc dns command is very useful in finding a ip address that is linked to dyndns.org for /etc/mysql/my.cnf / bind-address = xx.xx.xx.xx
<k-rad> which is /dns
<k-rad> i will set it to my hostname.dyndns.org, the bind-address, since that will change anyway, hopefully, it will accept alphabetical characters
<k-rad> my dyndns.org is setup in my router.  i had to give up optware the right way, but with 4bit upstream, can save me $10 a month :)
<k-rad> by default bind-address = 127.0.0.1.  thats what i use for my dns server cache (dnsmasq) perhaps i can set dnsmasq to use a different listening ip, and reflect those changes anywhere, those who are familiar with dns caching, what could i set my dnsmasq listening interface to other than default ?
<k-rad> this will not work for me not even with a sudo   mysql -u root   ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
<k-rad> got it done, thanks all
<k-rad> any thoughts on lighthttp ?
<k-rad> is it possible that when i got to the bind-interface = 127.0.0.1 and it said to change it to your own ip, would that be a WAN ip or static ip ?  thats /etc/mysql/my.cnf
<SpamapS> lighttpd seems to be pretty solid and fast.. its not as fast as nginx, but certainly has easier code to work on when you don't speak russian. ;)
<fluvvell> A linux client on my network is making dns request for a server no longer in existence on the local net. How can I find which process is making the request?
<SpamapS> fluvvell: is resolve.conf updated with the newe DNS server info?
<SpamapS> err
<SpamapS> resolv.conf
<fluvvell> SpamapS, the request to my dns-server is about the A record for a media server I used to have 6 months ago.
<fluvvell> so the request is valid, the dns server is answering, but I dont know why the client is asking for it still.
<fluvvell> my approach is therefore, "Whos asking?"  Looking into processes on the client, I can't work out which one might want the old media server
<SpamapS> fluvvell: ah
<SpamapS> fluvvell: thats a tough one
<SpamapS> fluvvell: because DNS is UDP, the window for a socket will be relatively tiny.
<fluvvell> so  open files? or netstat with some options
<fluvvell> Oh
<fluvvell> right
<SpamapS> fluvvell: sudo fgrep -r badhostname /etc /home /usr
<fluvvell> Its asking about 3 times per second
<fluvvell> ok
<SpamapS> fluvvell: thats pretty fast
<fluvvell> yes!
<SpamapS> fluvvell: maybe you can catch it.. I think you can log who owns a packet with iptables
 * SpamapS hasn't done this tho
 * fluvvell wonders why he chose media as the name for a server!
<fluvvell> at least 8 times per second in the logs on the dns server
<guntbert> fluvvell: and the logs on the client reveal nothing?
<k-rad> http://pastebin.com/Vyh5ymTZ  in /etc/hosts i'm supposed to define an ip address against a domain in that pastebin that domain had a subdomain.  do i need a subdomain for my registered domain ?  or should there be a way to fill in both of my godaddy name servers here ?
<k-rad> also, i don't know what number to prefix before the domain  they are asking for linode address
<fluvvell> guntbert, no mention of media in any log files.
<guntbert> fluvvell: I was thinking about errors like "unable to find/contact..."
<fluvvell> given that cifsd is at the top of the process usage, I'm guessing something on the desktop is trying to find a share
<fluvvell> guntbert, tcpdump is giving me  SMB PACKET: SMBreadX (REQUEST)
<guntbert> fluvvell: seems plausible - you could use wireshark too (easier to see details of the protocol) - OR look into /etc/fstab ....
 * RoAkSoAx wonders who was the one that wanted to look into openvswitch?
<bogeyd6> Anyone can point me to a guide on setting up mysql load balancing cluster on 10.04.1 ?
<RoAkSoAx> bogeyd6: this is not ubuntu specific but almost everything should be the same: http://www.howtoforge.com/loadbalanced_mysql_cluster_debian
<bogeyd6> RoAkSoAx file is too old
<bogeyd6> prob more like http://barkingiguana.com/2008/07/07/high-availability-mysql-on-ubuntu-804/
<RoAkSoAx> bogeyd6: it uses mysql 5.0.19 the only that will differ is heartbeat related stuff
<RoAkSoAx> bogeyd6: give it a try and see what happens
<bogeyd6> k
<bogeyd6> RoAkSoAx lookie here https://help.ubuntu.com/community/HighlyAvailableLAMP
<bogeyd6> jackpot
<bogeyd6> spent an hour on google looking for aht
<bogeyd6> !search googleit
<ubottu> Found:
<RoAkSoAx> bogeyd6: the drbd config seems ok, the heartbeat related config is really old and pretty much useless nowadays. And that is just a failover cluster, not a loadbalancing cluster :)
<RoAkSoAx> bogeyd6: for more updated stuff refer to https://wiki.ubuntu.com/ClusterStack/LucidTesting
<RoAkSoAx> bogeyd6: we hope to include cluster related stuff in the Ubuntu Server Guide soon
<fluvvell> guntbert, yes, fstab seems to offer no clues. What could be attempting to mount otherwise?
<guntbert> fluvvell: some media player (VLC,...) ?
<fluvvell> Its as if some desktop application has remembered a connection or something..
<fluvvell> guntbert, yes was wondering something like that. VLC not running,
<guntbert> fluvvell: was only an idea - but I'm off -- Good luck :-)
<fluvvell> cheers
<fluvvell> FOUND IT!!
<fluvvell> firefox had an add-on called minion  which was set up to the old media server
<kinygos> hi....my /var/log/auth.log is full of pam_unix(cron:session) entries...i've found a forum suggestion to comment out the line @include common-session in /etc/pam.d/cron...but my file doesn't have such a line (it has @include common-session-noninteractive)...what does commenting that line actually do?
<remix_tj> kinygos: i think this line is useful
<kinygos> remix_tj: that's what i was afraid of
<remix_tj> useful for knowing which cron users runs
<kinygos> ah...the ones filling up my log are for user root, but as you say, there are also those for when i sudo something with my username, so probably best to live with it
<databits> what is it called when you run two different websites off of one server ?
<KnightHacker> databits: Virtual Hosts?
<hallyn> zul: around?
<zul> hallyn: kind of...whats up/
<hallyn> zul: on blueprints for natty,
<hallyn> you marked containers-in-uec 'pending approval'
<hallyn> does that come before review?
<hallyn> before 'review' state, that is
<hallyn> just wondering what i shoudl do with mine...
<zul> hallyn: good question im not sure..
<hallyn> SpamapS: you marked yours 'review' right?
<hallyn> mathiaz: oh, you're prolly the one i should ask :)
<mathiaz> hallyn: once i've finished writting my spec and put them in a review state
<mathiaz> hallyn: so that other team members can start to look at them
<mathiaz> hallyn: pending aproval is the last step
<mathiaz> hallyn: before the specs is actually accepted for this release cycle
<SpamapS> hallyn: the ones I'm ready for peopel to review, yes
<SpamapS> and people too
<SpamapS> IMO, review means "everybody take a look" pending approval means "discussion over, give me a yes or no approver"
<SpamapS> I set one of mine to Pending Approval because its basically just a TODO list of stuff for me..
<hallyn> mathiaz: thanks!
#ubuntu-server 2010-11-09
<VladGh> I installed dk-filter and opendkim and I keep getting this error Sendmail DomainKeys Filter: Unable to create listening socket on conn inet:8892@localhost / smfi_opensocket() failed
<VladGh> it's not the first time I install this combination, but it is the first on EC2
<VladGh> Does the EC2 Ubuntu Ami have some kind of permission for creating listening ports?
<erichammond> VladGh: Should be same as normal Ubuntu server in this regard.  Is something already listening on that port?
<VladGh> erichammond: netstat --listen shows nothing
<VladGh> I just tried SOCKET="inet:54321" instead of SOCKET="inet:54321@localhost" and I think it will work
<allowoverride> im out l8
<VladGh> nope, without localhost postfix gives now "fatal: host/service localhost/54321 not found: Name or service not known"
<ehcah> can Ubuntu Server be configured to match the capabilities of a product like FreeNAS?
<twb> I'm not familiar with FreeNAS, but theoretically Ubuntu can be configured in just about any way.
<ehcah> twb:  FreeNAS, OpenFiler, unRAID, EON are all packaged NAS solutions.
<ehcah> I have 2 ubuntu Servers running in my basement rack already.  I'm trying to see if I could build a scalable solution using ubuntu.
<twb> If you're just asking "can Ubuntu Server be a NAS" -- yes, it can
<ehcah> LOL... I know it can.  I'd like to find someone who can offer some real world experience.
<twb> I use it as an SBS replacement
<twb> i.e. acting as a centralized auth/file/print server
<qman__> the biggest problem I have when trying to replace windows servers is directory services
<qman__> LDAP is such a PITA to configure and use
<twb> qman__: and krb
<twb> Last time I got LDAP working w/o SSL or krb.
<qman__> yeah
<qman__> we desperately need a ready-to-go directory services package
<twb> That's what I liked about NIS
<twb> It is LITERALLY just a matter of installing it and setting the domain name (which has a debconf prompt().
<twb> For the server side, you also have to tell it to be a server in /etc/default/nis, but that's it.
<twb> Unfortunately, you can only use NIS on "ultimately trusted" networks.
<latenite> Hi flks, "update-grub" is not adding my custom kernel to grub2? What am i doing wrong? http://pastie.org/1283313
<twb> latenite: if you're referring to bzImage_0 -- it's not named correctly.
<latenite> twb, what woudl the name have to be like?
<twb> Well, like the one that's in there
<latenite> twb, vmlinuz-SOMETHING ?
<twb> Just so
<latenite> twb, thanks mn , that did the trick :)
<twb> You should build your kernels with "make deb-pkg"
<twb> It will generate .deb you can install.
<latenite> now I get kernel panic "VFS: unable to mount root fs on unknown-block(2,0)"
<twb> That's probably because you have no ramdisk.
<latenite> I have my filesystems build in * and NO iniramfs
<twb> Or because you didn't compile something in.
<latenite> well what could me missing? filesystems are build in for sure :)
<twb> You cannot use root=UUID=... or root=LABEL=... without a ramdisk.  You must pass the raw device name (e.g. /dev/sda1), which can change.
<latenite> twb, oh, I did not know that. why is that so?
<twb> Because they require udev
<twb> Without a ramdisk, the only way to get to udev is via the root filesystem.  So you have a cyclic dependency.
<latenite> twb, oh that makes sense :)... well than I just add ramdisk to my kernel?
<twb> I suppose so.
<twb> 13:17 <twb> You should build your kernels with "make deb-pkg"
<latenite> twb, what is that for?
<twb> Because I told you to
<latenite> twb, I never had a ramdisk. How do I create one?
<latenite>  :) ok I will
<twb> By doing "make deb-pkg", then installing the resulting .deb.
<twb> If you do it that way, the ramdisk will be generated automatically.
<latenite> twb, so in /usr/src/linux/ I do "make dep-pkg && make modules_install" ???
<twb> No
<twb> Just "make deb-pkg".
<latenite> twb, is there a place to read about "dep-pkg" ?
<twb> It's DEB-PKG, not DEP-PKG
<twb> Because Ubuntu is really rebadged Debian.
<latenite> twb, ok id did "make deb-pkg" now whats next? there is no new vmlinuz file in /boot noe a ramdisk anywhere.
<twb> The package will be placed in /usr/src.
<latenite> oh then i do
<latenite> dpkg -i $pakage ?
<twb> Just so.
<twb> Re. documentation, see /usr/src/linux/scripts/package/builddeb and http://kernel-handbook.alioth.debian.org/
<latenite> twb, there is also a new "linux-firmaware-iamge.bed" what s about that?
<twb> dpkg -I foo.deb describes packages.
<latenite> twb, ist sais it conatisn firmware from the kernel. Do I need that? If so, what for?
<twb> You need it if you have hardware that needs that firmware.
<twb> The linux-firmware-image .deb will not be generated if your custom kernel has all firmware options disabled.
<twb> Incidentally, WHY are you trying to use a custom kernel?
<latenite> twb, because I have a soundcard that is not in the default kernel
<twb> Please pastebin the output of "lspci -nn".
<latenite> http://pastie.org/1283405
<latenite> ICE1712 is what I need to build in *
<twb> Try pasting it into http://kmuto.jp/debian/hcl/
<twb> I'd do it myself but that site is broken in my browser :-/
<latenite> WHAT exactly do I pate in there?
<latenite> ICE1712 results in error
<twb> The full output of lspci -nn, as it tells you to
<twb> It'll tell you what kernel version (in Debian) added support.  It should be about the same for Ubuntu.
<latenite> twb, ok. Say how would I get the kernelconfig from ubuntu custom kernel...to have a sane starting point?
<twb> latenite: *I* would do it by copying /boot/config-X from the existing Ubuntu kernel
<twb> Also, "make localyesconfig" will change all modules currently in use (on the build host) to =y.
<twb> Also, "make localmodconfig" will change all modules currently UNUSED (on the build host) to =n.
<latenite> twb, wow thats a cool way :) nice
<twb> Yes, it is super nice
<twb> It's not perfect, e.g. within snd-hda-intel it can't autodetect which codecs to turn on/off
<latenite> is that debian/ubunut OR kernel way of editing .config? in other word will that work on oterh distros too?
<twb> That's a feature of the upstream kernel
<twb> It should work anywhere, from about .35 onwards
<latenite> upstream?
<twb> i.e. the mainline linus-2.6 repo
<latenite> ahh ok
<latenite> man thanks for al your help :) ....this ubuntu default kernel build for ever... :) I guess I ll idle for a while
<aegis> I'm back
<twb> Yes, the ubuntu .config is basically "all =m"
<latenite> twb, it a killer :) oh well at least iw works :)
<twb> Don't forget -j2, where 2 is the number of cores you have/
<latenite> make -j deb-pkg ?
<latenite> make -j6 deb-pkg ?
<latenite> lik that?
<twb> Yes.
<latenite> man I am tored , I got to go to bed...can t evenb type right--
<twb> Without -j it will use as many processes as it can, which will probably DOS your host
<twb> Er, I mean -j without a number.
<latenite> lol...that s bad :)
<twb> I did it about three times in a row before  Irealized what happened, because I was doing the compile in a minimized window
<latenite> still compiling...doooooo
<latenite> any cool ubunut tweaks you can recommend?..I am setting up a desktop for my mom...
 * Datz wonders if gnome is a tweek for ubuntu server :p
<Datz> ubottu dict tweak
<twb> latenite: etckeeper
<latenite> twb, nice tool :) thanks
<slicslak> trying to install openjdk, looks like the server is down?
<slicslak> Err http://us.archive.ubuntu.com karmic-updates/main libcups2 1.4.1-5ubuntu2.6
<slicslak>   404  Not Found [IP: 91.189.88.40 80]
<twb> downforeveryoneorjustme.com
<jetole> Does anyone know a good method to audit root bash history in a manner that can't be deleted? I need to set up a lot of systems at the data center so that we now have more administrators (as in I am not the only systems admin anymore) and I have done this all pretty well through LDAP but not sure what the best way to audit actions is
<slicslak> twb, thx for the link.  of course a 404 means the file iteself can't be found.  so the server is up, but the file is missing.  <shrug>  i suppose it's useless to complain in irc. i just thought someone might know something or somebody and tell them to kick some script or whatever to fix it.
<twb> slicslak: do an aptitude update?
<slicslak> jetole, i don't think you can prevent ppl from tampering w/ their bash history.  sudo always keeps a system log though, so you could combine that w/ remote logging and audit that
<slicslak> twb, nice, thanks.  jumping too many systems I forgot that was necessary on this box!
<twb> slicslak: sorry, I should've thought of that before
<jetole> slicslak: well in fact sudo mails all commands to me right now and I am looking for how to allow someone to have access to pretty much everything on the system but at the same time not to launch a shell
<slicslak> np, i did ask the wrong question  ;)
<jetole> don't suppose anyone has any experience with allowing sudo to run just about any command except a shell?
<jetole> could maybe recommend a link or a howto
<slicslak> jetole, they could always compile their own...
<slicslak> it sounds like you need a pplware solution as opposed to a software solution.  chroot/jails w/ access to limited binaries is what is normally done to restrict what users can run.  but you can't exactly admin a box that way
<jmarsden> jetole: Check whether rootsh will help you, see http://sourceforge.net/projects/rootsh/ .  For the "everything but not shells" in sudoers, try something like   %admin ALL=(ALL) ALL !SHELLS
<jetole> there is a !SHELLS? Cool. Gotta see if that works under LDAP since sudo via LDAP has a different config but will look
<jetole> thanks
<jmarsden> No problem.
<jmarsden> jetole: BTW, if someone can do sudo vi then can get a shell inside vi... lots of programs can start shells... so this restriction will not protect you from malicious users.  But malicious users should not have sudo privs in the first place...
<chrislabeard> Hey guys anyone know of a good tutorial on how to install Suphp
<segv`> chrislabeard: shouldn't be too hard.
<chrislabeard> Looks like its already included in apache2?
<SpamapS> chrislabeard: don't do it. ;)
<chrislabeard> Why I NEEDS IT
<SpamapS> chrislabeard: there are better ways :)
<segv`> http://ubuntuforums.org/showthread.php?t=1516400 first google result.
<chrislabeard> really
<segv`> No, no one knows of a tutorial :p
<chrislabeard> thats the one i'm on
<chrislabeard> SpamapS so what are the other ways.
<segv`> that's step by step, doesn't look to hard.
<SpamapS> chrislabeard: depends on the number of users you want to support.
<segv`> in fact, looks rediculously easy
<SpamapS> chrislabeard: and how much you care if they run isolated.
<chrislabeard> Yeah but the dood didn't get it to work
<chrislabeard> SpamapS: I want it to be global
<chrislabeard> For any of my domains
<SpamapS> chrislabeard: how many *users* ?
<chrislabeard> SpamapS: 3+
<chrislabeard> min 3
<SpamapS> three...
<SpamapS> fastcgi
<segv`> i do the fastcgi method myself, great performance :)
<SpamapS> chrislabeard: just use php-fcgi and run it as each user.
<chrislabeard> So I have to manually do add the users in
<SpamapS> suphp is for when you want to host 500 users on one box and not let them steal eachothers' data. ;)
<chrislabeard> Ahh i see, Is it possible to get something to just work
<chrislabeard> Anytime I create a new user
<segv`> chrislabeard: you can just use suexec with fastcgi
<segv`> should be faster
<chrislabeard> ok
<SpamapS> chrislabeard: I used to have a script that generated a  user-php.conf for each user that was in a certain group.. would just run that after user creation.
<chrislabeard> ahh
<SpamapS> segv`: even suexec isn't necessary w/ fastcgi if you just run the fastcgid independent of apache. unless I'm missing something.
<segv`> SpamapS: he wants to eliminate that 'manual' configuration.
<segv`> fire and forget, automatically runs as said user with little or no need for him to intervein
<SpamapS> Right, the only part that my script had to do was pick a port. I used 20000+$UID to make it easy
<SpamapS> segv`: true and suexec is still 10 times simpler and less hacky than suphp
<segv`> indeed
<segv`> and fastcgi supports it out of the box heh
<jetole> jmarsden: I was also just reading about noexec which prevents a lot of programs like vi from launching a shell
<chrislabeard> SpamapS: Is there a tutorial for this setup? I'm new to this stuff
<jmarsden> jetole: Yes, but test it before you rely on it.  sudo -V | grep dummy does not output anything on my machine...
<jetole> jmarsden: you need to be root. It does on ubuntu 10.04, 8.04 (and I assume everything in between) as well as centos 5.2 and I'm about to test it
<jetole> jmarsden: long story short, should apply to all of mine but I'm going to test it
<jmarsden> Go for it :)
<jetole> er, !SHELLS seems to be an issue with virsh
<jetole> don't suppose you know how to add an exception?
<jmarsden> SHELLS is just a Cmnd_Alias, I think... see man sudoers for how to define it, it is one of the examples there.
<jetole> not for me
<jetole> I'm using LDAP
<jetole> their are no Cmnd_Alias afaik
<jmarsden> You gave the equivalent of /etc/sudoers inside LDAP?  Hmmm.
<jetole> no. I am using sudo-ldap, sudo gets it's rules from ou=SUDOers
<jetole> well so yes and no
<jetole> for example I have cn=defaults for the default rules, cn=sysadmin for the sysadmin sudo rule which applies to cn=sysadmin,ou=groups,dc=example,dc=com
<jmarsden> So... ./sudoers2ldif /etc/sudoers  doesn't change if you add Cmnd_Alias stuff into /etc/sudoers ??  There's just no way to put that info into LDAP?  Seems odd.
<jetole> I didn't say that, I just said I don't have any cmnd_alias atm
<jmarsden> Well, so add one to /etc/sudoers and then run the command to generate the .ldif file from it, and import that... right?
<jetole> although there are some odd things about ldap which are different for example, if I have cn=sysadmin,ou=SUDOers which can run all commands, there IS NOT a way for me to allow a user who qualifies for that match to run another command !authenticate
<jetole> jmarsden: perhaps. let me look into it
<jetole> jmarsden: how do I see what it currently uses though if it's not defined as a rule in sudo already though?
<jmarsden> If you didn't define it, it is probably empty?
<jmarsden> Or it may pick up vaules from /etc/shells or something.
<jetole> no, I think it's empty, I just tried it with cat and date and neither one would run
<wizzor> Hey, does anyone know answers to the following, regarding UEC:
<wizzor> 1) What happens to images being run on a NC when an NC crashes?
<jmarsden> jetole: Ok, so copy the example one from the man page into your /etc/sudoers, edit it to include teh right shells for your machine(s), run sudoers2ldif, import the resulting LDIF file into LDAP, and retest.
<wizzor> 2) What if the cluster controller crashes?
<wizzor> Do the NCs continue operation as usual, but without ability to start new nodes, or does the entire cloud become inoperable?
<jmarsden> wizzor: for #2, see https://bugs.launchpad.net/ubuntu/+source/eucalyptus/+bug/497087
<uvirtbot> Launchpad bug 497087 in eucalyptus "Redundancy for cloud and cluster controller (HA)" [Wishlist,Confirmed]
<wizzor> We're obviously talking about a private cloud with more then one NC
<wizzor> Hmm, so does that mean the entire cloud becomes inoperable if the CC is down? I thought the bug was about having the option for multiple CCs?
<jetole> jmarsden: I appreciate the help, so you know I don't have to worry about the sudoers2ldif as their really isn't a cmnd_alias in sudo for ldap as I can have multiple people and multiple commands in a single role but you've helped me figure out what it is I need to setup so thanks
<jmarsden> jetole: OK, you're welcome.
<jmarsden> wizzor: As I understand it, the CC currently is not ever supposed to go down :)  But hey, you said this is for a private cloud, so you can easily test this for yourself and see what happens.
<wizzor> jmarsden: Thanks, I think I might try that (or ask the support team to), it'd be interesting. Any idea about the NC going down?
<jmarsden> wizzor: Not really, I'd think you lose the running images from that NC, and when you restart it you can restart those images... in other words, I don't think UEC has a lot of protection from failing machines built into it yet.  But I am a LONg way from being an expert!
<jetole> jmarsden: one last thing, as far as I can tell, I need full path names. How do I stop a user from copying bash to his /home, tmp, /dev/shm, etc
<wizzor> Hmm, well, it's probably just as easy to try that if we ever get around to building a test cloud
<jmarsden> jetole: You don't... I think the man page says: ... these kind of restrictions should be considered advisory at best
<jmarsden> wizzor: Right.
<jetole> jmarsden: so uh, is there a way for me to prevent a user from running bash that isn't advisory?
<jmarsden> Well, a *user*, sure.  A user who can sudo and copy files and compile and link programs... probably not.
<jmarsden> Why would you trust a user to run, say emacs or vi as root, but not trust them with bash??
<jetole> jmarsden: who says I trust anyone. I'm being told by the boss to make it so
<jetole> lol
<jmarsden> Then your spec is flawed... well, you could remove bash from the machine, then they'd have to compile their own copy before they could run it :)
<jetole> yeah but thats hardly a deterent
<jetole> I doubt it would happen but I really don't want to just assume it won't
<jmarsden> If the people involved are malicious, you are dead anyway.
<jetole> or if they are too stupid to have this access in the first place which several of them are, on the other hand I have known a couple from years before I worked here who are very good but may just object to being audited in their actions. as far as I can tell though, I'm kinda dead in the water
<jmarsden> There is a difference between "just assume" and "make it a policy, tell people they will be fired if they do it, etc"
<jmarsden> People problems rarely have 100% technical solutions.
<jetole> wish I could but if I do I am in trouble for lying
<jetole> heh. I'm screwed
<jmarsden> jetole: Get your boss to make that the policy, ...
<jetole> well at least with no shell and sudo always mailing (and they don't have access to the ldap server) I will at least have more logs
<jetole> jmarsden: thanks again for the help
<jmarsden> No problem.
<uvirtbot> New bug: #672901 in mod-wsgi (main) "libapache2-mod-wsgi v 3.2-2 attempt to install python3" [Undecided,New] https://launchpad.net/bugs/672901
<twb> Does kexec-tools work for anybody on lucid?
<chrislabeard> Is there such a thing as linking to mysql databases together?
<chrislabeard> On different servers?
<twb> Never mind, I forgot KEXEC_LOAD=true in /etc/default/kexec-tools
<chrislabeard> If I wanted to sync my phpmyadmin db to another phpmyadmin
<chrislabeard> do I need to open the 3306 port on my local server?
<zealiod> I have a lite weight server I am putting on a small harddisk, how can I stop logging so that i don't chew up all my hard disk space over time?
<twb> zealiod: uninstall rsyslog
<twb> You could also make /var/log a tmpfs, with a little work
<JanC> a tmpfs is only useful is you reboot it often
<JanC> well, depending on how much RAM is available maybe
<twb> It's also an easy way to cap /var/log at 8m
<twb> My netbook had 1GB of RAM and 4GB of disk, so it was much easier to do that than piss about with
<twb> LVM
<ruben23> hi guys any idea on how to install on JRE and the Java Plugin on ubuntu 10.10 maverick
<twb> ruben23: apt-get install openjdk?
<twb> It has either "openjdk" or "icedtea" in the name, as at 10.04.
<ruben23>  twb: thanks
<freepenguin0> hi, does exist an Apache Server monitor for Debian based distros?   an equivalent of Mysql-Administrator for Mysql
<twb> freepenguin0: I don't know what an "apache server monitor" is.
<twb> freepenguin0: nor do I know what "mysql-administrator" is.
<freepenguin0> mysql admin is a tool by which configure
<freepenguin0> mysql server, see the connections
<freepenguin0> make backup/restore etc.
<twb> So it's a GUI?
<freepenguin0> yes
<twb> Here, we encourage people to learn proper CLI tools.
<freepenguin0> i would know if exist a tool like this for apache server (to see connections etc.)
<twb> There may be such a GUI tool; I don't know of one.
<RoyK> freepenguin0: really, as twb say, try to spend a few hours learning the CLI - you'll get things done better that way - and over time, much, much faster
<freepenguin0> RoyK, sure, I knew Rapache but it's no more supported by ubuntu
<eagles0513875|2> hey guys i just setup dovecot+ postfix
<eagles0513875|2> i am able to send outgoing email but i cant recieve any incoming from the outside such as gmail
<eagles0513875|2> i get this error Technical details of permanent failure:
<eagles0513875|2> DNS Error: Domain name not found
<uvirtbot> New bug: #632197 in lm-sensors (universe) "lm-sensors limits and calculations aren't retained after waking from sleep" [Undecided,New] https://launchpad.net/bugs/632197
<Myx0x3> i have some problems.. ive just install ubuntu-server and i get IP and everything but it does not ping my router or my computer! the router is the DHCP server also..
<Myx0x3> it says the destination host is unreachable..
<twb> Myx0x3: did you configure your ubuntu server to be a DHCP client?
<Myx0x3> no, i did only install smb and openssh
<Myx0x3> it gets a correct IP and the router finds it on the dhcp table
<Myx0x3> and it does not ping google ie
<Myx0x3> anyone got any ide?
<twb> Sounds like something is wrong with your router.
<Myx0x3> its not, my computer works fine?
<Myx0x3> its on the same router
<twb> If on the Ubuntu server, "ip address" and "ip route" and "cat /etc/resolv.conf" report correct information, then the problem is not on your server.
<Myx0x3> whats ip route?
<uvirtbot> New bug: #672986 in euca2ools (main) "euca-bundle-vol should copy filesystem uuid" [Low,Triaged] https://launchpad.net/bugs/672986
<pmorris> Why am I getting tons of errors like: named[1336]: error (network unreachable) resolving 'G.ROOT-SERVERS.NET/AAAA/IN': 2001:500:2f::f#53
<twb> Myx0x3: a tool to set/get the route tables.
<pmorris> Nothing appears to be failing network wise
<twb> pmorris: do you use IPv6?
<_ruben> looks like a broken ipv6 config indeed
<pmorris> Only happened since I migrated from 8.04 LTS to 10.04 LTS
<pmorris> I don't know how to fix it
<pmorris> I also thought it was something to do with IPv6 when I saw AAAA resolution
<pmorris> But I also have some errors like this:
<pmorris> named[1336]: error (network unreachable) resolving 'ns3.afraid.org/A/IN': 2001:500:b::1#53
<pmorris> Is this still IPv6 related?
<shauno> 2001:500:b::1#53 is still an ipv6 address
<pmorris> Aye
<pmorris> So what would be the best thing to do in this situation?
<pmorris> Obviously it's not really a problem, just a notification, but should I disable IPv6 somewhere or just disable the logging somehow?
<pmorris> At the moment it pollutes the syslog
<h4p0z3u> anybody here can help me with ubuntu ec2 configuration?
<maedox> h4p0z3u: depends on your question. I've played with it a bit.
<h4p0z3u> my cloud:  (public ip) --- (cloud front end) --- (private network) --- (cloud background VM's), ok it?
<h4p0z3u> http://imagebin.org/122489
<maedox> Do you mean using Ubuntu in Amazon EC2 or setting up your own cloud with Ubuntu?
<h4p0z3u> set my cloud with ubuntu
<maedox> ok I see, sorry, then I'm not your guy. Haven't gotten that far yet. I've been using Amazon's EC2 for a little while.
<h4p0z3u> hum... thx
<mgolisch> doesnt their documentation tell you how to do that?
<h4p0z3u> yes, but not rich like others doc's
<mgolisch> the documentation on http://open.eucalyptus.com/ covers the basics of most stuff
<h4p0z3u> I configured the system but now I want know if I did correct and start my instances... but I don't understand well about access the instances... like a ssh access on Xen VM's... you understand?
<patdk-wk> pmorris, sounds like you have an ip6 on your computer
<patdk-wk> what does 'ip addr show' look like?
<jpds> patdk-wk: Like 'ip addr show' .
<patdk-wk> only for english speaking people :)
<maedox> How can I redirect requests to certain domains through a proxy server? Command line only.
<twb> maedox: set $no_proxy
<twb> Assuming you mean HTTP
<twb> e.g. export http_proxy=http://127.0.0.1:8080/ no_proxy=.lan,.local,fs,127.0.0.1
<twb> ...will cause everything to go through the proxy, unless its IP is 127.0.0.1, it's hostname is fs, or its FQDN ends in .lan or .local
<maedox> twb: yeah, I started out with squid, but it will be a bottle neck if I redirect everything there. I only want to proxy w3c.org and java.sun.com.
<maedox> twb: not possible to do it the other way around?
<twb> I don't know.
<maedox> alright, thanks.
<maedox> I guess my quest continues :)
<twb> The only way I can think of that doesn't involve proxy.pac (a.k.a. javascript) is transparent proxying
<twb> Hmm, I suppose you might also do it by making w3c.org and java.sun.com resolve to the local host, then effectively having a reverse-proxy listening on 127.0.0.1:80
<maedox> very weird that it should be so difficult. in any browser it's very easy.
<twb> maedox: it's not easy in w3m
<maedox> mainstream browsers :D
<twb> Or indeed any other well-behaved browser that uses $http_proxy and $no_proxy instead of trying to NIH the proxy configuration
<twb> maedox: w3m is the default browser on Debian.
<maedox> I just find it curious that there should not be some kind of service for it with a config file where you can specify proxy nothing, except these domains.
<twb> maedox: "service" implies it's a proxy
<twb> Obviously you can tell squid to only CACHE some domains...
<maedox> twb, yes, I know, but what I would like is in essence the inverse of no_proxy.
<maedox> but I guess I could use no_proxy to at least have it not go through squid for LAN IP's.
<maedox> I think I will do that for now, and see if I can figure it out down the road.
<twb> What client(s) are you using?
<twb> HTTP clients, I mean
<maedox> It's maven running from Hudson CI
<twb> Do you have any evidence it honours $http_proxy?
<twb> It's purely a convention
<maedox> It should be possible to configure env vars in the job in Hudson, but it doesn't seem 100 % stable sometimes.
<twb> (Hint: anything using libcurl gets $http_proxy support "for free")
<maedox> It seems to be honoring http_proxy, but I don't know about no_proxy.
<maedox> IÍ'll test it out to see what happens
<twb> Yeah
<twb> app authors are pretty stupid; they might not even know about $no_proxy
<maedox> The Hudson server is controlling nodes on other servers and http_proxy works for jobs but not for the whole node if you don't put it on every single job.
<twb> I'm glad I Don't Do JavaTM
<maedox> hah, yeah, me too, I'm just here to keep the network and servers secure and running.
<maedox> Ah, there is a Java env.var. http.noProxyHosts  because it seems java doesn't honor no_proxy. We are one step closer :D
<maedox> system property* not env.var.
<jpds> twb: â¢
<twb> Oh, you want ÏÎµÏ?
<twb> (Yes, my IRC client (Emacs) has TeX and SGML input methods.)
<jpds> And much more I guess.
<twb> Oh sure.
<eagles0513875> hey guys are there any postfix experts in here i need some help fixing an issue with my mail server
<uvirtbot> New bug: #673035 in samba (main) "package samba-common 2:3.4.7~dfsg-1ubuntu3.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 10" [Undecided,New] https://launchpad.net/bugs/673035
<lamont> eagles0513875: you'll find better luck if you just ask the question (or describe the problem) rather than asking if you can ask a question
<eagles0513875> ok
<eagles0513875> my question is this i am currently able to send emails from my server to my gmail for example but i cant send from my gmail to my server
<eagles0513875> i get this message
<eagles0513875> Google tried to deliver your message, but it was rejected by the recipient domain. We recommend contacting the other email provider for further information about the cause of this error. The error that the other server returned was: 554 554 5.7.1 <jonathan@eagleeyet.net>: Relay access denied (state 14).
<eagles0513875> i have an mx entry in godaddy which is the following
<eagles0513875> 0 @ @ where @ is pointing at my ip address
<eagles0513875> port 25 is unblocked
<eagles0513875> my isp though doesnt allow relaying off their MX server
<eagles0513875> is it possible to setup my own mx server on my own machine
<lamont> whatever machine returned the error to google is not configured to relay or accept email for eagleeyet.net - assuming that gmail was able to reach your machine, it needs to be told that eagleeyet.net is a local destination
<lamont> (fwiw, pri 0 mx hosts make me cry a little, simply because there's no way to inject one of higher priority later)
<eagles0513875> lamont: its probably my isp
<eagles0513875> as they dont allow MX relaying
<eagles0513875> whats funny i can send from my domain to gmail
 * lamont fires a test email
<eagles0513875> email to test with is jonathan@eagleeyet.net
<lamont> <jonathan@eagleeyet.net>: host eagleeyet.net[213.165.178.234] said: 554 5.7.1
<lamont>     <jonathan@eagleeyet.net>: Relay access denied (in reply to RCPT TO command)
<eagles0513875> bah now squirrel mail is proken
<lamont> so... that IP is the one bitching
<eagles0513875> broken
<eagles0513875> O_o
<eagles0513875> thats my ip
<lamont> congratulations.
<eagles0513875> humm
<eagles0513875> oh snap
<eagles0513875> wait
<lamont> either pastebin your main.cf, or email it to lamont@ubuntu.com?
<eagles0513875> hold on
<yann2> any idea where I can download etherboot - 5.4.4-1ubuntu3  as mentioned in https://bugs.launchpad.net/ubuntu/+source/etherboot/+bug/617316 ?
<uvirtbot> Launchpad bug 617316 in etherboot "Broken pxe-e1000.bin" [Medium,Fix released]
<eagles0513875> http://pastebin.com/if37pwDw lamont
<_ruben> eagles0513875: apparently eagleeyet.net isn't configured as a local domain on your postfix instance
<eagles0513875> O_o
<eagles0513875> _ruben:
<_ruben> add eagleeyet.net to mydestination
<eagles0513875> doh
<eagles0513875> done and postfix restarted just sent test email
<lamont> it should work better now. :-D
<lamont> (got distracted there for a minute)
<eagles0513875> yay
<eagles0513875> :)
<eagles0513875> that did it
<eagles0513875> always with me its something small
<eagles0513875> woot
<yann2> hallyn, any update on https://bugs.launchpad.net/ubuntu/lucid/+source/etherboot/+bug/570870 ? Am still unable to pxe boot on e1000 with lucid, tried the -proposed, no luck...
<uvirtbot> Launchpad bug 570870 in etherboot "pxe boot doesn't work with kvm" [Low,Fix committed]
<hallyn> yann2: supposed to be fixed, near as I can tell
<hallyn> yann2: what exactly happens when you try?
<uvirtbot> New bug: #673048 in tomcat6 (main) "tomcat6 package should suggest libtcnative-1" [Undecided,New] https://launchpad.net/bugs/673048
<yann2> doesnt get a DHCP address
<yann2> just worked with packaged from maverick
<yann2> I mean, installed etherboot and kvm-pxe from maverick, it worked.. lucid's proposed, not
<hallyn> yann2: that's interesting, but it sounds like a different bug.
<hallyn> yann2: in taht bug, pxe boot was never attempted.  it hung on 'Seabios" msg
<yann2> there were 2
<hallyn> yours tries but fails to get ip from dhcp, right?
<yann2> there were a few duplicates
<yann2>  https://bugs.launchpad.net/ubuntu/+source/etherboot/+bug/617316  have a look here
<uvirtbot> Launchpad bug 617316 in etherboot "Broken pxe-e1000.bin" [Medium,Fix released]
<hallyn> i don't condone multiple bugs per bug :)
<hallyn> one sec
<yann2> yeah, there was taht bug, then a fix, and the fix brought up this second bug, was in the comments...
<yann2> I needed it working right now, but happy to test future ppas
<hallyn> checking the lucid source for my fix
<hallyn> yann2: well, i don't know what happened there.  the fix is definately not there
<hallyn> i'm wondering whether kirkland's fix usurped mine
<hallyn> doh
<hallyn> all right, we need to nominate this for sru.
<yann2> ;)
<hallyn> yann2: sorry about that, will get that done, but it's likely to be a slow process
<yann2> do you need to formally report somewhere, like add a comment or so?
<yann2> hallyn, I dont care, It works with maverick's
<yann2> so as long as it can boot I'm a happy man :)
<hallyn> cool :)
<hallyn> yeah, i have to update the description and subscribe a team, but i'm trying to figure out whether they will 'just know' how to cherrypick the right debdiff, or if i have to build a new package for it
<yann2> also, it boots well with the rtl8139, just of course I need it for freebsd :P
<yann2> btw hallyn you wouldnt happen to know how much of a risk I would take installing a lucid kernel on a hardy server would you - ie if it's safe, not safe, or absolute madness?
<hallyn> i think plenty of ppl are dong it
<hallyn> doing it
<hallyn> oh,
<hallyn> i misread.  i thought you meant a lucid kvm VM on hardy host
<hallyn> i'd recommend asking on #ubuntu-kernel, bc i have no idea...
<yann2> thanks, will do
<DodgeThis> how can i replicate a server to another computer?
<SpamapS> DodgeThis: can you define "replicate" ?
<SpamapS> DodgeThis: do you want it to keep "replicating" or do you want to clone it one time?
<DodgeThis> +/- cloning
<DodgeThis> i want to pass all the confis and db to another server running ubuntu
<SpamapS> DodgeThis: one time only, or every time you change the source server?
<DodgeThis> one time only
<SpamapS> DodgeThis: you can probably just boot the destination box in a recovery console/live CD, mount its hard drives, and use rsync.. then chroot into the root filesystem and update-initramfs/grub-install.
<TeTeT> DodgeThis: if they are of the same make, you might want to try clonezilla
<DodgeThis> exemple: i have a server running in virtual box and want to transfer all the stuff db,configs etc to a real server
<SpamapS> DodgeThis: of course, that may result in a corrupted DB unless you shut down the source box.
<SpamapS> DodgeThis: if you haven't done a ton of system configuration, you could just install the new machine, and rsync the data to it.
<TeTeT> hmm, virtual box should rule out clonezilla, sorry
<DodgeThis> SpampaS do you have some tut that i can follow?
<SpamapS> DodgeThis: I wrote one up *a long time ago* .. I don't know how much is relevant.
<SpamapS> DodgeThis: hrm, no the tutorial I wrote is for switching local disks.
<SpamapS> DodgeThis: Since you're changing hardware, I would suggest just backing up the *data* and copying it to the new machine.
<zealiod> i was hoping this rule would log all port traffic.... it doesnt log anything... what am i missing?
<zealiod> sudo ebtables -A FORWARD --in-interface eth1.11 --protocol ipv4 --ip-protocol tcp --log-level notice --log-prefix ASH
<tomsdale_> I have added 'user1' with p.rimary group 'group1' to an additional group 'group2'. Why is user1 not able to view a folder with the group restrictions set for group2
<tomsdale_> it's like the additional groups don't count.
<shauno> tomsdale_: silly question, but has the user logged out yet?
<shauno> I don't believe changes to groups are 'noticed' until the next login
<tomsdale_> shauno: handpalm ...
<tomsdale_> shauno: yes - that's exactly it. thank you.
<RoAkSoAx> /w/win 2
<RoAkSoAx> arrggh...
<cubmike> greetings I am new to ubuntu
<highvoltage> greetings, cubmike
<cubmike> I want to know if there is any advantage of installing the 10.10 server edetion vs the desktop and the 32 vs the 64
<cubmike> ty
<SpamapS> mathiaz: its 18:10 UTC .. do you know where your meeting is?
<mathiaz> SpamapS: which meeting?
<SpamapS> server team?
<SpamapS> was it cancelled w/o an announcement?
<mathiaz> SpamapS: hm - I don't know if we're gonna have a meeting this week
<mathiaz> SpamapS: given that half of the team is at the OpenStack summit
<mathiaz> SpamapS: and they're having lunch right now
<mathiaz> SpamapS: so JamesPage, you and me are the only one around right now
<SpamapS> I will postpone to 19:00 UTC and see if anyone shows up, since the time was listed as 19:00 UTC (but last tuesday) until a few minutes ago
<mathiaz> SpamapS: yeah - it's the time change thinggy
<mathiaz> SpamapS: we'll have to reconsider the time of the meeting now that both europe and north-america have switch hours
<mathiaz> SpamapS: and google calendar is also confusing when it comes to DST
<JamesPage> mathiaz: time change is on the list of items for discussion.....
<SpamapS> Agreed, the fridge calendar doesn't even have our meeting on it
<mathiaz> JamesPage: yeah - it's a good moment for discussin time changes given that 1. time change in both Europe and North America and 2. the new composition of the team
 * JamesPage nods
<s3hh> so we decided no mtg today?
<s3hh> SpamapS: ^
<SpamapS> s3hh: meeting is moved to 1900
<SpamapS> s3hh: so, stick around for 20 minutes and we'll give it another shot
<s3hh> SpamapS: so otherwise it would move with dst, eh?  silly
<SpamapS> s3hh: I don't know, that will be discussed. I think its less confusing to go with UTC, but many may prefer that it stays at the same time locally for them.
<RoAkSoAx> SpamapS: when I get back home i'll point you to a diff ;)
<uvirtbot> New bug: #662679 in ec2-api-tools (multiverse) "EC2 kernel panic at boot with 34GB RAM" [Undecided,New] https://launchpad.net/bugs/662679
<squidly> what does everyone recomend for an ipv6 dhcp server that will auto update bind9 with rdns and AAAA recoards?
#ubuntu-server 2010-11-10
<uvirtbot> New bug: #673289 in apache2 (main) "suexec-custom checks cannot be disabled" [Undecided,New] https://launchpad.net/bugs/673289
<wiredfool> hey, I've got a 10.04 server running 2 bridges ( and quite a few :0,:1 extra interfaces) -- I get about a 2 minute hang on reboot at deconfiguring network interfaces. any ideas?  is there a way to just timeout dropping the interfaces in a couple seconds and just reboot the thing already?
<uvirtbot> New bug: #673102 in clamav (main) "package clamav 0.95.3 dfsg-1ubuntu0.09.10.3 failed to install/upgrade: problemas de dependencias - se deja sin configurar" [Undecided,New] https://launchpad.net/bugs/673102
<uvirtbot> New bug: #673313 in openssh (main) "ssh does not honor -i switch with config file" [Undecided,New] https://launchpad.net/bugs/673313
<econnell> hello all.  We have started working our migration from Solaris to Ubuntu Server because of the recent licensing changes with Oracle, and I thought the Ubuntu server team may be interested in some observations.
<econnell> First, let me explain our infrastructure a bit, our data centers are unmanned US east and west coast facilities, and we access the console of these servers via SSH to an ILOM.  I imagine this is a fairly common use case.
<econnell> As such, netboot via PXE is a requirement, as well as serial port installations.  This is 100% doable via the Ubuntu server install, but it is not documented at all.  The fixes to do this are extremely simple (once you figure out what needs to be done).  Basically, syslinux.cfg in the netboot img needs to be modified to have "serial 0" in the config and all of the kernel parameter option lines need to be modified to specify the console as
<econnell>  ttyS0
<econnell> i was quite surprised this wasn't documented anywhere actually... or at least, not that I could find
<econnell> perhaps there should be an option in the installer for "install using serial console" along with the cli and normal install methods.
<JanC> econnell: it's probably documented _somewhere_
<yann2> econnell, I'd warmly welcome a blog post about your migration once it's done
<yann2> it's a bit weird for me, am waiting for oracle to finish btrfs so I can move away from my only solaris box (ZFS)...
<JanC> lol
<lostogre> I assume that UEC can run windows 2003 hosts, but I haven't seen anything about this. Can it?
<lostogre> guests that is....
<yann2> lostogre, I understannd UEC is based on KVM - I suggest you to have a look there: http://www.linux-kvm.org/page/Guest_Support_Status
<lostogre> yann2, that's what I thought, but I haven't heard of anyone trying it.
<yann2> I've quite a few windows XP, 2000 running on KVM, but not on UEC, and not windows 2003 I'm afraid
<lostogre> how stable is it? I am looking for a replacement for VirtualBox.
<yann2> mmmh.
<econnell> yann2: i'm already missing zfs :(
<yann2> using KVM with libvirt, not UEC - rather stable, wouldnt recomment previous versions
<JanC> our locoteam VPS is a kvm VM and seems to run fine
<yann2> and still a few issues with 10.4 but managed to work around so far
<econnell> and zones... man am i missing zones
<lostogre> issues with 10.04?
<yann2> lostogre, bah nothing too bad, a PXE boot that wasnt happy this morning
<lostogre> don't use pxe so it wouldn't matter.
<yann2> should be alright
<yann2> disks a bit slow, but havent tried the virtio drivers for that yet
<yann2> (under windows mostly)
<yann2> I think the virtio drives would be of good help, for network and disks
<lostogre> right now we have a virtualbox server that is giving us fits. First problems with asynchronous IO problems with xfs (not VB's fault, I know), but when I upgraded the kernels to fix the problems the guest drivers wouldn't recompile causing other filesystem problems.
<yann2> VB is oracle's anyway, probably the next on the list imo :)
<lostogre> I have to admit, that is a concern.
<lostogre> how bad are the virtio drivers to work with anyway?
<yann2> msi files, click on them and it's done?
<yann2> (as far as I remember)
<lostogre> Oh. huh.
<lostogre> so why haven't you tried the virtio drivers for disks?
<yann2> maybe you have to do the add hardware > find drivers stuff, cant remember
<yann2> fairly new I believe. Not that concerned about performance on windows in my case
<yann2> I definitely should give them a try
<lostogre> I see.
<lostogre> heh.
<yann2> off to bed, good night everyone, good luck lostogre
<lostogre> I'm looking at the guest support status you gave me; I see that win2k3r2 runs under qemu-kvm, but Ubuntu 10.04 runs under kvm-84.
<lostogre> Oh, ok.
<lostogre> thanks.
<yann2> it's fine, it'll work ;)
<lostogre> what gives then? what's the difference?
<lostogre> can anyone tell me the difference between qemu-kvm and kvm-84?
<JanC> kvm-* are old versions before their fork got merged into upstream qemu
<lostogre> I see. So qemu is it now?
<JanC> well, there is the kvm kernel module, which is part of the upstream kernel, and there is qemu-kvm which is part of upstream qemu
<lostogre> I see. Ok, so it is about like I remember.
<lostogre> thanks.
<lostogre> Different topic: what kernel do I need in order to successfully patch the asynchronous IO bug in XFS?
<lostogre> This is a lucid server.
<lostogre> MikeGuo, you work for canonical?
<MikeGuo> lostogre, urmm. yeah.
<lostogre> mind if I ask a question?
<MikeGuo> lostogre, sure. if I can help. ;),
<MikeGuo> lostogre, how do you know I work for canonical?  :)
<lostogre> MikeGuo, your login says that your host is emperor.canonical.com.
<todd> hmm
<lostogre> On a lucid server, which kernel in the official repos has the XFS problems fixed.
<lostogre> XFS/ext4 problems.
<MikeGuo> lostogre, sorry. man,  I really don't know about your question.  but  may be you can find the answer on LP
<lostogre> LP?
<JanC> wasn't that before Lucid?
<todd> launchpad
<lostogre> ah.
<MikeGuo> yeah.
<lostogre> JanC, no, I have a server that is suffering from those problems.
<lostogre> or at least something like it.
<lostogre> I have several VM running in VirtualBox that are halting with XFS errors.
<detrix> Hi everyone.  problem: wife has a netbook (acer) been running Ubuntu Standard Gnome (not the UNE). She found a program that was very similar to a PIM program she used on windows, but it is a bunch of KDE programs.  Would this cause her computer to run really slow?
<detrix> Sorry wrong channel
<lostogre> the only slowdown that I can think of is that she will have gnome libraries and qt libraries in ram at the same time.
<detrix> hmmmm
<ASULutzy> Hey all, I wrote a little shell script here that is pretty simple. Wanted to remux a bunch of .avi's I had into .mp4's. http://pastebin.com/icdbxxN1 For some reason, the script fails, and I don't get why, output here: http://pastebin.com/W0PGAKu9 Finally, here's the output of echo'ing $file instead of ffmpeg'ing it http://pastebin.com/01KerYRM Thanks for your help!
<twb> find -type f -name \*.avi -exec sh -c "ffmpeg -i "$0" -vcodec copy -acodec copy "${0%.avi}.mp3"' {} \;
<ASULutzy> Thanks, I'll try that
<ASULutzy> Any idea why mine fails?
<twb> That's just better style, I don't know what's failing
<patdk-lap> dunno
<patdk-lap> mine works
<ASULutzy> In the second pastebin, it gives "uered the World.avi: no suchÂ fileÂ or directory"
<ASULutzy> It's chopping up $file for some reason it seems like?
<patdk-lap> fine . -type f -name '*.avi' | while read i; do echo "Test " $i; done
<patdk-lap> oh, spaces
<ASULutzy> It works fine when I echo it
<patdk-lap> you have to escape them :)
<patdk-lap> or put it in "
<patdk-lap> fine . -type f -name '*.avi' | while read i; do echo ffmpeg -i "$i" ....; done
<ASULutzy> It's quoted?
<patdk-lap> some for twb's
<patdk-lap> "{}"
<twb> Whitespace issues wouldn't account for the problem you're seeing.
<ASULutzy> http://pastebin.com/icdbxxN1 source
<ASULutzy> Yea, it's kind of baffling to me
<ASULutzy> I'll try your different style and see if it works
<twb> patdk-lap: you only need to quote {} in csh and tcsh
<patdk-lap> I have had issues in bash
<twb> If you say so.
<ASULutzy> twb: Did you mean to have that last single quote in what you typed?
<twb> Oh, sorry
<twb> find -type f -name \*.avi -exec sh -c 'ffmpeg -i "$0" -vcodec copy -acodec copy "${0%.avi}.mp3"' {} \;
<ASULutzy> So far yours seems to be working better already
<twb> Well, I *am* a genius.
<ASULutzy> I'm still really confused as to why mine didn't work. I thought maybe one of the files had a ' in it
<ASULutzy> so I trimmed ' from all the filenames
<ASULutzy> Still didn't work
<twb> Ask #bash sometime
<ASULutzy> Good call
<ASULutzy> Another quick question, you think it would be worth shoving gnu parallel in there sometime over an nfs share on Gigabit Ethernet, or you think the network is probably the bottleneck there?
<ASULutzy> Probably a dumb question, I guess I could just ffmpeg -threads 4
<patdk-lap> "${file/%.avi/.mp4}"?
<patdk-lap> shouldn't it be like "${file%.*}.mp4"
<patdk-lap> or atleast that is how I do it
<patdk-lap> heh
<twb> patdk-lap: no.
<ASULutzy> I originally had base=`basename "$file" .avi` dir='dirname "$file"`, but my friend who is quite the guru told me I was a noob and suggested that, the problem existed both ways
<twb> Because that will chop of extensions other than .avi
<patdk-lap> we are already grepping on avi extentions, who cares :)
<patdk-lap> but then, I normally convert from more than just avi
<ASULutzy> Thanks for your help though, I tried asking in #ubuntu first, but since it wasn't related to the same 5 questions asked all day, didn't get much response ;)
<ASULutzy> Your fancier one liner seems to be working though
<overrider> Hello there, i have a vga monitor connected to my server and am using to monitor some statistics. Unfortunately, it will go blank after a few minutes not using the keyboard. How to make it so that the monitor never goes off / blank / standby? Many thanks
<demonspork> how can I do an incremental backup of a directory on my server, the directory is large and just archiving it is going to take a lot of space because I intend to keep the backups for a long time
<patdk-lap> probably want to look at rsyncdiff
<patdk-lap> or backuppc
<patdk-lap> all depends on what kind of route you want to go
<twb> I use rsnapshot instead of rsyncdiff; anything based on hard-linking and the rsync algorithm should be about the same.
<Dantes13> Did anyone here upgrade from 8.04 to 10.04 instead of doing a clean install?  How did the upgrade go?  Any issues?
<twb> I remember having problems with d-r-u
<twb> I only tried it in a VM prior to the actual release of 10.04
<patdk-lap> I'm not sure I have upgraded any 8.04 to 10.04 yet
<patdk-lap> the only two that I have, went through 8.10->9.04->9.10
<ScottK> Dantes13: I've done a couple with no issues.
<Dantes13> Awesome ScottK.  That's what I wanted to hear!  :)
<fluvvell> Dantes13, I've done 4 upgrades from 8.04 to 10.04, not without incident but easier than earlier upgrades
<fluvvell> but I have to say, eve  a clean install where I was migrating a system with raid1, the 10.04 setup does not make for easy raid configuration.
<fluvvell> no, the upgrades were not true "server" installs.
<kiall> Hiya - anyone around who's familiar with UEC? (specifically EBS volumes claiming to attach correctly, but never appearing inside the instance)
<databits> when you are typing a password or info into a txt box they have the X and check indicators does anyone know what kinda of function that would be to add to a website
<databits> I'm trying to google, but I'm not sure exactly what to search for
<segv`> weirdest issue today, have a system that as soon as "hardware detection" runs, the drives decide to go kaput
<segv`> So I can't install ubuntu server, BUT if I load them from a live cd, just fine, if I go into rescue mode on the same ubuntu live cd, i can mount them, only during install..
<segv`> and the USB goes out as well
<segv`> acpi issue?
<alex88> time
<twb> segv`: you're booting the d-i CD?
<twb> segv`: does "kaput" mean a kernel oops?
<twb> segv`: if not, switch to vt2, hit RET to create a shell, then examine the end of /var/log/syslog and dmesg for hints
<kiall> Any UEC users about?
<twb> soren: kiall (presumably) has a UEC question
<twb> !anyone > kiall
<ubottu> kiall, please see my private message
<kiall> twb, hiya
<kiall> yea its a UEC question / bug .. (99.99% sure its a bug .. not sure if its QEMU/eucop tho .. half way through building hacked version that will point me in the right direction ;)
<twb> kiall: you have no describe the issue.
<kiall> sorry - With UEC (10.10) EBS volumes fail to attach correctly, nothing appears in the instance ... manually attaching via virtsh works - as long as you use bus=virtio ... and telling UEC to use bus=virtio doesnt seem to work .. its a tad difficult to explain ;)
<twb> No worries.
<twb> That message should've been your first message
<kiall> been at this about 8 hours - brain melted at this stage ;)  soryr!
<kiall> sorry*
 * pennyless is away: Gone away for now
<uvirtbot> New bug: #673387 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: ãµããã­ã»ã¹ installed post-installation script ã¯ã¨ã©ã¼çµäºã¹ãã¼ã¿ã¹ 1 ãè¿ãã¾ãã" [Undecided,New] https://launchpad.net/bugs/673387
<sander^work> mount.nfs: rpc.statd is not running but is required for remote locking. mount.nfs: Either use '-o nolock' to keep locks local, or start statd.<-- How can I get rpc.statd to run on bootup?
<twb> sander^work: on 10.04?
<twb> This is how I do it: http://paste.debian.net/99437/
<twb> Yet, it's disgusting.
<twb> Yes, it's disgusting. *
<sander^work> twb, yes... on 10.04
<maedox> Does anyone know how I can add L-IPA, L-NAM and L-DOM in the PowerAdmin interface?  It's there in an older version on another server, but not in the latest one I set up.
<twb> maedox: I'm not familiar with any of those terms.
<twb> Ah, apparently its a web UI for the pdns DNS server.
<maedox> twb: Me neither really, but they are very handy to check that the DNS zones are set up correctly. You can see IP's with PTR and A etc. and e.g. IP's with non-matching A and PTR are marked in red.
<maedox> twb: correct.
<twb> I usually just use dig
<sander^work> twb, what does that script actually do?
<twb> sander^work: edits files
<sander^work> twb, where should I put it?
<sander^work> just run it?
<twb> You need to understand it and then make the changes by hand, since you don't have the associated interpreter.
<maedox> twb: yeah that works fine, but just for finding e.g. typos/issues quickly the web UI is better.
<twb> Shrug.
<twb> I guess if it was me, I'd set up something to send me an email when it noticed a problem, rather than having to look at a web page for colours.
<maedox> That's probably a good idea, but AI is not perfect still. :) It's hard to make a script figure out which domain name/A/PTR is the correct one. It's basically for finding issues with older records that may have been changed without care. There was another guy running the DNS servers a while back, and I have been finding strange issues ever since.
<maedox> If I add new records I always check that it works as expected, but it would be nice to have those features in PowerAdmin anyway.
<maedox> They might have just deprecated them...
<sander^work> twb, Isn't it just to start rpc.statd on bootup?
<twb> How do you know *when* to start rpc.statd?
<twb> There are already upstart jobs there, but they have a cyclic dependency.
<twb> What my code does is replace one of the nodes in the cycle with a simple loop that says "try again" every tenth of a second
<twb> About half the problem is that upstart took over the job of mounting filesystems before it was actually capable of doing so, which is why there's this intermediary kludge mountall(8) daemon.
<sander^work> twb, I get an error at bootup sometimes.. saying it can't mount an nfs partition.. and wondring if I should do it manually.. or just continue.
<sander^work> ..Is that part of the problem?
<twb> I think it's the same issue
<twb> I'm *booting* from NFS, so I probably just notice it more.
<sander^work> twb, ok.. but that error message I pasted to you.. I got long time after I booted.. just because I didnt have rpc.statd started.
<twb> rpc.statd is required for rw nfs mounts.
<sander^work> Yeah.. I guess it wasnt started because I didnt add the nfs lines untill after I booted
<sander^work> ..in fstab.
<twb> Possibly
<twb> Although the portmap-based services OUGHT to start regardless of whether they think they're needed
<sander^work> twb, so how do I use your script, without understanding it all?
<twb> That's not possible.
<sander^work> twb, I understand it.. But don't understand under what context I should use it.
<alvin> twb: interesting script :)
<uvirtbot> New bug: #673427 in dhcp3 (main) "DHCP with LDAP config should load class definitions first" [Undecided,New] https://launchpad.net/bugs/673427
<Dravekx> anyone know how to get rid if the update error on Maverick? " A error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://extras.ubuntu.com maverick Release: The following signatures couldn't be verified"
<twb> Dravekx: are you going via a proxy?
<Dravekx> twb. no. Im typing sudo apt-get update via ssh on my server.
<Dravekx> no proxy
<twb> The the most likely scenario is that repository is currently being updated
<kiall> the extras repo doesnt actually have anything in it .. no idea why its in your sources list
<Dravekx> idk
<twb> Oh, or it might not be signed by a key in your current keyring
<kiall> best bet is to just remove (or comment out) the repo from /etc/apt/sources.list - it most likely shouldnt be there anyway
<twb> kiall: maybe he ran one of those stupid scripts that claim to DTRT
<twb> You know, "one click to get mp3 and divx" or whatever.
<Dravekx> which part to comment out? Canonical 3rd party?
<Dravekx> its a simple media home server ftw.
<_ruben> the referring to extras.ubuntu.com obviously ;)
<_ruben> the one even
<Dravekx> got it :)
<Dravekx> that did it
<Dravekx> thanks
<niitty> i have problem with install -> itry to install from usb. i dont have cdrom. and installation "The Failing step is: Detect and mount CD-ROM. have anyone this problem too?
<serard> hello
<niitty> so how i can tell that it search all files from usb?
<twb> niitty: presumably you're booting an install image that you downloaded.  What URL did you download it from?
<niitty> i downloaded it from ubuntu.com/server (64-bit) and put that image to usb with those instructions.
<twb> The full URL, please
<niitty> oh sorry: image is from: http://www.nic.funet.fi/pub/mirrors/releases.ubuntu.com//maverick/ubuntu-10.10-server-amd64.iso and I mount that image to usb with http://www.pendrivelinux.com/universal-usb-installer-easy-as-1-2-3/
<niitty> http://www.ubuntu.com/server/get-ubuntu/download this page include all those infos
<twb> Humph, OK.
<twb> Try this one: http://archive.ubuntu.com/ubuntu/dists/lucid/main/installer-amd64/current/images/netboot/boot.img.gz
<twb> I can't provide support for that pendrive converter thing.
<niitty> ok. ill check that. thanks!
<eriksson25> Anyone that could help, I am about to create my secund raid on a server. Have md0 up and runing and wants to create md1. I have started md1 with mdadm --create but is there anything I shuld think on before i create a new mdadm.conf file? Since I alredy have one md0 runing.
<niitty> uhm, but what i should do with that img?, sorry to bother but im a bit new here.
<twb> niitty: gunzip it and dd it onto a USB key.
<eriksson25> Anyone know If I need to create a new mdadm.conf since I created me secund raid
<twb> eriksson25: no, you just ensure that the existing one mentions both arrays
<eriksson25> Oki, will have a look into that.
<twb> eriksson25: e.g. http://paste.debian.net/99442/
<eriksson25> My newly created array was created with one spare, but I would like to have it used. I will add 3 more hdd in just a day and will use one of them as spare.
<eriksson25> How can i activate the spare disk?
<eriksson25> and thanks for the link.
<twb> I don't remember
<eriksson25> If I dont have a spare, and one disk fails is the raid fucked? Or do I just need to add a other disk and recover the array and then remove the faulty disk?
<twb> RAID1 can lose up to one node without data loss.
<eriksson25> raid 5
<twb> Er, sorry
<twb> RAID5 can lose up to one node without data loss.
<twb> RAID1 can lose n-1 disks.  RAID6 can lose 2 disks.
<eriksson25> So why have disks as spare?
<twb> So that the disk isn't spinning
<twb> i.e. isn't subject to mechanical wear
<eriksson25> I see.
<twb> ...I think.  I've never actually created an array with a spare disk
<eriksson25> I just folowed a guide and it got created with a spare by defoult.
<twb> I wish people would not follow "a" guide
<jpds> eriksson25: Hot-spares are useful for when a drive fails and you want something to kick in immediately.
<twb> The number of times I've caught a certain coworker doing something on (say) 10.04, using a guide written for (say) 6.06...
<eriksson25> mm, understand =)
<twb> jpds: but how are they better than just adding another disk (e.g. three-way RAID5 becomes four-way RAID6)
<_ruben> that'd be a "cold spare", a "hot spare" does spin .. and gets added to a raid volume automatically whenever it becomes degraded
<twb> _ruben: I thought a cold spare didn't have power going into it
<eriksson25> Well do I need to let it rebuild 100% bofore I change it to include the spare.
<twb> _ruben: a hot spare was free to spin down because there are no writes to it
<_ruben> twb: fair enough, tho that's more a powermanagement feature than a raid feature
<twb> Granted
<twb> http://en.wikipedia.org/wiki/RAID#Hot_spares
<twb> _ruben: I'm just saying that if it weren't for the property that it will spin down (if power management is doing its job), then I don't see the point of a spare drive
<twb> I suppose with md raid, a 4-way raid6 might be more computationally intensive than a 3-way + 1-spare raid5
<twb> I let our DBA talk me into doing 3-way RAID1 instead of 3-way RAID5 for our new box :-)
<kiall> your DBA was probably right for a DB server .. depending on load that is ;)
<twb> It's not a DB server
<twb> Well, mostly not
<kiall> ;)
<twb> But the argument is that it's a lot easier to misalign app/filesystem/raid stripes on RAID5 than on RAID1
<twb> That, and it'll be easier to upgrade online because I can unplug all but one drive without taking the system offline
<eriksson25> Anyone have a good comand to include the spare disk in the array.
<_ruben> twb: spinning isn't the only difference, movement of the head(s) could be important as well
<_ruben> never really gave it that much thought thou
<_ruben> gh
<twb> 4TiB SSDs can't come soon enough.
<_ruben> + affordable
 * kiall chews up another 40 mins of PPA build server time :/ If only I could get this to build locally .. each iteration would take 2 mins.. grr
<twb> Right
<_ruben> if only RAMSAN would become "cheap" :)
<kiall> and persistent ;)
<twb> kiall: what are you building, openoffice?
<kiall> eucalyptus ... (UEC)
<twb> The userland, or a disk image?
<twb> _ruben: I don't like them calling it "RAMSAN" if it isn't a SAN
<kiall> eucalyptus itself  .. not an image ...
<twb> kiall: bummer.
<h4p0z3u> INSTANCE i-42320867 emi-E0831073 <public ip> 0.0.0.4 running 0 m1.small 2010-11-10T10:57:49.442Z mycloud eki-F7121103 eri-0B951170, 0.0.0.4 -> <local ip> like 192.168.1.4, how?
<kiall> It would literally take 2 mins to rebuild locally .. but it only compiles against a release 10.10 .. do a dist-upgrade and it fails ..
<_ruben> twb: agreed
<kiall> h4p0z3u, was there a question in that?
<h4p0z3u> my VM's start without IP
<h4p0z3u> how can I solve it?
<kiall> That could be lots of things .. what networking mode are you using? and is this a 1 server setup, or more than 1 server setup?
<twb> kiall: why can't you just use pbuilder or sbuild, like a normal dd?
<kiall> because im not building an image - im building the stuff that runs on bare metal ;)
<h4p0z3u> internet --- server1(public ip) --- LAN --- server2(private ip)
<h4p0z3u> server1 is router too
<twb> Um, the job of pbuilder/sbuild is to create a chroot that contains (say) a 10.10 compilation environment for dpkg-buildpackage
<h4p0z3u> http://imagebin.org/122632
<twb> So if you are on, say, 10.04 and need to create a .deb for 8.04, you use pbuilder instead of creating an 8.04 VM
<kiall> twb :| now you tell me? Will have to check that out ..
<twb> Broadly: sudo pbuilder create --distribution hardy (once), then "pdebuild" instead of "debuild" in the source package
<kiall> h4p0z3u, we get that part .. pastebin your eucalyptus.conf from server1 and ifconfig from server2
<twb> kiall: the binary and source packages end up in /var/cache/pbuilder/result/
<twb> I think sbuild is actually better, but I haven't gotten around to looking at it
<kiall> installing it at the mo .. 1 thing i cant find yet ... can you prevent it from doing a clean build each time ;)
<twb> I'm waiting for someone to implement btrfs-snapshot-based COWs for it instead of LVM snapshots
<twb> kiall: no, the whole point is that it does a predictable, clean build each time.
<twb> The manpage seems to indicate there's a way to prevent that, but I don't know about it.
<kiall> thats a good feature for doing a release build ... but for dev iterations can be a pain :)
<h4p0z3u> kiall, http://pastebin.com/ZU5hdLzf
<twb> Nod
<twb> I tend to use a mix of "debian/rules build" and "pdebuild"
<kiall> twb, yup - but *something* un maverick-updates is preventing the backing from building .. and im just trying to trace a bug!
<kiall> in maverick-updates*
<kiall> h4p0z3u, on server1 .. what interface is connected to the internet? eth0?
<h4p0z3u> yes
<kiall> and whats the ip of that 192.168.100.x?
<h4p0z3u> node controller
<kiall> okay .. 1 issue anyway is that VNET_SUBNET should be something not used anywhere else
<kiall> the default is .. VNET_SUBNET="172.19.0.0" (in /etc/euca../euca....local.conf)
<eagles051387_> hey guys is there a way to recieve emails if a service goes down?
<eagles051387_> or possibly an sms
<kiall> your looking for "monitoring" ;)
<h4p0z3u> VM's IP and NC IP have to be same subnet?
<kiall> h4p0z3u, I cant see any other issues there.. the bridge looks right, the conf looks right (other than the VNET_SUBNET and associated settings .. mine looks like http://pastebin.com/z8yzxuMm where 10.2 is the public range, and 10.8 is the private (CC<->NC) range)
<eagles051387_> kiall: ya what can i setup on lucid to do that?
<kiall> nagios / cacti / munin / loads more can be setup .. but .. you generally need to set this stuff up somewhere else .. if it goes down .. how is the email supposed to get out?
<kiall> there are also companies who will do it for free (if your only monitoring 1 or 2 services..)
<eagles051387_> true
<eagles051387_> humm
<eagles051387_> man i really need to setup a cloud
<kiall> h4p0z3u, no - your VNET_SUBNET is wrong there .. it cant be in the same range as server1's eth0 *or* eth1
<eagles051387_> has anyone here used the cloud computing feature of ubuntu server in a private environment?
<kiall> yes - but ... honestly .. if it was something you actually wanted to use .. you probably wouldnt be asking about monitoring ;)
<niitty> <twb> ok now i restarted it with boot.img and it works. but problem is that it says: No network interfaces detected. Do you know some solution for this?
<eagles051387_> kiall: im considering revamping my entire setup
<eagles051387_> kiall: atm just have a single server but considering turning my current desktop into a server and building a new desktop for me
<eagles051387_> kiall: question regarding the cloud. does it require a cpu that supports virtualization or can it be run on one that doesnt
<twb> niitty: buy better hardware
<eagles051387_> niitty: is the network card built onto the motherboard
<niitty> yes
<eagles051387_> i had that happen to me where the onboard network card was a bit flakey
<twb> niitty: what that error means is that your shitty Nvidia/AMD motherboard's NIC is not supported by open-source drivers.
<kiall> eagles051387_, the bare min setup is 2 servers, 1 "managing" the cloud, and 1 running the actual VMs .. that second one needs VT
<eagles051387_> twb: thats an easy fix
<eagles051387_> ok well my quad has that kiall :) ok sweet
<eagles051387_> twb: all niitty would need to do is buy a pci nic and throw it in. thats what i did and it worked fine
<niitty> i use Asus cheap motherboard.
<twb> True
<eagles051387_> niitty: you mean asrock <-- low end asus
<twb> niitty: asus is the manufacturer.  The chipsets are usually from nvidia or intel
<eagles051387_> niitty: i would try with a pci nic card they arent that expensive
<h4p0z3u> kiall,I fix but not work
<niitty> aah, i have naybe some old network card in garage... so maybe ill try em
<eagles051387_> niitty: gigabit nics arent expensive
<h4p0z3u> INSTANCE        i-427707BC      emi-E0831073    200.137.66.120  0.0.0.2 running         0               m1.small        2010-11-10T11:46:55.359Z        cloudinf        eki-F7121103    eri-0B951170
<twb> I've had consistently good success with e100 and e1000 chipsets.
<eagles051387_> twb: who makes those
<twb> While they're reputedly very shitty hardware, I've also had mostly good success with rtlNNNN chipsets.
<twb> eagles051387_: they're intel chipsets
<eagles051387_> and i have had great luck with nvidia's nforce
<eagles051387_> twb: maybe for server but desktop users are getting slammed hard again with graphics bugs
<twb> eagles051387_: this is #ubuntu-server.
<eagles051387_> i know but im saying im apprehensive about intel chipsets
<h4p0z3u> kiall, http://pastebin.com/iuu875qt
<eagles051387_> desktop/possible server is an nforce 750i chipset that i have on
<eagles051387_> kiall: could the server managing the cloud also host some things as well?
<kiall> h4p0z3u, that should be fine ... clean restart the lot .. and spark up a new instance .. if it still doesnt work, you still have another issue
<twb> kiall: btw, recent pbuilder magically supports ccache.  Dunno if that would help with re-builds of a java thingamy
<h4p0z3u> kiall, INSTANCE i-46F00928 emi-E0831073 x.x.x.x 0.0.0.2 running... fail! =(
<h4p0z3u> ops
<h4p0z3u> now works
<h4p0z3u> 0.0.0.2 -> 192.168.122.205
<kiall> twb, humm .. interesting :) .. esp since i'm now confident the bug is in libvirt (or kvm .. or qemu)
<kiall> 0.0.0.2? that cant be right ;)
<kiall> that should be 172.19.1.2
<h4p0z3u> kiall, ping <public ip> crash and ping 192.168.122.205 crash
<kiall> crash as in it crashes? or just doesnt work?
<h4p0z3u> From x.x.x.x icmp_seq=1 Destination Host Unreachable
<kiall> if it just doesnt work .. pastebin "euca-describe-groups" from your workstation (aka not server1 or server2)
<h4p0z3u> GROUP	h4p0z3u	default	default group
<h4p0z3u> PERMISSION	h4p0z3u	default	ALLOWS	tcp	22	22	FROM	CIDR	0.0.0.0/0
<kiall> you haven't allowed ICMP pings to it :)
<kiall> hence its rejecting them
<kiall> try ssh'ing to it
<kiall> (since you have allowed ssh)
<h4p0z3u> ssh h4p0z3u@x.x.x.x
<h4p0z3u> ssh: connect to host x.x.x.x port 22: No route to host
<kiall> odd .. this wont fix that .. but you prob want it anyway ... euca-authorize -P icmp -s 0.0.0.0/0 default
<kiall> has the VM booted up correctly? euca-get-console-output i-XXXXXXX will show you whats up
<h4p0z3u> iptables rules on server1
<h4p0z3u> http://pastebin.com/m8VScaBL
<jpds> h4p0z3u: Line 13 seems pretty conclusive for your ping 'crash'.
<kiall> that looks a but wrong ;)
<kiall> you should have some stuff like .. "-A PREROUTING -d 10.2.6.10/32 -j DNAT --to-destination 172.19.1.2"
<h4p0z3u> for all 172.19.1.x?
<kiall> just for running instances
<h4p0z3u> euca-get-console-.... http://pastebin.com/8ktYxE54
<kiall> aha .. I love that one ..
<kiall> The only fix i've found is to wipe out the emi / eki /eri and publish fresh ones
<kiall> the 10.10 ones on uec-images.ubuntu.com work well ..
<kiall> most images should have "-----BEGIN SSH HOST KEY FINGERPRINTS----- ........" near the end of that output if it booted successfully
<niitty> nice! i find my old nic and it work like a charm. thanks for the tips :)
<h4p0z3u> kiall, I have to leave out now, thx for all....
<kiall> no problem
<eagles0513875|2> hey guys how can i fix this error drwx------ 16 jonathan jonathan     4096 2010-11-10 12:51 Maildir
<eagles0513875|2> what group by default does dovecot use?
<eagles0513875|2> reason im asking is i get this error jonathan@eagleeyet.net>: maildir delivery failed: create maildir file /home/jonathan/Maildir/tmp/1289392498.P4804.eagle: Permission denied
<eagles0513875|2> should the user and the group be dovecot in this case?
<serard> I have a problem installing squirrelmail, on the web interface I get this : Error connecting to IMAP server: localhost
<serard> 111 : Connection refused
<serard> Ok I finally came to make it work. But I can't send an email, it tells me 501 5.1.7 Bad sender address syntax
<[diablo]> afternoon all... any Canonical reps around please?
<pmatulis> [diablo]: this is a technical channel.  what is your main question?
<hallyn> jdstrand: hey, my irc connection has dropped a few times, so just to make sure - did you have any outstanding questions on the libvirt-0.8.5v2 merge req?
<[diablo]> pmatulis, sorry was afk... just wanted to know if any canonical reps hang around here cos I have some Landscape questions
<pmatulis> [diablo]: i believe there is a #landscape Freenode channel
<ScottK> [diablo]: There are people that work for Canonical on this channel, but it's really not on topic.
<[diablo]> np
<jdstrand> hallyn: I do not. I mentioned I've yet to look at it again, but hope to today
<jdstrand> hallyn: the things I had were pretty small, so assuming you addressed them, I'll just upload
<hallyn> jdstrand: ok, thanks
<tgwoollard> Good afternoon. I have a 32 Core (4x Eight-Core AMD Opteron) HP BL685 G7 Server that i am installing with Ubuntu 9.10. For some reason, the Operating System (and the installer) will only load when i specifiy a "maxcpus=16" or lower, boot parameter. How can i get Ubuntu to see the other 16 cores? Many thanks in advance
<manjo>  tgwoollard, any reason you are using 9.10 instead of 10.04 (LTS) or 10.10 ?
<manjo> tgwoollard, ProLiant BL685c G7 was ubuntu ready under 10.10
<tgwoollard> manjo: 10.04 is of course my preferred OS, and i will 100% be using that release if i can't resolve this issue. I am purely using 9.10 as it is a request from our head of application development as his preffered environment. Whether or not i use 10.04 or not, it's going to really bug me if i don't figure this out now! I guess it's kernel related, but i need a few pointers i guess. Any suggestions?
<claude2> tgwoollard: phew, thats quite a problem to have
<tgwoollard> FYI 10.04 works perfectly on the BL685 G7 with all Cores. 9.10 is the preffered option for us though so it would be nice to resolve if poss.
<pmatulis> tgwoollard: let me guess, 9.10 preferred because of PHP stuff?
<tgwoollard> More than likely, but i also think there is simply a reluctance to move away from the preffered OS, in this case 9.10
<manjo> tgwoollard, you could use LTS backports and see if that works
<manjo> tgwoollard, the backports kernel have patches backported
<tgwoollard> manjo, would you care to elaborate? i've never used backports kernel before.
<pmatulis> manjo: LTS backports kernel on 9.10???
<manjo> pmatulis, ah he said 9.10... I kept thinking 10.04...
<manjo> tgwoollard, scratch LTS backports
<manjo> idea
<tgwoollard> manjo, just to confirm. 10.04 works perfectly. This issue is purely around prior releases, specifically 9.10 in this case
<ScottK> tgwoollard: 9.10 goes out of support in ~5 months.  It's probably not too soon to think about migrating forward anyway.
<tgwoollard> ScottK; that i did not know. That's certainly a rather large bullet to load my gun with when i push for 10.04. Many Thanks
<tgwoollard> This is still going to bug the hell out of me though, so if anyone has any ideas they would be warmly welcomed
<ScottK> tgwoollard: You're welcome.  In comparison, 10.04 will be supported for another ~53 months.
<tonyyarusso> I know there was some chatter a while back about switching the Ubuntu mysql packages to use the MariaDB source tree.  What is the current status / plan on that front?
<ScottK> tonyyarusso: No action AFAIK.
<ScottK> IIRC the mariadb people didn't even show up at UDS this time.
<tonyyarusso> o rly?  Hrm.
<tonyyarusso> No mneptok?
<ScottK> If he was there, I managed to avoid him.
<zul> tonyyarusso: there is a blueprint that deals with this i forgot which one now
<tonyyarusso> zul: looks like https://blueprints.launchpad.net/ubuntu/+spec/server-lucid-mariadb-inclusion
<tonyyarusso> Priority undefined, Series none, Assignee none, Definition new, Implementation deferred, Milestone none - not exactly active :P
<tonyyarusso> ScottK: "This issue was discussed on the second day of UDS.", so I'd be surprised if mneptok wasn't there for that.
<ScottK> tonyyarusso: Look what release that spec is for.
<Pici> tonyyarusso: he wasn't physically at UDS at all.
<tonyyarusso> oh, right, that would have been a DIFFERENT UDS.
<tonyyarusso> Some days I have a brain, and some of those it even works, I swear.
<uvirtbot> New bug: #673636 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 (not installed) failed to install/upgrade: trying to overwrite '/usr/bin/msql2mysql', which is also in package mysql-client 0:5.1.51-1.glibc23" [Undecided,New] https://launchpad.net/bugs/673636
<antoniocs> hello!
<antoniocs> is it possible to change to another user while I am logged in?
<alex88> antoniocs, just execute command as another user?
<antoniocs> well I want use the sudo command but my user isn't in the sudo list but I do know the password for a user that is in the sudo list
<antoniocs> so I just want to know if it's possible to just switch to that user and perform the sudo
<alex88> if you're connected via ssh open another session, if you're in front of the pc press ctrl-alt f2 (or f3-f4-f5..)
<alex88> well you have to know the another user password
<antoniocs> ok I just thought I could switch to the user I would like
<antoniocs> I do I do
<alex88> ok
<uth> hello
<alex88> hi
<uth> I would like to know how to use ssh
<patdk-wk_> very interesting :)
<patdk-wk_> just upgraded a few webservers from rhel 5.5 to ubuntu 10.04
<EvilPhoenix> uth:  define  "use ssh"
<patdk-wk_> nfs loads on them, for peek weekday traffic, is down to weekend levels :)
<alex88> uth, you have to install openssh-server on the server, and on the client run ssh user@Ip_of_the_server
<alex88> and you're on the remote console
<Seidr> Heya - does anyone have experience with OpenVZ under Ubuntu? I'm having a strange problem with FTP conncetions while using an OpenVZ kernel. This issue was solved a while ago (with a vanilla kernel) by using the FTP helper with IPTABLEs. The very same entries are active at the moment and I've ensure all kernel modules that WERE loaded with the previous kernel are loaded with the current
<Seidr> (well, all that should make a difference) however I'm still getting a 'Connection reset' on only certain directories through FTP.
<uth> ok alex88
<Seidr> Sorry for the wall of text! Does this problem ring any bells with anyone? ;)
<uth> but I have to configure files ? for the server ?
<alex88> uth, nope.. but it's useful to deny root login
<alex88> and for perfect security use key-based auth instead of password..
<uth> so every user can connect by ssh ?
<alex88> uth, every user of the server machine, yes..
<uth> yes
<uth> how do I deny root login ?
<alex88> there is a line like rootlogin
<alex88> in /etc/ssh/sshd_config
<uth> ok
<alex88> if you want you can create a group and let only users in that group to ssh login
<uth> Is there problems with Internet box ?
<Seidr> So - no-one else ever run into problems with FTP access while using an OpenVZ kernel? Even the log files are not giving any hints (verbose mode is on)
<alex88> Seidr, i haven't that problem
<alex88> uth, like?
<uth> Should I do a port redirection ?
<EvilPhoenix> uth:  only if you want to
<EvilPhoenix> uth:  i personally run ssh on a port that is not the standard port
<EvilPhoenix> but its up to you :P
<uth> ok thanks alex88 and EvilPhoenix
<alex88> uth, for restricting users you can use AllowGroups AllowUsers DenyUsers DenyGroups directives
<alex88> np
<alex88> look at man /etc/ssh/sshd_config
<EvilPhoenix> or ask here if you get confused with the manpage :P
<uth> ok thanks
<mathiaz> hallyn: hi
<mathiaz> hallyn: it seems that I'm running into small issues with ksm on maverick
<mathiaz> hallyn: my laptop is running maverick
<mathiaz> hallyn: and I start vm guest via libvirt
<hallyn> mathiaz: if you don't mind,
<hallyn> plz ping me again in 30 mins.  i need to get on a call, and suddenly my (maverick) laptop is failing getpt - can't even pull up a terminal!
<hallyn> weirdness
<hallyn> biab
<pmatulis> why is the lucid netboot kernel [1] dated april 2010?  this is old.  am i missing something?
<pmatulis> [1] http://archive.ubuntu.com/ubuntu/dists/lucid/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/
<hallyn> mathiaz: ok, i'm back.  what sort of ksm errors are you having?
<ScottK> pmatulis: Because that's when Lucid was released.
<pmatulis> ScottK: i saw that connection but i figured it would be updated
 * jpds hopes everything under dists/lucid/* is frozen forever more.
<ScottK> pmatulis: http://archive.ubuntu.com/ubuntu/dists/lucid-updates/main/installer-amd64/current/images/netboot/ubuntu-installer/amd64/
<Seidr> Lucid itself isn't - the packages used are
<Seidr> provided* rather
<pmatulis> ScottK: ah
<mathiaz> hallyn: hi - so I run multiple guests on my laptop with libvirt+kvm
<mathiaz> hallyn: and when one of the guest is powered off, the other running guests froze for 5-10 seconds
<mathiaz> hallyn: on the host the ksm process is taking a lot of cpu
<mathiaz> hallyn: once ksm has done its job running guests are responsive again
<mathiaz> hallyn: so ksm may require some tweak - so that one guest going down doesn't freeze other guests
<hallyn> mathiaz: hm.  that happens every time you shut one down?
<mathiaz> hallyn: yes
<mathiaz> hallyn: AFAICT
<RoyK> mathiaz: how is the I/O load on the host when this happens?
<mathiaz> RoyK: I haven't measure that
<RoyK> mathiaz: try
<hallyn> mathiaz: can you file a bug (against both kvm and kernel), and i'll try to reproduce
<mathiaz> hallyn: great - thanks
<hallyn> ksm is just black magic to me :)
<RoyK> mathiaz: run sar 1 1000 or something and stop a guest - that'll show the load per second
<hallyn> biam
<burhan> what would I install if I wanted to run a newsgroup *server* - that caches locally newsgroups which I can access using common news clients.
<RoyK> ye gods - we have three 10kVA UPSes - ok - only two of them are clustered as of now, for reasons old, so we called the company supporting them, and asked them to help us clustering the three of them, since we have to power down the whole datacentre now, and they told us they could help us some time next year and then they needed 5+ hours during day-time, between 8 and 16, on a workday, to fix it...
<RoyK> burhan: some nntp server
<burhan> RoyK: got a name I can google? Everything I try leads me to news readers.
<RoyK> burhan: sorry - not sure
<RoyK> burhan: apt-get install inn2
<RoyK> http://www.eyrie.org/~eagle/faqs/inn.html
<burhan> isn't that a reader?
<RoyK> inn2 - 'InterNetNews' news server
<RoyK> from apt-cache
<mathiaz> hallyn: bug 673705
<uvirtbot> Launchpad bug 673705 in qemu-kvm "running guests freeze when one of the guest is powered down" [Undecided,New] https://launchpad.net/bugs/673705
<RoyK> mathiaz: did you check the i/o load?
<mathiaz> RoyK: I ran sar - the output of the file is attached to the bug
<RoyK> mathiaz: the sar.output file is a binary fila
<RoyK> file
<mathiaz> RoyK: yes - and you can read it with "sar -f filename"
<uvirtbot> New bug: #673705 in qemu-kvm (main) "running guests freeze when one of the guest is powered down" [Undecided,New] https://launchpad.net/bugs/673705
<RoyK> mathiaz: that's not good - as I said, start "sar 1 100" - shutdown the guest and pastebin the sar output
<RoyK> the sar file normally only holds 10 minute averages
<mathiaz> RoyK: not the one I've posted - it has a 1 second average
<RoyK> mathiaz: I tried sar -f sar.output - it gave me nothing
<RoyK> mathiaz: just post text - that works for all
<hallyn> mathiaz: you're sure that the whole guests freeze, and not just networking to them, right?
<KB1JWQ> Hmm.  Not sure what the other admin did to this box, but nothing starts by default now.  What's the command within Ubuntu to start services on boot?
<KB1JWQ> update-rc complains about upstart.
<tonyyarusso> maybe just making the symlinks directly?  hrm
<guntbert> KB1JWQ: it used to be insserv but I always forget what works when :-)
<KB1JWQ> tonyyarusso: That's what's odd, the symlinks should exist in /etc/rc3.d, correct?
<tonyyarusso> insserv appears to still exist
<tonyyarusso> KB1JWQ: Ubuntu's default runlevel is 2
<KB1JWQ> Hmm, "runlevel" returns "unknown."
<KB1JWQ> That'd explain it.
<guntbert> !runlevel | KB1JWQ
<ubottu> KB1JWQ: In Ubuntu all runlevels except 0,1 and 6 are by default equal. Also keep in mind that Ubuntu now uses !Upstart instead of System V init so there is normally no /etc/inittab.
<KB1JWQ> Hey, after reboot the ONLY processes running are init, my tty, and bash.
<KB1JWQ> Hothing else.
<guntbert> KB1JWQ: try insserv -d (for enabling default services)
<jeiworth> say, what command can i use to check what tme and date a certain server has?
<KB1JWQ> guntbert: Hmm, http://pastebin.com/xjCPsH0V
<KB1JWQ> jeiworth: date
<jeiworth> KB1JWQ, sorry, not specific enough, i mean a _remote_ server, don't have login to that
<KB1JWQ> Is it running an ntp server?
<guntbert> KB1JWQ: strange indeed - might be the other removed "everything"?
<KB1JWQ> Yeah, I'm not thrilled. :-)
<jeiworth> no, it's a vm i have here for a cert we are doing, of course i could just boot it up with another live system and change root pw but surely there must be a way to check what is the current time and date of a server from remote?
<guntbert> KB1JWQ: maybe try with aptitude update, aptitude safe-upgrade ??  (I'm only guessing)
<KB1JWQ> guntbert: If I could get networking up that'd be swell. :-)
<guntbert> KB1JWQ: ouch, I overlooked that -- is the server important?
<KB1JWQ> guntbert: Not particularly.
<guntbert> jeiworth: there is another time protocol as well, point nmap to the server to see if it listens on that port (don't remmeber
<guntbert> I don't remember its name
<ejv> can anyone assist me in backing up a GPT partiton table? :)
<guntbert> KB1JWQ: I'm not sure if it is worth the effort to rebuild all - what about you ditch it?
<bluefrog> guntbert, jeiworth nmap -sU -p123
<jeiworth> guntbert, kk, well
<KB1JWQ> guntbert: Not a bad idea.
<guntbert> bluefrog: thx
<jeiworth> well, thx, but that machine is not running an ntp instance
<bluefrog> yaeh sorry just read that
<bluefrog> jeiworth, well no ntp and no remote login guess u're stuck
<bluefrog> webserver on it?
<bluefrog> or email?
<guntbert> jeiworth: bluefrog: I was thinking of DAYTIME (port 13) and time protocol(port 37)
<guntbert> they don't need a ntp server
<bluefrog> yes maybe sry out oy my league at this point
<jeiworth> hmmm i could try to have it send me a test email, good thinking bluefrog
<bluefrog> that's more of what I was thinking yes
<jeiworth> Date: Tue, 9 Nov 2010 15:51:17 -0600 (CST) <-- lol, well that explains a lot
<bluefrog> email then?
<jeiworth> bluefrog, jupp
<jeiworth> the system has a webfrontend where you can confiugre outgoing mail for notification and a button to test the config
<jeiworth> 1d and half an hour off
<jeiworth> tztztz
<jeiworth> strange though, i am pretty sure there is a command that queries the current time and date of a remote machine... hmmm
<apw> hallyn, which chroot are you using for your natty build ?
<bluefrog> jeiworth, this? http://www.logix.cz/michal/devel/nagios/
<bluefrog> but you need  to have tweaked the server before hand
<jeiworth> bluefrog, well, that obviously, but kind of overkill for my use case
<jeiworth> well, passed the exam anyway, now for some beers... hmmm
<hallyn> apw: sbuild...
<hallyn> apw: is that what you are asking?
<apw> hallyn, hmmm, not quite sure, i presume that makes its own chroot on the fly as there arn't any for natty yet :)
<hallyn> apw: no, i think i created a maverick one, then substituted in /etc/apt/sources.list
<apw> hallyn, ahh, the shared ones should be back in a few hours, they are somewhat slow to buidl
<hallyn> there are shared ones?
<apw> /usr3/chroots yep, all exported under schroot
<hallyn> on tangerine?
<apw> but perhaps they arn't in the right format or something
<apw> yep, on there, though they are building right now cause we wiped the machine today
<apw> maverick is not as yet there
<hallyn> ah, i see them.  cool
<hdon> OT question: does anyone know a pastebin that can strip trailing whitespace? SCREEN always causes my copy/paste to include about 300 trailing spaces
<hdon> and the pastebins i've tried do not reflect the trailing spaces well
<hallyn> apw: sad to say, i hadn't even considered that maybe i need to build my natty kernel on tangerine in a natty chroot :)
<hallyn> maybe that's why it's failing
<apw> hallyn, heh, not sure i know of any natty specific requirements, think i am still building some of my test builds in maverick chroots myself
<kuick> Hi guys, anyone available to give me a quick run through on my boot setup. I had all working great then I did an update and could not boot again. Have spent many hours on this but now I need some input. TX
<kuick> Using grub as boot loader
<kuick> On Lucid
<ehcah> Can anyone point me to a good book on administering Ubuntu Server for file storage?
<hallyn> apw: heh, well after the rebuild, my kernel binary-debs build just fine.  huh  :)
<mathiaz> hallyn: hm - seems to be network related
<mathiaz> hallyn: I've updated the bug 673705
<uvirtbot> Launchpad bug 673705 in qemu-kvm "running guests freeze when a guest is powered down" [Undecided,New] https://launchpad.net/bugs/673705
<hallyn> mathiaz: then it sounds like a dup
<hallyn> which is great, bc i've never been able to reproduce, so maybe you can help finally nail htat one :)
<mathiaz> hallyn: great - I can reliably reproduce it
<hallyn> mathiaz: ok, i'm going to review the old bugs in a bit, and try and come up with a plan for bugging you tomorrow :)
<hallyn> thanks
<hallyn> bbl
<mathiaz> hallyn: o^5
<hallyn> ?
<hallyn> is that one of your handshakes? :)
<wideyes> hello all! Anyone interested in giving a little dhcp setup help or directing me to a good channel?
<RoyK> wideyes: pastebin your dhcp conf
<RoyK> wideyes: dhcp setup is quite easy....
<mathiaz> hallyn: it's a high-5 - o^5! ;)
<wideyes> I'm looking for some ltsp setup help, specifically
<wideyes> I'd be happy to pastebin the config, but maybe we could talk about the ltsp setup first
<wideyes> the issue is, I'm using one server for dhcp, and a separate one for ltsp
<wideyes> I can't get the dhcp server to correctly direct my thin clients to the ltsp server
<wideyes> I think I'm misusing the next-server directive
<wideyes> the ltsp server is ubuntu 10.04
<wideyes> but the dhcp server is debian sarge 3.1
<hggdh> soren: I have some changes to the autobuilder for regression tests, will propose a merge in a few
<uvirtbot> New bug: #673777 in samba (main) "winbind tools don't seem to agree on idmappings" [Undecided,New] https://launchpad.net/bugs/673777
<soren> hggdh: I won't be upset if you just apply them, but if you want a review, that's cool too.
<hggdh> soren: I do not think I have write access to the bzr :-)
<soren> hggdh: You do.
<soren> hggdh: Make the changes on the server, do bzr commit, bzr push, win.
<hggdh> oh
<hggdh> OK
<soren> I'm happy to review it, if you feel it's necessary, but really, just go ahead if you want.
 * hggdh was considering a local (own laptop) branch ;-)
<hggdh> soren: OK. What I intend to do: make it run against both Maverick and Natty
<soren> hggdh: Hm.. Ok.
<hggdh> and, eventually, also against Lucid (to be considered, yet)
<soren> hggdh: Ok, I can see that would be valuable.
#ubuntu-server 2010-11-11
<Skaag> I remember a debian package called apt-spy or something of the sorts, which found the fastest repository mirror by performing a series of ping tests
<Skaag> I can't see that it made its way to Ubuntu - is there some alternative?
<uvirtbot> New bug: #673698 in ntp (main) ""ntp" package spanish name is mistaken" [Undecided,New] https://launchpad.net/bugs/673698
<uvirtbot> New bug: #673836 in tomcat6 (main) "Doesn't use java picked trough debian alternatives." [Undecided,New] https://launchpad.net/bugs/673836
<yitz_> I assume the "system wide" /etc/crontab file is being used even when crontab -l says there is no crontab?
<Scunizi> when I http://localhost/Joomla/ for the installation files the system actually wants to "save" a file.. using 127.0.0.1/Joomla/ however works.. any ideas?
<twb> Scunizi: debug it using curl -v instead of a web browser.
<twb> Usually "the browser wants to `save' a file" means that the server is returning a MIME type the browser doesn't understand.
<Scunizi> twb: I've never used curl before.. curl -v <then what?>
<twb> diff -U999 <(curl -vso/dev/null http://localhost/Joomla/) <(curl -vso/dev/null http://127.0.0.1/Joomla/)
<twb> You could use netcat instead, but curl is probably sufficient, and easier to use.
<twb> yitz_: crontab -l reports the *user's* crontab.  root can have a user crontab, in /var/spool/cron/, but this is unrelated to the system crontabs (/etc/crontab, /etc/cron.*/).
<twb> yitz_: or: yes, you are correct.
<yitz_> You're all over the place, twb
<yitz_> Thanks :)
<Scunizi> twb: http://pastebin.com/jSnN6EaK ... the results of the line you gave me.
<twb> Ugh
<Scunizi> that didn't sound/read good...
<twb> I forgot that curl's output goes to stderr
<twb> http://paste.debian.net/99522/ <-- should be more like this
<twb> I forgot the 2>&1's, see?
<Scunizi> ok.. redoing
<twb> What that's actually doing is browsing to both URLs, discarding the result but showing the HTTP interaction between the client (curl) and the server.  And the diff part compares the differences
<Scunizi> twb: ok.. this is what I've got. http://pastebin.com/tk6HZ06j
<Scunizi> Ugh.. wrong link in the line
<Scunizi> sorry
<Scunizi> twb: trying again.. http://pastebin.com/yaHJFt0T
<Scunizi> looks like it didn't hit the localhost address at all.
<twb> Scunizi: er, no, you forgot the second 2>&1
<twb> Also, don't put sudo in front, that's breaking it
<circelz> I'm about to install Ubuntu 10.04 LTS Server edition.  I want to run Apache, anonymous FTP, and rtorrent.  Should I install Enterprise Cloud or just Server?
<twb> Do you have a cloud?
<circelz> No.
<twb> Then install -server
<circelz> Okay.
<tonyyarusso> Anyone know why the postgresql installs a bin/ and lib/ under /usr/lib/postgresql/<version> instead of using /usr/lib/postgresql/ and /usr/bin/postgresql/ ?
<twb> tonyyarusso: because that's what the FHS specifies it should do
<tonyyarusso> twb: Really?  Would you mind explaining that to me?
<twb> Yes.
<tonyyarusso> heh, all right
 * tonyyarusso goes to re-do some reading and attempt to parse
<twb> !FHS
<ubottu> An explanation of how files and directories are organized on Ubuntu, and how they can be manipulated, can be found at https://help.ubuntu.com/community/LinuxFilesystemTreeOverview  see also: man hier
<tonyyarusso> twb: already on the pathnamecome site
<twb> I don't know what "the pathnamecome site" is.
<tonyyarusso> http://www.pathname.com/fhs/pub/fhs-2.3.html , where the FHS lives
<twb> Oh, right.  Carry on.
<tonyyarusso> This appears to be the key phrase "and internal binaries that are not intended to be executed directly by users or shell scripts."
<tonyyarusso> Although that seems a bit dubious, since I could totally see myself using these in scripts.
<twb> It's a grey area
<tonyyarusso> Clearly - the postgresql-common package puts stuff in /usr/bin :P
<twb> Presumably that's because they're arch-independent scripts.
<tonyyarusso> /usr/lib/postgresql/8.4/bin/createdb: ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, stripped
<tonyyarusso> /usr/bin/pg_lsclusters: a /usr/bin/perl -wT script text executable
<tonyyarusso> all righty
<twb> -common is an artefact of the mirror's distribution process
<twb> It's better to have twenty 1MB foo_<arch>.deb's  and one 19MB foo-common_<arch>.deb than twenty 20MB foo_<arch>.deb's
<r3sno> hello all
<Datz> ls
<twb> Datz: error: stale NFS handle
<Datz> :p
<uvirtbot> New bug: #673885 in openssh (main) "package openssh-server 1:5.3p1-3ubuntu4 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/673885
<r3sno> im trying to get my server to connect to a wifi connection. but its not hardly working. ive looked at the "docs" which all say dont use them. so im hopeless in finding a solution
<twb> r3sno: what part isn't working?
<r3sno> twb: dhcpdiscover isnt getting the ip. so im thinking its not connecting some hw. im testing with an open ap now
<twb> So the interface exists in "ip a" and you can manually assign a static configuration and push packets to hosts over it?
<r3sno> the interface exists. how would i push packets over it?
<twb> r3sno: ping, for example
<twb> Obviously you would need to configure the interface first.
<r3sno> well, i mean can i specify that connection?
<r3sno> i guess im trying to isolate the issue first.
<twb> e.g. ip l set dev wlan0 up; ip a add addr 192.168.223.2/24 dev wlan0
<twb> r3sno: you specify the connection by ensuring your route table is correct
<r3sno> my card is listed as eth1 when i do that... i get "Error: an inet prefix is expected rather than "addr".
<r3sno> "
<twb> Sorry, "ip a add 192.168.223.2/24 dev eth1"
<twb> Where 192.168.223.2 is your desired IP and /24 is the CIDR range
<twb> The route should be added automatically.
<r3sno> Error: an inet prefix is expected rather than "inet".
<twb> This is 10.04?
<r3sno> yep
<twb> You didn't type "inet", so I don't see what went wrong
<r3sno> do i only use that "ip a add 192.168.223.2/24 dev eth1"?
<twb> You type what I told you to type, yes
<r3sno> oh, i just fixed the previous statement... ok
<twb> Actually it should be "ip a add 192.168.223.2/24 dev eth1 brd +"
<twb> The "brd +" makes broadcast work, which probably isn't important for the initial test
<r3sno> ok done
<twb> So now you can try to ping your wifi AP, which has the address 192.168.223.2
<twb> Er. So now you can try to ping your wifi AP, which has the address 192.168.223.1
<uvirtbot> New bug: #673919 in awstats (main) "Syntax error in geoip plugins" [Undecided,New] https://launchpad.net/bugs/673919
<xampart> if i have / mounted from eg. /dev/sda1 and i make a partition for /home in /dev/sdb1 What are the appropriate steps, and could i do them online?
<mgolisch> steps for what?
<xampart> like "cd /home/ && mount /dev/sdb1 /mnt/newhome && cp -a . /mnt/newhome && umount /mnt/newhome && mount /dev/sdb1 /home"
<mgolisch> yeah something like that
<mgolisch> id edit the fstab afterwards so its mounted on everyboot
<xampart> yep.
<chrismat> Hi is anyone running Ubuntu 10.04 with CentOS 5 NFS server?
<chrismat> I'm getting reoccuring NFS kernel panics on the CentOS 5 nfs server
<patdk-wk> nope, never used centos/rhel as a nfs server
<mathiaz> hallyn: hi - bug 579892 - that's the one I ran into?
<uvirtbot> Launchpad bug 579892 in libvirt "libvirt should not use the MAC address assigned to tap devices/vnet interfaces by the TAP/TUN driver" [Low,Fix released] https://launchpad.net/bugs/579892
<hallyn> mathiaz: no, you're on maverick right?
<hallyn> maverick has the fix
<mathiaz> hallyn: correct
<mathiaz> hallyn: seems like a similar bug though
<hallyn> yeah,
<hallyn> around the time of the prague rally, there were a lot of these little bugs floating around
<hallyn> unfortunately the bug reports got jumbled together with meaningless 'me toos' which slowed down debugging
<hallyn> mathiaz: the test with ns_exec and veths will help us know whether it's libvirt or the kernel/bridge.ko
<ivoks> soren: thanks
<ivoks> mathiaz: thanks
<ivoks> i got the t-shirt and the note :D
<mathiaz> ivoks: :)
<ivoks> ttx: thank you too! :)
<ttx> heh, no problem dude
<ivoks> i'll put it on the wall
<ivoks> ;.}
<mathiaz> hallyn: hm - that's annoying - I can't reproduce the freeze today
<hallyn> hm
<hallyn> gr, finally upgraded my netbook to maverick, and now it won't resume
<hallyn> guess i'll be wiping the thing and goin gback to lucid
<eagles0513875|2> anyoen here have dovecot + postfix working on ubuntu lucid? im having an occasionally weird error with squirrelmail
<mathiaz> hallyn: \o/ - I can reproduce it
<eagles0513875|2> im having some strange issues with squirrelmail complaining about permissions
<eagles0513875|2> yet i fixed the permissions
<hallyn> mathiaz: what did you change to reproduce it?
<eagles0513875|2> how can i fix this error Nov 11 15:41:46 eagle dovecot: IMAP(jonathan): mkdir(/home/jonathan/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1000(jonathan) egid=1000(jonathan) missing +w perm: /home/jonathan)
<mathiaz> hallyn: well - I've rebooted my system
<mathiaz> hallyn: and then I powered off the guest that was second to start rather than the first one
<eagles0513875|2> i added the group jonathan on the /home/jonathan folder on all folders to have rwx permissions
<mathiaz> hallyn: then running guests froze
<mathiaz> hallyn: I'll give you the output of the command in the bug now
<mathiaz> hallyn: bug 673705 updated
<uvirtbot> Launchpad bug 673705 in qemu-kvm "running guests freeze when a guest is powered down" [Low,Incomplete] https://launchpad.net/bugs/673705
<hallyn> thx
<mathiaz> hallyn: I'm going to the do the test procedure to check if it's a kernel or libvirt+qemu bug
<sjefen6> Aint add-apt-repository a bundled "command" ?
<sjefen6> guess not https://help.ubuntu.com/community/Repositories/CommandLine#Adding Launchpad PPA Repositories
<mathiaz> hallyn: how should the nc test be run?
<mathiaz> hallyn: https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/616064/comments/33
<uvirtbot> Launchpad bug 616064 in qemu-kvm "Broken networking in kvm guests" [Medium,Incomplete]
<mathiaz> hallyn: ^^ I've setup the procedure up there
<Doonz> Hey guys, Im running Ubuntu 10.04 server in Vmware Workstation on a windows host. My keyboard mappings on the guest OS (Ubuntu server) are all buggered up. Where is the key mapping file?
<eagles0513875|2> any dovecot experts in here
<patdk-wk> depends
<eagles0513875|2> patdk-wk: how can i fixNov 11 15:41:47 eagle dovecot: IMAP(jonathan): mkdir(/home/jonathan/Maildir/cur) failed: Permission denied (euid=1000(jonathan) egid=1000(jonathan) missing +w perm: /home/jonathan)
<eagles0513875|2> i get emails but after a while squirrelmail fails to load my inbox
<eagles0513875|2> restarting dovecot and postfix fixes the issue
<patdk-wk> strange
<patdk-wk> what version of dovecot?
<patdk-wk> I want to say it's an issue they are handling currently in the dovecot maillist
<uvirtbot> New bug: #674093 in net-snmp (main) "No Such Object at OID 1.3.6.1.2.1.25.6.3.1.2" [Undecided,New] https://launchpad.net/bugs/674093
<patdk-wk> for v2.x
<patdk-wk> it's very very simular
<ScottK> patdk-wk: He'll have 1.2.9
<patdk-wk> dunno then :) never had an issue
<hallyn> mathiaz: i don't understand what you're asking?
<patdk-wk> but what does ls -lad /home/jonathan/Maildir show?
<patdk-wk> can't imagine it's messed up, if it works at all, but
<soren> ivoks: For what?
<ivoks> soren: signed note from UDS :)
<soren> ivoks: Oh :)
<dwhitehead> just encountered an issue with 10.04 upgrade and mysql... won't work now
<air^> Hello.
<air^> Got myself a pc. Planning to run Ubuntu Server on it and have it act as a fileserver.
<air^> I'll be using 3x2TB disks in software raid-5
<dwhitehead> need to either get mysql back up and running (it's complaining about mysqld.sock) or get the DBs to another box
<air^> Question is, what's the recommended way of setting up the boot partition?
<dwhitehead> anyone able to assist?
<air^> Separate bootdisk? Or maybe a separate raid-1 partition on 2 of the disks?
<patdk-wk> air, I personally couldn't care less how you setup the boot partition, or even the os partition
<patdk-wk> if it is going be used as a fileserver, and truely as one, and not a workstation
<patdk-wk> it won't be using the boot or os drives at all
<patdk-wk> so it won't matter how you set them up, except for boot time
<air^> Jup. It's gonna be "headless".
<air^> I might as well just boot from an old drive then, that's probably the easisest way and it wont mess with my raid.
<patdk-wk> now, you might want to do a raid1 for the boot and os, just cause it makes it easier to fix, if something breaks
<patdk-wk> or old drive :)
<air^> I actually got two identical old drives ;)
<air^> Could run raid-1 on those, and raid-5 on the storage drives.
<air^> At least I'd get to know mdadm a bit more then :D
<air^> Swap partition is probably not worth raiding, or maybe it can run raid-0 as I'll have the same amount of space free anyway.
<patdk-wk> swap?
<patdk-wk> if you have to use swap, you already failed
<air^> I know, still it's needed to be setup.
 * patdk-wk gives systems a token 256 or 512meg swap normally :)
<air^> :)
<patdk-wk> unless I want to hibernate
<patdk-wk> I figure if I use all 512megs of swap, the system has been unresponve already while it used up that swap, so it crashing isn't going do more damage
<air^> Another solution might be to boot of an usb memory, but that's probably even slower.
<patdk-wk> have several systems that boot esxi off usb
<patdk-wk> I generally don't care about reboot times
<patdk-wk> they don't happen often
<air^> can esxi handle software raid?
<patdk-wk> raid0 :)
<patdk-wk> actually, not even raid0
<patdk-wk> linear raid, or whatever you want to call it
<air^> grr. now I actually started considering esxi (vsphere)
<air^> :P
<air^> But then I probably end up having to buy a supported raid card. and lots of more memory :D
<patdk-wk> esxi lets you concat drives :)
<eagles0513875|2_> hey guys
<patdk-wk> otherwise, hardware raid required
<eagles0513875|2_> :)
<eagles0513875|2_> patdk-wk: did you see my error message i was getting?
<patdk-wk> but then, I perfer hardward raid, even on linux
<eagles0513875|2_> re dovecot Maildir
<patdk-wk> I saw it
<patdk-wk> doesn't make sense
<eagles0513875|2_> any idea how to fix it
<eagles0513875|2_> i know it doesnt make sense
<patdk-wk> but what does ls -lad /home/jonathan/Maildir show?
<eagles0513875|2_> but after a while maybe an hr or so
<eagles0513875|2_> patdk-wk: drwx------ 17 jonathan jonathan 4096 2010-11-11 15:45 Maildir/
<eagles0513875|2_> accordign to the ubuntu dovecot wiki its suppoed to me chmod -R 700 on the maildir folder
<hallyn> mathiaz: and, while you were doing the veth tests (an dnot hanging), were you able to hang with libvirt?
<mathiaz> hallyn: hm - I didn't try that
<mathiaz> hallyn: I'll set up a new test case later today
<air^> patdk-wk: jup. but I think tha'ts gonna be a bit overkill for my personal use... but then again, I could probably run esxi from usb, use the old drives for virtual machines and have a virtual linux setup the raid-5 :D
<patdk-wk> eagles0513875|2_ dunno :(
<eagles0513875|2_> patdk-wk: :(
<patdk-wk> I've just never had an issue like that
<patdk-wk> and doesn't make much sense
<eagles0513875|2_> patdk-wk: did you follow the ubuntu wiki's
<patdk-wk> nope, been using dovecot long before ubuntu was around
<eagles0513875|2_> ahh
<eagles0513875|2_> patdk-wk: waht version are you on
<patdk-wk> lots of mine are on 1.1, one of them is on 1.2
<hallyn> mathiaz: i'm sorry, i need to reword that test
<patdk-wk> I don't feel that 2.x is stable enough yet for me
<mdeslaur> zul, mathiaz, etc.: FYI, I've published a mysql security update today, so if anything explodes, please let me know
<hallyn> mathiaz: it's worded for a slight variation on the bug
<patdk-wk> mdeslaur, you exploded my mailbox :)
<hallyn> mathiaz: so please wait until i post a new recipe in bug 673705, rather than waste your time repeating the other one
<uvirtbot> Launchpad bug 673705 in qemu-kvm "running guests freeze when a guest is powered down" [Low,Incomplete] https://launchpad.net/bugs/673705
<mdeslaur> patdk-wk: give me ssh access to your box, and I'll fix it for you :)
<mathiaz> hallyn: ok - I'll wait for your new recipe
<eagles0513875|2_> patdk-wk: im on 1.4.20 tahts in lucid rempos the dovecot-imapd
<patdk-wk> 1.4?
<patdk-wk> it goes 1.1 -> 1.2 -> 2.0
<eagles0513875|2_> whoos meant 1.2.9
<eagles0513875|2_> im getting confused with squirrelmail
<patdk-wk> I only have 1.1 on linux
<patdk-wk> 1.2.13 on freebsd
<patdk-wk> haven't had any issues with 1.2.13
<patdk-wk> but I jumped straight from 1.1 -> 1.2.13
<eagles0513875|2_> hey guys does lucid have selinux enabled
<mdeslaur> eagles0513875|2: not by default, it has apparmor enabled by default
<eagles0513875|2_> patdk-wk: seems like apparmor is the cause
<eagles0513875|2_> what would i ened to do to modify the configuration of apparmor
<patdk-wk> ah, I hardly ever use it
<jdstrand> eagles0513875|2_: https://wiki.ubuntu.com/DebuggingApparmor
<jdstrand> eagles0513875|2_: it is important to remember that apparmor as configured in Ubuntu is not system wide confinement, it is application specific. sort of like the selinux targetted policy, but still different
<eagles0513875|2_> would you guys advise against disabling apparmor
<mdeslaur> eagles0513875|2: I doubt apparmor has anything to do with the issue you are having, look somewhere else
<jdstrand> eagles0513875|2_: I would highly advise against disabling apparmor
<ScottK> eagles0513875|2_: I would advise against it.
<jdstrand> eagles0513875|2_: see the debugging page for how to determine if apparmor is causing a problem and how to fix it if it is
<eagles0513875|2_> mdeslaur: permissions are right on folder and everything someone in dovecot told me that apparmor is the problem
<eagles0513875|2_> ill take a look at the wiki
<eagles0513875|2_> thats interessting
<mdeslaur> eagles0513875|2: we don't have a dovecot apparmor profile by default, unless you've installed one yourself
<eagles0513875|2_> no i havent
<mdeslaur> eagles0513875|2: take a look at 'dmesg' and see if you have any apparmor denial messages in there
<segv`> Got an issue, so I need kernel 2.6.34+ for my motherboard to work, but I want to install the LTS, you guys have any recommendations for achieving this?
<mdeslaur> eagles0513875|2: if not, apparmor isn't what is blocking you
<eagles0513875|2_> mdeslaur: i am able to send and recieve emails fine
<eagles0513875|2_> the problem becomes after a few hrs or so its unable to load my inbox
<eagles0513875|2_> i have to restart postfix and dovecot
<mdeslaur> eagles0513875|2: well, "works for a while" is most certainly not an apparmor issue
<jdstrand> eagles0513875|2_: do you have auditd installed?
<mdeslaur> eagles0513875|2: do you have an error message from postfix/dovecot?
<eagles0513875|2_> jdstrand: no i dont
<eagles0513875|2_> mdeslaur: the only one i do have is that permissions issue
<jdstrand> eagles0513875|2_: then do something like 'grep -i denied /var/log/kern.log'. that will show you any apparmor denials
<jdstrand> eagles0513875|2_: you might need to look in kern.log.1, etc...
<segv`> hmm
<mdeslaur> eagles0513875|2: is you home directory mounted NFS? Is it encrypted?
<eagles0513875|2_> jdstrand: nothign showing up there
<eagles0513875|2_> mdeslaur: encrypted O_o
<patdk-wk> evil encryption
<jdstrand> eagles0513875|2_: doesn't sound like apparmor then
<eagles0513875|2_> jdstrand: far from it i dont have a dovecot policy setup for it
<eagles0513875|2_> jdstrand: is teh encrypted homedir the issue
<mdeslaur> eagles0513875|2: well, if your home directory isn't accessible because your user has logged out, that would probably explain it
 * patdk-wk only does wde
<mdeslaur> eagles0513875|2: you should try with a non-encrypted home directory
<eagles0513875|2_> which woudl me reinstalling the entire server :(
<segv`> so no pointers?
<eagles0513875|2_> mdeslaur: how can i tell if the users has loged out or not
<mdeslaur> well, when it stops working, take a look if they're home directory is still accessible
<jdstrand> (obviously logging in as some other user than the one having the problem)
<bluethundr> how do I allow ssh sessions into an ubuntu 10 server host
<eagles0513875|2_> jdstrand: only have one created
<eagles0513875|2_> alrighty guys ill bbl
<Datz> bluethundr: if behing a nat/router, forward a port.
<Datz> port 22 specifically
<bluethundr> it's not a router it's a VM host I am using to build ssh
<bluethundr> I am hosting the VM with virtual box.. and there is no copy paste support into that terminal
<bluethundr> so I want to ssh into that terminal to paste in a rather long apt-get command
<bluethundr> oh sorry if behind a nat / router yeah I get you
<bluethundr> but that is what's going on
<Datz> try to ssh into the host with the local ip address
<bluethundr> already done
<bluethundr> that part works :)
<bluethundr> that is from that vm I can ssh localhost
<bluethundr> i can ssh OUT
<bluethundr> but I cannot SSH in
<bluethundr> IPTABLES seem quite different from CentOS
<bluethundr> which is what I am used to
<jdstrand> eagles0513875|2: if you only have one user account, as soon as you login the pam stack will make your home directory available
<Datz> bluethundr: from your host, ssh into the vm with it's local IP
<bluethundr> ah ufw is pretty nice
<Datz> is that what was blocking?
<bluethundr> actually that didn't quite work.. I tried ufw ssh allow and it accepted it
<jdstrand> eagles0513875|2: you also don't have to reinstall your server if this is the issue. the process is basically copy your files to another directory, remove your encyrpted directory and then move them back. http://blog.dustinkirkland.com/2009/02/jaunty-encrypted-home-directories.html has some directions on going the other way, and be careful :)
<bluethundr> but I still can't ssh in.. however from the VM host itself I can ssh into it's IP successfully
<jdstrand> eagles0513875|2: you could also configure dovecot/procmail to put the files somewhere outside of your encrypted home
<bluethundr> that is I can't ssh in from another host, but from the VM itself I can ssh to it's ip just fine
<jdstrand> bluethundr: the syntax would be 'ufw allow ssh', but ufw needs to also be enabled. eg 'sudo ufw allow OpenSSH && sudo ufw enable', should do the trick (I used 'OpenSSH' there instead of 'ssh' cause the application rule is more specific than the /etc/services looked up rule)
<jdstrand> bluethundr: oh, you want to do ssh from somewhere outside to the VM? that is likely a network configuration
<bluethundr> I actually just want to ssh from one virtualbox host to another
<bluethundr> from an ubuntu  desktop session which understands copy-paste to an ubuntu server virtuablbox instance that doesnt'
<jdstrand> bluethundr: I don't recall (I don't use vbox regularly), but I think you need a special vbox network configuration for that that is not the default
<segv`> bluethundr: bridge.
<bluethundr> jdstrand, I hear you but I can ssh out from the ubuntu server vm into the ubuntu desktop vm
<bluethundr> just not the other way around
<segv`> you can go both ways with a bridge.
<bluethundr> therefore this is seeming like a firewall issue
<bluethundr>  I notice that there is no iptables script in /etc/init.d as there is under CentOS
<segv`> as long as openssh-server is installed and enabled on the desktop (which it isn't by default)
<segv`> bluethundr: ufw :)
<jdstrand> bluethundr: if you've only used ufw on these machines, just temporarily do 'sudo ufw disable' on both until you are sure the networking is in order
<segv`> https://help.ubuntu.com/community/UFW .
<bluethundr> jdstrand, great thanks I'll give that a go
<jdstrand> bluethundr: if the netowrking works, then just make sure you allow ssh on both using the ufw command I gave earlier
<bluethundr> jdstrand, sure thanks
<bluethundr> sigh.. both VMs have the same ip
<bluethundr> screw it I'll just work with the desktop version for now..lol
<segv`> bluethundr: just set the network adapter on each VM to a bridge...
<segv`> They'll dhcp off your network and you'll be able to ssh to both of them like you would a real machine on the network.
<uvirtbot> New bug: #674132 in clamav (main) "package clamav-base 0.95.3 dfsg-1ubuntu0.09.10.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/674132
<MrPicard> Howdy all!, im currently trying to install etherpad onto a ubuntu cloud server but having some minor problems, the deb repov is currently not getting any data.
<MrPicard> some index files have failed to download.
<MrPicard> i ran this command.
<MrPicard> sudo echo "deb http://etherpad.org/apt all ." >> /etc/apt/sources.list
<Pici> sudo won't pass across io redirection operators. Use:    echo "deb http://etherpad.org/apt all ." | sudo tee -a /etc/apt/sources.list
<MrPicard> Pici, this is what i see after running that command.
<MrPicard> http://goo.gl/rvX0K
<MrPicard> was just following the wiki ubuntu setup
<jdstrand> hallyn: hey. finally get to your second merge request. approved, merged, uploaded. thanks for your hard work on it! :)
<MrPicard> i know theres https://github.com/ether/pad but dont know if i can excute a deb
<MrPicard> any ideas?
<MrPicard> ...
<MrPicard> theres also
<MrPicard> http://code.google.com/p/etherpad/source/checkout
<MrPicard> im just unsure of which one to pick..
<hallyn> jdstrand: cool, thanks
<jdstrand> soren: hi! so what is going on with vm-builder these days? I know you were going to talk to someone about the contributor agreement. has anything changed?
<hallyn> yeah, i'd be curious about our plan for vmbuilder too
<jdstrand> there is apparently a Debian fork now...
<jdstrand> or at least a git repo with Debian support
<jdstrand> http://wiki.debian.org/VMBuilder
 * jdstrand would love Debian support in vm-builder
 * hallyn out for remainder of day - ttyl
<slestak> hello guys.  anyone aware of recent changes in teh rsyslog package or config?  My logs used to be owned by syslog:adm and now they are owned by syslog:syslog and my remote logging is failing
<slestak> seems to have started a few weeks ago
<slestak> should the syslog users primary group be syslog or adm?
<jdstrand> hallyn: oops: https://launchpad.net/ubuntu/+source/libvirt/0.8.5-0ubuntu1/+build/2042352
<jdstrand> hallyn: ftbfs on ppc. amd64 and i386 built, armel still building. fyi 0.8.3 built fine on powerpc in maverick
<slestak> looks liek i am running into bug 484336
<uvirtbot> Launchpad bug 484336 in rsyslog "/etc/rsyslog.conf permissions incorrect/missing for creation of dynamic files" [Undecided,Confirmed] https://launchpad.net/bugs/484336
<jdstrand> hallyn: fyi, armel ftbfs too
<reggie_> hey folks
<reggie_> need a bit of help installing ebox onto Ubuntu server
<reggie_> dont really want to install a full gui since that is what I am used to so far on the Ubuntu desktop side of things
<reggie_> can anyone here offer some assistancde
<reggie_> helloo ubuntu server land, please a bit of help
<m_tadeu> hi everyone...what reason can be for eth0 just disapear from ifconfig?
<Nafallo> m_tadeu: it's down? :-)
<Nafallo> m_tadeu: ifconfig -a should show it.
<m_tadeu> Nafallo: doens't show...only lo is displayed
<Nafallo> interesting
<m_tadeu> in deed....I fear a hardware problem :S
<m_tadeu> is there any other reason for this to happen, appart from burnt NIC?
 * Nafallo haven't used ifconfig personally in a very long time.
<hggdh> mathiaz: what does VCS stand for (as in https://wiki.ubuntu.com/ServerMaverickDailyVCS)?
<mdeslaur> m_tadeu: is this on a server or on a laptop? I've seen the eth card disappear before on certain laptops if nothing is plugged in it when the laptop is booted.
<m_tadeu> mdeslaur: it's a server
<m_tadeu> but I'll give it a try
<m_tadeu> no luck
<m_tadeu> what else can I do for troubleshooting?
<uvirtbot> New bug: #674183 in amavisd-new (main) "package amavisd-new 1:2.6.4-1ubuntu5 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/674183
<ChrisBuchholz> Hey guys. I have an ubuntu 10.04 server and i wanna upgrade the couchdb on it from version 0.10.0, which is available by default, to the newer version 1.0 (or even better, 1.0.1). How would i go about doing that?
<m_tadeu> I guess it failed to probe my NIC...how is that possible? and what can I do about it?
<the_archit3ct> hi, what is the cmd to launch a process which will not die when user logout ?
<ScottK> SpamapS: Any chance you'd have a moment to fix Bug 674183?
<uvirtbot> Launchpad bug 674183 in amavisd-new "package amavisd-new 1:2.6.4-1ubuntu5 failed to install/upgrade: " [Undecided,New] https://launchpad.net/bugs/674183
<adamk-pl> nohup
<the_archit3ct> thx adamk-pl
<adamk-pl> the_archit3ct: you welcome
<uvirtbot> New bug: #674199 in bind9 (main) "bind9 1:9.7.2.dfsg.P2-1 FTBFS in natty" [High,Triaged] https://launchpad.net/bugs/674199
<mathiaz> hggdh: VCS stands for Version Control System
<mathiaz> hggdh: it's another name for the daily builds
<mathiaz> hggdh: ie provide a PPA where daily builds of latest upstream software is available (from upstream vcs (bzr, git, hg, svn, etc...))
<hggdh> mathiaz: thank you, sounded like it but I wanted to be sure
<cdubya> I'm wondering how many use ubuntu server for vpn access and what kind of implementation. I'm new to it and have read quite a bit, but am curious how people are using/integrating it.....
<mathiaz> cdubya: openvpn is quite popular
<cdubya> mathiaz, yeah, I read a bit on it......I'm not opposed to looking at it, I'm just looking to find out from others who have implementations what pros and cons they see in them.....
<soren> jdstrand: I've not heard back yet.
<soren> jdstrand: I should administer a mild prodding.
<ewook_> cdubya: don't use ubu for it. zeroshell hosts the openvpn
<ewook_> cdubya: I don't that is :P
<cdubya> ewook_, so how does that all work as far as the routing? I mean, so your remote clients connect to zeroshell, but then.....
<uvirtbot> New bug: #674216 in samba (main) "0x000003e6 Error When Printing from Windows 7 x64" [Undecided,New] https://launchpad.net/bugs/674216
<soren> jdstrand: done.
<RoyK> hi all. any idea why my server boots on linux-image-2.6.32-23-server even though linux-image-2.6.32-25-server is installed?
<jdstrand> heh
<guntbert> RoyK: I assume you checked the obvious possibility already - so no idea from me :-)
<cpruitt> First time installing Ubuntu (VMWare guest on OS X host system).  Installed Ubuntu Server 10.4.1.  Ubuntu in the VM seems to have no IP address assigned, no matter what type of VMWare networking option I choose.  Can anyone point me in the right direction on how to troubleshoot this?  I'm completely lost.
<guntbert> cpruitt: look into /etc/network/interfaces, what does it say about eth0 ?
<cpruitt> guntbert: http://paste.ubuntu.com/530267/
<guntbert> cpruitt: looks fine, should use dhcp - I#m not *that* familiar with vmware but you should be able to manage the dhcp server of vmware
<cpruitt> guntbert: I managed to get it to find an ip address with sudo dhclient eth1.  I'm just not really all that sure what that is doing, and it  wont persist after a restart.
<guntbert> cpruitt: ah, that might be, did you assign two NICs to the VM?
<cpruitt> guntbert: not that I'm aware and not intentionally.  It's a macbook with both wireless and ethernet cards so maybe VMWare is doing it automatically (?)
<guntbert> cpruitt: just for "fun": replace eth0 with eth1 in that file and restart the network
<cpruitt> I'd tried that and it told me something couldn't be found.  I'll try again (restarting rightnow)
<ndroftheline> Hello I'm trying to set up external access to my home server
<guntbert> ndroftheline: you will have to allow that on your router
<ndroftheline> I have port 80 forwarded through my router, I can ping it with http://www.canyouseeme.org/ but it won't serve my page to my browser
<ndroftheline> guntbert: yeah, i had the port forwarded in my router
<cpruitt> guntbert: SIOCSIFADDR: No such device    and    eth0: ERROR while getting interface flags: No such device
<ndroftheline> lspci | grep eth
<ndroftheline> rather, lspci | grep Eth
<cpruitt> course, now it's saying the same for eth1
<guntbert> ndroftheline: grep -i eth     (is easier)
<ndroftheline> guntbert: fair enough
<ndroftheline> well anyway i'm not sure what cpruitt's prollem is but i got my own! lol
<cpruitt> ndroftheline: my problem, when you get down to it, is that I don't know jack about what I'm doing.  :-)
<ndroftheline> cpruitt: is your Ethernet controller showing up when you run "lspci | grep -i eth"
<guntbert> cpruitt: *are* there any virtual NICs in the VM?
<ndroftheline> ah, a VM
<ndroftheline> which vm
<ndroftheline> !lspci
<guntbert> ndroftheline: if I remember correctly apache does by default only listen on the localhost interface
<ndroftheline> ohhhhh
<ndroftheline> that would explain it
<cpruitt> guntbert: I wouldn't even know how to create a virtual nic in VMware
<cpruitt> ndroftheline: VMWare Fusion on OS X
<ndroftheline> cpruitt: yeah sorry man i don't know jack about vmware
<ndroftheline> cpruitt:
<ndroftheline> cpruitt: but you could check if it has one by running lspci | grep -i eth
<ndroftheline> the vertical line is a "pipe"; it's on the same key as your backslash
<ndroftheline> it connects two commands together
<guntbert> cpruitt: (from bad memory): look into the settings of the VM, there must be a NIC (where you changed the network mode....)
<mrmist> there might be a seperate application to manage the vmware network (off of the host), too.
<highvoltage> ndroftheline: is your nick Metallica related by any chance?
<cpruitt> sorry got pulled out of my office
<ndroftheline> highvoltage: neg. it's keith laumer's bolo series and orson scott card's Enderverse
<highvoltage> aah
<ndroftheline> It's actually NDR Of The Line
<cpruitt> guntbert: I only have three options: Share the mac's connection (NAT), connect directly (bridged - I have this set to use airport instead of auto detecting) or create a private network (Host Only).  All three do the same thing.
<ndroftheline> NDR = "Ender"
<ndroftheline> Of the Line means it's an AI tank
<ndroftheline> sounds kinda lame but the books are awesome (:
<cpruitt> I'd say I must have broken something but this is a brand new install
<ndroftheline> cpruitt: have you ever installed any other OS on VMWare Fusion and successfully gotten internet access?
<cpruitt> ndroftheline: No.  First time installing anything on VMware.  Got it specifically for tis.
<ndroftheline> you had to pay for it or something? does it come with support?
<mrmist> In my fairly limited experience the NAT based stuff is the easiest to use
<guntbert> mrmist: only if the VM gets an ip address ;-)
<ndroftheline> cpruitt: iuno sir i might suggest u use virtualbox
<mrmist> For sure that would seem to be an issue ;)
<cpruitt> VMWare?  I'm sure it does.  I guess I can try to dig up a copy of windows and try installing that too.
<ndroftheline> cpruitt: its the only one i have any experience with so i'm obviously biased but it works well
<guntbert> cpruitt: I guess you will have to do the hard thing yourself  - read the vmware docu :-)
<cpruitt> ndroftheline: considered virtualbox, but VMWare will let me migrate the VM to a server running VMWare
<ndroftheline> cpruitt: oic
<ndroftheline> cpruitt: well gl hf read the fine manual (:
<cpruitt> guntbert: I'm on a mac.  Apple doesn't even WRITE documentation, what makes you think I'm in the habit of reading it?  ;-)  kidding.  I guess my assumption was that the VM was having the problem but maybe that's not the case
<mrmist> Presumably the vm networking setup tool for your chosen option is showing the network as enabled?
<ndroftheline> cpruitt: it's probably not a problem, but a 'feature' that you just have to configure right
<cpruitt> I've used Parallels for so long with no prolems (running windows) that I sort of expected VMWare wouldn't have any either
<cpruitt> ndroftheline: Yeah... love those "features"
<ndroftheline> cpruitt: lol yeah no kidding
<guntbert> cpruitt: well, on my virtualbox it works flawlessly, (but with vmware I didn't have that issue either)
<ndroftheline> cpruitt: on th eother hand, restrictions like that make sure you don't install some bs 'OS' on a VM that immediately starts spamming your network because it gains access by default
<ndroftheline> and then of course there's the fact that YMMV
<ndroftheline> lol
<cpruitt> just seems weird that I've gotten the ip to show up, just not consistently
<ndroftheline> hey guntbert do you know what i'd need to do to make my webserver allow external access
<guntbert> ndroftheline: look for a line with "listen" in the config files, but I'm not sure
<mrmist> is it listening? check /etc/apache2/ports.conf  (assuming apache2)
<ndroftheline> mrmist: it says NameVirtualHost *:80
<ndroftheline> Listen 80
<ndroftheline> afk 5
<mrmist> So it looks like it should be
<mrmist> most likely culprit then is some firewall rule, at a guess
<EvilPhoenix> ndroftheline:  check iptables, see if it is dropping all traffic.  OR, if you're on a private network, see if the hardware firewalls send you traffic on http ports correctly
<EvilPhoenix> and by private network i mean something like hiding behind a router or smth
<mrmist> assuming no connectivity at all, that is.  IF there's a response from the webserver but it's just not serving hte correct page, then check the virtual hosting config
<cpruitt> ndroftheline: guntbert: confirmed it's a VMWare issue.  Another VM with ubuntu server is not having issues.  Seems to be a problem with a duplicated VM
<ndroftheline> !iptables
<ubottu> Ubuntu, like any other Linux distribution, has firewall capabilities built-in. The firewall is managed using the 'ufw' command - see https://help.ubuntu.com/community/UFW | An alternative to ufw is the 'iptables' command - See https://help.ubuntu.com/community/IptablesHowTo | GUI frontends such as Firestarter/Gufw (Gnome) or Guarddog (KDE) also exist.
<cpruitt> Hmmm... Does ubuntu flip out of your change a nic after the install?
<cpruitt> *"if you change"
<cpruitt> I think VMware is changing the virtual nic when a VM is copied and Ubuntu is "losing" it somehow.
<ndroftheline> how can i "see if the hardware firewalls send you traffic on http ports correctly"
<RoyK> ndroftheline: tcpdump port 80?
<RoyK> wireshark?
<ndroftheline> RoyK: is that a command i can input directly
<ndroftheline> oic
<RoyK> what exactly is it you're trying to do?
<ndroftheline> yay
<RoyK> wireshark is quite neat
<ndroftheline> tcpdump
<RoyK> tcpdump -w will dump in pcap format
<RoyK> wireshark can read that, and wireshark is graphical and contains lots of Good Stuff for analyzing traffic
<ndroftheline> wait...aren't results supposed to be scrolling on the screen or is it outputting it to a file
<ndroftheline> i don't have graphical interface on this server
<ndroftheline> its a headless
<RoyK> tcpdump -w will write to a pcap file
<ndroftheline> otherwise it should just scroll on the screen?
<RoyK> then you can download that file to your pc and analyze it with wireshark
<RoyK> yes
<ndroftheline> here's the thing. I ran "tcpdump port 80" and accessed the basic apache webpage from my browser on a different computer on the same network
<ndroftheline> it displays fine if I use my local address
<ndroftheline> 192.168.2.2
<RoyK> "local"?
<RoyK> ok
<ndroftheline> ok sorry
<ndroftheline> yeah that's the static IP of my server
<ndroftheline> static meaning its locked in at my router
<ndroftheline> so my server always takes 192.168.2.2
<ndroftheline> my router being 192.168.2.1
<ndroftheline> internally
<RoyK> so your router is doing NATing?
<ndroftheline> i believe so. it's a standard belkin consumer router
<RoyK> if so, you'll need to enable port forwarding in the router
<ndroftheline> i have
 * RoyK uses   dd-wrt :Ã¾
<ndroftheline> i have ports 80, 21, and 64738 forwarded to 192.168.2.2
<RoyK> what's the IP?
<RoyK> official?
<ndroftheline> my IP?
<ndroftheline> external?
<ndroftheline> 207.47.68.117
<RoyK> yeah, so I can try to connect
<RoyK> ndroftheline: http://pastebin.com/55ks9ks1
<ndroftheline> ok so why doesn't my apache webpage come up when that IP is accessed form a browser
<ndroftheline> is it because i've only been able to try to access it from within my local network?
<RoyK> ndroftheline: I guess that's your router answering
<ndroftheline> oh.
<RoyK> if so, that means your router isn't correctly configured
<ndroftheline> fuck!
<ndroftheline> lol
<ndroftheline> sorry
<ndroftheline> i mean, how can i fix this?
<ndroftheline> my router has a "Virtual Servers" pagve
<ndroftheline> page*
<ndroftheline> i have both TCP and UDP forwarded to my server's IP for the ports i mentioned earlier
<RoyK> no idea - that's a router support question - not really related to ubuntu...
<ndroftheline> but they're not getting through my routerrrrrrrr
<ndroftheline> lol
<ndroftheline> ur right.
<ndroftheline> ty tho
<RetroGamer> hi there, I am attempting to configure a script on one of my domains in /var/domains that needs a .htaccess file
<RetroGamer> not quite sure how to allow htaccess for just that domain, I tried putting in the site config: "<Directory /var/domains/example.com> AllowOverride All </Directory>"
<RetroGamer> but it didn't seem to do anything
#ubuntu-server 2010-11-12
<ndroftheline> can somebody direct me to some kind of how-to guide for setting up a website served from home using a standard consumer Belkin router?
<ndroftheline> i thought i had everything all set but i just simply can't get my webpage served to an external IP
<ndroftheline> i have port 80 forwarded through my router, i have apache2 listening on the port, i checked with my ISP to make sure they're not blocking it
<jetole> join #mplayer
<ndroftheline>  it just...isn't working.
<twb> 1) rent a VPS for a few dollars a month; 2) put your website on it; 3) throw the standard consumer Belkin router away.
<ndroftheline> well it' snot just about a website. i want to run a murmur server on it too
<ndroftheline> besides, i want to learn
<ndroftheline> !mplayer
<ubottu> mplayer is a media player. It resides in the mutiverse repository and can easily be installed via applications -> add/remove. For codecs try !codecs
<ndroftheline> ...a media player?
<ndroftheline> jetole: why mplayer?
<twb> ndroftheline: he forgot the
<qman__> ndroftheline, assuming you're talking to us over the intended connection, your port 80 is open
<qman__> browsing to it asks for a user and password
<twb> qman__: but his router is what's responding
<twb> Server: Ubicom/1.1
<qman__> ah
<qman__> so you'd have to disable that function in the router
<twb> I hate trying to configure those pissant consumer routers.
<qman__> yeah, most of them are absolute junk
<qman__> it's why I use ubuntu for mine
<jetole> ndroftheline: I was changing rooms cause I wanted to ask about how to make mplayer and gnome-screensaver play nice with each other
<jetole> ndroftheline: thought it's offtopic, the correct answer is heartbeat-cmd="dbus-send --session --dest=org.gnome.ScreenSaver --type=method_call /org/gnome/ScreenSaver org.gnome.ScreenSaver.SimulateUserActivity" in your config file
<twb> jetole: I'm curious; config file for what package?
<hansin> ndroftheline: Maybe see if you can set your router so it only accepts admin logins "within" the network, not from the outside.
<twb> That would definitely be a good idea
<hansin> Actually, that is a good idea anyway for security reasons.
<hansin> But it then might also properly allow the forwarding of port 80 to your sever running Apache vs. exposing its own internal webserver that handles the admin stuff.
<yitz_> We got this setup with ~130 servers that we'd like to keep all pretty much in sync and identical and whatnot. Does anyone know of some cluster management tools that
<yitz_> We got this setup with ~130 servers that we'd like to keep all pretty much in sync and identical and whatnot. Does anyone know of some cluster management tools that'd help manage them?
<tonyyarusso> yitz_: puppet
<yitz_> Will look into that. Thanks
<twb> Puppet/chef/cfengine are more targeted towards HETEROGENEOUS environments, but you could certainly use them for a cluster.
<yitz_> So long as it's simple to use and not awkward, overkill isn't a bad thing
<yitz_> We'd probably mostly be using it to run random commands and apt-stuffs
<twb> For a homogeneous cluster I'd almost be tempted to netboot the nodes, copying the OS to RAM at boot and using the local disks for swap and /var/tmp only
<twb> yitz_: puppet works by you defining the end goal (e.g. "ensure sshd is installed"), and it working out what commands to issue (e.g. "apt-get install openssh-server").
<nat_home> when you change a hd in a software raid1, what are you supposed to do after ? go through fdisk to partition it or mdadm has a command to do the entire process â¦ mdadm --add just want a parition â¦
<terinjokes> this is, uhm, interesting
<terinjokes> i'm trying to modprobe ipv6, and I've found I have no /lib/modules directory
<twb> terinjokes: your kernel might be compiled without module support.
<twb> I heard a rumour that RHEL do that to prevent you from loading unsupported modules into their kernel without consciously voiding of their support contract.
<terinjokes> twb: possible
<terinjokes> twb: except i'm running ubuntu server and not RHEL
<twb> Oh, sorry, I thought this was #netfilter
<terinjokes> (i got out of DLL HELL, no need to go to another ;) )
<twb> terinjokes: it's actually worse on unix than on windows, which is why there are "distros" to shield you from it.
<twb> Try installing, say, Oracle Hyperion on SLES and you'll run into in about ten seconds.
<terinjokes> been doing this linux thing for too many years now
<twb> *into it in
<terinjokes> so i'm well aware
<terinjokes> (much of that time was with PowerPC boxes, what fun!)
<eagles0513875|2> hey guys with out an app armour policy for dove cot is it possible dovecot can give me problems?
<terinjokes> twb: you know what I can do
<eagles0513875|2> hey guys im using squirrelmail to access my email server
<eagles0513875|2> and i get this erro ERROR: Could not complete request.
<eagles0513875|2> Query: SELECT "INBOX"
<eagles0513875|2> Reason Given: [SERVERBUG] Internal error occurred. Refer to server log for more information. [2010-11-12 07:35:12]
<eagles0513875|2> i have checked the mail.err and it says its a permission issue
<eagles0513875|2> but my permissions have been checked and rechecked
<eagles0513875|2> and they are correct
<eagles0513875|2> app armor is enabled but i dont have a policy for dovecot setup at all
<eagles0513875|2> could that be causing squirrelmail to return that error
<eagles0513875|2> andn the permissions error in the log?
<noaXess> good morning
<eagles0513875|2> hey noaXess
<eagles0513875|2> :-(
<eagles0513875|2> kinda frustrated this am noaXess hows you
<noaXess> have a raid5 with 6T.. first partition has 2T.. now i want additional 2 partitions with each 2T.. if i create the second partition, i use fdsik and set the pertition size to +2000G
<noaXess> eagles0513875|2: why?
<noaXess> here is all fine..
<eagles0513875|2> ERROR: Could not complete request.
<eagles0513875|2> Query: SELECT "INBOX"
<eagles0513875|2> Reason Given: [SERVERBUG] Internal error occurred. Refer to server log for more information. [2010-11-12 07:35:12]
<noaXess> just a little understanding problem
<eagles0513875|2> thats why
<eagles0513875|2> i checked the logs its saying permissions is the problem but i have permissions setup right
<noaXess> i see.. read
<eagles0513875|2> i dunno only thing i can think of is i would need to setup an apparmor profile for dovecot?
<noaXess> puh.. it seams that an db access problem is there? not fs perms..
<noaXess> eagles0513875|2: what is in the server log?
<eagles0513875|2> i dont have anything setup to access a db though
<noaXess> show us ther error log...
<eagles0513875|2> im using the passwd and the shadow file
<eagles0513875|2> Nov 12 07:35:13 eagle dovecot: IMAP(jonathan): mkdir(/home/jonathan/Maildir/.INBOX.Sent/cur) failed: Permission denied (euid=1000(jonathan) egid=1000(jonathan) missing +w perm: /home/jonathan
<eagles0513875|2> thats whats in the log
<noaXess> show us a listing of /home/
<noaXess> pastebin..
<jmarsden> I think the output of    ls -ld /home/jonathan    would be quicker :)
<noaXess> ok :)
<eagles0513875|2> drwx------ 6 jonathan jonathan 4096 2010-11-11 17:22 /home/jonathan/
<noaXess> eagles0513875|2: just user has rwx.. maybe group needed too?
<eagles0513875|2> tried the group
<eagles0513875|2> as well
<eagles0513875|2> still same issue
<noaXess> to my partition understanding.. 6T raid5.. first partition 2T.. now i want aditional 2 partition, each 2T... with fdisk the second part i create with +2000G.. but the third the shoul also be ~2T.. but it isn't..
<noaXess> eagles0513875|2: so you tried to chmod -R +w /heom/jonathan?
<eagles0513875|2> noaXess: yep
<noaXess> .. /home^
<noaXess> ok..
<noaXess> and restarted services?
<eagles0513875|2> yes
<noaXess> ok...
<eagles0513875|2> if i restarted them as is
<eagles0513875|2> atm
<eagles0513875|2> i dont get that error with squirrelmail
<eagles0513875|2> i can login see emails recieve and send just fine
<eagles0513875|2> thats odd
<eagles0513875|2> i refreshed twice
<noaXess> have you already googled?.. think so ;).. http://www.google.ch/#hl=de&expIds=17259,17311,17315,23628,23756,24878,26637,26711,26761,26788,26849,26869,27130,27400,27404,27520,27545&xhr=t&q=dovecot+imap+permission+denied+%2Bw+perm&cp=38&pf=p&sclient=psy&newwindow=1&aq=f&aqi=&aql=&oq=dovecot+imap+permission+denied+%2Bw+perm&gs_rfai=&pbx=1&fp=96c4277166fb2c44
<eagles0513875|2> O_o
<noaXess> don't know exaclty dovecot.. but others had same problem..
<noaXess> maybe. shared mailboxes or wath ever..
<eagles0513875|2> noaXess: im the only one with an email account on the server
<noaXess> hm..
<eagles0513875|2> and im using user accounts that have username and password on the system
<eagles0513875|2> noaXess: any idea?
<eagles0513875|2> noaXess: im tempted to setup roundcube to see if i have the same issue
<eagles0513875|2> hey guys any app armour experts here
<eagles0513875|2> !cacti
<nat_home> I'm just changed a hard drive on a raid 1 and now after I rebooted, grub doesn't seem to work anymore, it says at GRUB _ in the boot
<eagles0513875|2> nat_home: i believe you would need to rebuild the array first i coudl be wrong
<databits> I'm doing some trouble shooting with my router, and have taken a look at my log files on the router.  I'm receiving a ton of incomming traffic in on port 33089.  I have ran a net stat on all the machines which are on the network, and have not been able to find any machines listening on this port.  Does anyone have any idea's ?
<eagles0513875|2> databits: are the packets udp or tcp packets
<databits> not sure
<databits> it is a simple log... just gives ip, and port.  At first I was thinking it was torrent traffic, but I ran a netstat on all my machines... nothing is going on .
<databits> alot I mean alot of traffic.
<eagles0513875|2> databits: should give if its udp or tcp
<databits> that used to be one of the ports I used for my torrent traffic but I do not have any clients running and I checked all the connections
<eagles0513875|2> what ports do you have forwarded on ur router?
<databits> not that port
<eagles0513875|2> i have seen what you are experiencing before
<eagles0513875|2> but turns out it was a udp packet flood
<twb> eagles0513875|2: please stop changing your nick, it makes it harder to ignore you.
<eagles0513875|2> :(
<eagles0513875|2> twb: why do you want to ignore me
<databits> my network performance is crapy, I'm chating with cisco people now.  Seeing about getting a new router shipped to me.
<eagles0513875|2> twb: secondly i leave my desktop pc on and im on from school
<twb> eagles0513875|2: because you're a noisy fool.
<eagles0513875|2> databits: try disabling any udp ports that you might have forwarded
<eagles0513875|2> twb: :(
<databits> I do not have any udp ports forwarded.  I have nothing forwarded except a few ports to my linux server
<databits> this is weird
<databits> hold on brb I have to grab my serial off my router, so I can get a new model :)
<eagles0513875|2> thats the only thing i can think of causing the traffic
<twb> I've inherited a Chenbro 3-to-5 hotswap backplane (http://www.chenbro.com/corporatesite/products_accessory_detail.php?serno=727&PHPSESSID=4d6d1129)
<twb> It includes a five-pin "HDD activity and failure cable"
<twb> How do I work out where (if anywhere) that connects to the motherboard?
<twb> (I'm using md raid; there's no hardware raid card.)
<reeniginEesreveR> how can i know the details of memory consumption on my server?
<twb> reeniginEesreveR: free, ps
<reeniginEesreveR> twb, also i'd like to see swap information, and see which process is thrashing more etc.
 * reeniginEesreveR has to admit that he's a n00b
<twb> reeniginEesreveR: those commands also emit swap information.
<reeniginEesreveR> right
<twb> reeniginEesreveR: you may also find top(1) useful
<databits> this port 33089 mumbo jumbo is stumpin me.  None of my machines, have any active connections on that port.  On top of everything else I do not have that port forwarded in the router, so that traffic should not be passing threw either way.
<twb> It provides a straightforward, sortable, refreshing UI
<databits> what would be the correct command to check my linux server to see if something is going on with my server
<twb> databits: perhaps that is a randomly allocated port for one of your existing services, or clients.
<twb> databits: e.g. NFS
<twb> Ah, you checked netstat already.  I presume you ran it with -a (all connection types)?
<databits> I'm sorry I'm not following
<databits> yes sir
<twb> Then I don't know.  Run tshark / tcpdump and examine the traffic to try to work out what it is.
 * eagles0513875|2 pokes RoyK with a stick
 * RoyK grabs the stick and whips eagles0513875|2's arse
<eagles0513875|2> lol morning
<RoyK> morning
<binBASH> eagles0513875|2: you have to get up earlier to trick RoyK :D
<eagles0513875|2> loool what time zone he in
<binBASH> according to his hostname it should be 9:45am at his place :D
<eagles0513875|2> lol then CET like me
<binBASH> yup
<binBASH> I'm also in Europe Berlin timezone ;)
<uvirtbot> New bug: #674390 in openssh (main) "1:5.5p1-4ubuntu4 (scp <host>:ns_sys_config) problem" [Undecided,New] https://launchpad.net/bugs/674390
<terin-webchat> i'm running ubuntu-server as a guest in xen, any idea on if I should install one of those linux virtual packages?
<slooksterpsv> Can someone assist me with ldap on ubuntu 10.04?
<RoyK> slooksterpsv: ask a specific question, please
<yann2> retransmit_or_expire_response_records: Failed to resend packet id 20905 to IP 10.0.255.255 on subnet 10.0.10.76 < from nmbd... interesting isnt it :(
<slooksterpsv> I did a fresh install of Ubuntu Server 10.04, and started immediately after install on this guide to get OpenLDAP installed and working: https://help.ubuntu.com/10.04/serverguide/C/openldap-server.html - the problem is I get down to sudo ldapadd -x -D cn=admin,dc=example,dc=com -W -f frontend.example.com.ldif  and I get invalid credentials, I've tried 6 different guides all give the same invalid credentials
<slooksterpsv> I've tried using the slapd password, root password, tried setting the password in slapd.conf nothing is working, I'm getting very frustrated, and looking more into another distro for servers
<slooksterpsv> of course
<uvirtbot> New bug: #674408 in samba (main) "setting up a share from nautilus did not install smb" [Undecided,New] https://launchpad.net/bugs/674408
<uvirtbot> New bug: #674417 in tftp-hpa (main) "unable to get logs either in daemon nor foreground" [Undecided,New] https://launchpad.net/bugs/674417
<uvirtbot> New bug: #674429 in mysql-5.1 (main) "package libmysqlclient16 5.1.49-1ubuntu7 failed to install/upgrade: trying to overwrite '/usr/lib/libmysqlclient.so.16.0.0', which is also in package mysql-cluster-client-5.1 7.0.9-1ubuntu7" [Undecided,New] https://launchpad.net/bugs/674429
<uvirtbot> New bug: #674467 in samba (main) "package samba-common 2:3.4.0-3ubuntu5.7 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128" [Undecided,New] https://launchpad.net/bugs/674467
<Myx0x3> why does my Ubuntu server loose the static IP and change to a dynamic?
<twb> Myx0x3: because you installed from the desktop CD, so you have NetworkManager installed, and it is designed to break networking.
<Myx0x3> twb: i installed from the ubuntu server cd
<twb> Myx0x3: is NM installed?
<Myx0x3> NM?
<mgolisch> how did you configure the static ip?
<mgolisch> using the interfaces file?
<twb> Myx0x3: dpkg -l network-manager
<Myx0x3> mgolisch: in interfaces
<Myx0x3> i changed eth0 to static.. and its corrected setup
<Myx0x3> twb: i dont have any grafical interface
<mgolisch> nm should never touch any unterfaces configured via the interfaces file
<twb> Myx0x3: network-manager is a daemon.
<mgolisch> it does not on my desktop atleast
<twb> mgolisch: granted; it has just stung me so many times that I always make damn sure it's gone before I try anything else
<Myx0x3> twb: aha, but the static ip works for like 1 day, then i have to restart the network deamon
<twb> Myx0x3: there should not BE a network ademon
<Myx0x3> hmm
<twb> That is why I want to make sure that the "network-manager" package is not installed.
<Myx0x3> init.d/networking ?
<twb> dpkg -l network-manager should list its state as "un".
<twb> Myx0x3: that's an init script, but it doesn't start a daemon.
<Myx0x3> twb: aha, but i have never installed NM, i installed my servers for 2 days ago
<Myx0x3> and before it had no problems whit this..
<mgolisch> what other software did you install?
<twb> Myx0x3: so you can confirm that its state it "un" according to dpkg -l?
<Myx0x3> mgolisch, SMB and OpenSSH
<uvirtbot> New bug: #674481 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/674481
<Myx0x3> twb: network manager is not in the list
<twb> Myx0x3: OK, pastebin the content of /etc/network/interfaces.
<Myx0x3> twb: http://pastebin.com/vh0giVCZ
<twb> "auto eth0iface eth0 inet static" is wrong; there should be a newline after the first "eth0"
<Myx0x3> and its correct! all my ipadresses starts at 192.168.2.20
<twb> Other than that, it's fine.
<Myx0x3> yes your right.. changed it now
<uvirtbot> New bug: #674483 in postfix (main) "package postfix 2.7.0-1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 75" [Undecided,New] https://launchpad.net/bugs/674483
<Myx0x3> seems like pastebin change it
<Myx0x3> there is an new line whit iface eth0..
<twb> Then I guess you need to look at what else is around that's running as root
<Myx0x3> yeah.. maybe its my Minecraft server.. but could it realy fuck up my IP adress?
<Myx0x3> im running it as sudo, otherwise it whine about permissons
<twb> I don't know.  Unless minecraft is part of Ubuntu, I can't support it.  You need to talk to your vendor.
<Myx0x3> twb: Minecart is an game, hehe.. but ill look and try to see what makes the problem! could maybe be the router.. how do i look the logs who could possible log what happens whit the IP?
<Myx0x3> im pretty new at linux and dont look at the logs pretty often
<twb> It's possible there's something in your logs.
<twb> They'll be in /var/log; try sorting the directory by mtime and looking at the newest files
<Myx0x3> twb: witch log? there is like tons of them
<Myx0x3> okay..
<twb> I love molly-guard
<Myx0x3> is it possible to run a bash script whit "sudo /etc/init.d/networking restart" every 6h?
<Myx0x3> that would solve the problem, but its pretty lame solution
<twb> Myx0x3: the scheduling system is called "cron".
<twb> Myx0x3: read the crontab manpage, then "crontab -e" or /etc/crontab or /etc/cron.hourly.
<twb> But as you say, that would be REALLY lame
<d-fens_> hi, how can i manage which services are started ?
<d-fens_> like enable  mysqld on startup
<d-fens_> like rc-status add mysql default in gentoo
<d-fens_> its 10.04
<twb> The only way I know (for upstart-managed jobs) is to go into /etc/init/foo.conf and edit it
<twb> For sysvinit jobs (i.e. just about everything in universe), you can simply say "update-rc.d foo disable".
<d-fens_> k thanks i'll try that
<twb> ALL services should start on boot by default.
<hdon> hi all :) anyone know where to find mock data for common database tables like user accounts and such? i would like more data available while i'm developing my applications :)
<mathiaz> hdon: you may wanna look at the MySQL test database (such as the World database)
<hdon> mathiaz, i shall google that, thanks :)
<uvirtbot> New bug: #674505 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.5 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/674505
<hdon> spooky :)
<TeTeT> hggdh: the scheduler is starting, stopping instances since over a week now, seems to work. I can reach the webservers and the file I've uploaded there just fine
<hallyn> smoser: kirkland: so in the uds session on cloud desktop, did anyone ever bring up doing it with a webos (like eyeOS) instead of a vnc connection to classic desktop?  just curious...
<smoser> hallyn, no
<hallyn> ok, thx
<hallyn> (seems like that would also forego the worry about proprietary clients on windows)
<jdstrand> hallyn: hey. did you see that powerpc and armel ftbfs?
<jdstrand> hallyn: (on libvirt)
<jdstrand> hallyn: I also wanted to mention this thread: http://www.mail-archive.com/libvir-list@redhat.com/msg29384.html where people are talking about other ftbfs (with patches) that you may want to add patches for for people using xen
<hallyn> jdstrand: yeah, i got emails on em
<jdstrand> hallyn: my patch to fix bug #672943 was accepted upstream, so I am going to add it to the packaging branch, but not upload
<uvirtbot> Launchpad bug 672943 in libvirt "virt-aa-helper crashes when domain XML does not contain <uuid>" [Undecided,In progress] https://launchpad.net/bugs/672943
<jdstrand> hallyn: ok cool
<hallyn> what is a packaging branch?
<jdstrand> hallyn: I figure I wouldn't upload as it is such a small change and thought you might be working on libvirt more
<hallyn> i see, did xen cause this?  i've been looking at the code and the failure made no sense to me :)
<jdstrand> hallyn: the one you merged with
<jdstrand> hallyn: with only the briefest of glances, our ftbfs are not the same as the ones reported upstream
<hallyn> don't suppose we have access to any powerpc?
<jdstrand> hallyn: there is the porting box
<hallyn> jdstrand: alas i need to work on somethign else today, so apart from looking during idle time at the source, i was going to look at it seriously on monday
<jdstrand> hallyn: sure. I just wanted to make sure you knew about it
<hallyn> thanks.  like i say, so far i'm stumped
<hallyn> so i'll read thorugh the xen thread anyway
<jdstrand> hallyn: I'll commit my patch to the branch with UNRELEASED as the distribution name and then you can have at it at your convenience
<RoAkSoAx> mathiaz: are you still gonna look into package Zenoss?
<mathiaz> RoAkSoAx: not in my natty plan for now
<RoAkSoAx> mathiaz: ok thanks. Just in case you wanna get in touch with them, you should try contacting npmccallum
<mathiaz> RoAkSoAx: cool - thanks for following up
<jdstrand> ugh, the libvirt branched is totally hosed
<jdstrand> s/branched/branch/
<hallyn> jdstrand: ?
<jdstrand> I did all the quilt push ; bzr add stuff, but now I did 'bzr update' and there are a gazillion conflicts
<jdstrand> udd ftl
<hallyn> but seriously,
<hallyn> i thought recent udd discussions suggested dropping .pc
<hallyn> i think mandating that you quilt pop -a before bzr ci makes sense
<jdstrand> hallyn: I would totally agree
<jdstrand> *totally*
<jdstrand> hallyn: but we all need to be on the same page. last I heard (from soren, who is driving udd with libvirt) is we want .pc
<poolvibe> Can I get some help with samba permissions please.  I have a share I want to force 775 664 on.  An example of create mode and directory mode would make my day
<poolvibe> not sure if i should use force?
<uvirtbot> New bug: #674543 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.41-3ubuntu12.6 failed to install/upgrade: subprocess new pre-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/674543
<jdstrand> hallyn, soren: I really don't care what we do. frankly, I would be happy with just debian/ in a bzr branch like what the desktop team does
<jdstrand> hallyn, soren: I just don't have time to be fighting udd at every turn
<hallyn> jdstrand: the problem with just debian is that we need to do something about gnulib
<hallyn> that's what keeps ruining my libvirt daily-build plans :)
<hallyn> jdstrand: do you want to just mail me the patch you wanted to add?
<jdstrand> hallyn: from a packaging perspective, I don't see why that would be the case as we use the upstream tarballs
<jdstrand> hallyn: it is in the bug
<hallyn> there's a bug?
<hallyn> jdstrand: oh, that one
<jdstrand> yes :)
<jdstrand> 08:50 < jdstrand> hallyn: my patch to fix bug #672943 was accepted upstream, so  I am going to add it to the packaging branch, but not upload
<hallyn> ok, thanks.
<uvirtbot> Launchpad bug 672943 in libvirt "virt-aa-helper crashes when domain XML does not contain <uuid>" [Undecided,In progress] https://launchpad.net/bugs/672943
<jdstrand> hallyn: can you explain your gnulib point? it should be frozen in the tarball and lp:ubuntu/libvirt
<hallyn> jdstrand: ok, then i guess it doesn't matter.  my daily-builds are based on git, and there it is NOT in the tree
<jdstrand> hallyn: right
<hallyn> and the 'git submodule update' is so built into the bootstrap process that without the .git/ contents, you can't bootstrap
 * jdstrand nods
<jdstrand> you totally need to do all that with the daily git build, but not in the Ubuntu package
<jdstrand> so whether we have debian/ alone or part of everything, it shouldn't matter
<hallyn> so...  i'm fine with that...
<jdstrand> hallyn: maybe it is as you said, the udd stuff has changed recently and we are doing it wrong. you, me and soren need to sort out the way that will work consistently...
<hallyn> yes, and including .pc does not work easily consistently with bzr,
<jdstrand> I have no opinions as I just want it to work, and *every* time I've tried udd with libvirt it blows apart
<hallyn> especially bc if you refresh a patch, bzr just wants to delete the .pc/*, but not re-add it
<hallyn> mathiaz: do you remember the recent email regarding .pc in udd?  (seems up your alley)  i thought there was an actual 'official' new stance on it
<jdstrand> at this point I am just 'bzr co lp:ubuntu/libvirt' after each time. I may as well ignore lp:ubuntu/libvirt at this point
<hallyn> jdstrand: and, we just look at the version # in debian/changelog to determine the tarball to use?
<hallyn> (if we just put debian/ into VCS)
<jdstrand> hallyn: yes
<kirkland> hallyn: hmm, how do you mean?  webos like?
<jdstrand> hallyn: the work flow is more 'apt-get source foo', make changes, upload and commit those changes back to bzr
<hallyn> kirkland: like http://eyeos.org/.  Then the user uses his browser to opent eh desktop, can use a browser in any OS, and can detach/re-attach just like with vnc
<jdstrand> hallyn: any time you grab the source, you need to look at the tree to make sure there aren't any unreleased changes
<jdstrand> hallyn: I'm ok with udd if it will actually work. if it doesn't, I suggest debian/
<kirkland> hallyn: hmm, well, that's sort of what we're going for with a java based nx client
<kirkland> hallyn: i'll look at eyeos now though
<hallyn> jdstrand: it completely avoid us having to beg ppl to quilt push -a, so yeah...
<jdstrand> and quilt pop -a...
<hallyn> kirkland: a webos just seemed better suited for this environment
<hallyn> but, i coudl see ppl wanting the standard ubuntu desktop, so maybe it wouldn't be good enough
<mathiaz> hallyn: hm - I don't remember the official stance on .pc/
<mathiaz> hallyn: I'd suggest to ask barry or james_w in #ubuntu-devel
<jdstrand> hmm...
<jdstrand> I didn't do 'debcommit --release', I just did the merge (with quilt and bzr add) and bzr ci...
 * jdstrand sighs
<hallyn> hm, i've never done debcommit - always do dch -i
<jdstrand> right
<jdstrand> but soren told me:
<jdstrand> 08:54 < soren> jdstrand: after that, you run "debcommit --release"
<jdstrand> hallyn: that is after dch
<jdstrand> (and when you make it live)
<jdstrand> so I'm betting I screwed up cause I didn't do that, and the importer was looking for the tag or something
<jdstrand> it is nice how much of a timesaver this has been for me...
<jdstrand> (not to be bitter or anything)
<hallyn> yeah
<hallyn> got my sympathy in any case
 * hallyn goes to look at the udd wiki
<smoser> hallyn, well, yes it would, but it woulnd't really be ubuntu
<smoser> we wantto demo/use ubuntu
<hggdh> TeTeT: cool!
<hallyn> kirkland: so the java nx client is oss?
<kirkland> hallyn: yes
<hallyn> ok, i thought it had been decided it wasn't
<SAngeli> Hi guys, I am geting an error when buring ubuntu iso files and have no clue how to solve it. This is what I get as error: http://img828.imageshack.us/f/isoerror.jpg/  what is that causes this error? Please anyone.  My OS is windows OS
<hallyn> mathiaz: thx, will do
<TeTeT> hggdh: not so sure what I should monitor but for the functioning service. Will need to shutdown the exercise next week for an exam though
<jdstrand> hallyn: check this out: http://paste.ubuntu.com/530749/
<jdstrand> hallyn: if that doesn't scream "don't bzr add .pc" I don't know what does
<jdstrand> pfft
<jdstrand> hallyn: that is obviously 'apt-get source libvirt'
<hallyn> sigh
<lavish> hi all
<jdstrand> hallyn: maybe we should discuss that with barry
 * jdstrand -> #ubuntu-devel
<lavish> do you know if php on ubuntu 8.10 had been compiled with pdo support?
<a_ok> what do I need for speedstepping /cpu fequency scaling?
<hggdh> TeTeT: there is not much to monitor actually -- we would be looking for exceptions
<hggdh> TeTeT: so browsinggrepping the logs for errors, and the like
<ssureshot> does scp use the same pub/priv keys as ssh ?
<hallyn> ssureshot: yes
<ssureshot> roger thatn thank you hallyn
<smoser> kirkland, i dont think the java client in nx (ie, from stgraber's demo) is open source.
<smoser> even if it were, it doesn't do anything bug download a binary version of the official nomachine client (which is free beer)
<kirkland> hallyn: ^
<hallyn> then i would offer eyeOS/equivalent as an alternative for those so inclined
<binBASH> eyeos is nice ;)
<binBASH> synology servers have something like this
<LyonJT> Hey
<LyonJT> does anyone have a good vnc server they could recommende?
<binBASH> http://www.synology.com/enu/products/demo/index.php
<binBASH> if you want to see ;)
<LyonJT> buy a SAN
<LyonJT> :)
<binBASH> LyonJT: already have thanks :D
<LyonJT> :) which make
<binBASH> LyonJT: well, currently moving to Amazon S3 though ;)
<LyonJT> lol
<LyonJT> moving to the cloud then?/
<binBASH> yup
<binBASH> already moved.......
 * hallyn quietly sneaks off for early lunch
<binBASH> LyonJT: running here hybrid
<patdk-wk> I don't get everyones usage of ec2
<patdk-wk> it's great for some things
<patdk-wk> but it seems everyone is building everything in it, not caring about performance or cost
<binBASH> patdk-wk: Our customers have import jobs with 20 Million images
<patdk-wk> you just moved that part right?
<binBASH> yup
<patdk-wk> not the actual serving of those
<binBASH> patdk-wk: also the serving
<patdk-wk> heh
<binBASH> patdk-wk: customer needs his stuff in a S3 bucket
<binBASH> so why not serve directly from it
<patdk-wk> oh, if customer demands it, that is different :)
<binBASH> yeah, they developed a firefox plugin and retrieve images from s3 with it
<patdk-wk> everything goes out the window cased on customer demands :)
<patdk-wk> based
<binBASH> patdk-wk: I hope client is ready to pay 15K / Month though :D
<binBASH> Amazon EC2 is not that cheap
<hggdh> aren't we building daily ISOs for natty?
<patdk-wk> ya, it's only cheap, if you do it on-demand-load
<\sh> binBASH: for a tryout it's "cheap enough"...when you do serious business, you should think about using datacenter providers like equinix others and do you own job in setting up a good server environment
<binBASH> yes we're doing so patdk-wk
<binBASH> \sh: Only have spike usage :D
<binBASH> so cpu is needed on demand
<patdk-wk> \sh did you miss it
<patdk-wk> it's a customer demand, that they use ec2 for that stuff
<patdk-wk> well, s3
 * patdk-wk doesn't think you can use s3 directly yet thought, without ec2
<binBASH> yeah, that customer provided s3 as storage :D
<\sh> well, I'm happy that we only wasting 1k US bucks per month right now...when there is more traffic on net+cpu I'll switch them to another datacenter
<binBASH> patdk-wk: sure you can
<binBASH> you just can't use ebs
<patdk-wk> hmm
<patdk-wk> ah
<binBASH> \sh And how many servers you have?
<patdk-wk> but then, ebs without ec2 is pointless :)
<\sh> binBASH: on amazone ec2? 4x t1.large
<PleXT> anyone known how to start a unattended Windows7 installation disc from linux PXE server? :/
<\sh> binBASH: that's for an US tryout of our product ;)
<binBASH> \sh:  OK ;)
<binBASH> we host usa stuff at superb.net servers
<binBASH> just that image importing part is at ec2
<binBASH> running instances continuesly is too expensive at ec2 ;)
<\sh> binBASH: but when we see that the US customers are throwing away webex, we will do a contract with a datacenter provider and building our new US facility ;) that means today we would need somewhat about 60-90 servers (HP BL4** /DL3{6,8}5 + network infra from cisco)
<\sh> binBASH: well, we do have some more machines at rackspace (real hw)
<binBASH> \sh: Our customers won't pay that much for all that kind of servers
<binBASH> :(
<binBASH> \sh: you know they make over 30K monthly, but don't want to invest too much in hosting :D
<binBASH> so we don't have option here to buy a massive amount of servers for them
<\sh> binBASH: 30K? that's what we are paying for our module in ffm including traffic
<binBASH> hehe
<binBASH> \sh: Well we are a very small company.
<poolvibe> can samba be served over the net with ssh?
<yitz_> poolvibe: sshfs ?
<poolvibe> yitz_  I want to give access to a file server with samba but hardened a bit
<Maletor> why did freenode tell me this? http://freenode.net/policy.shtml#proxies when i visited http://85.190.0.3/ I have been getting CSRF attempts from that host
<Maletor> Preliminary research suggests it is a proxy at Freenode itself trying to POST the shit out of my server.
<bogeyd6> can you use one computer to load balance between multiple machines
<mathiaz> bogeyd6: usually yes - it depends on your application though
<mathiaz> bogeyd6: for http, ha-proxy is a good choice
<RoAkSoAx> bogeyd6: if you look to loadbalance Web traffic, haproxy is probably your best option. For other stuff, IPVS might be a better option
<bluethundr> I am running ubuntu-server under VirtalBox.. I need to get copy-paste in the terminal working so that I can work with it more effectively
<bluethundr> this was the winning forumula under Fedora: http://pastebin.ca/1989319
<bluethundr> how do I do the same under ubuntu server? what packages would I need?
<hallyn> jdstrand: you were right in the first place - the statstest test fails to compile bc it shouldnt' compile when we don't use xen - and we dont' compile xen for amd/ppc (obv)
<uvirtbot> New bug: #674645 in dnsmasq (main) "occasional crashes: glibc detected double free or corruption" [Medium,Confirmed] https://launchpad.net/bugs/674645
<jdstrand> hallyn: oh, cool :)
<hallyn> jdstrand: i'll let it bake in a ppa before i request a merge
<jdstrand> hallyn: the ppa will only build amd64 and i386 right?
<jdstrand> hallyn: oh, but you probably know it builds from the poting machines
<jdstrand> porting
<jdstrand> hallyn: do you need the armel porting box?
<hallyn> oh, will they?  feh
<hallyn> no,
<hallyn> the ppc porting box had no tools on it, and i don't know of an armel one
<jdstrand> huh?
<hallyn> so maybe i'll just go ahead and request the merge.  it built locally
 * jdstrand goes to look
<hallyn> davis doesn't have much of anything.  i couldn't even manually ./configure
<jdstrand> hallyn: did you see the motd when you logged in?
<hallyn> nnnope
<jdstrand> hallyn: try logging in again
<hallyn> $*(&%*($&%
<hallyn> all right, i'll try my tree there, thanks :)
<jdstrand> hallyn: what I have as the porter box for armel is allowing me to login...
<zul> hey guys what version of libvirt are we using?
<jdstrand> zul: 0.8.5 in natty atm
<zul> jdstrand: thanks
<hallyn> jdstrand: failure was identical on both, so i'll assume if it works on ppc it works on arm
<jdstrand> zul: 0.8.6 should be out be the end of the month. depending on how hallyn feels, we might get it for natty
<hallyn> absolutely
 * jdstrand nods
 * hallyn feels spunky
<jdstrand> hehe
<zul> jdstrand: the newer the better for openstack ;)
<jdstrand> well, I imagine soren would be available to help then :)
 * jdstrand waves to soren
<noaXess> how are the 3ware commands?
<noaXess> to check status of the 3ware controller?
<Ninjix> anyone having Lotus trouble?
<eriksson25> Hi, anyone know how I can disable mantis driver from spamming my syslog?
<bogeyd6> how can i use the command line to upgrade only certain packages
<erichammond> bogeyd6: This works for me: sudo apt-get update && sudo apt-get install PACKAGENAME
<bogeyd6> hmm
<bogeyd6> k
<mrmist> or apt-get upgrade ...
<erichammond> mrmist: apt-get upgrade seems to want to upgrade other packages, too.
<dandifiedgari>  :)
<mrmist> ahh one particular package, right
<osmosis> how can I stop kvm and kvm_intel modules from loading at bootup?
<eriksson25> Hi, anyone know how I can disable mantis driver from spamming my syslog?
<mrmist> add them to  /etc/modprobe.d/blacklist.conf  ?
<hallyn> osmosis: look at /etc/init/qemu-kvm.conf
<hallyn> osmosis: i think if you disable that, they won't auto-load
<eriksson25> I dont want to kill the driver, just want it not to put alot of stuf in the syslog.
<uvirtbot> New bug: #674701 in ntp (main) "NTP client packets always have bad checksum" [Undecided,New] https://launchpad.net/bugs/674701
<osmosis> hallyn, nice idea
<osmosis> hallyn, hmm...how do disable though
<osmosis> hallyn, i dont want to start commenting out stuff in a system script that could be replaced at upgrade
<osmosis> hallyn, maybe i just need to disable the qemu-kvm system service? not sure how to do that either
<hallyn> osmosis: you can probably just 'mv qemu-kvm.conf qemu-kvm.conf.no'.  Or, comment out the 'start on' line.  Or, put 'exit 0' as the first line of the script (so, next line after 'pre-start script')
<eriksson25> mrmist: How do I restart syslog so it stops spaming mantis now that I have put it on blacklist
<mrmist> eriksson25: erm /etc/init.d/rsyslog restart probably but I'd expect you'd want to restart whatever is loging to it rather than the logger.
<eriksson25> probl
<mrmist> by the way when I was talking about blacklist.conf before i was answering a different question
<garymc> Hi anyone know where I can find my PHP error log file?
<eriksson25> lol, sorry I missunderstood
<garymc> i have it set to /var/log/php-errors.log in the php.ini but its not showing
<garymc> im on ubuntu should I ask this in php?
<garymc> whoudl I have to chown the file?
<lullabud> anybody know of an ubuntu livecd that has the vmware tools installed already?  or any other livecd, for that matter...
<lullabud> when you mount a remote server using Places->Connect to Server, is there a way to make that mount show up to the filesystem so you can interact with it via the CLI?
<MagicFab> lullabud, I guarantee it doesn't.
<lullabud> lovely.
<MagicFab> lullabud, I was answering re: vmware-tools
<lullabud> oh, thanks.  that's what i figured... might end up just making my own.
<lullabud> also, i was thinking it would be nice to get versions of Windows that were designed to be used within vmware and didn't include all the drivers for all the extra hardware that will never be attached to the vm.  i don't suppose something like that exists either...
<MagicFab> you can normally install most packages from live CD anyways... but haven't tried those
<dandifiedgari> lllk
<dandifiedgari> dandifiedgari
<lullabud> found the answer to the places->connect to server question, the mounts show up in ~/.gvfs
<garymc> anyone help me get my cronjob to work
<lullabud> garymc: what's wrong with your cron?
<garymc> where do i put it?
<lullabud> crontab -e
<garymc> what do i call the file
<garymc> yeah i do that then it asks where should I output it to
<lullabud> oh, just save whatever it's editing...
<lullabud> crontab -e opens a temp file with the existing crontab, lets you edit it, and then when you're done it puts the updated crontab file into place.
<garymc> ok my job has a # infront of it in the file it created
<lullabud> that will prevent it from running.
<garymc> it also says do not edit this file
<lullabud> look at the example crontab here - http://linux.die.net/man/5/crontab
<garymc> why is crontab -e putting # at the beggining?
<lullabud> see how comments are denoted with # ?
<lullabud> you can delete the # if you want it to run...
<lullabud> i usually just comment out old entries instead of removing them... that way they're already there if i need to put them back.
<lullabud> garymc: use pastebin.com if you need me to look at it
<garymc> lullabud : http://pastebin.com/1256qwBP
<lullabud> so, line 4 will run every night at 10:55pm
<garymc> yes
<garymc> it works :)
<lullabud> what OS is that?  you got that info by doing crontab -e?  that's an odd warning...
<garymc> yes
<garymc> how about thei
<garymc> 30 09 * * * php /var/www-ssl/orderCron.php
<lullabud> that would run at 9:30am
<lullabud> each day
<lullabud> you should probably put the absolute path to php, especially if it's running as root, just in case.
<garymc> what you mean? Absolute to php?
<garymc> that command seems to be doing the trick
<lullabud> find the absolute path to php by doing `which php`, then put that in there instead of just php
<lullabud> you don't need to, but it's a good habit to get into.
<garymc> ohh ok
<mathiaz> kirkland: hey - here is another cobbler-like project: https://github.com/proffalken/edison
<uvirtbot> New bug: #674245 in apache2 (main) "package apache2.2-common 2.2.14-5ubuntu8.3 failed to install/upgrade: ErrorMessage: il sottoprocesso vecchio script di post-installation ha restituito lo stato di errore 1" [Undecided,New] https://launchpad.net/bugs/674245
#ubuntu-server 2010-11-13
<air^> howdy.
<air^> how do I start the "gui" baed partition editor used in installation?
<air^> (I want to use it to setup sw raid on some other disks, ubuntu-server is installed on it's own drive)
<air^> Is ext4 stable in 10.10?
<ScottK> I think it's safe to assume the developers believe it to be stable or else they wouldn't have made it the default file system type.
<eriksson25> Anyone in that could help, need a good harddrive recovery program. My system disk died on my. I am in live cd now, could get to the /home partition but not the /root
<eriksson25> Pls, any help.
<uvirtbot> New bug: #674768 in dhcp3 (main) "wrong reference in description" [Undecided,New] https://launchpad.net/bugs/674768
<moparisthebest> I set up RAID 1 using mdadm the other day, and md4 appears not to have synced, can anyone help? cat /proc/mdstat: http://paste.ubuntu.com/531032/
<moparisthebest> it doesn't show UU like I think it should :/
<moparisthebest> or does anyone know a better place to ask?
<ndroftheline> hello all!
<ndroftheline> i'm having trouble connecting to my router from my external address
<ndroftheline> i have the appropriate ports forwarded
<ndroftheline> and i've even put it in dmz
<ndroftheline> it's not helping. any suggesiotions?
<RoyK> is memory ballooning available in kvm in Lucid?
<lifeless> yes
<RoyK> by default, or will I have to enable it somehow?
<RoyK> I have this machine with currently 4 VMs - I haven't overcommitted (much) yet - just wondering
<lifeless> pretty sure its on by default; it was a early feature of kvm IIRC
<lifeless> anyhow, have to run
<lifeless> ciao - I'm sure others can answer any other qyesetions you have
<XeNoT> just wondering, how do I get the unstable package from archive.ubuntu.com/ubuntu/pool/universe/p/proftpd-dfsg/ ? I tried adding unstable to several configs, yet I can't download the package using apt-get
<k5673> Yo! How can i optimize the performance of virtual guests runing in ubuntu 10.04 with KVM.
<k5673> Processor Intel Xeon E5420 @ 2.5 GHz. 16 Gb RAM
<k5673> Lucid Guests
<k5673> Both x86 and x86_64
<k5673> Yo! How can i optimize the performance of virtual guests runing in ubuntu 10.04 with KVM. Processor Intel Xeon E5420 @ 2.5 GHz. 16 Gb RAM. Lucid Guests.Both x86 and x86_64
<k5673> Yo! How can i optimize the performance of virtual guests runing in ubuntu 10.04 with KVM? Processor Intel Xeon E5420 @ 2.5 GHz. 16 Gb RAM. Lucid Guests.Both x86 and x86_64
<Nafallo> k5673: asking the same question every few minutes are not going to help you get an answer quicker fwiw.
<k5673> OK
<mgolisch> k5673: what problems do you experience?
<k5673> mgolisch: Running an x86-only database under a 32 bits Lucid guest with 3GB of allocated RAM and 4 assigned processors is slower than running the same database on 32 bits Lucid real with 3GB RAM and Intel Xeon Quad-Core Processor.
<k5673> mgolisch: The virtual one is slower than the real one
<Nafallo> that's to be expected.
<mgolisch> what did you expect?
<mgolisch> especialy virtual smp doesnt work too well in many virtualisation products
<k5673> Mmmmmmmm
<k5673> OK
<NightDragon> hello
<NightDragon> need some help
<NightDragon> for some reason, 'ipmisensors' module isnt included in ubuntu server kernel
<ehcah> When considering Disk based backup for a SOHO NAS...  What is the most important consideration?  Mirroring capacity?  Speed?  Offsite vs. Same Rack?
<RoyK> ehcah: zfs?
<RoyK> mirroring is a good thing until you get fs corruption or someone deletes a file by accident
<eagles0513875> hey guys
<RoyK> with zfs (or btrfs if you're brave) you have snapshotting, which is rather nice
<RoyK> hi girls
<eagles0513875> im testing kvm on my desktop running kubuntu but im just wondering aquemu will it allow me to setup a guest on a remote machine?
<ehcah> That's what I'm fearing.  I don't know about have a 24 bay chassis and its backup in the same rack, or house either.
<ehcah> I've been all over the net and as a result of purchasing an Areca Raid Controller, decided that I will simply use Ubuntu Server and allow the Raid Controller to configure my disk for Raid6.
<NightDragon> why raid6?
<ehcah> I know ZFS, or BTRFS, when available in production sits on top of my config, but I'm not sure I need it?
<RoyK> ehcah: hardware raid sucks hard when it comes to silent disk errors, and with terabytes of data, you'll get silent errors from the drives, meaning either corrupted data or (in case of metadata) perhaps a panic
<ehcah> NightDragon:  I think it offers me the most protection for my data.  Keeping in mind that Raid 6 is still a single point of faillure for me.
<NightDragon> unless you *really* think 2 drives could fail at once...
<ehcah> RoyK:  Can nothing be easy for the incompetent like myself?
<NightDragon> (which is rather astronomical odds)
<NightDragon> me, personally i prefer Raid5 + HotSpare
<NightDragon> less overhead
<ehcah> NightDragon:  You haven't met me.  If it can go wrong, it will.
<NightDragon> lol fair enough
<RoyK> NightDragon: heh - I somehow guess you aren't having too much data around :)
<NightDragon> well if you think about it
<NightDragon> take the odds of a drive failing
<ehcah> NightDragon:  Raid5 + Hot Spare leaves me the same usable disk space.  How does performance improve?
<NightDragon> and multiply that by the odds of a second drive failing within the timeframe of data transfer to hotspare
<RoyK> NightDragon: the most common thing is (a) drive fails, (b) insert new drive, (c) start rebuilding/resilvering and (d) corruption is found on one of the other drives - whops - data corruption
<NightDragon> ehcah: because one of the drives isnt in use until its needed. less overhead
<RoyK> NightDragon: that is, with linux sw raid or hw raid, you might not see the data is corrupted, so it's ignored, which is rather sad
<NightDragon> hmmz, an interesting problem
<NightDragon> i see your point
<ehcah> RoyK:  Is there any software that can automatically run corruption tests?  OR, are they simply found on a rebuild or specific file access?
<RoyK> NightDragon: it's not hypothetic -I've seen it several times
<RoyK> ehcah: zfs?
<NightDragon> well then Helllllloooooo tape drive!
<ehcah> If I run ZFS, doesn't that make the $1,300 I spent on my Areca card, wasted?
<NightDragon> (j/k.. i get your point lol)
<RoyK> ehcah: return it
 * NightDragon is just jealous that his DRAC card doesnt support raid 6 :(
<RoyK> ehcah: zfs is way better than what areca can give you
 * RoyK is setting up a couple of 110TB boxes these days - all on zfs
<ehcah> All I can say is ARGH!!!  Everytime I think I've got things worked out, there is a contrary argument against my solution.
<ehcah> This is good though.
<air^> :)
<ehcah> I'm trying to start out right!
<RoyK> ehcah: didn't say it wasn't good enough :)
<ehcah> I know.
<air^> Interesting discussion.
<ehcah> I just wish I were more technical.
<ehcah> It would make my life easier.
<RoyK> ehcah: dig further and it'll bleed in :)
<ehcah> When all is said done, I'll have spent more than $3,500 on a solution I intended to reuse older hardware for....
<ehcah> RoyK:  I don't know about that.  I've proven to be pretty thick!  :)
<RoyK> ehcah: that's about as much as we paid for this 10TB test unit
 * RoyK grins
<ehcah> I bet your disk are better quality than the 2TB Samsung ones I intend to continue using.
<RoyK> why?
<RoyK> most disks are about the same quality
<RoyK> speed differs, obviously, but the error rate is quite constant
<ehcah> My disk are currently $80 at NewEgg.
<RoyK> according to google's tests
<RoyK> well, they'll work
<ehcah> The 12 I have now, work flawlessly.
<ehcah> It's unRAID I'm not quite happy with.
<ehcah> For a ZFS solution. I was ready to use Nexanta.
<RoyK> why not?
<RoyK> or openindiana....
<ehcah> A few forums I've posted in suggested going back to straight linux server and HW or SW Raid.
<ehcah> RoyK:  I have OpenIndiana in a VM as well.
<RoyK> I really won't suggest using linux software (or hardware) raid over zfs
<ehcah> I know the FAQ's say it has a Server + Desktop focus, but I find it very desktop like?
<ehcah> Any idea when BTRFS will be readily supported?
<RoyK> zfs is a little slower, because of the checksumming, but when you get those silent errors from the drives, those will be detected by zfs, not by other solutions
<RoyK> perhaps by btrfs
<RoyK> but then, btrfs only supports mirroring
<ehcah> Didn't know that.
<RoyK> ehcah: you can install on btrfs from 10.10
<ehcah> I know, but I didn't think it was supposed to be ready for full usage until sometime in mid 2011?
<RoyK> ehcah: no current linux fs (except btrfs) checksums data
<RoyK> ehcah: I guess btrfs will get up to current zfs usability around 2015 with the current progress :Ã¾
<ehcah> RoyK:  Hypothetically.  If I could return my Areca card.  What would you reccomend that would ultimately get me to 24 SATA drives running on ZFS?
<RoyK> pci-x or pci?
<ehcah> Between the two, I'd go with ZFS, hands down.  Way more support and implemenations out there...
<ehcah> Let me check the MOBO I've bought before I answer. The areca is PCI x8
<ehcah> http://www.newegg.ca/Product/Product.aspx?Item=N82E16813182211
<ehcah> x8, or x4 I guess.
<ehcah> Straight PCI is probably slower than I want?
<ehcah> and that MOBO only has 1 slot.
<RoyK> LSI SAS9211-8i is quite cheap
<RoyK> that and a SAS expander will allow you to connect a truckload of drives with good speed
<ehcah> Ahh, expander... I was thinking I was limited to 8 drives with the card above.
<RoyK> 8 6Gbps SAS ports
<RoyK> with an expander you can utilize those quite well
<RoyK> usually the expander takes 4 SAS ports
<ehcah> Not to push my health insurance too far, but any suggestion for an expander
<RoyK> meaning 24Gbps
<RoyK> I think those are quite generic
<ehcah> If I could safe enough money on the cards.  I'd purchase a second Norco RPC-4224 chassis.
<ehcah> k.
<RoyK> a sas expander is like an ethernet switch
<RoyK> only that it switches sas
<ehcah> Stupid question:  Externally mounted or on a PCI type card?
<RoyK> SAS expanders connect to SAS, so usually externally
<RoyK> (or at the backplane)
<RoyK> most backplanes have a sas expander these days
<RoyK> at least the larger ones
<ehcah> The RPC-4224 may have 6 already?
<ehcah> I'll need to check its specs.
<ehcah> I know it has only 6 connections required.
<RoyK> Six internal SFF-8087 Mini SAS connectors support up to twenty-four 3.5" or 2.5" SATA (I or II) or SAS hard drives;
<RoyK> meaning it has an expander.....
<ehcah> yes.
<RoyK> dunno if that's 3Gbps or 6Gbps, though
<RoyK> 3Gbps will probably suffice, so you can get a cheaper controller
<ehcah> 3Gbps I beleive.
<RoyK> then the 9211 will be overkill
<ehcah> I'm looking at other LSI options to see....
<ehcah> http://www.newegg.ca/Product/Productcompare.aspx?Submit=ENE&N=100006520%2050001833%2040000410&IsNodeId=1&Manufactory=1833&bop=And&SpeTabStoreType=1&CompareItemList=410|16-118-100^16-118-100-S01,16-118-099^16-118-099-S01
<ehcah> Actually, on closer observation... I'm probably best with 3 of http://www.newegg.ca/Product/Product.aspx?Item=N82E16816118100
<ehcah> With LSI that is.
<RoyK> ehcah: try asking on #openindiana - you might not need three of those - but again - that will depend on the backplane/expander used
<ehcah> Will do.
<ehcah> The only trouble is adding multiple cards creeps back to the same price as I was already paying... http://www.newegg.ca/Product/Product.aspx?Item=N82E16816151052
<RoyK> ehcah: what sort of application will this be?
<ehcah> Home Media collection.
<ehcah> No Database or Web serving.
<RoyK> ehcah: then you can probably live with a single controller
<RoyK> the bandwidth will suffice
<RoyK> and I guess you're only on gigabit ethernet or lower anyway
<muszek> hi... newbie question.  I want to change umask for the 'pootle' user to 0002.  how do I do it?  it's a user that runs PootleService.
<ehcah> Ok. I need to get head around around connecting the 6 8087's on the Norco backplane.
<RoyK> it doesn't matter if the server can deliver 10Gbps if you connect that to an 802.11g network
<muszek> s/PootleService/PootleServer
<ehcah> My LAN includes 24 GB ports for this type of usage. Not faster.
<RoyK> how many concurrent users?
<ehcah> All of my media touching devices are hard wired to the GB switch.
<ehcah> We're a family of 4.
<RoyK> so worst case 4 concurrent users
<ehcah> It would be tough to hit more than that.
<ehcah> Yes.
<RoyK> you can use anything for that
<RoyK> it'll work well
<ehcah> Maybe a backup or ripping session on top. THat's it.
<RoyK> you really don't need a truckload of controllers
<ehcah> That's why I like the Areca card, when, I was convinced HW raid was the way to go.
 * RoyK just ordered some 10Gbps switches :D
<ehcah> Good thing all my gear hasn't arrived yet.
<ehcah> oh man. for home or business?
<RoyK> business :)
<RoyK> two 110TB servers for disk-based backup connected by 10Gbps to the main datacentre
<RoyK> quite fun :)
<ehcah> Yep.  Sounds like it.  All my data will require a 1:1 ratio for backup.
<ehcah> I don't know how to plan for that capacity beyond the 450 Blu-rays and 200 DVD's I'm ripping now...
<ehcah> I also struggle with having duplicate copies in the same rack.
<ehcah> I have a 70Mbit fibre connection, but no friends willing to house a server for me.
<RoyK> ehcah: I wrote a perl script to find duplicated files on a filesystem...
<ehcah> Not sure if this makes a difference, but I should have wrote Mbps
<RoyK> ehcah: for your setup, if you want to use 24 drives, I'd recommend either 3 RAIDz2 VDEVs of 8 drives each (for performance/safety) or 2 RAIDz2 VDEVs with 12 drives each
<RoyK> ehcah: how many drives are you getting initially?
<ehcah> RoyK:  I can't write a script, but I thought de-dup looks for those instances?
<RoyK> ehcah: don't use zfs dedup as of now
<ehcah> 12 total, to begin with.
<RoyK> ehcah: also, don't use zfs dedup now
<RoyK> 12 drives can live happily in a raidz2
<ehcah> Although, with NewEgg.ca's sale price, I could easily add more. OR, share those with a second unit for backup...
<ehcah> Ok.
<RoyK> I've been testing dedup quite extensively, and it sucks hard
<RoyK> zfs dedup, that is
<ehcah> 12 x 2TB in Radz2 is about 18GB usable?
<ehcah> good to know.
<RoyK> (12-2)x2
<ehcah> ok, or 1.8 I think?
<RoyK> so 20TB or ~18TiB
<RoyK> 1TB ~ .9TiB
<RoyK> TiB is what's reported by the OS
<RoyK> http://en.wikipedia.org/wiki/Tebibyte
<ehcah> I also own a Sans Digital 8 bay external enclosure with a port multiplier.  Would this be good for backup?  I was going to sell it and try to by a second Norco case.
<ehcah> That's why I always assume about 1.8 on a 2TB drive.
<muszek> how do I set umask for a user that runs a daemon?
<ehcah> Based on the 450 BD I'm ripping at an average of 25GB per, I only need just under 12TB.  And even with a machine that will 4 BD readers in it, it will take me quite a while to get there.
<ehcah> RoyK:  I know this an Ubuntu forum... But, do you prefer OpenIndiana to Nexanta?  Or was that recommendation simply for me as OI comes with a full desktop environment?
<ehcah> My Nexanta VM has napp-it as the GUI.
<RoyK> nexenta isnÂ§t a desktop system
<RoyK> isn't
<RoyK> OI installs as a desktop system, but isn't really meant to be one
<ehcah> Ah. Ok, that makes sense.
<ehcah> From what I've read, they both run the same version of ZFS and have all of the same options.
<RoyK> OI has a newer zpool version
<RoyK> but most of the good stuff is in nexenta as well
<RoyK> freebsd zfs support lacks stuff like removing an slog, which is rather bad
<RoyK> meaning - if you add an slog (zil on ssd) and you lose that, the whole pool is lost
<RoyK> but then, that's not really relevant to your use
<ehcah> I don't fully understand where FreeNas is going, but I think at this point, I'd hold off until version 8 comes out?
<ehcah> I think I had decided on Nexanta for ZFS, but had not equally ruled out OI.
<RoyK> ehcah: I'd use OI if I was to choose
<ehcah> That's really good to know.
<ehcah> :)
<RoyK> ehcah: we're setting up OI on these 110TB units
<RoyK> 77 2TB drives in 11 7-drive RAIDz2s
<RoyK> whee!
<ehcah> As I mentioned, I have it running in a VM. Do I need to add anything to the base install?
<ehcah> COOL.
<RoyK> ehcah: try to add a bunch of virtual HDs to that VM and try to remove them, rearrange them etc
<RoyK> try to fuck it up badly
<ehcah> If I could figure out my cards, I'd actually mount 2 of those Norco chassis and start with single 8 disk RAIDz2's in each.
<ehcah> RoyK:  I plan to when all my gear arrives.
<RoyK> why not ...
<RoyK> then just use zfs send/receive between them
 * RoyK diverts to #openindiana
<ehcah> RoyK:  Unfortunately, my drives are that 8 bay enclosure and unRaid for now.
<ehcah> k.
<kinygos> hi...i want to ensure my iptables rules are persisted through reboot (i have fail2ban adding permanent bans)...i've found an article suggesting i add pre-up and post-down commands to my /etc/network/interfaces file...reading the man page for that file has made me nervous...could anyone spare me a moment to check what i'm planning to do?  the server is remote and i don't want to lose connectivity...http://dpaste.
<kinygos> i don't know if i'm adding those pre-up and post-down commands correctly...
<mrmist> personally I have the script in /etc/network/if-pre-up.d which does an iptables-restore from a pre-saved lsit of rules.
<kinygos> mrmist: but my rules are being added to pretty much every day by fail2ban
<mrmist> fail2ban will sort itself out, you don't need to save those rules
<kinygos> mrmist: really????  oh, that's the only reason i want to save the config
<mrmist> you can do some other stuff around persisting them, though, i believe, but i've not really looked deep into that
<kinygos> mrmist: i should've thought fail2ban would be smart like that...thanks :)
<RoyK> kinygos: personally I'd use denyhosts over fail2ban
<RoyK> it's distributed and works well
<RoyK> it doesn't cover stuff that doesn't use tcpwrapper's hosts.deny, but then, most services do
<kinygos> RoyK: i've just seen your note...i'm afraid to use denyhosts...i only have remote access to the server and i'm not confident in my abilities to configure it correctly first time
<kinygos> RoyK: if i lose access to it, i'll end up having to rebuild it which will be a massive setback in terms of timescales for me
<RoyK> kinygos: don't you have some sort of console access to the host?
<kinygos> RoyK: i have a lights out board...actually, thinking about it, i might have remote kvm
<kinygos> RoyK: can denyhosts run alongside fail2ban, or is that a silly suggestion?
<RoyK> if you only need ssh protection, denyhost will be the best imho
<RoyK> kinygos: using both for the same services, will be jolly stupid
<FalsAlarm> my server froze up an i couldnt even connect to ssh. i terminated the instance using my web hosting company provided control panel and started it back up, it booted back up fine and is working now.
<FalsAlarm> how so i investigate what happened to it?
<FalsAlarm> err, do
<kinygos> RoyK: well...i'm quite naive...i couldn't believe how many people come knocking on my ssh door...since i put fail2ban on permanent ban, i'm still banning 3-4 new addresses a day...
<kinygos> RoyK: so on my todo list is a serious look at what other measures i can take to secure my server
<RoyK> kinygos: there are people knocking all over
<RoyK> kinygos: but so long your passwords are secure, they can knock all night
<kinygos> RoyK: i use "knocking" in the kindest possible sense...i think it's criminal that they even try
 * RoyK welcomes kinygos to the Internet
 * kinygos rolls on the floor laughing
<RoyK> lock the door with a safe key
<RoyK> if you have a good password, they can probe on forever
<uvirtbot> New bug: #674943 in autofs5 (main) "autofs5 attempts bind mounts with nfs4, but can't perform them correctly" [Undecided,New] https://launchpad.net/bugs/674943
<kinygos> more than 7 characters, mixed-case letters, numbers, and non-alphanumeric characters....also root is not allowed
<RoyK> http://stuff.group.is/ismypasswordsecure.php
<lil_cain> Hi,
<lil_cain> Is there a reason umount and mount are suid?
<mdeslaur> lil_cain: so regular users can unmount and mount filesystems if they are allowed to in the fstab
<lil_cain> fstab can allow regular users mount and umount filesystems?
<mdeslaur> sure, if you put "user" in the fourth field
<lil_cain> huh. I was not aware of this.
<lil_cain> Cool, thanks.
<mdeslaur> lil_cain: np
<Aison> hello, I just managed to install ubuntu server on a very old machine ;)  would like to use it as NAS
<Aison> what's the best filesystem for the "storage" drive, so that cpu usage is as low as possible?
<RoyK> ext4 will do well
<thesheff17> is there anyway to see a complete history of this irc chat?  I'm trying to find a chroot link I posted months ago but can't seem to find the right site.
<Nafallo> thesheff17: you posted 4 links, which one are you after?
<thesheff17> Nafallo: I'm not 100% sure...it had to do with a chroot env that I was helping someone with.
<Nafallo> hmm. all of them about chrooting ssh, right?
<thesheff17> Nafallo: yea
<Nafallo> http://www.cyberciti.biz/tips/howto-linux-unix-rssh-chroot-jail-setup.html http://www.howtoforge.com/chroot_ssh_sftp_debian_etch http://www.marthijnvandenheuvel.com/2010/03/10/how-to-create-a-chroot-ssh-user-in-ubuntu/
<mdeslaur> thesheff17: archive is here, fyi: http://irclogs.ubuntu.com/
<thesheff17> excellent thanks guys.
<RoyK> !logs
<ubottu> Official channel logs can be found at http://irclogs.ubuntu.com/ - For LoCo channels, http://logs.ubuntu-eu.org/freenode/
<abstrakt> how do I set up a mail server? I've set up apache countless times, but I've got a VPS and I want to switch over to that instead of this shared host for my website, but I don't want to loose my emails
<AndyGraybeal> does anyone here use NFSv4 ACL's inheritance on their machines?  Does it make it so when you copy a file to a folder, the file inherits the folders permissions?
<uvirtbot> New bug: #675052 in openldap (main) "Upgrade from hardy (8.04) to lucid (10.04) sets bad permissions on olcDatabase={-1}frontend,cn=config" [Undecided,New] https://launchpad.net/bugs/675052
<lifeless> SpamapS: ping
#ubuntu-server 2010-11-14
<methods> hi
<methods> anyone successfully update intrepid lately ?
<methods> it's like a massive pain
<AndyGraybeal> does btrfs do acl inheritence passthrough, like zfs?
<AndyGraybeal> or does it to any acl inheritence?
<qman__> methods, since jaunty is no longer supported, I'm guessing it's not possible without a jaunty alternate disc
<ehcah> Once I have  a 16 disk Raid6 array up and running.  I need to work on a backup solution.  My primary box has 16 x 2TB drives and I have one extra I will keep unopened as a spare.
<ehcah> If I want to design a solution for disk based back up of this array that I can grow as my primary array grows, what would be a best practice?
<ehcah> I don't believe the backup server needs the same level of raid.  It may need nothing more than a JBOD type solution?  I only 5TB of data right now, so in a perfect world, I want to start with 3-4 2TB drives and add disk only as needed.
<jmarsden> ehcah: See http://blog.backblaze.com/2009/09/01/petabytes-on-a-budget-how-to-build-cheap-cloud-storage/ for one way to build storage servers :)
<hxcjonnysniper> ubuntu won't boot all the way. it gets stuck at "checking battery state" anyone know what to do?
<hxcjonnysniper> ubuntu won't boot all the way. it gets stuck at "checking battery state" anyone know what to do?
<KB1JWQ> !repeat | hxcjonnysniper
<ubottu> hxcjonnysniper: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<hxcjonnysniper> ubottu: i have been doing that for the past 3 days straight.
<ubottu> Error: I am only a bot, please don't think I'm intelligent :)
<jhansonxi>  hxcjonnysniper: Just guessing but try disabling ACPI with "acpi=off" in the kernel boot line in grub:  https://help.ubuntu.com/community/Grub2
<lwizardl> ji
<lwizardl> anyone here know much about raid cards ?
<ball> I use one, fwiw
<Error404NotFound> is there any ami for lucid on amazon?
<Error404NotFound> i was to test a t1.micro
<lwizardl> one of my friends is trying to build a data storage only server and wants to setup the machine to use a raid-5 for his drives. and he is looking for a good hardware raid pci controller (not pci-e). anyone know of some good ones ?
<Error404NotFound> i am unable to connect to my vsftpd on ubuntu lucid server, get http://pastebin.com/ijNabvjh have verified that password is correct
<uvirtbot> New bug: #675164 in openssh (main) "New version of openssh cannot connect to ssh server" [Undecided,New] https://launchpad.net/bugs/675164
<ehcah> jmarsden:  It's too bad those web based services scare me soo much.  I'd use them and not worry about recreating their solution in my basement.  Besides, their bandwith tells me I could back up about 4TB to them a day. Incrementally speaking, that would be nothing.
<uvirtbot> New bug: #675166 in mysql-dfsg-5.1 (main) "package mysql-server-5.1 5.1.37-1ubuntu5.4 failed to install/upgrade: subprocess new pre-removal script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/675166
<uvirtbot> New bug: #675185 in mysql-dfsg-5.0 "[Hardy SRU] dash bug causes mysqld_safe to spin at 100% CPU" [Undecided,New] https://launchpad.net/bugs/675185
<rushdy> Hi there! I'm following the server guide (https://help.ubuntu.com/10.04/serverguide/C/likewise-open.html) and have used Likewise Open to join our school domain. I seem to be missing the utilities listed in the Other Utilities section? lwinet, lwimsg, lwiinfo, likewise-winbindd (which I was hoping to use for NTLM with Squid). Any ideas?
<cerberos> I've got MAILTO=name@domain.com at the top of my crontab file and * * * * * date on the next line but I'm not getting any emails
<kaushal> Hi
<kaushal> Can i push any DNS names to the DHCP Clients ?
<kaushal> For example if i want to push DNS Names 8.8.8.8 ?
<kaushal> will that work
<kaushal> I am using DHCP Server on Ubuntu Linux Server 10.04
<padhu> kaushal: you can add it in /etc/resolv.conf
<kaushal> padhu: i dont want to add it manually :)
<kaushal> padhu: Anything else be done ?
<ehcah> Can anyone vouch for a solid "Cloud" backup solution for Linux NAS?
<ehcah> Does such a thing exist outside of Mac and Windows?
<padhu> are you using proxy?
<kaushal> padhu: Are you referring to me ?
<padhu> kaushal: yeah
<kaushal> nope
<Aison> argh, i'm trying to setup nfs4 between ubuntu servers, but this is making me crazy
<Aison> i can mount the shares, idmapd is working, etc...
<Aison> rights, users and groups are shown correctly
<Aison> but I can't write, I allways get permission denied
<SpamapS> ok, too bursty and unusable with the keyboard like this.. will check back in later
<SpamapS> ok, too bursty and unusable with the keyboard like this.. will check back in late/part
 * ScottK hands SpamapS a <cr>.
<abstrakt> hi so I'm setting up postfix (trying to) I've been reading a few documents, most notably https://help.ubuntu.com/10.04/serverguide/C/postfix.html and http://www.postfix.org/BASIC_CONFIGURATION_README.html
<abstrakt> when I run service postfix restart
<abstrakt> the message says stopping [ OK ] starting [ OK ] but I can't telnet to port 25 on this box
<abstrakt> I can ssh to the box, but I can't get to port 25
<abstrakt> here's my postfix config file, main.cf -> http://pastebin.com/YcsqFc53
<mrmist> have you tried that locally as well?
<abstrakt> mrmist, nope lemme try locally
<mrmist> just to avoid any external issues
<abstrakt> mrmist, yeah ok interesting, that does work
<abstrakt> mrmist, telnet localhost 25
<mrmist> firewalls?
<abstrakt> 220 mylongiphostnamehere ESMTP Postfix (Ubuntu)
<abstrakt> mrmist, hmm, not positive, let me check, I did a brief/cursory check for iptables
<abstrakt> but I guess I didn't check well enough, brb
<abstrakt> mrmist, as I said, I can ssh to the server just fine, and I can also get to port 80, both from outside the server
<abstrakt> hmm, how do I exit telnet?
<mrmist> quit
<abstrakt> ahh nm
<mrmist> that doesn't preclude a firewall that's blocking off port 25 though, of course.  But if your iptable rules are clear you should be ok there
<sherr> netstat will show what's listening on an ip/ port e.g. netstat -lnpt
<sherr> postfix is listening on all ports (inet_interfaces = all)
<sherr> /interfaces/ I mean
<abstrakt> yeah aptitude says iptables is installed, this is Ubuntu 10.10
<abstrakt> where wouldu I find that? i don't see it in /etc/iptables
<sherr> but is only going to accept mail from "localhost" because of "my_networks"
<sherr> iptabes -L -n - will show if theer are rules loaded and active
<abstrakt> ok which iptables reports /sbin/iptables
<abstrakt> sherr, ok thanks
<mrmist> you might want iptables -L -n -v
<abstrakt> ok
<abstrakt> mrmist, hmm, not much difference between the two
<mrmist> -v gives you more info so you can see rules that govern specific ports etc.
<abstrakt> http://pastebin.ca/1991589
<abstrakt> mrmist, ^ is the output of iptables -L -n and iptables -L -n -v
<mrmist> oh right it's all open
<abstrakt> yeah :/
<abstrakt> that's what I thought
<mrmist> that's kinda odd then
<abstrakt> exactly
<abstrakt> mrmist, like I said, I can ssh in no problem
<mrmist> The config suggests it should be working
<abstrakt> blast :/
<abstrakt> mrmist, could the myhostname and myorigin params have anything to do with it?
<abstrakt> mrmist, what about the mynetworks
<mrmist> Not in terms of refusing connectivity outright
<mrmist> presumably where you are telneting *from* is not barred from accessing remote servers on port 25?
<abstrakt> mrmist, here's my master.cf http://pastebin.ca/1991593
<mrmist> what does netstat -n -l say
<abstrakt> mrmist, netstat on what, on the server? or from my laptop?
<mrmist> is it 0.0.0.0 25 listening
<mrmist> on the server
<abstrakt> k one sec
<mrmist> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
<mrmist> is what you're looking for (or similar)
<abstrakt> mrmist, I do in fact have this line
<abstrakt> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN
<abstrakt> copied and pasted
<mrmist> ok. i reckon, then, that it's actually working, but for some reason you can't telenet to it from your laptop host
<mrmist> on port 25
<abstrakt> dammit :(
<mrmist> maybe there's some other host you can test connecting from?
<mrmist> or, just leave it up for a few days and the spammers will test it for you.. if you see rejections in your mail logs you know it's up and running
<abstrakt> mrmist, yeah weird, because earlier I was seeing rejections in my logs
<abstrakt> but now
<abstrakt> I'm not seeing anything else anymore
<abstrakt> dangit, must have borked something
<mrmist> could be coincedental.  Try restarting the deamon
<abstrakt> mrmist, I have, a few times
<mrmist> oh :(
<abstrakt> yeah
<mrmist> You might need someone more knowledgable to check your config, but the key  bits seem similar to mine which works
<mrmist> gotta say, though, that it looks like it's working :)
<abstrakt> mrmist, http://pastebin.ca/1991598
<abstrakt> mrmist, is my maillog, so it was working at one point, because I saw spammers hitting it, but I see no more spammers :(
<abstrakt> lol, the one time I can say that with a frowny face :P
<mrmist> ha
<mrmist> it could be that they're just not connecting jsut now.  Of course that doesn't really help if what you want to do is connect from your laptop
<abstrakt> mrmist, back
<mrmist> re
<mrmist> Unfortunately I don't think I can do any more to help, short of testing your server from my own if you want to pm the IP.  (You are at liberty not to)
<abstrakt> well floop
<mrmist> Hopefully some other folk will have some input on it
<abstrakt> ok, I'm gonna contact rackspace support, see if they can help me :)
<mrmist> also may I recommend some firewall rules might be an idea, esp if it's net connected ;)
<ubuntu4shane> ok, I setup my lamp server, (through tasksel) and it worked fine, then I started with virtual server, and enabled a site with a2ensite and reloaded apache, apache reports no errors upon reload, when I go to the site, it says forbidden
<ubuntu4shane> any ideas?
<mrmist> no index file and directory indexes turned off?
<ubuntu4shane> mrmist, for me?  not sure I follow you.
<squishy> improper file permissions on index file/dir?
<mrmist> yes. i mean you'd get that if you didn't have an index.html or similar and indexes were disallowed through config
<ubuntu4shane> ohh, got it, it was permissions on the folder
<ubuntu4shane> wasn't set to 755
<mrmist> :)
<ubuntu4shane> thanks!!  That was the simplest setup I have done
<ubuntu4shane> I have been through this a few times, and every time it gets easier.
<ubuntu4shane> thanks mrmist squishy !
<mrmist> all props to squishy i think in this case
<abstrakt> mrmist, yeah it looks like it's my ISP I think
<abstrakt> awww, lol whoops, just missed him
<abstrakt> where do I find the dovecot SASL socket? my /etc/dovecot/auth.d/01-mail-stack-delivery.auth says it should be in /var/spool/postfix/private/dovecot-auth but I don't have any such file?
#ubuntu-server 2011-11-07
<jbondhus> Hi.
<jbondhus> I'm having a problem with nfs on my server.
<jbondhus> Is anyone here familiar with nfs?
<jbondhus> Hello?
<EvilResistance> you should usually explain the problem :/
<EvilResistance> in order to get help
<EvilResistance> then if anyone has experience they'll respond
<jbondhus> Ok, sorry I was waiting to see if there was anyone here.
<EvilResistance> alternatively, #ubuntu
<jbondhus> The server is running Ubuntu 11.04 server. The client, which is running Mac OS X is not recognizing the files and folders on the NFS mount. Here are the settings on the server and client.
<jbondhus> SERVER SETTINGS:
<jbondhus> Export Folder:
<jbondhus> Export Folder Owner:
<jbondhus> jon:80 (me and admin group)
<jbondhus> Export Folder Permissions:
<jbondhus> -rwxrwxrwx
<jbondhus> Export Options:
<jbondhus> CLIENT SETTINGS:
<jbondhus> Remote NFS URL
<jbondhus> nfs://10.0.1.100/jbondhus
<jbondhus> Mount Location
<jbondhus> Advanced Mount Parameters
<jbondhus> None
<EvilResistance> stop
<EvilResistance> pastebin
<EvilResistance> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<jbondhus> Ok, here's the URL, sorry, i'm new to IRC.
<jbondhus> http://paste.ubuntu.com/730553/
<RoyK> jbondhus: the OS X NFS stack is somewhat sloppy, using netatalk works better
<jbondhus> How do I use that?
<jbondhus> The reason I'm using NFS is because it's the fastest protocol.
<jbondhus> I have to make NFS work.
<RoyK> jbondhus: apt-get install netatalk
<jbondhus> On the server?
<RoyK> NFS might be a bit faster, but you won't notice the difference in most circumstances
<RoyK> yes
<jbondhus> You know what, does ubuntu use afp?
<jbondhus> Can it support it as a client?
<RoyK> ubuntu supports AFP
<RoyK> I really doubt using AFP as a client from ubuntu will be the best choice
<jbondhus> My other laptop uses ubuntu and my main one uses Mac OS X, and the Server runs Ubuntu server. It has to be compatible with them all.
<RoyK> but the file ownership will be in sync whether you use afp or nfs or smb or whatever
<jbondhus> But smb is slower, and AFP is more compatible with mac os x.
<RoyK> I use AFP for my mac and NFS for unices and SMB for windoze
<twb> For a heterogeneous environment Samba will be the least painful
<twb> MAYBE NFS if you have OS X and Linux, but I wouldn't want to bet on it
<jbondhus> Well I have to have it shared. I found a great article on how to set up AFP on ubuntu.
<RoyK> twb: mixing AFP and NFS works well
<RoyK> it's just file ownership and modes after all
<jbondhus> NFS had permissions problems. Check that, HAS permissions problems. I'm just going to purge the nfs packages and rm -rf the export. That way I can start with a clean slate instead of having a junk folder that's chowned to nobody.
<twb> RoyK: I was assuming you didn't want the hassle or maintaining two whole network fs stacks
<jbondhus> I think I'm going to go with AFP. It sounds the most painless.
<twb> jbondhus: well, unless you're going to run kerberized CIFS, NFSv4 or AFS, you are going to have permissions issues.
<twb> Unkerberized network filesystems simply do not enforce access restrictions.
<jbondhus> What do you mean by unkerberized? I haven't heard that term before?
<ersi> Meaning you don't have kerberos authentication setup
<RoyK> without Kerberos
<jbondhus> Ok, that makes more sense.
<jbondhus> Is AFS the same thing as AFP?
<RoyK> !afs
<jbondhus> What?
<RoyK> afs is andrew file system, not really compatible with AFP, which is apple file protocol
<RoyK> !afp
<RoyK> this bot is too stupid
<jbondhus> Ok, nevermind then.
<jbondhus> Bye.
<twb> Indeed; not compatible at all, completely separate protocol :P
<twb> I only mentioned AFS because it's kerberized; I wouldn't recommend it for anyone that isn't a university
<ersi> He just logged off.
<twb> ersi: I was speaking for the benefit of lurkers :P
<ersi> 'k. :-)
<yaboo> stupid issue got two data four port pci-e cards, and when I boot the disks connected to them change address, can I lock in the address
<twb> yaboo: sorry, are these ethernet cards or sata cards?
<yaboo> twb sata cards
<twb> So what address is changing, the pseudo-SCSI bus address?
<yaboo> four port, both cards have disks connected to them
<yaboo> two, e.g. on one boot disk is /dev/sdc, next boot it is /dev/sdg
<yaboo> and boot after that its back to /dev/sdc
<yaboo> trying to do software raid
<twb> yaboo: that is how disks work.  It is only chance that you have never had this problem until now
<twb> yaboo: to use software raid, just refer to the array by its UUID rather than by the device names of its array nodes
<yaboo> twb so disks will change address during boot
<twb> Yes
<yaboo> twb, sort of stupid even using the disks  normally means I cannot put them in stab, because next boot its changed id
<twb> yaboo: fstab also supports UUIDs
<yaboo> two I understand, can I just lock the disks down
<twb> I doubt it
<yaboo> ok
<twb> If I had to guess I would say its because you have two identical cards, so they are more likely to race
<yaboo> two yes they are the same cards
<twb> But in theory it could happen on any hardware, and the Right Thing is to use UUIDs
<yaboo> ok
<twb> If you're installing Ubuntu it usually should use UUIDs by default
<yaboo> twb, thats cool, but when I reboot the array now comes as /dev/md127 and fails to mount, even using uuid
<twb> I do not know why that is.
<yaboo> that is???
<twb> Did you update /etc/fstab and /etc/mdadm.conf and run update-initramfs -u -k all?
<yaboo> no
<twb> Do so.
<yaboo> so update /etc/fstab with the uuid and the /etc/mdadm/mdadm.conf then run update-initramfs -u -k all?
<twb> OK, pastebin your current fstab and mdadm.conf
<yaboo> ok
<qman__> yeah, UUID by default was nailed down years ago
<qman__> I remember dealing with it in 5.10
<twb> When was the sg transition?
<twb> qman__: ^^
<qman__> well, dealing with this problem
<twb> qman__: I'd have said more like 2007, but whatever.
<qman__> in any case, long enough
<twb> qman__: I expect he's just following an ancient howto or something
<yaboo> twb http://pastebin.com/DSgqZ4xh
<twb> yaboo: you have no arrays in mdadm.conf
<twb> yaboo: you need something along the lines of this:
<twb> A
<twb> ARRAY /dev/md0 level=raid1 num-devices=3 UUID=aaebe741:68a1b213:7234de3b:cd66fef8
<yaboo> two ok, seems I am following a old how to then
<twb> You can get the UUID by doing mdadm --detail /dev/md127 or so
<yaboo> change raid=6 for me I guess
<qman__> also, my fstab doesn't use that UUID format for the array
<qman__> it uses the same format as the rest of the disks
<twb> Yes, in fstab it would look like this:
<twb> UUID=58d2c859-912a-4937-bbb4-d9f9edd16232 /boot ext2 noatime,nodev,nosuid,noexec,ro,sync 0 2
<twb> Note the UUIDs will be different -- mdadm takes the *array* UUID; fstab takes the *filesystem* UUID.
<twb> The filesystem UUID can be gained with "blkid /dev/md127" or "tune2fs -l /dev/md127"
<twb> yaboo: also you seem to have the root filesystem in fstab defined twice
<yaboo> ok
<qman__> yeah, that's a big problem
<twb> In future, you should check the date on the howto before you follow it :-)
<qman__> while the concepts haven't changed much, the little things have
<yaboo> two change my line to RRAY /dev/md0 level=raid6 num-devices=6 UUID 8c4113cd:9dee4f90:bc191129:c5bc8b2a       /home/storage   ext4    errors=remount-ro       0       1
<yaboo> RRAY /dev/md0 level=raid6 num-devices=6 UUID 8c4113cd:9dee4f90:bc191129:c5bc8b2a       /home/storage   ext4    errors=remount-ro       0       1
<yaboo> two changed my line too ARRAY /dev/md0 level=raid6 num-devices=6 UUID 8c4113cd:9dee4f90:bc191129:c5bc8b2a	/home/storage	ext4	errors=remount-ro	0	1
<yaboo> is this correct
<twb> My name is "twb" not "two"
<yaboo> sorry twb
<yaboo> is this correct syntax or not
<qman__> that is not correct
<qman__> the ARRAY bit goes in mdadm.conf, the /home/storage blah blah belongs in fstab
<yaboo> ok have to wait till server reboots
<KoolaidJunkie> Hello Everyone.
<KoolaidJunkie> I was wondering if there was someone that could help me with a External Harddrive mounting issue
<twb> !ask
<ubottu> Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<keithclark> I have my router, a speedtouch 516, and a router, a DLink DIR-615.  I am having a problem with port forwarding.  It is now working.  I seem to be having an issue with the modem.  It sees my router as 192.168.1.64, where my router's address is actually 192.168.0.1.  Not sure what the issue is here.
<twb> Unless your router or modem is running Ubuntu, that sounds like a problem for your router/modem vendor, not us
<keithclark> Maybe a bad modem?
<twb> All modems are bad modems
<keithclark> Bridge mode versus PPP mode maybe the issue with the modem?
<chenbing> have installed debian squeeze xfce4,seems no kernal source ,I mean there is no /usr/local/linux directory.how to apt-get it ?
 * greppy looks at the channel name
<uvirtbot> New bug: #887035 in bacula (main) "bacula director killed because of an "out of memory" condition" [Undecided,New] https://launchpad.net/bugs/887035
<uvirtbot> New bug: #887060 in unixodbc (main) "'./usr/share/doc/odbcinst1debian2/NEWS.Debian.gz' is different from the same file on the system" [Undecided,New] https://launchpad.net/bugs/887060
<runasand> hey, I downloaded ubuntu-10.04-server-cloudimg-i386.tar.gz and SHA256SUMS.gpg from https://uec-images.ubuntu.com/releases/10.04/release/, but I get a bad signature when I try to verify. Any idea what's up?
<ikonia> runasand: sounds like a corrupt source or corruption in transit
<ikonia> runasand: (or the image has been updated and the signature hasn't)
<runasand> ikonia: ok, so it's not just me doing it wrong. The checksum in SHA256SUMS matches, so that's something.
<runasand> ikonia: any idea who I should poke to have the signature updated?
<ikonia> a good question,
<ikonia> I don't know who maintains that stuff, at one point I didn't even think it was official
<runasand> https://bugs.launchpad.net/ubuntu-on-ec2 seems like the best place
<runasand> ikonia: hah, ok, the FAQ actually points users to this IRC channel :)
<ikonia> I'm sure that is correct, I just don't use those image, so have never really got involved
<runasand> ikonia: heh, figured it out, seems like I was just doing it wrong :)
<ikonia> explain ?
<runasand> basically, you fetch the sha256sum, sha256sum.gpg and the tarball, verify sha256sum with sha256sum.gpg and then check that the sha256sum for the tarball matches what's in the sha256sum file
<air_> howdy.
<air_> what's the use of the "backup" user autoamtically created on an ubuntu install?
<air_> Is there any harm done if I make use of it to setup an rsync from a remote server?
<air_> (ubuntu server, 10.04 lts)
<air_> I was planning on doing keybased login, just wondering if I should create a new user or reuse the existing backup user.
<air_> RoyK: you alive? :)
<yann2> hello! Is the maitainer of puppet/facter around? I think the last upgrade in maverick broke it
<yann2> I get this: http://pastealacon.com/29045  (worked last friday) i guess it might be because of https://launchpad.net/ubuntu/maverick/+source/facter/1.5.7-1ubuntu1.2
<yann2> if I use the version from main instead of proposed, it works.... (sudo apt-get install facter=1.5.7-1ubuntu1)
<soren> yann2: Can you file a bug that real quick, please?
<yann2> will do. nice to see you around here soren :)
<soren> cjwatson: Looks like an SRU regression ^  I forget what the exact steps are from here :-/
<yann2> https://bugs.launchpad.net/ubuntu/+source/facter/+bug/885998  actually already reported
<uvirtbot> Launchpad bug 885998 in facter "facter upgrade crashes puppet" [Undecided,Confirmed]
<yann2> seems I was pointing at the wrong commit
<yann2> too bad the package got pushed i -updates despite having this bug reported against it a few days ago :(
<soren> yann2: Yes, that is quite unfortunate. :(
<cjwatson> soren: https://wiki.ubuntu.com/StableReleaseUpdates#Regressions
<cjwatson> adam_g: ^- regression in your facter upload to at least lucid and maverick
 * cjwatson bumps bug 885998 to critical, though somebody who actually knows their way around facter will need to investigate
<uvirtbot> Launchpad bug 885998 in facter "facter upgrade crashes puppet" [Critical,Confirmed] https://launchpad.net/bugs/885998
<soren> cjwatson: Ok, thanks, I'll save that for another time (I don't suppose it'll help much at this point?).
<cjwatson> soren: probably not, no
<cwillu_at_work> you know how device letters start at sda, and go up through sdb, sdc, etc?
<cwillu_at_work> I'm up to /dev/sdik :/
<cwillu_at_work> (not a typo)
<cwillu_at_work> (not useful either)
<SpamapS> cwillu_at_work: indeed, its important to have something to make logical sense of those arbitrary device names
<cwillu_at_work> SpamapS, there's a grand total of 2 drives in this system :p
<SpamapS> cwillu_at_work: lots of hot swapping?
<cwillu_at_work> the usb adapter I use to write out images to new drives loses its mind on a regular basis
<cwillu_at_work> but this is new behaviour as of 3.0
<cwillu_at_work> hmm, or is it
 * cwillu_at_work pokes btrfs with a stickl
<nineteen67comet> Morning all, I've been running my web server since around 2002 (most recent server since 2008). I have been given an updated machine and would like to migrate my sites over slowly. How can I tell Apache or my router (Tomato Linux WRT54GL) which site to which machine?
<nineteen67comet> I would like to move one site at a time as I learn how to get things like I need (also moving from Wordpress to Drupal)
<nineteen67comet> maybe Joomla?
<xranby> nineteen67comet: if you have the sites on different subdomains then you can vome them over one by one by changing your dns entrys
<xranby> like  joomla.mydomain.com
<xranby> if you have the different sites as subfolders   like www.mydomain.com/joomla
<xranby> then you need to tell the old apache to forward all requests to each subfolder to the new server
<xranby> you could use apache mod_proxy to do this
<nineteen67comet> Okay .. they are all base URLS (www.domainname1.com www.domainname2.com etc etc) .. so Apache can hand a site off to another machine on my network?
<nineteen67comet> my folders are all /var/www/domain1 /var/www/domain2 /var/www/domain3 etc etc
<xranby> by using apache mod proxy you can add      ProxyPass       /app1/  http://internal1.example.com/app1/
<xranby> to your apache configuration configureation
<SpamapS> nineteen67comet: right, so you probably have www.domainname1.com pointed to the IP of your old server, you should point it to the IP of your new server.
<SpamapS> proxy is not really necessary
<nineteen67comet> aha .. unkay .. I'll jump on mod_proxy ..
<xranby> nineteen67comet: there are usually several ways to solve this task
<nineteen67comet> All my URLs once they go to afraid.org they hit my router and are sent to my web server (current/old one)...
<xranby> if each site have its own domain
<nineteen67comet> yes
<xranby> simply update the dns entrys
<xranby> to make each domains ip point to the new server
<nineteen67comet> all domains are in the same box; my ip (external) is not static so I use afraid.org as my DNS .
<SpamapS> You can probably just copy the old configs to the new server and then just move each DNS pointer one by one.
<SpamapS> nineteen67comet: oh you only have one real IP ?
<nineteen67comet> SpamapS: yes ..
<SpamapS> well thats different then!
<nineteen67comet> my router hands off all port 80, 81, 8080, 8081 to the web server (and 21,22 etc) .. the IP is a dynamic typical home user IP ..
<SpamapS> nineteen67comet: for that you probably want to use mod_proxy from the old server to the new.
<nineteen67comet> okay .. I'll jump on mod_proxy ..
<SpamapS> nineteen67comet: inside each <virtualhost> you can define a ProxyPass and ProxyPassReverse that will send all the traffic to the new server.
<SpamapS> nineteen67comet: theres' an option you'll need so you can use your old configs on the new server...
<nineteen67comet> Okay ..
<SpamapS> nineteen67comet: what version of apache do you have on your old server?
<nineteen67comet> Looking' now .. it's running Ubuntu Server 10.04.1 .. with Apache .. 2.2.14 ..
<SpamapS> nineteen67comet: ok good
<nineteen67comet> I put 11.10 with apache 2.2.20 on board (was going to stick with LTS but new stuff is just so shinny) ..
<nineteen67comet> the new one has 11.10
<SpamapS> nineteen67comet: yeah, on the 10.04 box you'll want to set ProxyPreserveHost On ...
<nineteen67comet> K .. in there now looking ..
<SpamapS> nineteen67comet: that way the new server will get the same Host: header so the <virtualhost> sections will work
<nineteen67comet> For the Allow from portion of ProxyRequests .. do I put the URL that I want forwarded to? in my case www.justinsteiger.com .. seems like this one I found is for incoming Proxy control ..
<nineteen67comet> http://httpd.apache.org/docs/2.0/mod/mod_proxy.html is the site I found on Apache .. I'm looking at the basic examples .. SpamapS
<cemc> hi. is there any tool in ubuntu for notifying admins (by mail) when a servers gets rebooted without proper shutdown (like a power outage or reset/power switch etc) ?
<nineteen67comet> SpamapS: and xranby thank you for the direction .. I'm going to go tinker with it all a bit and see if I can't make it work ..
<roaksoax> SpamapS: ping
<SpamapS> roaksoax: pong, sup!
<roaksoax> SpamapS: just asked pitti to reject a package from oneiric's -proposed... unless you can beat him to it so I can upload a new one
<SpamapS> roaksoax: ecryptfs-utils ?
<roaksoax> SpamapS: redhat-cluster
<SpamapS> roaksoax: guess pitti got it first
<roaksoax> SpamapS: ok, thanks though ;)
<roaksoax> zul: ping
<roaksoax> zul: do you have the list of patches you are forwarding to cobbler?
<zul> roaksoax: yo whats up?
<zul> roaksoax: not handy
<zul> actually handy
<zul> roaksoax: https://github.com/zulcss/cobbler-oneiric
<roaksoax> zul: may I take a look? so I can work on re-writting those that can be made less Ubuntu specific
<zul> roaksoax: please
<roaksoax> zul: cool thanks
<zul> roaksoax: 2.2.2 should be coming out soon so ill rebase and upload
<roaksoax> zul: awesome!
<zul> roaksoax: im going to suggest we move away from the git snapshots
<roaksoax> zul: agreed
<roaksoax> zul: https://github.com/zulcss/cobbler-oneiric/commit/71ba77b0578c751804643695a71849fdd739da2b this commit should be separated in two commits
<zul> roaksoax: k
<roaksoax> zul: other than that, it looks good to me
<roaksoax> zul: I thnk you can forward those, then rebase 2.2 to manage better the delta
<zul> roaksoax: ack
<roaksoax> zul: cause otherwise it might become a mess :)
<zul> SpamapS:  you did miss something: https://github.com/zulcss/cobbler-oneiric (they are still pending)
<SpamapS> zul: alright cool!
<roaksoax> zul: so are we gonna propose upstream cobbler to work with us on adding ITSM concepts to cobbler systems?
<zul> roaksoax: i dunno i havent thought about it
<roaksoax> zul: I'll contact upstream and dig into that
<zul> roaksoax: k
<zetui> hello there
<zetui> this is what i got on my ubuntu server
<zetui> http://pastebin.com/tDS02ine
<zetui> what i have to do ?
<azert> hello
<azert> there
<azert> i got HP DL380 Proliant server G7
<azert> from this morning i got something like this error :
<azert> http://ubuntuforums.org/showthread.php?p=11425367
<azert> [1131516.069427] ACPI Error: SMBus or IPMI write requires Buffer of length 66, found length 32 (20110112/exfield-285 )
<azert> [1131516.069433] ACPI Error: Method parse/execution failed [\_SB_.PMI0._PMM] (Node ffff880ea888e7f8 ), AE_AML_BUFFER_LIMIT (20110112/psparse-536 )
<pmatulis> azert: does it have an addon ipmi card or does it just use onboard ilo?
<azert> onboard ilo
<azert> just only
<azert> pmatulis:
<pmatulis> azert: i would check what acpi settings are to be found on your box, bios and os level
<pmatulis> azert: tinker around with that for a while...
<pmatulis> azert: and study bug #578506
<uvirtbot> Launchpad bug 578506 in linux "[Kernel] ACPI: EC: input buffer is not empty, aborting transaction" [Undecided,Confirmed] https://launchpad.net/bugs/578506
<azert> is it enough to get out the battery and replace. ?
<azert> pmatulis:
<randomcake> Hi, I'm running Ubuntu Server 11.10 and I'm struggling to SSH into the server, I've disabled the firewall, and still nothing, SSHd is on and listening (connecting to user@localhost works fine), but remote connections won't connect, what can I try to get it to connect?
<hallyn> zul, hey, do you see any problems with http://people.canonical.com/~serge/l.debdiff (libvirt debdiff for precise)  - the logrotate stuff is new to me, but it does the right thing in my tests.
<pmatulis> randomcake: see if the client can sense the open port on the server (telnet, nc, nmap)
<pmatulis> randomcake: look at server logs (/var/log/syslog)
<randomcake> I don't see the port as being open, and nothing is logged in syslog
<randomcake> what should I try next pmatulis?
<Matrix3000> how do i perm remove dhcp3
<Matrix3000> when i do an apt-get remove dhcp3-client it wants to remove ubuntu-minimal as well
<randomcake> pmatulis, I'm getting 'no route to host' now I'm doing SSH from another linux box (was using a Windows laptop before)
<randomcake> Matrix3000, why do you want to remove DHCP?
<dork> randomcake: is this ssh server behind a router?
<dork> or are you doing a local to local connection? what does your networking look like
<randomcake> all 3 computers are inside the same local network, it's a WiFi router, and a switch (the server and my laptop are connected by WiFi)
<randomcake> all are able to use the internet, the server is able to connect to my Linux NAS via SSH, but the NAS and laptop are unable to connect to the server
<dork> pastebin the output ot /sbin/iptables -L
<dork> please
<dork> on your server w/ sshd
<dork> randomcake: you doing that or no? i gotta go soon
<randomcake> the internet connection seems to have gone a little odd, I can't get to the pastebin, it's empty
 * hallyn out
<dork> pastebin is used for you to paste the data in, apply, give me the link so i can read the output of the command i asked without you flooding the channel
<dork> so just do /sbin/iptables -L
<dork> cut, go to pastebin.com
<dork> paste it in
<dork> submit
<dork> give me the url
<dork> think of it as notepad or something
<randomcake> no rules, but iptables-save does give the following: *filter\n:INPUT ACCEPT [3091:2105891]\n:FORWARD ACCEPT [0:0]\n:OUTPUT ACCEPT [2928:277972]\nCOMMIT
<dork> it's network related whatever it is, are these both linux boxes?
<randomcake> I'm familiar with pastebin, but I'm having trouble with new network connections
<dork> no ip conflicts?
<randomcake> yes, both linux boxes, I don't believe so, the IPs are all allocated by the router (with the server specifically given an IP of my choosing, but still DHCP)
<dork> can you do a telnet to the box port 22
<dork> see if it picks up
<dork> if it's no route you're getting i doubt the telnet will have any different results
<dork> what kind of router is this
<randomcake> nope, gives 'ssh: connect to host 192.... port 22: No route to host'
<randomcake> it's a BT HomeHub (I think the manufacturer is Thompson)
<dork> can you pastebin ifconfig results as well as your routing table please
<dork> can you ping the host?
<randomcake> nope
<dork> and the machine w/ the sshd can send and receive internet data?
<dork> can you ping the other box from the problematic server?
<randomcake> sorry, I'm not used to Xfce (not sure Xfce is the part I'm struggling with), I'm struggling to copy and paste from terminal :S
<dork> hilight, copy, paste bud
<dork> i gotta jet though, look at your router, see if you can install nmap on a working linux server and do nmap -sT ip.address.x.x and see if it sees ssh open
<dork> it's something routing related
<randomcake> maybe the Wifi dongle is rubbish, highly, fine, copy, fine, paste, within the same terminal seems fine, but paste elsewhere, and nothing
<air_> well, if he get's a no route to host error, it's not very likely nmap would show any open ports.
<uvirtbot> New bug: #887361 in facter (main) "facter facter_1.5.6-2ubuntu2.2: /usr/lib/ruby/1.8/timeout.rb:60:in `open': execution expired (Timeout::Error)" [Undecided,New] https://launchpad.net/bugs/887361
<CantWinn> Hello
<RoyK> .... . .-.. .-.. ---
<CantWinn> I work for a small company that does a lot of file share. Currently we use a program called DropBox and can be found at DropBox.com. I am looking to expand my Ubuntu knowledge by setting up a server with Ubuntu and creating a file share with permissions and user folders etc. Does Ubuntu-server handle this well?
<randomcake> CantWinn, yes, Ubuntu Server is ideal for this
<randomcake> CantWinn, https://help.ubuntu.com/11.04/serverguide/C/samba-fileserver.html should help you get started. You can have your logins based on a Windows server's accounts, but that would be more complicated.
<RoyK> CantWinn: ubuntu can do all of that, but dropbox is specialized for it, using ubuntu, you can use tools like rsync to do the same
<uvirtbot> New bug: #887364 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/887364
<randomcake> it depends, are you using dropbox within a single office? or are your staff spread out?
<CantWinn> Ok, Yeah i know DP is specialized but, when we have a lot of PDF's etc, every time someone moves computers it takes them about an hour to D/L and sync the files
<RoyK> your average rsync -za will probably work if it's in-house
<CantWinn> They are mostly located in the main building with a couple of very small satellite offices consisting about 5ppl ea
<RoyK> CantWinn: what amount of data?
<randomcake> RoyK, if it's a small company, and small office, why not a Samba share? CantWinn, is there a VPN or other tunnel connecting the offices?
<CantWinn> VPN
<RoyK> randomcake: depends if they're using windows or not
<randomcake> and what sort of existing servers do you have CantWinn?
<RoyK> CantWinn: doesn't say anything about bandwidth
<CantWinn> We have a couple of servers that are running Windows 2008 R2 virtual servers on them.
<randomcake> a server per site?
<RoyK> CantWinn: samba in AD mode?
<CantWinn> RoyK, they have a 10Mbps fiber line
<CantWinn> RoyK, Yes
<RoyK> ok
<CantWinn> The clients work stations have Win7 on them
<RoyK> CantWinn: why not bacula?
<CantWinn> We have an older Dell PowerEdge R200 server not being used, I thought about trying to set that up and experiment
<air_> dropbox checks the checksums of files, and avoids overloading your upstream if the file already exists at dropbox. (part of their deduplication).
<air_> personally, i don't like the idea to share my files with the world, but it does save lots of upstream performance.
<CantWinn> They want to get out of drop box for 2 reasons.. 1 not as secure as they like because we are a medical facility handling patient data. Number 2 is because if the internet or DP goes down we can't transfer files to where they need to go
<CantWinn> RoyK, .. bacula?
<air_> seriously.
<RoyK> CantWinn: setup a backup box with some 2TB drives in RAID, sw raid should suffice well, and use bacula to back them up
<RoyK> !bacul
<RoyK> !bacula
<air_> you throw patient data on dropbox?
<RoyK> CantWinn: see bacula.org
<CantWinn> air_, I just started here about 5 days ago.. believe me I am on this REAL fast
<randomcake> air_, any better than rsync does? I'd consider, a server per site, rsync to each site, and at the sites access the files using Samba, letting the windows users have mounted drives
<randomcake> or (hope this isn't against the rules!) consider the options your existing servers provide, such as Distributed File Systems in Server 2008 R2...
<CantWinn> I think what they want and what i would like to do, is set up a file share because this is what happens: (bare with me while I type)
<air_> randomcake: if you mean to compare dropbox to rsync, sure, you could probably get the same behavior, but you'd have to care about hard links and yourself finding duplicate files.
<air_> randomcake: but then again, I'm against putting anything of value on to dropbox. :)
<randomcake> yeah air_, handing anything of serious value to a 3rd party isn't something to be done lightly...
<randomcake> no problem CantWinn, understanding your use case is our best way to give decent advice :)
<CantWinn> Nurse scans chart, that chart gets sent to a program running RDP on the clients computer to the server, after which the file is then uploaded to DP where another person will take the scanned PDF's and import them to a splitting program, when she is done those splits go to another DP folder where some are picked up by a records person and the other if there is a RX goes to the pharmacy who has a DP for RX's
<air_> I'd sue you for this.
<air_> :P
<RoyK> CantWinn: then use bacula or some other backup system which keeps the data private
<CantWinn> RoyK, we want to.. I wanted to implement a system so they can share files into folders that users are granted permission that they can access via inhouse or VPN, then have a SQL backup offsite.. wich they currently do NOT have >:(
<RoyK> CantWinn: for medical data, you'll need  to setup a VPN solution to make the data available off-site
<CantWinn> *believe me when I say this is only scratching the surface of things wrong..* I haven't even gotten into: No redundant switches, No redundant DB Servers.. list grows
<RoyK> anything else is bogus
<randomcake> doesn't sound like any compelling reason to be using Dropbox CantWinn, was it lack of technical skills to implement a better solution that caused them to choose DB? Rather than any specific features of DropBox?
<CantWinn> RoyK, Yeah, that's why I was wondering how Ubuntu server will handle it.. I use Desktop myself and have always enjoyed many flavours of Linux, but I have never worked with server side.
<CantWinn> Well except RH virtual
<RoyK> CantWinn: try bacula
<RoyK> CantWinn: bacula can backup most OSes
<CantWinn> randomcake, I will give you the reason.. it all boils down to $$ Management sees $600 / mon for secure online backup and freaks out apparently..
<CantWinn> RoyK, I saved the link
<RoyK> CantWinn: apt-get install ......
<air_> CantWinn: explain to management what it will cost when the first patient sues you for loosing their information on dropbox.
<CantWinn> So what would my best solution be roughly with out causing you detail grief? Old server running Ubuntu, setup for file permission shares and VPN, then implementing backula?
<RoyK> CantWinn: bacula is a PITA for starters, the installation can be a bithard, but once it's up and running, it's rock stable
<CantWinn> RoyK, so Backula is standalone then?
<air_> if you are in an AD environment with access to running an extra virtual windows, why not consider running just another w2k8 for the file shares?
<RoyK> CantWinn: can be, but it can run on any linux or unix machine
<air_> then back it up to anything.
<CantWinn> air_, I was wondring that too, but when I asked there was groaning's about the extra $$ for W2K8 keys.
<CantWinn> *wondering
<RoyK> CantWinn: bacula is a backup service, it can run on most things, with a database backend of preferabably postgresql
<air_> CantWinn: again, just compare the costs to the damage done with current way of working.
<CantWinn> RoyK, Ok, so bacula does sound like a good option to solve for my backup issues (which is currently a HD plugged into an external mount device) but in a quick expl how does backula help with the file share?
<CantWinn> air_, I know that, and you know that.. remember, the rich get their by being greedy
<CantWinn> grr *there
<RoyK> CantWinn: bacula is a backup system, not a file sharing system
<CantWinn> << Too many things on the go at once
<CantWinn> RoyK,
<CantWinn> RoyK, ok, I thought so, I have been jumping back and forth to the site
<air_> CantWinn: the rich understand when you tell them they are fucked. I tried that on my last workplace, they told me they where insured against all things that could happen.
<RoyK> CantWinn: for file sharing, use samba or whatever appropriate
<air_> I gave them some nice scenarios where they would still be fscked no matter what they where insured against. :D
<CantWinn> air_, Yeah, insurance is the blanket that most companies are hiding behind...
<RoyK> CantWinn: whatever insurance, it won't hold your data......
<CantWinn> Well the good news i hope is I got hired by a new director of IT here, and he's more a people person than tech, so when I told him the issues he told me he's going to get them to realize what kinda d00 d00 they are in
<air_> and it wont hold your reputation.
<CantWinn> air_, nope.. that's why I'm working late right now trying to come up with something I can work on.. I just need to make sure that when people update a file in the share, that it's updated so all people can use it
<air_> if you loose customer data, get sued, got insurances to cover the legal fees, you will still make the news prime time and get a big bad reputation about being careless.
<CantWinn> yup
<air_> explain this to the big bosses.
<CantWinn> My director is
<air_> they don't want to be on the news for loosing patient data.
<RoyK> CantWinn: what are you trying to setup? a file server or a backup server?
<CantWinn> RoyK, I NEED both
<RoyK> CantWinn: those are two different services
<air_> RoyK: summary. they share patient data through shared dropbox.com folders.
<CantWinn> I'm trying to set up a local file server so they can stop using DP
<air_> and they don't do backups.
<air_> :D
<CantWinn> air_, BINGO
<air_> well, at least you have lots of things to improve here :D
<RoyK> CantWinn: for windows, samba should do well, preferably in AD mode if you have AD at thesite
<CantWinn> we are running AD on the main domain controller server
<RoyK> CantWinn: for backup, bacula or something, bacula is cheap (i.e free) and can backup any unices and win2k3/winxp and forward without issues
<CantWinn> RoyK, so with bakula running the backups I would just need to find an off site secure upload solutions then?
<RoyK> CantWinn: with bacula, you backup things on-site, and then, you can replicate that off-site if needed
<RoyK> CantWinn: how much data is this?
<RoyK> a few gigs? a few terabytes?
<CantWinn> ok, because I told them with data that they are supposed to keep until death, there needs to be an off site solution to copy to as well. because if there was ever a fire in the server room that has no A/C *groan* then they need to be able to get backups back
<CantWinn> Not much.. rightnow about 400GB MAX.. the DB is showing about 230gb use
<RoyK> CantWinn: tape backup, then, and an offsite storage for those
<CantWinn> RoyK, that would require them to have a tape backup drive
<RoyK> CantWinn: I know people doing bacula backups on tape for the full backups and disk for the differential/incremential backups
<CantWinn> Right now I have a server running symnaptic backup to an external drive that has an internal HD loaded in it like a tape.
<randomcake> a server room without A/C? :| tape backup can't be fully automated, surely a network backup, which is then synced offsite
<CantWinn> connected via USB.. lol
<randomcake> better than connected via Dropbox :P
<CantWinn> randomcake, that's why I'm looking at uploading to secure site.. and yes you read that right.. NO A/C..
<CantWinn> randomcake, LOL
<RoyK> CantWinn: just setup a remote machin with some large drives as the bacula SD
<CantWinn> RoyK, I told them to utilize their small off site offices now and put in a small server that is direct VPN to us here, that way we have our OWN off site location.. still waiting on THAT idea for a yes or no
<RoyK> or then, just tape backup, with remote storage of the tapes
<RoyK> CantWinn: you still would want a backup solution where you can restore from earlier backups in case someone overwrites a file and wants the old one back a week later
<CantWinn> My ideal solution I gave them was this: On site secure version of a DP, then a dedicated backup server with VPN to off site server for backup.
<RoyK> CantWinn: the ideal solution is to have local snapshotting and then some backup off-site
<RoyK> CantWinn: setting up a zfs storage system will help the first part, such as openindiana
<RoyK> the latter is simple, just a bacula server somewhere else
<CantWinn> sorry zfs? (getting tired)
<RoyK> CantWinn: you won't beleive how many hours we have saved by moving to ZFS storage with snapshots instead of restoring from backups......
<RoyK> !zfs
<ubottu> For information concerning ZFS and Ubuntu, see: https://wiki.ubuntu.com/ZFS
<RoyK> CantWinn: zfs on ubuntu is slow and not what I'd recommend - using OpenIndiana is better, but then, it's anoter OS, with other things, so it's up to you
<air_> what about nexentastor, openfiler, etc?
<air_> how do they stand up compared to openindiana?
<CantWinn> So far it sounds pretty damn impressive
<RoyK> air_: nexentastor is expensive, openfiler I don't know, but I think it's not updated as frequently as openindiana
<air_> RoyK: IIRC nexentastor community is free up to some 18TB storage.
<RoyK> air_: and the open nexenta isn't updated very frequently, hardly at all, according to my nexenta contact in .no
<air_> well, yeah, that seems to be the case actually.
<CantWinn> So instead of using ubuntu you guys think I should use AD for the file share?
<patdk-lap> I haven't liked openfiler
<patdk-lap> how did openfiler get zfs? last I saw it was centos based
#ubuntu-server 2011-11-08
<RoyK> CantWinn: AD isn't a file protocol
<patdk-lap> and all the *filers are freebsd based that do zfs
<air_> maybe it didn't.
<air_> yeah, I was actually thinking about freenas but somehow my mind connected wrong.
<patdk-lap> openfiler lasted 2 days for me, before it annoyed the crap out of me
<CantWinn> RoyK, I dindn't think so, I was getting confused there
<patdk-lap> hmm, storing files in LDAP, almost as effective as files in sql :)
<RoyK> CantWinn: you can setup a perfectly good fileserver on openindiana with support for "previous versions" in windows explorer without much trouble
<RoyK> CantWinn: that server can be easily backed up with bacula or something to have the data stored if your zpool is fucked up
<air_> what about freenas then? is it also just a piece of crap compared to openindiana? :)
<CantWinn> RoyK, I have a backup.. albeit primitave right now my number 1 goal is to get medial data off DropBox
<RoyK> IMHO freenas is just that, yes
<RoyK> CantWinn: did you read what I just wrote?
<CantWinn> RoyK, Set up file server on Openindiana then back it up using backula
<RoyK> yes
<air_> so, do it! :)
<CantWinn> LOL
<CantWinn> Now i gotta learn openindiana LOL
<RoyK> CantWinn: the snapshotting will help you a lot
<air_> if you even get the previous versions support in windows explorer, I wont argue against it much further.
<air_> :P
<RoyK> CantWinn: #openindiana ....
<CantWinn> Oh well, i have a server not doing jack crap but eating hydro.. mise well have some fun! :)
<CantWinn> You don't have to teach me, but does openindiana have a wiki or documentation on getting my FS up and running? just a yes or no, I'll find it on the site if they do.. if not IRC and google await
<air_> afk, time to sleep.
<RoyK> http://wiki.openindiana.org/oi/OpenIndiana+Wiki+Home
<RoyK> CantWinn: openindiana is solaris, so it's a bit different from linux, but it doesn't take too much to learn the differences
<SilfenX> hello - is there a simpel web proxy for server? aquid is overkill fo home network
<RoyK> SilfenX: why is squid overkill?
<SilfenX> I just need my local browsers to funnel through a VPN ed local machine on  home lan
<RoyK> squid is quite light-weight
<CantWinn> Thanks guys.. TTYL
<Takyoji> Anyone know of an orderly but accessible means of workstation capable management as well as for storage?
<twb> Takyoji: I don't know what that means
<Takyoji> Whoops
<Takyoji> cable management*
<Resistance> any of you here familiar with how i'd go about getting a source package for Precise so that I can attempt to repackage it for an older version within a PPA?
<Takyoji> I think you might be able to find assistance from #ubuntu-motu
<Roasted> hey hey
<Roasted> whats up fellas
<Resistance> Takyoji: or -packaging ;P
 * Takyoji shrugs
<Roasted> did much change dhcp wise from 10.04 to 11.10? I was trying to set up fog (whcih uses dhcp service) on 11.10 to show a buddy but it kept yelling at me with "not configured to listen on any interfaces!"
<Takyoji> I'm stupid, I haven't looked into packaging for quite some time. xP
<klpt> Does anybody know how to restore default Apache configuration files? Reinstalling the Apache deb doesn't seem to do it
<yaboo> ok got a funny feeling been box has been hacked, is there any way to check
<yaboo> other than last, who, w etc
<virusuy> yaboo: logs
<virusuy> also take a look at modified files in the last days
<virusuy> probably if you were hacked by a real hacker, they could install rootkits on your system.
<Matrix3000_> is there anyway to remove dhcp3-client without removing ubuntu-minimal
<dork> Matrix3000_: why you want to do that
<Matrix3000_> well i have a static ip in my /etc/network/interfaces
<dork> ok
<Matrix3000_> but the server is still requesting a dhcp address
<Matrix3000_> randomly
<Matrix3000_> like my server changes ip in the middle of the day
<dork> so just disable the init
<Matrix3000_> how?
<dork> let me see hold on
<Matrix3000_> not seeing much online by google in doing that
<dork> pastebin your interfaces file please
<dork> http://ubuntuforums.org/showthread.php?t=1374799
<dork> first of my search results
<yaboo> virusuy, thanks
<dork> search: disable dhcp client ubuntu
<dork> that will remove it
<dork> but seriously
<Matrix3000_> http://pastebin.com/3B5za5H3
<virusuy> yaboo: np :-)
<dork> if your box is pulling dhcp it's because it's being told to somewhere
<yaboo> virusuy, might try guess about using the find command and use atime to see if what files have ben modified
<zul> hallyn: looks good do the permissions look ok when you create the stuff in the postinst?
<Matrix3000_> dork: when i try to remove dhcp3-client it wants to take out ubuntu-minimal
<Matrix3000_> is that wahat the echo -e "Package: dhcp3-client dhcp3-common\nPin: release\nPin-Priority: -10" | sudo tee /etc/apt/preferences fixes
<Matrix3000_> nope, doesn't work
<Matrix3000_> http://pastebin.com/q9rk2Why
<virusuy> yaboo: yes, good idea
<virusuy> also, you could close unnecesary ports
<virusuy> until you find what happened
<twb> Matrix3000_: you probably have NM installed or something stupid like that
<twb> Matrix3000_: if your server is issuing DHCPREQUEST packets then you need to sort that out BEFORE worrying about uninstalling dhclient
<dork> yah
<Matrix3000_> twb: NM isn't installed
<Matrix3000_> network-manager isn't on the system
<dork> pastebin your interfaces file please
<Matrix3000_> # This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5).  # The loopback network interface auto lo iface lo inet loopback  # The primary network interface auto eth0 iface eth0 inet static         address 192.168.2.21         network 192.168.2.0         netmask 255.255.255.0         gateway 192.168.2.1
<Matrix3000_> http://pastebin.com/KFfaMr3z
<Matrix3000_> sorry
<Matrix3000_> damn computer didn't copy the link
<dork> auto eth0
<dork> hold up
<dork> pastebin the output of ifconfig please
<Matrix3000_> http://pastebin.com/tvCJxr6u
<dork> you see the auto eth0?
<Matrix3000_> running a /etc/init.d/networking restart got it going
<Matrix3000_> yea
<dork> comment that out
<dork> bounce your networking
<twb> dork: uh, why are you turning off his eth0
<dork> that's not for pulling dhcp?
<dork> you don't need that
<Matrix3000_> no
<Matrix3000_> auto eth0 puts teh interface up
<twb> Ot
<Matrix3000_> automatically doesn't it?
<twb> It's declared static
<dork> yes and dhcp before
<dork> i'd comment it out
<twb> WTF are you talking about, it doesn't say dhcp anywhere in that paste
<Matrix3000_> lol
<Matrix3000_> yea, there is no dhcp anywhere in there
<dork> ah yeah sorry, tunnel vision
<dork> heh
<Matrix3000_> and auto eth0 basically automatically starts up the config
<Matrix3000_> http://codesnippets.joyent.com/posts/show/319
<twb> If he comments out "auth eth0" and bounces the box, he'll lose his static config and have to drive out to the box to fix it locally
<virusuy> at the edge !
<Matrix3000_> auto eth0 brings up the interface
<Matrix3000_> then iface eth0 inet static configures the system
<dork> ah yah my bad
<Matrix3000_> the thing is that static config is getting replaced somehow
<twb> Matrix3000_: do you have VMs on this box or similar?
<twb> I guess not seeing as how they're not configured ini nterfaces(5)
<Matrix3000_> that system is a VM itself
<Matrix3000_> it's a VMware VM
<twb> Oh well
<Matrix3000_> on ESXi
<twb> It's probably vmware being stupid or something
<twb> talk to vmware about that
<Matrix3000_> well no vmware modules are on there
<twb> e.g. you set it to try PXE boot or something
<Matrix3000_> and it happend to a solid pc
<Matrix3000_> my NFS server randomly changed ip addresses the other day
<twb> OK, I assumed you were just seeing DHCPREQUESTs go by -- they hadn't actually affected the system
<Matrix3000_> yea, system was affected
<Matrix3000_> took down authentication for 30 minutes before i noticed it
<twb> pastebin the output of aptitude -F%p --disable-columns search '!~M~i'
<twb> Or even just dpkg -l
<Matrix3000_> what package we looking for?
<twb> Actually my next suspect is cpanel or something, which won't show up in apt
<Matrix3000_> oh yea cpanel isn't on this
<Matrix3000_> it's a standard ubuntu-server install that i performed
<Matrix3000_> no cpanel, no webmin
<twb> You just did a stock server install and basically turned on NFS and nothing much else?
<Matrix3000_> yea
<twb> No idea what's going on then
<Matrix3000_> aight
<twb> Oh, by IPs you mean IPv4 IPs, right
<Matrix3000_> it's like ubuntu got dumb
<Matrix3000_> yea
<twb> OK, no idea
<dork> are your interfaces bridged or nat'd
<Matrix3000_> no IPv6 yet on the network
<twb> dork: you can see they're not
<twb> Matrix3000_: IPv6 is opt-out in Ubuntu
<Matrix3000_> dork: doesnt't matter, its ESXi
<twb> ESXi will be bridging I expect
<Matrix3000_> yes
<dork> twb: i didn't know if that was his domu or dom0 or whatever vmwares stuff is
<dork> twb: so no ican't
<Matrix3000_> from the vmware virtual switch
<dork> ah
<dork> yah i've never used vmware
<twb> dork: he doesn't have a dom0 as such aiui
<phiscribe> hi ppl, is it plausible to run X11 remotely apps from a ub-server without needing X on the server?  (X11 forwarding say over ssh)  if so how could i get around the packages i want to run trying to pull in all the X dependancies?
<twb> well, esxi is a hypervisor plus its own dom0
<hallyn> zul, yup, they do.  (/me out again)
<zul> hallyn: cool catch you tomorrow
<yaboo> virusuy, seems they were running some internal scanning software to scan the internal network
<yaboo> also the stop the last process
<virusuy> yaboo: soy they scp'ed some script ?
<virusuy> s/soy/so/g
<yaboo> virusuy, I assume so
<virusuy> also take a look at sh_history
<virusuy> .sh_history
<Roasted> trying out this "chrome sync" hizzy
<virusuy> to see wich commands they ran
<Roasted> not sure about it quite yet
<virusuy> probably you'll find if their script is still there.
<yaboo> virusuy, trying to work which user they came in as
<virusuy> take a look at last command
<yaboo> they rebooted the box on the 15th last month and disabled the last command
<virusuy> oh gosh.
<virusuy> 15th ? more than a year ?
<yaboo> the box was run by another group
<yaboo> 15th oct
<yaboo> last month
<virusuy> oh, ok,
<virusuy> sorry .
<yaboo> so how do I reenable the last command
<yaboo> to log
<virusuy> uhmmm
<virusuy> first, take a look at /var/log/wtmp
<dork> was it a hostile takeover or something
<Matrix3000_> you know what f it
<virusuy> basically last search in /var/log/wtmp
<Matrix3000_> ill put dhcp on the entire network and make some statics
<virusuy> yaboo: oh, also execute lastlog
<yaboo> virusguy will do
<virusuy> isn't the same as last, but will helps you too
<dork> Matrix3000_: the ip's you pull are from the same /24 as your static?
<Matrix3000_> yea
<Matrix3000_> i have a dhcp server on the network
<Matrix3000_> is that the issue
<Matrix3000_> should i remove the dhcp from the subnet
<dork> well it's not going to give an ip unless it's asked for one
<dork> know what i mean
<Matrix3000_> i know
<Matrix3000_> that's what i thought
<Matrix3000_> that's why im puzzled
<Matrix3000_> http://pastebin.com/AQsb04zz
<Matrix3000_> wtf
<Matrix3000_> why ubuntu-minimal
<Matrix3000_> it's like asking me to fuck up the install
<dork> http://ubuntuforums.org/showthread.php?t=997390
<dork> i feel like i ran into the same question before
<virusuy> yaboo: did you find something?
<Matrix3000_> http://ubuntuforums.org/archive/index.php/t-1518951.html
<Matrix3000_> looks like i can fix it
 * EvilResistance can finally breathe :P
<Matrix3000_> last comment
<EvilResistance> whoops wrong channel
<yaboo> virusuy, yes a user I cannot del, but is loged in
<yaboo> also seems in the w does not show up
<virusuy> oh ok
<virusuy> but isn't conected now
<virusuy> right?
<yaboo> how can I force someone off the system
<yaboo> he is on now
<virusuy> ps -ef | grep user
<virusuy> uhm wait
<virusuy> execute that command first, to see wich process he's runing
<dork> yaboo: kill his pid
<virusuy> pkill -KILL -u âusernameâ
<yaboo> virusuy, does not come up, nor can Is ee him
<virusuy> but first yaboo
<virusuy> execute netstat -a > /some/dir/file.txt
<virusuy> doing that you can see their IP address
<virusuy> obviously they probably are behind a proxy but, well, who knows, can be a little newbie
<virusuy> and as i said before, close unnecesary ports
<virusuy> change all your password
<virusuy> and all those standard security recomendations.
<Matrix3000_> sudo chmod -x /sbin/dhclient
<Matrix3000_> going to see how that does
<yaboo> virus guy through him off, rebooting the box, building a new box
<yaboo> need thou for the moment to reactivate the last command
<virusuy> yaboo: yeah
<virusuy> yaboo: be more carefull about security
<yaboo> virusuy, this a box taken care off now
<virusuy> yaboo: alright then
<virusuy> well guys, i've had a great time with you tonigh
<virusuy> but it's almost 2:30 am here in Uruguay
<virusuy> hope to see you tomorrow.
<uvirtbot> New bug: #887410 in apache2 (main) "plymouth ask-for-passphrase" [Undecided,New] https://launchpad.net/bugs/887410
<Tm_T> morning
<b0gatyr> anyone know why I can't resize a snapshotted LVM?
<twb> Er, because that would upset the COW
<lynxman> morning o/
<afuentes> whats the difference between deb and deb-i386 in the apt conf file?
<afuentes> (its a mirroring machine)
<afuentes> in the man page i read, normal or arch specific
<afuentes> what normal means? all archs?
<maxb> err.... deb-i386 does not sound like any valid content for any apt conf file I've seen
<jamespage> morning all
<afuentes> maxb sorry im talking about /etc/apt/miror.list from apt-mirror
 * ejat pokes nibz 
 * ejat pokes nijaba 
<ejat> morning â¦ â¦
<nibz> ejat: ?
<ejat> sorry .. typi
<ejat> typo*
<lenios__> afuentes, obviously deb-i386 will only take i386
<lenios__> deb will take i386 and amd64, at least
<afuentes> thanks lenios__
<zetui> hello
<zetui> there
<zetui> aacraid: Host adapter reset request. SCSI hang ?
<zetui> anyone having the same problem ?
<Onyx47> hi guys, I'm running desktop version here but I have problems with apache, I guess there are no significant differences?
<greppy> Onyx47: shouldn't be, no.
<Onyx47> ok, I'm having problems with mod_rewrite, it works but it seems to be parsing my rules wrong or ignoring them no matter where I put them, I followed all instructions I could find and no dice, any special tricks that have to be applied under ubuntu?
<greppy> not that I know of.
<Onyx47> well, that's annoying, I'm seriously fresh out of ideas
<Randolph> hi all
<qman__> Onyx47, did you 'a2enmod rewrite'
<Onyx47> qman__, yes, and it's showing under modules if I run apache2ctl -M
<Onyx47> here's the vhost configuration, maybe I did something wrong but I just don't see it: http://pastebin.com/sSmVFcCZ
<qman__> then it's loaded, don't know what else to tell you
<ahasenack> smoser: hi, did the lucid AMI get a smaller rootfs all of a sudden?
<ahasenack> ami-f3a8619a, has /dev/sda1             1.4G  1.3G   68K 100% /
<afeijo> hi folks, I need to set up an email server in a brand new ubuntu 11.10 server (with pop3, smtp, imap3 and accts thru mysql). Where can I find a good tutorial?
<pmatulis> afeijo: did you check the ubuntu serverguide?
<afeijo> pmatulis, not yet
<greppy> afeijo: I've used http://www200.pair.com/mecham/spam/ on ubuntu with a little minor tweaking.
<SpamapS> afeijo: You probably want the 'mail-stack-delivery' metapackage which will give you postfix and dovecot. Putting the accts in mysql will require some advanced configuration.
<afeijo> I found a few good articles about it, time to test :)
<zul> MORNING
<lynxman> zul: afternoon
<zul> hey lynxman
<lynxman> zul: ello :)
<zul> roaksoax: lemme know when you are around
<afeijo> http://a2.sphotos.ak.fbcdn.net/hphotos-ak-ash4/382317_2581894503932_1151529281_33121319_990919503_n.jpg
<roaksoax> zul: im here
<zul> roaksoax: cool im just starting to flush out the wi for orchestra ill put them in a pad somewhere so we can look at it together
<roaksoax> alright
<bitshift> Hi there, need to run Ubuntu Server on a system which lacks the CMOV instruction, it refuses to boot because of this... how can I modify the installer and drop in a kernel which does not require it, if possible?
<uvirtbot> New bug: #887599 in dovecot (main) "unable to configure or uninstall dovecot-postfix" [Undecided,New] https://launchpad.net/bugs/887599
<SpamapS> bitshift: whats the processor?
<bitshift> it's a vortex86mx SoC
<bitshift> tiny little embedded system
<bitshift> gonna give 10.04.3 server i386 a go because I think (not sure) that it doesn't require the instruction, problem is i don't know if a system that "old" will support the r6040 ethernet device
<bitshift> would much rather run 11.10, is there any way to recompile the kernel without the use of cmov?
<bitshift> bloody hell
<bitshift> 10.04.3 doesnt support my network
<bitshift> okay so if I install 10.04.3, and get the kernel source - how do I then  compile the r6040 module? http://cateee.net/lkddb/web-lkddb/R6040.html makes me think it should be present with this kernel version right?
<genii-around> Perhaps not. https://bugs.launchpad.net/ubuntu/+source/linux/+bug/650899
<uvirtbot> Launchpad bug 650899 in linux "R6040 NIC driver module is not compiled" [Undecided,In progress]
<bitshift_2> lol irc from netcat
<bitshift_2> right 10.04.3 installer dun stopped, selected the package archive and boom, nothing
<bitshift_2> what do? :(
<bitshift_2> font just changed, but the installer is still halted, blue screen with grey line at the bottom, any ideas?
<bitshift_2> syslog has some messages about net-retriever good signature from various keys
<bitshift_2> gonna cancel installation and try something else :( back later
<Nightmar_> hi, im installing ubuntu server lts, i choose LVM with ext4 for disk partitioning, but it gets frozen at 33% when formating ext4
<Nightmar_> what could be ?
<uvirtbot> New bug: #887615 in dhcp3 (main) "package dhcp3-client 3.1.3-2ubuntu3.3 failed to install/upgrade: ErrorMessage: subprocess dpkg-deb --control returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/887615
<roaksoax> utlemming: ping
<roaksoax> utlemming: server team meeting
<utlemming> roaksoax: thx
<skej> I'm having issues running a PPTP VPN server on 11.10 x86 ubuntu server, the problem is that some websites will not load at all (ubuntu forums is one) while connected to the VPN, the second I disconnect the website instantly loads, its also interesting to note that I can ping the website.
<zul> thank god i got my flu shot before going to UDS
<EvilResistance> lol
<roaksoax> zul: lol
<lynxman> zul: you went preflued
<ribo> anyone here handy with AFPd/netatalk?
<ribo> this happens on a sucessful login: http://pastie.org/private/yjwccg5lp0nsajnidvcwza
<air_> ribo: 11.10 ?
<ribo> started happening after I upgraded to oneiric
<air_> ribo: yeah. 2.2beta sux.
<air_> ribo: either you'll have to downgrade to an older ubuntu, or you can install netatalk from source.
<ribo> ugh
<air_> ribo: not identical, but related. https://bugs.launchpad.net/ubuntu/+source/netatalk/+bug/879020
<uvirtbot> Launchpad bug 879020 in netatalk "afpd's CNID DB fails after upgrade" [Undecided,Confirmed]
<ribo> of course, the upgrade worked fine on my home server, and does this on my company's prod fileserver...
<air_> RoyK had some issues as well, might have been the same that you got. but he went back for the time being.
<air_> I installed from source and I'm happy with that solution :)
<RoyK> ribo: download a newer source, apt-get source netatalk, copy the debian directory from the ubuntu netatalk source to the 2.2 source dir, cd into the 2.2 source dir, run dpkg-buildpackage
<RoyK> ribo: or just install from plain source if you want that
<ribo> cool, thanks
<RoyK> ribo: the packages will be placed under the _parent_ directory of the source dir
<ribo> getting patch errors
<ribo> guess I need to delete some of the patches, right?
<ribo> dpkg-source: error: cannot read netatalk-2.2.1/debian/patches/115_default-dir.patch: No such file or directory
<ribo> er..
<ribo> dpkg-source: error: LC_ALL=C patch -t -F 0 -N -p1 -u -V never -g0 -E -b -B .pc/115_default-dir.patch/ < netatalk-2.2.1/debian/patches/115_default-dir.patch gave error exit status 1
<RoyK> ribo: erm... you probably need to remove the patching part - those patches probably won't fit the 2.2.1 source as they may have been included already
<ribo> yeah
<ribo> removing them as they error
<ribo> /usr/bin/fakeroot: line 176: debian/rules: Permission denied
<ribo> does the same with sudo...
<CantWinn> RoyK,  how you doing? Thanks for the info last night.. I need/have a different approach on this (according to the boss man)
<RoyK> CantWinn: he didn't want openindiana? :)
<CantWinn> Not really that.. I'm still looking for a way around something
<CantWinn> As a re-fresh I have a local network on a local domain, I need to be able to seamlessly share files with another network on another domain like DropBox.. but i want our server to essentially be the "cloud"
<tash> is there some way to join an ubuntu server to a windows workgroup?  Without a local dns resolver, I'm just wondering how a Windows machine could ping the hostname of the ubuntu server without a hosts entry on the windows machine.
<CantWinn> but it has to be secure.. I know most people point to using a samba with SSH but I don't think it's wise to leave the SSH connection open all the time
<ribo> derp, noexec
<CantWinn> What I need is a bunch of local users on the local domain sharing and working on files, then when the end product is done (the prescription in this case) can be shared with a Pharmacy directly and securly on a different network with a different domain.
<RoyK> CantWinn: IIRC if you set netbios name = something in smb.conf, it'll answer to netbios broadcasts typically used by windows clients (if dns resolv fails)
<RoyK> CantWinn: setting up a wins server is another thing you should consider
<CantWinn> RoyK, So what you are saying is that if I set up in my smb.conf to automatically search for the users domain that it will maintain direct connect?
<RoyK> CantWinn: I don't get it - do you have another domain server? or will samba be the domain server?
<CantWinn> RoyK, I have a domain server already.. a Win 2K8 R2 server
<RoyK> that's AD, not domain...
<RoyK> and that one will be running a DNS server as part of AD
<RoyK> so all you'll need to do is setup /etc/resolv.conf to point to the AD server for DNS lookups, configure kerberos and samba appropriately and then do a net join
<RoyK> CantWinn: google for samba and AD integration
<CantWinn> RoyK, thanks.. do you think it's possible to do what I'm trying to get done?
<RoyK> CantWinn: I've integrated samba with AD a few times myself, so it really shouldn't be a problem
<CantWinn> remotely establishing and maintain a connection that syncs a "folder" as well?
<nineteen67comet1> how to I register my nick? /nick nineteen67comet says is taken but that's me ..
<RoyK> nineteen67comet1: you can't register a nick you don't currently have...
<nineteen67comet1> Huh .. I used it last night (have been since 2001) .. today; no good ..
<nineteen67comet1> used to ask me for my p/w all the time .. don't remember that command either ..
<nineteen67comet1> trying to get some help in #apache as well; can't post w/out a working nick ..
<RoyK> nineteen67comet1: /msg nickserv help release
<Zanzacar> if a server is getting bogged down by a ton of users, such as a schools website during enrollment period
<Zanzacar> is there any way to set yourself out from the crowd of requests coming to the server?
<Zanzacar> as in getting responses from the server faster/ priority responses?
<Zanzacar> if that makes any sense at all
<SpamapS> Zanzacar: actually yes, go sit in the server's data center on the same LAN as it.
<SpamapS> Zanzacar: but for the most part, you're screwed because the slow thing is likely on the backend.
<Zanzacar> SpamapS: thats kind of what I figured
<Zanzacar> SpamapS: by backend you mean on the server, side it can process everyones requests
<EvilResistance> whats the command to upgrade a server from maverick to natty?
<EvilResistance> do-release-upgrade?
<SpamapS> EvilResistance: yes
<Zanzacar> EvilResistance: Yup
<EvilResistance> um...
<EvilResistance> hm
<EvilResistance> The program 'do-release-upgrade' is currently not installed.  You can install it by typing:
<EvilResistance> apt-get install update-manager-core
<EvilResistance> :/
<EvilResistance> might be because its a VPS?
<SpamapS> EvilResistance: probably
<EvilResistance> since its a VPS...
<EvilResistance> should i worry about upgrade-over-ssh?
<EvilResistance> its throwing warnings
<SpamapS> Depends on what "VPS" means anyway.
<soren> EvilResistance: I've done it lots and lots of times, but that of course doesn't mean it'll work for you.
<Zanzacar> I did my server upgrade through ssh.
<SpamapS> I'm still wondering why anybody buys a VPS anymore.. the Amazon free tier is as good as most "VPS"'s .. and is upgradable to something production capable in a single reboot. :-P
 * SpamapS says that, logged into to his VPS which hosts his IRC client
<SpamapS> actually amazon is crap for hosting SMTP servers.. so thats one reason. :-P
<Zanzacar> I have 2 servers running on amazons free tier :) got to love free servers. I have been learning a lot from them.
<Zanzacar> talking about the amazon free tier and servers. I was thinking about running a pretty productive site through that
<Zanzacar> The only question I am not really sure about is how many get request it can handle
<Zanzacar> if you only have a static site.
<utlemming> Zanzacar: the free tier is only free for the first 720hrs (or a single month usage)
<Zanzacar> 720/mnth every month for a full year
<Zanzacar> so 31.5 days every month. meaning 1 free tier server is free for a year
<SpamapS> Zanzacar: t1.micro with a static site that fits in memory (600MB or so) would probably be able to take quite a few concurrent users.
<SpamapS> Zanzacar: just use apache's worker mode or nginx.
<SpamapS> Zanzacar: t1.micro only falls apart with sustained CPU usage.
<Zanzacar> SpamapS: I am unfamiliar with worker mode so I will have to check that out
<Zanzacar> SpamapS: I figured if it was a static site that there would be little CPU usage for a static site.
<SpamapS> Zanzacar: apache2-mpm-worker ...
<SpamapS> I still wonder why the debian packages implement it as a Conflicts: with the rest of apache2 .. the way RH has done it with /usr/sbin/httpd.worker is much saner.
<Zanzacar> SpamapS: worker seems pretty cool, I think that would definetly help with running a high volume site on a t1.mirco server
<EvilResistance> d
<EvilResistance> oops
<SpamapS> Zanzacar: apache2-mpm-event is even more scalable, in theory, but less widely tested IIRC
<Zanzacar> SpamapS: O the thing we learn the things we learn. Thanks for the input.
<uvirtbot> New bug: #884805 in glance "httplib2 > 0.6.0 needed in packaging" [Undecided,Fix committed] https://launchpad.net/bugs/884805
<uvirtbot> New bug: #887225 in glance "python-crypto now dependency after 5e6fb33b22c" [Undecided,Fix committed] https://launchpad.net/bugs/887225
<Zanzacar> I might try out the worker mode since its a little more widely used/tested. (I feel more comfortable that way)
<Zanzacar> SpamapS: Check it out, ec2-107-20-112-0.compute-1.amazonaws.com/
<Zanzacar> SpamapS: I would like to know when someone has actually pressed the search button but I dont want to have server side scripting since its on a t1.mirco
<Zanzacar> so that being said do you have any thoughts on work arounds for that?
<SpamapS> Zanzacar: just have the search button hit a URL that you can scan the logs for
<gamut> Hello, would someone here be able to assist with issues involving a ServeRAID M5015 (megaraid_sas) contoroller and 10.04 LTS?
<Zanzacar> SpamapS: That would definetly work, but I wouldnt want to redirect them how would I hit the URL without redirecting them?
<SpamapS> Zanzacar: you can make a URL do a smart redirect with mod_rewrite.. but.. now you're getting into CPU hungry things.
<Zanzacar> SpamapS: That is the main thing I want to avoid, I guess I could do it with Javascript which would be server side to request a URL.
<SpamapS> Zanzacar: yeah that is the new thing to do.. offload to the client. :)
<Zanzacar> SpamapS: if your being sarcastic then haha, but if your not then cool I guess I am just headed in the right direction.
<Zanzacar> I just figured I could keep it free if I offloaded everything to the clients so it made sense to me to do it that way.
<Zanzacar> SpamapS: can I PM you? I got some question that are semi offtopic.
<tdi> hi all anybody with amd64 server 11.10 and libvirtd (working one ) ?
<tdi> getting the error : virsh # iface-list
<tdi> error: Failed to list active interfaces
<tdi> also virt-manager fails to connect, this is quite old bug
<tdi> but maybe there is somebody here who has it right?
<jmichaelx> i need to get sftp working on a server, authenticating with ldap.... i have tried several things, but so far to no avail
<jmichaelx> would anyone have any suggestions?
<tdi> jmichaelx: http://www.linuxforums.org/forum/servers/33930-vsftpd-pam-ldap-authentication-openldap.html
<dork> jmichaelx: proftpd mod_ldap?
<jmichaelx> tdi: i saw that, but that specifies using vsftpd.... which seems sort of ridiculous
<jmichaelx> dork: i am using pure-ftpd, but i have been under the impression that an FTP server is not even necessary in order to have sftp
<dork> jmichaelx: yah sshd and pam tho
<dork> jmichaelx: i'd research doing ldap authentication with sshd and see if that's possible
<jmichaelx> dork: yea, and that is what i have been focusing on
<dork> ah
<jmichaelx> well, it is very possible... i just can't figure it out, lol
<tdi> just use pam_ldap
<jmichaelx> i am using pam_ldap... ftp with ldap is working fine.... but i am wanting to require all users to use sftp
<tdi> you want sftp as in scp, or sftp as in secure ftp?
<gondoi> i think I missed a memo.... did innodb get removed from the base mysql-server package?
<SpamapS> or as in, ssh+the sftp backend?
<SpamapS> gondoi: definitely *not*
<gondoi> hmm
<gondoi> okay
<SpamapS> If I could, I'd remove MyISAM. :)
<tdi> anybody with libvirtd on 11.10 server 64bit ?
<dork> gondoi: it's the default storage engine now so i doubt it
<jmichaelx> tdi: i am not sure what your asking... i want sftp
<gondoi> dork: thanks.. just wondering cause i'm not seeing it in show engines; and there is no error on startup
<SpamapS> jmichaelx: sftp, unfortunately, has multiple meanings
<gondoi> also an innodb = force  won't let mysql start at all... (no error)
<jmichaelx> SpamapS: which would explain my confusion, i'm sure
<jmichaelx> i know there is ftp, sftp, ftps and ftp pver ssh... i was not aware of anything else
<tdi> jmichaelx: there is scp with ssh and there is FTPS, which is called sometimes sftp
<tdi> s/scp/sftp/
<smw> SpamapS, sftp has only one meaning I know of
<jmichaelx> i also think SFTP means only one thing
<SpamapS> Honestly, for me, anything with FTP means "Fail" in my dictionary
<jmichaelx> yes, FTP does mean fail
<smw> SpamapS, all except for sftp
<dork> snark snark
<jmichaelx> SFTP is lower on fail
<smw> SpamapS, sftp has no relation to ftp
<jmichaelx> exactly
<jmichaelx> SFTP is a part of ssh
<smw> SpamapS, but ftp must die
<jmichaelx> yes... my whole project is to kill FTP, and require SFTP
<smw> jmichaelx, sftp actually will work over any transport. But that transports needs to handle auth/encryption
<jmichaelx> smw: sorry for my ignorance, but i did not understand
<smw> jmichaelx, whatever, it is a technical detail that the protocol can be used anyware. Mostly it is used with ssh :-)
<jmichaelx> smw: ok... i am just needing SFTP to work with LDAP. don't really care how
<jmichaelx> not surprisingly, there is a lot of conflicting documentation out there
<SpamapS> jmichaelx: it should work if ssh works with LDAP
<smw> jmichaelx, what SpamapS said :-)
<jmichaelx> yea, i get that part. my whole question is how to do that
<jmichaelx> FTP workd with LDAP, ssh does not (yet)
<jmichaelx> works*
<smw> jmichaelx, first link on google. http://www.cyberciti.biz/tips/howto-configure-sshd-to-use-openldap-server.html . I have never done this before so I can't give any better :-\
<jmichaelx> smw: if it was your first link on google, you can rest assured that i have already seen it
<smw> jmichaelx, https://help.ubuntu.com/community/LDAPClientAuthentication
<smw> jmichaelx, then I have no idea :-\
<jmichaelx> yea... i can should look through that again, although like i said i have pam/ldap/ftp working just fine... getting sshd to work with this *should* not be so difficult
<SpamapS> jmichaelx: I can't imagine it would be any different than the ftp setup.. just a different pam.d file
<jmichaelx> exactly... and i have been messing with pam.d/sshd  i feel like i am missinf something very simple
<SpamapS> jmichaelx: I've always had a hard time getting pam confs for services "just right"
<jmichaelx> yea, same here
<dork> btw
<dork> my great software raid debacle from the otherday
<dork> was due to mindlessly keeping my original mdadm.conf and not replacing it
<dork> recreated the problem on another box
<virusuy> dork: really ?
<virusuy> so, recreate your mdadm.conf and problem solved ?
<dork> virusuy: yep
<virusuy> dork: alright then !
 * SpamapS really hates the problems that mdadm.conf causes
<dork> virusuy: the difference is, the new syntax doesn't have the amount of devices and the raid types specified in it
<virusuy> ohh ok
<dork> SpamapS: i spent over 12 hours in our DC trying to fix this problem on a production box
<dork> but it was my fault indeed, now i have nothing to bitch about
<dork> lol
<SpamapS> dork: my condolences to your time. :-/ I am sure there is a reason for mdadm.conf .. just not sure what it is.
<dork> yah
<virusuy> dork: but hey, look at the bright side
<virusuy> you learned something new ! :)
<dork> virusuy: yeah if that was the worst thing they can complain about on me, i'm good
<virusuy> dork: :-)
<Somedude> I get this when trying to turn on VT-d. (Intel VT-d tech enabled), intel_iommu=on(!): Your BIOS is broken; DMAR reported at address fed90000 returns all ones
<Somedude> What could be causing this error/warning?
<Somedude> BIOS is up to date
<SpamapS> Somedude: #ubuntu-kernel *might* have a better handle ont hat one.
<Somedude> asked it there, tanks! :-)
<atruno> is there a domain registrar that makes it easy to host your own website at home using apache ?
<SpamapS> atruno: at home? why would you want to do that? "To the cloud!"
<atruno> what does the cloud mean ?
<atruno> is that shared web hosting or different ?
<atruno> how do i host apache in the cloud ?
<smoser> atruno, i don't think that one registrar or another is going to impact your path for getting a website up from your house.
<atruno> ok no problem
<smoser> regarding SpamapS "the cloud", he was probably suggesting something like EC2.
<atruno> smoser, do you know if its difficult to bind a domain name to a home apache webserver ?
<atruno> what would EC2 do for me ?
<smoser> if you're new to AWS, you can get run a 674M system with 8G root for free for 1 year.
<smoser> other thing it would do is just stop you from needing to run something in your house.
<smoser> but there is cost associated (the "free for 1 year" is ~ $20/month).
<smoser> atruno, basically for what you want
<atruno> can't afford $20 a month
<smoser>  * register your domain
<smoser>  * figure out your IP at home
<smoser>  * point domain at home IP (hopefully either hooking up some dyndns to that, or getting a static IP at home)
<smoser>  * run apache on home
<smoser>  * profit.
<atruno> thank you
<atruno> which if the dyndns.org type services are free for binding domain names to home ip's ?
<atruno> or is there one that is cheap ?
<smoser> atruno, read about http://zoneedit.com/
<smoser> i've used them some in the past
<smoser> but i'm not terribly experienced in this, other than having done it once or twice.
<atruno> thank you
 * medberry has two free hostnames on dyndns
<medberry> and one is attached to a t1.micro on amazon EC2
<atruno> my router only supports dyndns.org not zoneedit.com
<medberry> though sadly, I'm out of my "free year"
<atruno> is it hard to run your own dns server on ubuntu ?
<atruno> also does comcast allow yout to run your own dns server ?
<medberry> atruno, that's several "it depends". however, you can easily run dns at home.
<medberry> Now, running it in such a way that it is useful to someone NOT in your home is a whole different ball of wax.
#ubuntu-server 2011-11-09
<medberry> but you could run dnsmasq or something like that on a subnet or nat at home. I think if you really are intending to host an apache at home that has some actual utilization, you probably want to review your goals, your TOS, and your investment (time, energy, power, equipment, etc.)
<medberry> putting ubuntu up on one of the host providers or up on one of the cloud providers looks more and more attractive if you actually have any usage.
<atruno> can anyone recommend a domain registrar that is better than godaddy.com ?
<EvilResistance> atruno:  define "better"
<atruno> EvilResistance, thats relative i'm open to any suggestions
<EvilResistance> atruno:  well you need to have a definiton of better in order to get an answer
<EvilResistance> fwiw, i use 1and1 for domain registration
<EvilResistance> but then dump DNS into zoneedit
<atruno> thank you
<EvilResistance> atruno:  1and1 has horrid DNS so you'd need third party or your own hosted
<EvilResistance> atruno:  there's tons of other registrats out there, google for "domain registrar comparison"
<twb> It seems silly to use your restrar for DNS (or any other) hosting
<SpamapS> twb: its so easy to use the registrar for DNS at this point.. for anything "not serious" .. way easier than setting up two of your own servers :P
<twb> Grmph
<twb> I'd rather handball the DNS to zoneedit than a registrar
<twb> OK so I have a lucid server that runs a big bag of streamripper processes, currently started up via a really horrible perl script invoked by a really horrible sysvinit job.
<twb> the config file looks like this: http://paste.debian.net/144034/ (first field is the port to listen on)
<twb> I'm thinking this should really be an upstart job that has multiple instances
<Matrix3000_> http://screencast.com/t/boan8xWx6o
<Matrix3000_> i love it
<Matrix3000_> apt has supercow powers
<twb> Matrix3000_: "apt-get moo"
<Matrix3000_> ha that's awesome
<Matrix3000_> that's a awesome easter egg
<Matrix3000_> any others?
<uvirtbot> New bug: #887859 in nova (main) "euca-reboot-instances failed to reboot lxc instances after a crash" [Undecided,New] https://launchpad.net/bugs/887859
<twb> Matrix3000_: in Excel there is a flight sim
<c_heathcott> Hello.  I'm running a fresh install of 11.10 and running into issues with kvm/libvirt and bridged networking.  I've been referring to the KVM page in the community docs, and right now I've got the bridge interface setup on the host and I can ping to and from the host on my LAN.
<c_heathcott> I've assigned the bridge interface to the VM guests, and assigned static IPs on the same subnet within each guest, but I still can't ping to or from any of the guests.
<c_heathcott> Is it necessary to setup IP aliases in the host interfaces configuration, or should I simply be able to assign static IPs within each guest?  I've seen postings on the forums that seemed to indicate the latter although the community docs page goes through the steps of the former.
<jehoshua02> I'm having a mounting problem with an entry in my /etc/fstab file.
<jehoshua02> ... actually, I think the vbox share name is wrong ...
<jehoshua02> ... so not an ubuntu question.
<TheDigitalNinja> in a pam config file  if i want to set pam_mysql.so to use a non startard port  do i do host = hostname:port   or host = hostname port = port  ?
<skypent> Hey there, anyone know of good programs to install on a server that can tell me the IPs or users currently accessing the system?
<TheDigitalNinja> skypent: netstat -a should do the trick
<skypent> TheDigitalNinja : Thanks.
<jetole> Does anyone know an application that can monitor HTTP response times and create some pretty web graphs aside from smokeping?
<twb> Is "pretty graphs" a hard requirement?
<jetole> I'm partial to RRD but I guess no, it's not a requirement
<jetole> the data is more important then the graph
<SpamapS> apachepong anyone?
<twb> SpamapS: it sure does
<jetole> heh. lol
<jetole> well in this case, the majority of the http servers are IIS but apache pong is cute
<jetole> I like the smoke ping style and while the "smoke" concept of send multi pings to record difference between median, high and low is useful I want to limit to send only one ping per check but smoke ping doesn't support less then 3
<twb> FWIW I have collectd look at the detailed server_status page, which is not the same thing
<twb> jetole: re median -- less than 20 or so is generally not statistically sound, let alone one :P
<jetole> I'll have to google collectd. I know of it but been years since I read up on it and lack of a photographic memory and all
<twb> It's a generic snarfers -> rrds solution, usually coupled with a separate rrds -> pretty graphs
<jetole> twb: depends on the context of the check and the perspective of the observation, for example if I send one check every minute then very narrow jumps arern't much of a concern but I can watch steady rise and fall and notice sudden jumps when they are maintained long enough
<SpamapS> If you want resolution under 1 minute.. you should be tailing logs or sniffing traffic, not probing from outside.
<jetole> well I didn't say _under_ one minute but yeah I see your point
<jetole> oh now this is cool to watch: http://www.youtube.com/watch?v=s98-5rZIVyk&feature=related
<jetole> I never realized software development could be this entertaining from this perspective
<twb> When I am pair programming/sysadminning, I usually finish every sentence with "quick!  Quick!  Type faster!"
<twb> "Not that left your other left!"
<twb> Really keep them on their toes
<jetole> heh. Well thank god we got admins to deal with the -l users. I'm an engineer and my work is typically around the data center
<jetole> I guess if I had typed that faster he would have seen it before he quit :-(
<jehoshua02> Does anybody understand how to use the fmask option in the mount command? I'm using 027, hoping for "-rwxr-----". Any reason why I would get "-rw-r-----" instead?
<uvirtbot> New bug: #887953 in samba (main) "package samba-common 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: subprocess installed post-installation script returned error exit status 126" [Undecided,New] https://launchpad.net/bugs/887953
<uvirtbot> New bug: #861682 in keystone "Foreign keys should relate to fields of the same type" [High,Fix released] https://launchpad.net/bugs/861682
<plm> Hi all
<plm> people, where aI see list of packages of ubuntu 11.10?
<lynxman> morning o/
<plm> what is postgresql version in ubuntu 11.10?
<lynxman> plm: https://launchpad.net/ubuntu/+source/postgresql-8.4
<plm> lynxman: that is about âpostgresql-8.4â package in Ubuntu
<plm> lynxman:  I would like know where I see a list of pacakges in ubuntu 11.10. I think are there some place where I can see all packages and version of pacakges contents in ubuntu 11.10 right?
<lynxman> plm: I guess so, can't remember form the top of my head though :/
<plm> anyone? google not tell me :-)
<plm> *told
<jamespage> plm: http://packages.ubuntu.com/
<plm> jamespage: thanks
<jamespage> np
<Daviey> lynxman: can you follow up on bug 874981, please? :)
<uvirtbot> Launchpad bug 874981 in mcollective "Please merge/sync mcollective from debian wheezy" [High,In progress] https://launchpad.net/bugs/874981
<Daviey> jamespage: is libcommons-dbcp-java merge on your radar?
<uvirtbot> New bug: #887998 in asterisk (universe) "GoSub Dialplan Application not registered" [Undecided,New] https://launchpad.net/bugs/887998
<jamespage> Daviey: I took a look - see comment - https://launchpad.net/ubuntu/precise/+localpackagediffs?field.name_filter=libcommons-dbcp-java&field.package_type=non-ignored&field.package_type-empty-marker=1
<lynxman> Daviey: I reported on it on the server meeting yesterday :)
<lynxman> Daviey: and got some extra news
<Daviey> lynxman: ok, thanks - i'll catch up on that
<lynxman> Daviey: http://ubottu.com/meetingology/logs/ubuntu-meeting/2011/ubuntu-meeting.2011-11-08-16.09.moin.txt
<Daviey> NCommander: are you planning to attack ipmitool?
<Daviey> adam_g: facter merge on your shoulders?
<eagles0513875|2> hey guys i have a very nasty issue
<eagles0513875|2> apt-cache policy is showing i have libcupsys2-dev installed yet its showing there is no installation candidate and that its not installed yet it is installed on my system and there is an install candidate available
<uvirtbot> New bug: #888006 in squid (main) "package squid 2.7.STABLE7-1ubuntu12.4 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/888006
<ikonia> eagles0513875|2: confirm if the package is installed yes/no before deciding how to proceed
<eagles0513875|2> apt-cache policy is showing installed and candidate as none
<eagles0513875|2> yet when i do apt-get install libcupsys2-dev it tells me that its already installed
<ikonia> eagles0513875|2: apt-cache is not showing what's installed
<ikonia> confirm if the package manager believes it's installed or not
<eagles0513875|2> that the libcupsys2-dev package is installed
<eagles0513875|2> and also its not showing a candidate package that can be installed
<ikonia> eagles0513875|2: ok, how did you verify that
<eagles0513875|2> with apt-cache policy
<ikonia> apt-cache policy does not list what's installed
<ikonia> how are you confirming it's installed
<eagles0513875|2> i usually do it that way to confirm as it shows if its installed and gives you the version of the package installed
<ikonia> that is showing the policy
<ikonia> confirm the package manager thinks it's installed
<eagles0513875|2> ok. how though
<ikonia> you're a paid sysadmin ?
<ikonia> I'll leave you to work that out, I'm happy to help, but I'm not feeding you the basics after the ammount of time you spend bragging how much of a paid/quality sysadmin you are
<ikonia> once you've done that, we can walk it through
<eagles0513875|2> ok found the answer on google
<ikonia> how are you confirming it's installed
<eagles0513875|2> dpkg --get-selection | grep cups
<ikonia> so can you see the package in that list ?
<eagles0513875|2> yes
<ikonia> ok - so the package manager believes it's installed
<eagles0513875|2> ill be back later off to lunch
<ikonia> ok
<uvirtbot> New bug: #888031 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/888031
<lynxman> jamespage: ping
<jamespage> lynxman: pong
<lynxman> jamespage: need some help with a java process start script
<lynxman> jamespage: let me pm you
<jamespage> here is good
<lynxman> jamespage: ah cool
<lynxman> jamespage: dealing with the activemq startup script
<lynxman> apart from lack of dependencies (doesn't depend on openjdk, need to fix)
<lynxman> the script won't start a heatlhy instance, where if I feed the parameters manually it will
 * jamespage checks 
<jamespage> lynxman: deps look OK
<jamespage> just pulling the source
<lynxman> jamespage: k,just check the init, the start-stop-daemon line doesn't spawn anything
<lynxman> jamespage: whereas if I do su - activemq -c "/usr/bin/activemq start xbean:activemq.xml" it does run
<jamespage> lynxman: precise or oneiric?
<lynxman> jamespage: precise
<jamespage> hmm
<jamespage> lynxman: I just tried enabling the main instance as it worked OK for me
<jamespage> anything specific you are doing different?
<lynxman> jamespage: oh bummer.. then my box is broken :/
<lynxman> jamespage: just ln -s the instance from available then start
<jamespage> yes
<lynxman> jamespage: somethings borken with my precise machine then :/
<jamespage> lynxman, http://paste.ubuntu.com/733086/
<jamespage> and http://paste.ubuntu.com/733086/
<lynxman> jamespage: same
<lynxman> jamespage: I'll just reinstall my devel vm, this one is broken I reckon
<jamespage> lynxman: looks that way
<lynxman> jamespage: thanks a bunch :)
<jamespage> np
<jamespage> that init script would be so much simpler with upstart
 * jamespage puts that on the TODO list
<bitshift> Hi, me again - not sure why but the Ubuntu Server Installer goes away and doesn't come back after picking the mirror to use. No errors in dmesg, last thing I see is about ethernet link up - and syslog has some messages about goog signature from package maintainers or something but nothing else (10.04.3) what should I do?
<lynxman> jamespage: that would be schweet
<lynxman> jamespage: do we have isos of precise server yet?
<jamespage> lynxman: http://cdimages.ubuntu.com/ubuntu-server/daily/current/ looks that way
<jamespage> not tried one yet tho
<lynxman> jamespage: cool :)
<lynxman> jamespage: always forget about the url... doh
<jamespage> you should try a 'bookmark' - they are great :-)
<Daviey> roaksoax: hey, around?
<lynxman> jamespage: can you talk more about that bookmark thing, it sounds interesting
<jamespage> lol
<Daviey> jamespage: have your invoice book to hand.
<smoser> lynxman has a precise machine. bravo.
<smoser> you're weeks behind Daviey though. he upgrades as soon as the archive opens.
<zul> wait desktop or server?
<bitshift> can anyone help with a lack of any activity from the 10.04.3 server installer?
<ninjix> bitshift: physical or virtual?
<bitshift> physical
<ninjix> upgrade?
<bitshift> no, fresh
<bitshift> it configured the network card and asked me which mirror to use, and then went away
<ninjix> which did you choose?
<bitshift> gb.archive.something
<eagles0513875> hey ikonia i am back
<bitshift> no errors in dmesg or syslog, installer has just left me with the blue background and hasn't done anything
<lynxman> smoser: yeah I upgraded 2 weeks ago from an oneiric one, badly though
<ninjix> might want to try again with one of the Canonical servers
<bitshift> okay, I'll restart the installer and try - will be back shortly
<smoser> lynxman, my upgrade monday went fine. laptop is happily running the pangolin
<ninjix> heh, Oneiric not new enough for you :)
<lynxman> smoser: :)
<lynxman> smoser: that's one of the reasons why you're better than me
<smoser> only one of them
<smoser> :)
<lynxman> smoser: one of many!
<bitshift> It seems to have done the same thing, I chose archive.ubuntu.com
<bitshift> It flickered something as though it was getting a package list or something but it disappeared almost instantly
<bitshift> and then went away
<khussein78>  i found this errors in my syslog,  iuse ubuntu server 11.04
<khussein78>  http://pastebin.com/RvsyUWkm
<khussein78> any idea about this
<uvirtbot> New bug: #861813 in keystone "Two files missing from keystone source package" [High,Fix released] https://launchpad.net/bugs/861813
<khussein78> any idea about this please  http://pastebin.com/RvsyUWkm
<zul> smoser: ping you are using devstack right?
<smoser> ping yes
<smoser> well, i have.
<smoser> i'm not right now.
<smoser> i'm using xchat for irc
<zul> smoser: with keystone?
<smoser> oh. i dont thin kthat got sorted out.
<smoser> i think you may not be able to use the ec2 api with keystone at all
<smoser> !
<zul> you can
<smoser> so, thats your first bug
<smoser> :)
<zul> the middleware is there
<zul> *grumble *grumble*
<smoser> vish commented once that he was working on sorting it out.
<smoser> that was probably 3 weeks ago.
<zul> i need to figure out keystone first
<smoser> jamespage, around ?
<smoser> $ apt-cache show ec2-api-tools | grep Dep
<smoser> Depends: default-jre-headless | java6-runtime-headless
<jamespage> smoser: yep
<smoser> $ dpkg-query --show default-jre-headless
<smoser> default-jre-headless	1:1.6-43ubuntu1
<smoser> $ which java || echo no java
<smoser> no java
<smoser> what went wrong ? somehow getting 'default-jre-headless' does not get me a jvm on precise
<jamespage> smoser: yikes
<jamespage> it should
<bitshift> hory shet 10.04 has started installing
<bitshift> fgsfds awesome
<smoser> ok. wait, it did. i do have openjdk-6-jre-headless
<ninjix> bitshift: selecting a different repo mirror work?
<bitshift> no leaving it for 30mins seems to have worked lol
<bitshift> suddenly saw network activity lights flickering and thought "oh god maybe" and so connected monitor and suddenly
<ninjix> love auto-fix
<smoser> ah. i see.
<smoser> my old /usr/bin/java -> /etc/alternatives/java -> /usr/lib/jvm/java-6-openjdk/jre/bin/java
<smoser> but openjdk-6-jre-headless now installs java to /usr/lib/jvm/java-6-openjdk-amd64/jre/bin/java
<jamespage> update-java-alternatives might be your friend there
<smoser> ie, 'openjdk-amd64' rather than 'openjdk'
<jamespage> is this an upgraded system then?
<smoser> yes.
<smoser> opening bug.
<jamespage> good idea
<smoser> bug 888100
<uvirtbot> Launchpad bug 888100 in openjdk-6 "java alternative link broken after upgrade" [Undecided,New] https://launchpad.net/bugs/888100
<roaksoax> Daviey: im here
<zetui> anyone know about this error :
<zetui> [ 6307.476929] ACPI Error: SMBus or IPMI write requires Buffer of length 42, found length 20 (20090903/exfield-286)
<zetui> [ 6307.476929] ACPI Error: SMBus or IPMI write requires Buffer of length 42, found length 20 (20090903/exfield-286)
<zetui> [ 6307.476938] ACPI Error (psparse-0537): Method parse/execution failed [_____SB_.PMI0._PMM] (Node ffff88011b64ad00),
<zetui> every 5 sec i got this error on my machine
<zetui> anyone there ?
<SpamapS> zetui: looks like a problem with sensors
<zetui> what sehnsors ?
<zetui> --
<Zanzacar> Hi everyone, I have created a new user with useradd, and modified the bash shell afterwords with usermod
<Zanzacar> The purpose of this FTP account is to allow a friend to mainly FTP into my server, that being said I dont want him to have access to anything other then his home directory more or less
<Zanzacar> how would I go about that? I tried rbash but that seemed super restricted.
<Zanzacar> and I dont even know how rbash would correspond with a FTP account.
<SpamapS> Zanzacar: you should be using *sftp* not FTP
<Zanzacar> right it is sFTP b ecause its only over port 22
<bitshift> and because it's just better, safer
<Zanzacar> correct
<SpamapS> Zanzacar: there is a program called 'scponly' which will chroot a user into their home dir. That might be what you want.
<Zanzacar> SpamapS: Thanks I will look into scponly. My friend does know linux or anything so he will mainly only be using winscp to login and copy files.
<Zanzacar> doesnt know, not does know haha
<Zanzacar> SpamapS: this seems like a typo but I always like to be sure. http://www.debian-administration.org/articles/94
<Zanzacar> in the second step it says stfp-server..... shouldnt this say sftp-server?
<plm> what is site to downlaod ubuntu server.. wher I can to choice file.. not that default in page..
<lynxman> smoser: around?
<smoser> here, l
<smoser> lynxman,
<lynxman> smoser: what would be for you the best way to detect the existance of another package from inside a postinst script of a package :)
<lynxman> smoser: trying to figure out if activemq is there and otherwise rabbitmq
<lynxman> smoser: just check for the config dir existance?
<smoser> lynxman, i'm not really sure. there might be some policy regarding responding to the existance of another package.
<smoser> at very least, i would not think it is easy to do for something like 'apt-get install rabbitmq activemq'
<lynxman> smoser: yeah I'd rather not :) just check that they're there (they're a dependency already activemq | rabbitmq-stomp )
<smoser> i really dont know, lynxman
<lynxman> smoser: gonna check the deb packager guide to see...
<smoser> you'll get better feedback, but not like it, in #ubuntu-devel
<smoser> s/but not like it/but may not like what you get/
<lynxman> smoser: lol, I'll ask there then :)
<rbasak> roaksoax, zul: could you review https://code.launchpad.net/~clint-fewbar/ubuntu/oneiric/cobbler/misc-fixes/+merge/77771 please? It'll make it easier for my further changes if it's merged.
<lynxman> smoser: well truth always hurts
<lynxman> smoser: lol
<rbasak> Or is that now obsolete due to oneiric being released?
<zul> rbasak: this is going into oneiric right?
<rbasak> zul: I'm confused now, sorry
<zul> rbasak: er...this is a bug fix for oneiric right?
<rbasak> zul: my fixes need to go into oneiric, and SpamapS' rev 52 probably needs to
<rbasak> yeah I guess so
<rbasak> maybe I should branch SpamapS' branch and add to it to merge everything in at once?
 * rbasak isn't really sure of the lp+bzr workflow here
<zul> rbasak: for oneiric can you follow https://wiki.ubuntu.com/StableReleaseUpdates?action=show&redirect=SRU
<zul> lp+bzr workflow is fine just the debian/changelog and stuff is incorrect
<SpamapS> hmmm?
<uvirtbot> New bug: #888124 in excalibur-logkit (main) "excalibur-logkit version 2.0-8 failed to build with openjdk-7" [Undecided,New] https://launchpad.net/bugs/888124
<hallyn> kirkland, regarding the first work item in https://blueprints.launchpad.net/ubuntu/+spec/servercloud-p-kvm (about orchestra), I know you said you didn't remember who that came from, but any idea who I could ask?  :)
<lynxman> smoser: actually I liked the answer :)
<lynxman> smoser: it's very cool
<kirkland> hallyn: looking....
<kirkland> hallyn: which one are you calling the "first" work item?
<kirkland> "orchestra integration for preseed configuration (thin hypervisors etc) (Serge doesn't know what this is): TODO" ?
<hallyn> that's the one
<kirkland> hallyn: meh, drop it
<kirkland> hallyn: i don't see it being that important
<hallyn> ok, i figured maybe someone would want it moved to some orchestra blueprint, but sure i'll drop it - thanks :)
<hallyn> hey, byobu-tmux q
<hallyn> i was thinking abou ttaking the plunge,
<kirkland> hallyn: yep
<kirkland> hallyn: neat, it's really awesome :-)
<hallyn> but does that mean all my ctrl-a shortcuts won't work, i assume?
<kirkland> hallyn: what do you mean?
<hallyn> i can't tell you how much those are built into my reflexes
<kirkland> hallyn: no, i've enabled screen's commands in tmux
<hallyn> ctrl-a ctrl-a, ctrla- ctrlw, ctrl-a-esc, ctrl-a ], etc
<kirkland> hallyn: yep, all of those should work the same
<hallyn> sign me up!
<hallyn> ppa:kirkland/byobu?
<kirkland> hallyn: source /usr/share/doc/tmux/examples/screen-keys.conf
<kirkland> hallyn: yep
<kirkland> hallyn: latest version is 4.46-0ubuntu1
<hallyn> thanks - will install, ttyl :)
<kirkland> hallyn: thanks, feedback will be appreciated ;-)
<hallyn> oh I BET you'll get some :)
<kirkland> hallyn: i'll release another version today with the byobu/tmux keybindings documented
<kirkland> hallyn: :-D
<hallyn> awesome, thanks
<hallyn> no, wait,
<hallyn> is it ppa:kirkland/ppa ?
<hallyn> doesn't have 4.x
<kirkland> hallyn: no
<kirkland> hallyn: sorry
<kirkland> hallyn: ppa:byobu/ppa
<hallyn> ah
<hallyn> cool
<kirkland> hallyn: fwiw, ALL of my projects are ppa:FOOO/ppa
<hallyn> kirkland, one thing slightly misleading, 'choose keybinding set' scares me into thinking that 'screen keys' means f keys won't work (but they do work)
<hallyn> also, ctrl-a esc does not in fact work :(  will have to read up on the new way to cut/paste
<kirkland> hallyn: hmm, yeah, if you file a bug on that, i need to rework that
<hallyn> i'll start a list and file this afternoon
<hallyn> quite nice.  nice and fast and smooth
<kirkland> hallyn: it is much faster
<kirkland> hallyn: at least it feels so to me
<kirkland> hallyn: have you tried the splits yet?
<patrickmw> jamespage, how much of the USIT framework do you feel can be replaced by juju charms?
<kirkland> hallyn: quick start ...   ctrl-f2 and shift-f2
<jamespage> not much of it TBH
<jamespage> different use can
<kirkland> hallyn: then shift-up/down/left/right
<hallyn> kirkland: yup, it took me two minutes to figure out how to MOVE between them :)
<jamespage> case
<kirkland> hallyn: then ctrl-up/down/left/right to resize
<patrickmw> jamespage, cool. just curious.
<kirkland> hallyn: alt-left/right also moves between windows
<kirkland> hallyn: and alt-up/down moves between sessions
<kirkland> hallyn: i find myself using splits more than windows/sessions now
<jamespage> patrickmw: until we drop tasksel from the ISO installer we still need to know that the simple application installs work
<jamespage> juju will really cover the more complicated test cases such as openstack for example
<kirkland> hallyn: *especially* when i'm on my 32" monitor
<hallyn> i don't have one of those :)
<hallyn> how do i start a new session?
<patrickmw> jamespage, there have been comments on the ramp up time to validate new tests before they get committed to trunk.  Juju just came to mind.  That is a topic that will be brought up next week (although I'm sure we won't spend much time on it)
<kirkland> SpamapS: ping
<jamespage> patrickmw: not sure I understand the context of 'trunk' in this case - please can you explain more?
<SpamapS> kirkland: pong! 'morning
<kirkland> SpamapS: howdya!
<hallyn> (answering myself: byobu-tmux new-session)
<hallyn> kirkland, you should get byobu-tmux added to the lsit of programs using tmux on tmux.sf.net
<kirkland> hallyn: cool, will do
<hallyn> ll right, figured out how to get into 'copy' mode, but not how to get out (without ctrl-c)  :)
<Daviey> smoser: is bug 789351 a euca or cloud-init bug?
<uvirtbot> Launchpad bug 789351 in eucalyptus "UEC cloud-init broken again in 11.04" [Undecided,New] https://launchpad.net/bugs/789351
<smoser> Daviey, i would suspect that the metadata service is somehow bustecd.
<smoser> and does not include 'instance-id' and cloud-init is failing as a result.
<kirkland> SpamapS: okay, sru uploaded
<Daviey> smoser: gah.. odd if it has, i didn't think anything in that area changed from 10.10->11.04
<smoser> well, i suspect htat is what is wrong.
<smoser> Daviey, i'd be interested in seeing the output of:
<smoser>  python -c 'import boto.utils, pprint; pprint.pprint(boto.utils.get_instance_metadata())'
<smoser> from inside an instance
<SpamapS> kirkland: roger, will review shortly
<kirkland> SpamapS: thanks!
<uvirtbot> New bug: #888206 in bacula (main) "package bacula-director-mysql 5.0.1-1ubuntu1 failed to install/upgrade: el subproceso instalado el script post-installation devolviÃ³ el cÃ³digo de salida de error 1" [Undecided,New] https://launchpad.net/bugs/888206
<pmatulis> damn, my squirrelmail got erased during an apache2 upgrade  :(
<kirkland> hallyn: can you give me your feedback on http://paste.ubuntu.com/733348/ ?
<SpamapS> pmatulis: uh, what?
<SpamapS> pmatulis: did you have it hosted in /usr/lib/apache2 ? ;)
<hallyn> kirkland, looks good.  no plans for an f- equiv to enter copy mode?
<kirkland> hallyn: that's F7, as well as Alt-PageUp/PageDown
<kirkland> hallyn: should I use the word "copy" there?
<hallyn> ah, no that's probably sufficient
<SpamapS> kirkland: accepted
<kirkland> SpamapS: \o/
<SpamapS> kirkland: btw, I am trying to get your old musica charm into lp:charm .. ever seen this:
<SpamapS> 2011-11-09 10:17:23,885 unit:musica/0: hook.output ERROR: File system loop detected; `./sys/devices/platform/reg-dummy/subsystem/drivers/serial8250/serial8250/tty/ttyS3/subsystem/tty32/subsystem' is part of the same file system loop as `./sys/devices/platform/reg-dummy/subsystem/drivers/serial8250/serial8250/tty/ttyS3/subsystem'.
<kirkland> utlemming: smoser: byobu SRU accepted;  could you guys help with the verification, so that we can get this tested and moved from oneiric-proposed to oneiric-updates in time for your next ec2 image builds
<kirkland> SpamapS: hrmf?  no...never
<kirkland> SpamapS: is there a find or something in there?
 * kirkland checks code
<SpamapS> http://ec2-107-20-129-129.compute-1.amazonaws.com/musica/
<SpamapS> Anywya, deploys fine ;)
<Daviey> SpamapS: your music collection is weak.
<SpamapS> LOL looks like it exposes the entire filesystem...!!!
<smoser> kirkland, i suggest that we test on next daily precise and oneiric build.
<smoser>  * verifiy that it is not on by default
<lynxman> SpamapS: GET /etc/passwd...
<kirkland> smoser: +1
<smoser>  * add-proposed && apt-get update && apt-get install byobu
<smoser>  * verify that LC_BYOBO=1 ssh host
<smoser>    gets it turned on
<Daviey> zul: did you see bug #879853 latest comment?
<uvirtbot> Launchpad bug 879853 in munin "Munin upload 1.4.6-1ubuntu1 drops fixes / sponsor debdiff instead" [High,Triaged] https://launchpad.net/bugs/879853
<zul> f*cking hell
<zul> ill have a look
<Daviey> :)
<Daviey> SpamapS: Are you doing a mysql-server merge?
<SpamapS> Daviey: transition to 5.5
<SpamapS> Daviey: I'll mark it on MoM
<SpamapS> oh, actually there's no mysql merge marked to do
<SpamapS> Daviey: 5.5.17 landed in experimental a few hours ago.. now need to upload a 5.1 which will let go of libmysqlclient-dev and -server/-client
<SpamapS> Daviey: then will merge them in
<SpamapS> Daviey: then rebuild all the rdeps
<SpamapS> Daviey: slangasek has also asked that we make a pass at making libmysqlclient multiarch .. so will have to take a stab at that.
<Daviey> SpamapS: Oh great! Do you want to hijack bug 880339 at the same time?
<uvirtbot> Launchpad bug 880339 in mysql-5.1 "AppArmor profile needs update" [Medium,New] https://launchpad.net/bugs/880339
<Daviey> i'm sure roaksoax won't mind :)
<Zanzacar> ?quit
<SpamapS> kirkland: bug in /etc/cron.hourly/musica .. does not fail if /usr/share/musica/music does not exist.
<SpamapS> kirkland: so ends up indexing all of /
<lynxman> SpamapS: quick question for you, I have an upstart script that forks but writes a pid file (so it's pretty clean), I'm calling it through exec but I expect respawn, should be safe to expect fork or daemon instead?
<Zanzacar> Hi everyone I wanted to chroot a ftp user. I created a new user. added chroot_list_file=/etc/vsftpd.chroot.list to the vsftpd.conf file
<SpamapS> lynxman: expect daemon is for things that fork twice
<lynxman> SpamapS: this just forks once
<lynxman> SpamapS: after the exec
<SpamapS> lynxman: so if all it does is forks, and then the parent exits.. and it never forks the main process again, its good for 'expect fork'.
<lynxman> SpamapS: cool, ty
<Zanzacar> after that I added just the username to the vsftpd.chroot.list file, after that I restarted vsftpd and logged in as the user, but I can see everything outside my home directory.
<SpamapS> lynxman: note that I am a big fan of just having things run in the foreground and using a post-start to determine if its actually "started" .. at least, until we get 'expect exit'
<lynxman> SpamapS: yeah me too but that would require patching everybodys config file
<Daviey> smoser: Are you still working on the rabbitmq 'logged in' bug?
<lynxman> SpamapS: which is something I'm a bit wary against
<smoser> bug 878600, daviey?
<uvirtbot> Launchpad bug 878600 in rabbitmq-server "service start rabbitmq-server' does not fully detach from parent" [Medium,Fix released] https://launchpad.net/bugs/878600
<Daviey> smoser: that fixes the issue on desktop and ssh?
<lynxman> SpamapS: damn, now it can't capture the pid, we suppressed pid file on upstart right?
<smoser> i dont know about desktop, Daviey
<Daviey> smoser: bug 884964 i assumed to be a dupe of the issue you were working on, am i wrong?
<uvirtbot> Launchpad bug 884964 in rabbitmq-server "rabbitmq leaves login session open" [High,New] https://launchpad.net/bugs/884964
<Zanzacar> how is the format of vsftpd.chroot_list suppose to be?
<smoser> Daviey, i actually dont know.
<SpamapS> lynxman: yeah, there's no pid file handling in upstart
<smoser> would have to test
<lynxman> SpamapS: rats :/
<Daviey> smoser: I might try your precise fix on my box here, and see if the issue goes away.
<Daviey> If it does, we should probably SRU that
<bitshift> Hey, how would I build just one module from the kernel source? Already got the build essential stuff and the kernel source for my version, but need the r6040 driver and nothing else
<lynxman> Daviey: mcollective merged \o/ what would you like for sponsoring? branch push? :)
<Daviey> lynxman: whatever you have been working from, i'm going to create a debdiff from ubuntu->ubuntu & debian->ubuntu before uploading.. so that works well :)
<lynxman> Daviey: I've just been working from the debian package straight, so debdiff from that should suffice?
<Daviey> lynxman: sounds good!
<lynxman> Daviey: so you won't need the ubuntu->ubuntu one I reckon
<lynxman> Daviey: cool, doing that now
<Daviey> lynxman: sid or wheezy?
<lynxman> Daviey: wheezy
<Daviey> cool
<Daviey> lynxman: does sid make more sense?
<Daviey> lynxman: http://pb.daviey.com/sAY0/
<lynxman> Daviey: not really, I'm sending this debdiff back to the debian maintainer too
<lynxman> Daviey: but up to you :) I can finish this merge tom. morning otherwise
<Daviey> lynxman: i think,  libstomp-ruby -> ruby-stomp is required. :/
<Daviey> the other things seem sensible
<lynxman> Daviey: yeah the debconf and po translations sure are tasty
<lynxman> Daviey: will merge from that then tom morning ;)
<Daviey> lynxman: you might find you can just apply a diff directly from debian onto your merge
<Daviey> (and fix the changelog)
<lynxman> Daviey: yeah but I was about to run out of the door :)
<lynxman> Daviey: but yeah, that was the plan
<Daviey> groovy
<Daviey> ping me tomorrow then :)
<Daviey> good work
<lynxman> Daviey: thanks :)
<Randolph> hi all
<Randolph> I wanted to know if it is normal that when there are some updates for Ubuntu 11.10, the user does not need to supply the root password ?
<Kiall> Randolph, I'm 99% sure i have to type my password out...
<Randolph> Kiall, me too until today
<Randolph> Kiall, sorry I must precise on ubuntu desktop
<Randolph> Kiall, wrong chan
<Randolph> Kiall, but if someone have an answer I will appreciate
<lynxman> Daviey: finally had the time to do it, find debdiff attached to bug 874981
<uvirtbot> Launchpad bug 874981 in mcollective "Please merge/sync mcollective from debian wheezy" [High,In progress] https://launchpad.net/bugs/874981
<ball> If a small business buys a support contract from Canonical, will they be able to help with simple tasks like adding a user, configuring Samba etc?
<SpamapS> ball: http://www.canonical.com/enterprise-services/ubuntu-advantage
 * ball takes a look
<ball> ...hope it's not Rick Astley.
<EvilResistance> ball:  out of curiosity... you cant just hire a linux admin?
<EvilResistance> assuming of course you're the business
<SpamapS> uh, that might be quite a bit more expensive ;)
<onre> not really if you don't hire him full-time
<EvilResistance> SpamapS:  /me is an on-call linux admin for 2 local small businesses, charges by the ticket.
<EvilResistance> :P
<onre> good admin can do wonders in hours
<ball> EvilResistance: Looking at these prices, an admin would be a lot more expensive.
<Randolph> onre, but not miracles
<onre> yeah. preferably the admin has been there when the system has been designed and planned :p
<onre> that makes it much more likely that he can do wonders ;)
<EvilResistance> mhm
<ssureshot> I'm trying to find out where failed login attenpts are originating from,, I've got an ldap backend with s3 domain,, any anyone point me in the right direction?
<Daviey> lynxman: great!
<adam_g> Daviey: which? facter 1.6.1-1ubuntu1 -> 1.6.2-1
<adam_g> Daviey: ? i can do tomorrow for sure (out today)
<Daviey> adam_g: no hurry. :)
<kirkland> hallyn: ping
<hallyn> kirkland, hey
<kirkland> hallyn: re: https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/888245
<uvirtbot> Launchpad bug 888245 in byobu "horizontal split not remembered when switching vertical splits" [Wishlist,Confirmed]
<kirkland> hallyn: try shift-F3 and shift-F4
<kirkland> hallyn: tell me if that behavior is "better" for you?
<kirkland> hallyn: there's a very subtle difference between shift-F3 and shift-right
<hallyn> no, shift-f3 takes me up, not left ?
<hallyn> i see - shift-f3 is like 'ctrl-a ctrl-a' in screen - last active screen
<hallyn> so, if i do 'shift-left' and then 'shift-f3', it does what i'd want it to do
<hallyn> (but that's not really a good substitute :)
<kirkland> hallyn: shift-f3 moves you "counter clockwise"
<hallyn> (it's like having alt-tab for different app, alt-` for same app different window - too much thinknig when i'm moving doing something)
<kirkland> hallyn: shift-f4 moves you "clockwise"
<hallyn> oh i see
<kirkland> hallyn: and will operate like a circular linked list
<hallyn> i didn't experiment enough
<kirkland> hallyn: shift-left/right are more explicit -- they *only* go left and right
<kirkland> hallyn: right, i'm trying to figure out what makes most sense here
<hallyn> yes, but the 'bug' i was filing was about being able to go left-right-left-right and stay in bottom window
<hallyn> oh, i see why it does it now too
<hallyn> i.e. if you have 2x2, you can move left-right-left-right and stay in bottom,
<kirkland> hallyn: right, your "last" focused one
<hallyn> but if you have 1 full-height and
<hallyn> no
<hallyn> if you have full-height on left and 2 on the right, when yo move to the left one, it just things you're in the top now.
<hallyn> so it's never remembering where you were vertically
<hallyn> it only tries to go based on where youare now
<kirkland> hallyn: right, i'm looking at tmux code now
<kirkland> hallyn: to see if your previous focus is tracked and stored
<kirkland> hallyn: and how to reference that
<kirkland> hallyn: there is a 'last-pane'
<virusuy> hello everyone
<hallyn> stgraber, did you say arkose already ships with its own bridge?  Where is that getting set up?  I don't see it in the package source...
<kirkland> hallyn: hmm, i'm not sure there's going to be an easy solution to this
<hallyn> kirkland, i had a feeling :)
<stgraber> hallyn: no, arkose uses point-to-point veth devices to communicate with the outside (/31 on the 169.254.x.x subnet)
<hallyn> stgraber, what does the other end link to though?  doesn't it have to connect to a bridge?  Or, you're using iptables on the other end?
<hallyn> I see it now, though - thanks
<stgraber> hallyn: both veth devices have IP addresses and arkose sets up forwarding + masquerading to make it work
<hallyn> stgraber, ok - i guess for the lxc default config, to avoid changing lxc-start too much, it's still easier to create lxcbr0 and just set masq up for it
<hallyn> thx
<stgraber> hallyn: yep, that's definitely the easiest. Are you planning on starting dnsmasq as DNS + DHCP server on that bridge too (through an option ideally)?
<stgraber> hallyn: I think we basically need options for: global on/off switch for the bridge, DHCP+DNS, name of the bridge and subnet for the bridge
<|rt|> hey guys what package do you guys use for serving iscsi targets?  It seems as though the default solution to that has changed between the last LTS and current...so if you were running LTS do you run iscsi-target or the newer solution tgt?
<hallyn> yeah that's what i'm doing, controlled through /etc/default/lxc options
<hallyn> |rt|, you might ask in #ubuntu-kernel, but my impression was that tgt was the way to go.  ppetraki do you know offhand?
<hallyn> stgraber, actually i think i'll hold off on making dnsmasq use optional.  I'm sure that'll come later, but i want to keep it as simple as possible right now
<|rt|> hallyn: for the LTS that would mean pulling in tgt from universe but probably would make it a more future proof solution
<|rt|> hallyn: with a new LTS version not that far off now
<hallyn> hm, if it's still in universe, then i guess that can't be our recommended route :)
<hallyn> oh, you mean 10.04
<hallyn> sorry i thought by 'current' you meant 12.04
<|rt|> hallyn: yeah sorry this server is running LTS
<|rt|> hallyn: but I know that tgt is now the recommended solution with 12.04 as I've been playing around with it a bit at home
<|rt|> hallyn: should I file a bug that the tgt package doesn't include the man pages in 12.04
<hallyn> |rt|, that would be great, yes :)
<NCommander> Daviey: when I have hardware, sure
<|rt|> hallyn: in general I think iscsi (target and initiator needs some more documentation)  I may volunteer to try to get something done on the documentation side of things as that's an area that I can contribute
<hallyn> awesome
<|rt|> is the only way to file a bug these days by running ubuntu-bug <package>?
<|rt|> b/c if I'm filing a bug from my desktop that doesn't have the tgt package installed that may look a bit odd in the bug report
<EvilResistance> |rt|:  i file bug reports without ubuntu-bug all the time :p
<EvilResistance> except i usually include technical details and crap anyways :P
<EvilResistance> where crap includes useless information from the errors i get :P
<|rt|> EvilResistance: where do you find that option on launchpad?
<EvilResistance> |rt|:  what option?
<|rt|> EvilResistance: I only see the button to file a new bug that takes me to the wiki on how to file a bug
<EvilResistance> |rt|:  start by searching launchpad for the package
<EvilResistance> um...
<EvilResistance> for example
<EvilResistance> this is the launchpad page for the package php5-gd: https://launchpad.net/ubuntu/oneiric/+package/php5-gd
<|rt|> yeah I've already done that do you need to get to the package page to file a new bug against it?
<EvilResistance> i *always* start there first
<EvilResistance> |rt|:  it never hurts, but usually
<EvilResistance> |rt|:  ubuntu-bug figures out what to do automagically
<EvilResistance> by pumping info into launchpad
<|rt|> EvilResistance: ah the report a bug button on a package page does let you manually add a bug...but in the bug search page it takes you to the wiki on how to file a bug
<EvilResistance> |rt|:  what packages
<EvilResistance> package(s) *
<EvilResistance> as well, what distro
<EvilResistance> tgt?
<EvilResistance> |rt|:  is this for the "tgt" package?
 * EvilResistance assumes  so given your prior posts
<|rt|> yeah but I just realized my error
<|rt|> man tgt doesn't return anything
<|rt|> but man tgtadm does
<EvilResistance> :P
<EvilResistance> |rt|:  fwiw...
<EvilResistance> https://bugs.launchpad.net/ubuntu/+source/tgt/+filebug
<|rt|> so no bug to file :)
<EvilResistance> you file bugs against the source of a package
<EvilResistance> i.e.
<EvilResistance> php5-gd's source package is just "php5"
<EvilResistance> so when i filed a maverick bug against php5-gd
<EvilResistance> i filed it against the php5 source package
<EvilResistance> and linked in that it was about maverick
<EvilResistance> so searching for the package's source package will lead you to where to file a bug
<EvilResistance> if its in ubuntu's repos, then bugs.launchpad.net/ubuntu/+source/<srcpkg>/ is a good template to remember
<EvilResistance> (note you need to know what the source package is ;P)
<EvilResistance> for tgt though, the source package is 'tgt' :p
<|rt|> yeah tgt is an easy one :)
<EvilResistance> some people automatically assume that there's a source package for every binary in the repos though
<EvilResistance> not realizing there isnt :p
<virusuy> ElizabethKelley2: really, i thought that, basically because a binary is source code + rules to compile it
<virusuy> well, it's more complex than that
<ElizabethKelley2> Hello>?
<EvilResistance> virusuy:  fwiw, i think you mishighlighted
<EvilResistance> :P
<virusuy> ups, thats right
<virusuy> Sorry ElizabethKelley2
<virusuy> EvilResistance: so, a binary isn't that?
<Gr3mlin> hay all
<Gr3mlin> whats the name of the headless sys spec monitor called? ive forgotten.
<Gr3mlin> anyone?
<SpamapS> Gr3mlin: sys spec monitor?
<Gr3mlin> resource monitor
<Gr3mlin> like, cpu, ram.. its got a strange name
<SpamapS> Gr3mlin: like, top ?
<Gr3mlin> top?
<SpamapS> There are a plethora of plethoras of monotoring tools
<Gr3mlin> :) i'll have a look at top, but it was saidar :) is top better?
<SpamapS> never heard of saidar
<SpamapS> Gr3mlin: if you've never had top, I don't know if you've ever really run a server. ;)
<Gr3mlin> lol, its my first home server. just a tiny one, im getting use to ubuntu.
<Gr3mlin> saidar is somewhat what i need, its got cpu, network, hdd, mem. what else do you need! :D
<Gr3mlin> ok, HTop looks rather good.
<Gr3mlin> thanks for the help! ;) have fun! :D
<yaboo> should thank the people who helped me before on my soft raid issue, thank you channel
<ppetraki> hallyn, |rt|, I can ask the QA guys and get back to you, last time I looked into this the answer wasn't straight forward so I'm not surprised that these questions are coming from the community
#ubuntu-server 2011-11-10
<uvirtbot> New bug: #888266 in cobbler (universe) "'cobbler sync' fails when run in a bash script after 'service cobbler restart'" [Undecided,New] https://launchpad.net/bugs/888266
<joren> Anyone have any suggestions on why an 11.10 server might not boot after installation?
<joren> I've re-installed grub already, and I'm able to mount the root raid device from the ubuntu cd
<donspaulding> Anyone out there know what the "State of the Art" is when it comes to creating LXC containers on ubuntu server?
<donspaulding> Should I be looking at libvirt solutions or rolling my own creation scripts?  It seems like everyone has a slightly different take on how to create containers, and I'm looking for some tried-and-true utilities.
<SpamapS> donspaulding: lxc-create ? ;)
<tohuw> Is there a way to have writable webdav shares besides giving the Apache user access?
<donspaulding> SpamapS: Your palindromic username tells me all I need to know.
<donspaulding> :-P
<donspaulding> I'm following along on this article, and it all seems soâ¦thrown together.  http://www.activestate.com/blog/2011/10/virtualization-ec2-cloud-using-lxc
<donspaulding> and all the articles I've read on lxc are like that.
<donspaulding> I was just hoping there was something more than a bunch of half-hearted wrappers around lxc-ubuntu
<SpamapS> tohuw: unfortunately not really. the daemon has to have write access... unless you write an suexec capable CGI / PHP webdav implementation.. but that seems unlikely to be worth the time ;)
<SpamapS> donspaulding: I find lxc-create pretty good. :)
<SpamapS> donspaulding: you can try the juju local provider..
<SpamapS> donspaulding: https://lists.ubuntu.com/archives/juju/2011-October/000844.html
<tohuw> SpamapS: The idea of re-implmenting webdav into a CGI or PHP environment just to use an existing suexec tool makes me consider the benefits of seppaku.
<tohuw> Thanks for the assitance... I'll just have to find another way to make this work..
<twb> donspaulding: libvirt contains its own LXC code that is separate from that in the "lxc" package.
<twb> donspaulding: last time I looked they worked very differently and the libvirt one was far more primitive
<twb> tohuw: run a separate webdav httpd on a high port?
<twb> I guess the owner of that proc would still need write access, tho
<tohuw> twb: yes, that was just suggested to me in #httpd. Create another httpd daemon with minimal modules and tight security, and have it serve webdav shares.
<donspaulding> twb: ah, thanks for the tip.
<twb> I wonder if there's a decent DAV implementation that basically just static HTTP+DAV and no fancy crap like php or cgi
<tohuw> twb: I could disable cgi and php in another httpd instance if I had it use its own configuration directory, no?
<twb> Yes
<twb> I just don't like that it's even in there, because it means the devs care more about features than security
<T3CHKOMMIE> hey guys, anyone know where i could get some help getting my compiled kernel installed on a hard drive or getting a live cd set up for it
<kyconquers> I am trying to decide whether to use postfix or exim for an outbound SMTP relay. Where would i find a good comparison or documentation on this?
<virusuy> T3CHKOMMIE: maybe  #ubuntu-kernel
<T3CHKOMMIE> sweet thank you!
<virusuy> kyconquers: i always use postfix, but take a look at : http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fshearer.org%2FMTA_Comparison&ei=szG7ToSqOIGSgQeC2625CA&usg=AFQjCNH8C6vnjm8DhWbyZtba7ukBMmcIoA&sig2=TWrpFB66pbbj5hGFAUN-3g
<virusuy> is a nice review between exim qmail, sendmail and postfix
<virusuy> with pros and cons
<virusuy> and also talks about administration, releases, comunity ,etc
<kyconquers> virusuy, thank you, I'm definitely using postfix as a MTA and MDA but am unsure about it's performance as an outbound smtp with ldap auth, do you know of anything more geared towards that area?
<virusuy> no, i've never used postfix with ldap auth.. so i cannot help you with that.
<virusuy> but, i guess if you do a little search on google could be plenty of how-to
<kyconquers> I found a way to do it running through Cyrus.
<virusuy> oh, nice
<kyconquers> i'm just trying to see if letting postfix handle the inbound and something else for the outbound would be better or worse?
<virusuy> well, posftix handle outbound in fact
<virusuy> or am i wrong ?
<RoyK> kyconquers: postfix is an mta, it just delivers, cyrus, on the other hand, handles the mailbox
<kyconquers> it works. it just is a workaround a workaround and seams unstable.
<RoyK> kyconquers: cyrus can't deliver a single thing
<virusuy> RoyK: or dovecot
<RoyK> yeah, or zimbra or courier or ...
<virusuy> RoyK: there's a lot of differents MDA
<virusuy> all of them with some pros and cons
<RoyK> yeah, I know...
 * RoyK ended up on zimbra because it was nice
<virusuy> in my own experiencie always postfix + dovecot was the best solution
<virusuy> RoyK: i used zimbra too it's awesome, but then i met roundcube (webmail)
<kyconquers> Cyrus is being used to do the authorization  Dovecot is my MUA and i'm using postfix for MTA MDA and the body(everything except authorization) for my outbound
<virusuy> so postfix + dovecot +roundcube = WIN :-D
<RoyK> it's thin and works well, but it doesn't have the admin-friendlyness of zimbra
<RoyK> roundcube I don't know (never heard of it before now)
<virusuy> RoyK: yeah.. and zimbra is a suite .. IM , Calendar, Mail
<virusuy> thats a pro on Zimbra, though
<RoyK> yeah, and that's rather nice...
<RoyK> most is in the open version
<virusuy> yes.
<RoyK> a bit more tricky for backups
<virusuy> really ?
<RoyK> well, the commercial version has online backup, fixing the issues with mysql and possibly other services that must be stopped
<RoyK> but then, I have a private server, so it doesn't matter much for it to be down for 15 minutes in the middle of the night...
<virusuy> nice then
<RoyK> also, there are scripts around to fix online backup, but I just haven't bothered
<kyconquers> so looking at outbound only is there a reason to go with postfix over exim?
<virusuy> not really
<RoyK> kyconquers: I can't answer that question, but I've standardised on postfix since gods know when, and I've had less issues (close to zero) with postfix than with exim, but then, I don't know exim too well, so that may be the cause
<virusuy> Same as RoyK , in my experience with postfix has been excelent
<virusuy> have*
<kyconquers> ok thank you both
<virusuy> has* gosh, i cannot even write :P
<virusuy> today i configured logrotate on our squid server at work
<virusuy> really easy, logrotate's man page is awesome
<virusuy> very clear and straightforward
<thermionix> is there a PPA for deb's for testing server kernels?
<twb> thermionix: what do you mean
<thermionix> current 3.0.0 kernel crashes when suspending devices
<thermionix> 3.0.6 fixes the issue
<thermionix> wondering if I can find a 3.0.6 ubuntu-server without compiling etc
<twb> Dunno, sorry
<RoyK> thermionix: doubt it
<RoyK> thermionix: but please file a bug
<twb> A simple google for "kernel ppa" turns up some matches
<twb> thermionix: also 3.1 is in precise.
<jdobrien> anyone here familiar with installing setting up lxc on oneiric?
<twb> !anyone
<ubottu> A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<jdobrien> twb, if I knew what to ask, i would
<jdobrien> I need help diagnosing why I get this when starting an LXC lxc-start: failed to attach 'vethAG4ovV' to the bridge 'virbr0' : No such device
<twb> And that third line is the one you should've started with
<twb> It's trying to attach to a bridge that doesn't exist.
<jdobrien> twb, right
<twb> Did you set up a bridge?  Pastebin /etc/network/interfaces, and the output of "ip a"
<jdobrien> twb, why the heck didn't lxc-create set it up
<twb> Because lxc-create creates a CONTAINER
<twb> It's not its job to fuck up your networking
<jdobrien> haha
<twb> It's not vmware_config.pl
<twb> lxc-create should complain taht virbr0 doesn't exist tho, IMO
<jdobrien> twb, hmm...libvirt-bin not installed...there's a clue
<twb> You are either using lxc or libvirt-bin; they're separate
<jdobrien> twb, they don't work together?
<twb> 12:35 <twb> donspaulding: libvirt contains its own LXC code that is separate from that in the "lxc" package.
<twb> 12:36 <twb> donspaulding: last time I looked they worked very differently and the libvirt one was far more primitive
<jdobrien> or play together
<jdobrien> twb, so should i not use libvirt?
<twb> IMO don't bother with libvirt unless you need to give non-root users access to VM management (as opposed to just access to the VMs)
<twb> That is predicated on you knowing what the hell you're doing wrt. lxc or kvm, tho
<jdobrien> twb, I'm using it a semi-isolated development envo
<jdobrien> twb, i got along find using schroots
<jdobrien> s/find/fine
<jdobrien> twb, these are the instructions i am using https://dev.launchpad.net/Running/LXC
<jdobrien> installing libvirt-bin did resolve the issue
<twb> Because libvirt fucks with your network setup
<twb> (Hm, actually as at lucid I don't remember it doing so...)
<jdobrien> twb, the network/interfaces is untouched
<twb> Dunno why it works then
<{bosco}> ok so i am running 11.10x64 is it possible to make it so only root can login to the server once logged in a user on the server ?
<{bosco}> via ssh sorry?
<{bosco}> ti know the sshd_config file i can set that to NO on allow root login but will that do the trick
<smw> {bosco}, that will do the trick
<smw> {bosco}, assuming you have no other methods to login remotely...
<smw> {bosco}, hopefully you have the same setting on your ftp server or whatever else you have.
<{bosco}> smw: yes lol
<{bosco}> smw: just curious what is your recomendation on "BASTILLE"
<smw> Considering I have no idea what it is... I hate it
<smw> well, no idea on its relation to computers :-P
<{bosco}> it is a server package that configures your server to some security via apt-get
<smw> interesting
<{bosco}> just curious if you have used it or not no biggie thanks later
<smw> I am going to look into it then :-P
<{bosco}> :-P
<tash> can anyone tell me if this is or isn't a good way to permanently mount a windows share? adding this to /etc/fstab: //MyPC/Users        /mnt/data       cifs    credentials=/etc/.smbcredentials,dmask=777,fmask=777    0       0
<tash> seems that it mounts, and is readable, but not writeable
<{bosco}> smw: hey i am getting a permission denied when i try and login to root via ssh from my user account?
<{bosco}> now
<tash> permissions and ownership on everything mounted is dr----x--t 1 root root
<tash> bosco: root ssh is probably disabled
<smw> {bosco}, wait, this is #ubuntu-server. What are you talking about root?!
<smw> lol
<{bosco}> tash: i want it disabled from an outside computer via ssh but from my own server i want it enabed?
<{bosco}> lol sorry
<tash> why don't you just ssh as your user, then sudo?
<smw> {bosco}, I thought I was on ##linux or something
<smw> why is root even enabled?
<{bosco}> smw: is it possible i know root should not be enabled and i have added bosco to the sudo list just asking
<smw> on ubuntu you can't login as root from anywhere without having root privileges unless you make changes..
<smw> {bosco}, huh?
<tash> smw: mounted windows shares before?
<smw> tash, yes I have
<smw> tash, why?
<thermionix> regarding the drive suspend issue in 3.0.0 and its being fixed in 3.0.6 - theres a few bugs - but nothing the mentions ubuntu-server > do I need to create a new bug relating to ubuntu-server?
<tash> smw: I added this to fstab and it mounted, but things are not writeable. Trying to determine if I have something wrong in the fstab line, or if it's a windows permissions thing:
<tash> //MyPC/Users        /mnt/data       cifs    credentials=/etc/.smbcredentials,dmask=777,fmask=777    0       0
<thermionix> alternatively I'll just update to the newer desktop kernel
<smw> tash, add defaults to the settings
<tash> smw: not sure what you mean :\
<smw> tash, before credentials add "defaults,"
<smw> tash, no space
<smw> tash, that will add rw as well as a few other options
<smw> tash, if you don't want too many other options, just add rw
<tash> k, added defaults and rebooted.  dr----x--t 1 root root 4096 2011-10-23 10:31 data
<tash> permissions looks off still
<tash> or is that normal?
<tash> I cannot cp something from /home/myuser to /mnt/data/ ... seems like perms are whacky still
<tash> I'll try rw
<tash> well, I think the problem was actually on my windows share
<tash> however, I did end up setting rw
<{bosco}> ok so i have disabled root acess to my server via ssh but my other user now has acess to root what now?
<{bosco}> all i have done basicy is changed my root to bosco right.
<{bosco}> ok so i have disabled root acess to my server via ssh but my other user now has acess to root what now?
<SpamapS> {bosco}: except that now its logged whenever bosco becomes root
<{bosco}> SpamapS: what are the benifets of this comared to root just having root acess is it still a security issue and if so how to fix this?
<{bosco}> SpamapS: you there
<Zanzacar> Hi I have been tryingn throughout the day and have been unsuccessful at using vsftpd to chroot someone into their home directory.
<Zanzacar> can anyone help me out with this?
<twb> Zanzacar: why not use SSH's built-in chrooting SFTP server.
<Zanzacar> http://paste.pocoo.org/show/505655/ thats my configuration files
<Zanzacar> because I am completely and utterly unaware of such functionality
<twb> http://paste.debian.net/144386/
<twb> You'd probably want sftponly in the AllowGroups as well :-)
<twb> But anyway, I recommend doing it with SFTP instead of FTP, since they look about the same to users, but SFTP is a much better designed protocol and more secure to boot.
<Zanzacar> right I was doing it sFTP using vsftpd
<twb> vsftpd is not an SFTP server.
<twb> It might be an FTP/SSL server.
<Zanzacar> o... I didnt know that
<twb> SFTP is a module of SSH, so no SSH -> no SFTP
<Zanzacar> oic, see ssh has always been on all my servers so therefore I could always sftp but I always thought that was because I needed to install vsftpd
<Zanzacar> wow
<twb> That goes in my quote file
<Zanzacar> I have only really been using linux for maybe 3 months now so ya
<Error404NotFound> What would be a good DNS that also supports MySQL? Bind with 3rd party mysql driver, mydns, powerdns...?
<Zanzacar> so the script you wrote there, it setsup the ssh_config file correctly to chroot users.
<twb> Zanzacar: you should read the sshd_config manpage and understand the lines in it
<SpamapS> Error404NotFound: have heard of big sites using powerdns
<twb> Zanzacar: you probably won't want one as locked down as I have
<Error404NotFound> SpamapS: hmm, ok, powerdns it is.
<twb> SpamapS: "big sites" = root servers?
<twb> Error404NotFound: why do you want mysql?  Mysql's shit.
<Zanzacar> twb: working through the information i found on it. thanks for the information it sure does explain why things where not working haha.
<Error404NotFound> twb: correct, what else? pgsql? don't have that much hands on for that
<SpamapS> twb: no, I'm not familiar with what they use. But the two sites I knew of using it were large hosting providers. (Not sure if they still exist)
<SpamapS> OH please
<SpamapS> scale pgsql without wanting to throw yourself off a cliff and I'll gladly give you a hang glider for free.
<twb> Error404NotFound: well, I dunno about you, but I am using nsd, which compiles normal bind-format zonefiles into a binary database in some magical way I haven't cared enough to grok
<Error404NotFound> twb: :) wil google that
<SpamapS> I really liked tinydns when I used it
<SpamapS> so simple
<twb> And nsd *does* run on l. and k.root-servers.net
<Error404NotFound> SpamapS: is it really that hard for pgsql? never did it.
<twb> And half of h.root-servers.net
<twb> I also found nsd really simple to work with compared to bind
<SpamapS> Error404NotFound: its possible. But.. well.. ask the launchpad guys about how much they love Slony. ;)
<SpamapS> twb: still have to write bind zone files tho, right?
<Error404NotFound> SpamapS: ya, i know 'Slony' along with some curse words D:
<twb> SpamapS: well, what else are you going to do?
<twb> If you want to store the master format for RRs in an RDBMS instead, IMO you need your head examined
<twb> Unless you're doing some stupid cpanel-type web UI for idiot end users
<twb> Then *maybe*
<twb> SpamapS: I bet you could make pg scale really well by just turning off all the integrity checking features that mysql has off by default ;-P
<SpamapS> thats a lie
<SpamapS> read the manual on 5.5
<SpamapS> InnoDB is the default
<SpamapS> safe transactions are on by default
<twb> I'm not a DBA, but the DBAs I know tell me it's still not good enough
<SpamapS> pg people still spreading lies from 3.x days
<twb> Don't forget we don't all run latest non-LTS either
<SpamapS> 4.1 introduced InnoDB
<SpamapS> *4.1*
<twb> Shrug.
<Error404NotFound> I am at a dilemma, working on a setup that updates DNS zones on the fly using a custom web interface. Now if i don't use a mysql backend supported DNS the updates would have to be done via a cron that pulls data from database and writes config files. NSD seems amazingly fast, wondering what would be better.
<SpamapS> That MyISAM was still the default until just over a year ago when 5.5 was released has only fed this FUD. :-/
<twb> Another stupid that pissed me off was when I cleaned out old records from squid2mysql the other day, I couldn't find a way to reduce the disk consumption without dumping and rebuilding the db
<SpamapS> Error404NotFound: you could just as easily build config files on the fly, you don't have to do it via cron.
<twb> SpamapS: IIRC they changed the default on Windows a few years before they changed it on linux, too
<SpamapS> twb: OPTIMIZE TABLE xxx
<twb> It was a host running etch
<SpamapS> twb: but that will only regain space if you have innodb_file_per_table on (which you should if you want to have any kind of long term server managability :)
<Error404NotFound> SpamapS: hmm, care to give a hint? Say if data for a zone is inside a table called abc.com, won't i need a cron that would pull data from db and write nsd configs?
<lifeless> SpamapS: is that webscale?
<SpamapS> lifeless: it uses /dev/null!
<twb> I handballed the problem to a dba, but probably he didn't have a new enough mysql for that
<lifeless> SpamapS: with map reduce?
<twb> SpamapS: and is one table per file the default yet? ;-P
<SpamapS> Error404NotFound: nah, just write to the table and then kick off a message to a worker that updates the zone file from the DB
<SpamapS> lifeless: and JSON ftw
<twb> Error404NotFound: IXFRs go into the db by default, and a cron pushes them to the slave .zones
<SpamapS> twb: not sure if innodb_file_per_table is default yet
<lifeless> SpamapS: did you hear about the yaml thing ?
<twb> Error404NotFound: master zones go from the files to the .db when you nsdc rebuild && nsdc reload
<Error404NotFound> twb: hmmm, need to read more about nsd, if i can bind it with mysql, somehow without adding say more than a minute delay of pushing changes from db to nsd's binary format, it would be cool.
<lifeless> SpamapS: arbitrary code execution via pyython's yaml.load
<lifeless> SpamapS: which is why we don't roll our own formats, mmkay!
<SpamapS> lifeless: *@#$%*
<lifeless> http://pyyaml.org/wiki/PyYAMLDocumentation#LoadingYAML
<twb> Error404NotFound: when I say db I mean nsd's database, not mysql
<lifeless> >>> yaml.load("""
<lifeless> ... !!python/object:__main__.Hero
<lifeless> ... name: Welthyr Syxgon
<twb> Error404NotFound: nsd has no mysql
<Error404NotFound> twb: ya
<SpamapS> lifeless: tho I think I use safe_load most of the time
<lifeless> SpamapS: and know you know why
<lifeless> SpamapS: really it should be called 'exploit_me_load' and 'load'.
<Error404NotFound> twb: thats why i might skip nsd even though its cool as: cron pulls config data from db, writes bind style config for nsd, rebuilds and reloads nsd would always have some delay, running a cron every minute might not be a good idea.
<twb> Error404NotFound: you could just have the web UI read and write the zonefile directly, I guess
<twb> I guess instead you could write a replacement for zonec which reads from an RDBMS, but I don't like it
<twb> Haha, or ASN1 format :P
<SpamapS> one nice thing about tinydns.. the line-per-record format was ridiculously hard to script around
<SpamapS> err
<SpamapS> s/hard/easy/
<twb> I guess the root servers don't have to worry about bullshit web UIs because everything is pushed to them... via DNS
<Error404NotFound> twb: hmmm, going for powerdns for now, will do nsd where i don't have some crazy boss to answer :P ;)
<SpamapS> forget web UI, just being able to attach DNS records to things like customer records is valuable
<twb> Error404NotFound: sure, whatever.  You know how I feel, I can't force you to do things my way :P
<twb> SpamapS: M-1 M-! dig AXFR example.net RET when sending the RT email
<Error404NotFound> One more question, and please bear with me as this might sound stupid for a while, may be longer :D
<twb> SpamapS: oh, you mean records as in an RDBMS
<twb> Thought you meant records as in "record keeping" i.e. the issue tracker
<lifeless> twb: meh rdbms. perl hashes are where it is at.
<twb> lifeless: bleh
<lifeless> twb: imagine a root server running out of an in-memory hash :)
<twb> lifeless: at least it isn't a goddamn CSV-backed database on a SCO4 server
<twb> lifeless: the vendor is all "yes must can haz RAID6 6-way 1500 SAS for db"
<twb> It's bloody CSV FFS, they have like 80MB and 40 users
<Error404NotFound> I have client web servers running behind a varnish+nginx proxy where all clients point their DNS there. Its been working great till last morning when my boss asked me to add support for FTP. We have limited IPs and i was looking some kind of FTP proxy solution that i could configure against say either usernames or incoming domain names(if possible) to route port 21 to backend server. Or is there another alternate? I don't
<Error404NotFound>  want to give public ips to web servers in DMZ.
<twb> Oh and it was running on a Pentium III last week
<lifeless> twb: must have terrible scaling overheads.
<lifeless> Error404NotFound: frox perhaps
<twb> lifeless: no, the db vendor is just an idiot
<Error404NotFound> lifeless: checked, seems like its restricted to only one host in transparent proxy mode, checking non-transparent one, though then i might need to assign dns names for hosts in DMZ in Frox server's /etc/hosts or local dns.
<{bosco}> ok so how do i take a user on my server and only allow him to see /home/user and anything there after?
<{bosco}> no browsing around?
<SpamapS> {bosco}: I've used scponly for that kind of thing before
 * SpamapS passes out and goes to sleep
<{bosco}> ok what about non inherit trivial in file permissions
<{bosco}> SpamapS: but this person still has to have simple root acess to update upgrade and install
<{bosco}> nothing else
<{bosco}> will that conflict
<Guest51768> hello everyone, i have a more philosophical question then a technical one. Encryption. Since my /home dir is completly empty how can I use encrpytion on ubuntu server? could i encrpyt /var /etc
<Guest51768> and so on...
<Guest51768> ?
<{bosco}> leave guest
<{bosco}> lol jk
 * ball is confused
<greppy> {bosco}: you want them to only have access to ${HOME} but also have root?
<{bosco}> greppy partial root acess only to update upgrade and install packages not to remove or see anything else other than there homefolder
<{bosco}> i know how to do the first part it isthe secound that i ham having trouble with
<{bosco}> chmod A+user:bosco:read_data/write_data:file_inherit:allow /home/bosco
<{bosco}> that is the closest i have come but doesnt work in 11.10x6e
<{bosco}> 4
<greppy> {bosco}: you would basically need a jail environment for that to work for a shell, but that will make using sudo & apt commands just about impossible.
<Error404NotFound> lifeless: jftpgw seems more flexible thank frox.
<lifeless> cool, I had not heard of that
<{bosco}> greppy: so it is not possible to have both>
<{bosco}> chmod A+user:bosco:read_data/write_data:file_inherit:allow /home/bosco then what is this for
<lynxman> morning o/
<greppy> they will need access to the binaries & libraries to use a shell as well as apt-get using sudo.
<{bosco}> oh ok
<greppy> you can't really restrict access to just thier home directory and expect them to be able to do other things on the system.
<{bosco}> right makes since just though it might work
<greppy> {bosco}: why do you trust them to install and upgrade but not have access to the rest of the system?
<greppy> if they install a conflicting package, ie lighthttpd instead of apache for example...
<greppy> they don't have to uninstall to be able to make something no longer work.
<{bosco}> becuase this is me and i am the only one on the system trying to make the perfect user with security isues
<{bosco}> i have disabled root ffrom ssh
<{bosco}> so i wsa just trying to be secure with my user and also just give him the 3 commandsthat i imight use on a day to day basses
<{bosco}> no biggie
<noob889> {bosco} how about you give your user its own virtualmachine? :)
<{bosco}> well ok noob889 what is the best way to go about that and why have vm on a vps lol isnt that kind of redundent i just want it for security reasons in case someone acesss my server
<kaushal> Hi
<kaushal> is there a bash script which checks for tomcat service being up and running ?
<{bosco}> hi
<kaushal> and what would be the ideal scenario to check for catalina.out file
<kaushal> I suppose monitoring tomcat listening port is not a recommended method
<kaushal> I mean any specific string
<kaushal> {bosco}: hi
<{bosco}> kaushal: :P
<kaushal> {bosco}: Any clue ?
<{bosco}> kaushal: not that i now of one sec though?
<{bosco}> http://www.unix.com/shell-programming-scripting/118495-how-check-start-tomcat-using-script.html
<{bosco}> check there see if that helps
<{bosco}> kaushal:
<{bosco}> here is how to start them at boot so you know they are running http://raibledesigns.com/tomcat/boot-howto.html
<{bosco}> kaushal:
<kaushal> {bosco}: basically i need to restart tomcat gracefully using bash script
<kaushal> i mean graceful shutdown and graceful start
<{bosco}> kaushal: i know lol
<{bosco}> other than those links i wouldnt know how you may ask in #ubuntu as well since no one is on here lol?
<tyska> hi guys, to configure a server with authenticated proxy it does not just type export http_proxy=http://user:pass@ip:port ?
<tyska> hello?
<eagles051387> hey ikonia
<tyska> can anyone help me with proxy configuration?
<xranby> tyska: are you using apache?
<tyska> xranby: no, im not trying to configure a proxy server
<tyska> xranby: i need to configure a client
<tyska> xranby: im trying to do export http_proxy=http://user:pass@ip:port , but it does not working
<xranby> that only work for some applications
<xranby> for example if you want to use firefox you ahve to set the proxy option inside the firefox configuration gui
<tyska> but i cant do a simple ping to 8.8.8.8
<xranby> ping are not using http
<xranby> the proxy only work for applications that uses http
<tyska> but even with elinks i cant connect
<xranby> can you run apt-get update ?
<xranby> tyska: elinks are looking for HTTP_PROXY
<xranby> with all CAPS
<tyska> ow
<tyska> but even with ALL CAPS it does not work
<xranby> tyska: if apt-get update work   then your proxy work
<xranby> tyska: you have to check each application that uses http and double check that it gets correct configuration
<tyska> xranby: configuration of apt is on /etc/apt/apt.conf.d/02proxy
<tyska> xranby: this is already configurated and working
<tyska> xranby: my problem is with this export thing
<xranby> unfortunally elinks documentation do not mention in what format it want the HTTP_PROXY string http://elinks.or.cz/documentation/manpages/elinks.1.html
<xranby> tyska: you can create an elinks.conf http://elinks.or.cz/documentation/manpages/elinks.conf.5.html
<xranby> you need to set
<xranby> protocol.http.proxy.host  protocol.http.proxy.user  and protocol.http.proxy.passwd
<xranby> in this config file
<xranby> aparently it can only use  host:port format for HTTP_PROXY and protocol.http.proxy.host
<ruben23> hi there guys i get this error when i restart my network --------------> http://pastebin.com/esXNzpXc
<ruben23> (9:00:46 PM) Azelphur [~Azelphur@azelphur.com] entered the room.
<pmatulis> who is azelphur?
<ruben23> sorry i wrongly paste it
<pmatulis> ruben23: what release?
<ruben23> 10.04 LTSUbuntu 11.10
<ruben23> Ubuntu 11.10
<pmatulis> ruben23: maybe pastebin your interfaces file
<ruben23> http://pastebin.com/hzZ6AhbR
<pmatulis> ruben23: is the open-iscsi package installed?
<ruben23>  pmatulis: how to install
<pmatulis> ruben23: i asked *if* it's installed
<pmatulis> ruben23: 'dpkg -l open-iscsi'
<ruben23> No packages found matching open-iscsi.
<pmatulis> ruben23: ok, just checking
<pmatulis> ruben23: you may want to use strace on the command 'sudo strace -o output.txt /etc/init.d/networking restart' and pastebin output.txt
<ruben23> http://pastebin.com/4gTXhGg7
<pmatulis> ruben23: go up 2 messages
<zul> Daviey: ping you said you had a python script that talked to the cobbler api?
<Daviey> zul: well, something basic - yes
<uvirtbot> New bug: #888552 in cyrus-sasl2 (main) "cyrus-sasl2 denies authentication if host name unresolvable" [Undecided,New] https://launchpad.net/bugs/888552
<Daviey> zul: what usesage?
<zul> Daviey: care to share?
<zul> Daviey: ill do the squid3 thing today
<Daviey> zul: Yes, but  have a few snippets - what do you want to achieve
<zul> Daviey: i just want to an example that logins to the api and sends something like a mac address
<Daviey> zul: http://pb.daviey.com/oocT/ , you'll have to change the profile value.
<Daviey> zul: I am interested what this is for tho.
<zul> Daviey: the hardware detection stuff
<Daviey> zul: Hang on, we have this stage of things done.
<pmatulis> bonus question: how do you restart networking on oneiric?
<zul> pmatulis: sudo /etc/init.d/networking restart
<Daviey> zul: it needs to be done in shell or C really.. unless we bring back the pre-boot enviroment idea
<zul> i think we bring back the pre-boot enviornment idea
<Daviey> zul: That aspect needs to be addressed before adding the tool.
<zul> but really i wanted the snippet to test to see if i add like cpu info to the cobbler api that it can be tested
<Daviey> How is the image created?  Maintained?  How is data injected or pulled securely?
<zul> Daviey: sure i have a vague idea in my head
<zul> :)
<zul> i need some caffine first
<Daviey> zul: That needs documenting! :)
<pmatulis> zul: bzzzt!  "Running /etc/init.d/networking restart is deprecated because it may not enable again some interfaces"
<Daviey> i'm not digging into your head :p
<zul> Daviey: well guess whats on my todo list today ;)
<Daviey> zul: Depending how exotic we plan to get, adding CPU, KVM supported, Memory/RAM / Disk sizes etc, is probably going to be easier to add in C than handling a binary image.
<zul> Daviey: right...but you have to be smart on how you get your information we are just not dealing with intel only
<Daviey> zul: no, totally.
<zul> Daviey: ill write my vague idea up today
<Daviey> zul: ok, great!
<zul> send it off to ubuntu-server?
<zul> freaking freenode
<zul> Daviey:  for arm we cant use something like dmidecode and /proc/cpuinfo is different as well
<Daviey> zul: Yeah, that is what hdt seems to depend on, no?
<zul> Daviey: no it uses syslinux
<Daviey> erm, are you sure that is how it detects the CPU?
<zul> yeah im looking at the code now
<Daviey> and it doesn't use dmi?
<zul> http://lxr-test.linpro.no/#syslinux+syslinux-4.01/com32/sysdump/
<Daviey> http://lxr-test.linpro.no/syslinux+syslinux-4.01/com32/sysdump/dmi.c , isn't concerning?
<zul> for arm yes :(
<zul> Daviey:  just poke holes into my dreams ;)
<Daviey> hah
<Daviey> it might still work.. :/
<zul> ogra_: ping
<zul> lets ask the experts
<ogra_> pong
<ogra_> you wont be able to use syslinux on arm, you will need to use whatever bootloader the board supports
<ogra_> and zul is right, no dmi (BIOS) on arm
<Daviey> ogra_: uboot can chain into syslinux / pxelinux, no?
<zul> ogra_:  fudge...
<ogra_> i doubt that, but u-boot can to PXE nowadays
<Daviey> ogra_: Gah! I said no dmi aswell.. :)
<ogra_> s/to/do/
<ogra_> what do you need from syslinux here ?
<ogra_> i would assume that functionality is in u-boot as well already
<zul> ogra_:  syslinux provides a tool called hdt which dumps hw info about the machine you are booting
<ogra_> the bad thing is that each board has its special setup, so you will need a lot of special casing per-board
<zul> ogra_: i wanted to use hdt to suck that info out of it and feed it back into cobbler
<Daviey> ogra_: I thik probing the kernel is safer. :)
<ogra_> hmm
<ogra_> well, that sounds like you do it before a kernel is booted
<ogra_> if you have kernel and userspace archdetect is your friend
<ogra_> and lsusb ...
<Daviey> ogra_: Well we have 3 possible solutions..
<zul> archdetect?
<ogra_> well, it should return the arch and subarch
<ogra_> i.e. armel/omap4
<Daviey> ogra_: can give me the output of /sys/devices/system/cpu/present on arm please? :)
<ogra_> beyond that .... cat /proc/cpuinfo |grep ^Hard
<ogra_> ogra@horus:~$ cat /sys/devices/system/cpu/present
<ogra_> 0-1
<Daviey> ogra_: is that a 2 core box?
<urthmover> when installing 11.04 on apple xserve I do not see an option to  install EFI boot when partitioning my disks.  How do I resolve this?
<ogra_> (thats on tegra, bvut i doubt it will be different on other SMP boards)
<ogra_> Daviey, exactly
<Daviey> thanks
<ogra_> ogra@printsrv:~$  cat /sys/devices/system/cpu/present
<ogra_> 0
<ogra_> beagleboard ^^^
<urthmover> I did notice that 11.04 server iso only has bootx86.efi  and not bootia32.efi in the /efi/boot folder as well.  Will someone speakup that hcan leand a hand?
<zul> ogra_: lovely ;)
<ogra_> :)
<urthmover> if anyone in here does not have experience with ubuntu on this platform (apple xserve) but knows of someone on this channel that does please point that nick out to me as well  thanks
<zul> urthmover: i doubt alot of people have an apple xserve google is your friend in this case
<Daviey> lamont: I assumed you might have some experience with apple xservers running ubuntu?
<urthmover> zul: agreed I have been slopping around in this for all of this past week.  I've compiled my own grub  but unable to grub-mkimage ...  I have a booting usb key but it only boots into grub 1.96  and won't loop iso images from the usb key   thanks for the suggestion though zul
<zul> urthmover: you might want took at refit as well
<urthmover> agreed zul  refit does appear to be a valid solution but unfortunately when I have that installed on this box  it does not recognize any mountable install media (cdrom, usb drive)  been quite frusterating.....maybe I'll install refit  again  and see if anyone in the refit irc channel can lend a hand as to why that aspect of this install wasn't successful
<Daviey> zul: it seems to me that hdt gives us the worst of both worlds TBH
<zul> Daviey: hmm...maybe we dont need dmi info
<zul> Daviey: how so?
<Daviey> we don't get the flexibility to extend it, which we'd have with a bloated image - and we aren't using the linux kernel, which provides an abstraction layer we can probe
<Daviey> (linux kernel being the current implementation)
<zul> k
<Daviey> It's still C, meaning rapid development equals the current implementation
<zul> so right now you have to pop in the cd to send the mac address back to the cobbler server?
<Daviey> One of the main benefits of a bloated image is that it is easier to throw in adhoc modules i feel.
<Daviey> zul: no!
<Daviey> zul: That was low hanging fruit to add.. the primary interface is a default preseed from cobbler to netboot and register it automagically.
<zul> ok gotcha
<Daviey> we are (ab)using d-i as a cheap execution enviroment, which we can pass data to, which is supported by cobbler.
<zul> ok im just trying to understand now
<Daviey> i'd actually not be upset if it went away from the CD menu TBH, so it just works under the covers.
<Daviey> Replace it with a 'Deploy something on this machine', which chains into ipxe.
<stgraber> hallyn: uploaded a new LXC to Precise. This fixes some auto-generated changes that got bundled in the previous upload and applies the remaining changes to lxc-ubuntu
<stgraber> hallyn: so the new lxc-ubuntu is identical to what's upstream at the moment (includes the lxc.cap.drop, tap devices and mknod changes)
<hallyn> did i cause those auto-generated changes?
<hallyn> ok, i'm trying to get a prototype of the lxc bridge working.  The /etc/init.d/lxc is getting kind of ugly though :)
<stgraber> not sure, might well have been me. It's one of these cases where we need to unapply and re-apply all the quilt changes
<stgraber> are you planning on converting it to an upstart script?
<hallyn> I might have to just bite the bullet and switch to upstart.  except i don't want to diverge from debian
<hallyn> i dunno, what's your thought?
<hallyn> he's obviously developing the bas version,
<hallyn> so i guess it depends on whether dba is willing to take my changes (in some form or other)
<hallyn> if not, then yes, no sense maintaining our own version of the bash script
<stgraber> yeah, if the changes go in Debian, we probably should stick to the sysvinit script
<stgraber> if not, then upstart would likely be a bit cleaner
<stgraber> but we'd loose some of the custom actions in the process (not that I think they should have been there in the first place)
<hallyn> what would we lose?
<stgraber> freeze, unfreeze and status
<lamont> Daviey: it's possible
<lamont> the buildds are xserves, but I thought those were ibm, not apple
<Daviey> ah, ok
<urthmover> lamont: apple calls their rackmountable enterprise server hardware xserve (as confusing as that is for everyone except apple)
<urthmover> lamont: Apple has discontinued these boxes a year or so ago.  Still supporting them  but I'm sure that OS updates will soon stop in a few years   so it is time to take advantage of the great hardware and put an OS that I can grow with
<uvirtbot> New bug: #888603 in openldap (main) "package slapd 2.4.23-6ubuntu6 failed to install/upgrade: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 1" [Undecided,New] https://launchpad.net/bugs/888603
<ppetraki> hallyn, iscsi-target
<hallyn> ppetraki, lvm
<ppetraki> hallyn, I'm confused, I thought you were interested in which iscsi target server we were using?
<ppetraki> hallyn, what about LVM?
<hallyn> ppetraki, nothing about lvm  :)
<ppetraki> hallyn, oh good :)
<hallyn> ppetraki, that's true in 12.04 too?
<ppetraki> hallyn, hrm... that knowledge is definitely based on 10.04 LTS
<ppetraki> hallyn, I don't have a good answer for you there
<hallyn> ppetraki, ok, thanks
<ppetraki> hallyn, appears that fedora is using tgtd, which would be the tgt package for us, for what its worth
<kirkland> SpamapS: yo
<SpamapS> kirkland: sup?
<roaksoax> jandrusk: ping
<roaksoax> ups
<dork> hello
<roaksoax> sorry
<roaksoax> jamespage: ping
<jamespage> roaksoax: pong
<roaksoax> jamespage: any recommendations for USB sticks for the pandaboards?
<jamespage> roaksoax: hmm - so I'm using laptop SATA drive in a USB caddy - works OK
<jamespage> still boot from the sd card buts runs from the drive - so better performance
<roaksoax> jamespage: right
<roaksoax> jamespage: what's the preseed file again? and after installation did you have to modify anything?
<roaksoax> jamespage: and kernel parameters added if any?
<jamespage> roaksoax: preseed - https://gist.github.com/1205832
<jamespage> cobbler stuff inc kernel params - https://gist.github.com/1205825
<jamespage> and some fu to re-image the SD card to netboot when you want to re-install
<jamespage> https://gist.github.com/1205751
<jamespage> I did have a pad - but I can't find it ATM
<roaksoax> jamespage: ok, but after installation everything was working as expected then
<jamespage> yep - I use that configuration pretty frequently towards the end of last cycle
<roaksoax> jamespage: i mean, it was booting of sd card but running from sda
<jamespage> yep
<roaksoax> jamespage: ok cool
<roaksoax> jamespage: cool, thanks
<jamespage> np
<roaksoax> jamespage: now, did you get any case for your pandaboard?
<roaksoax> lol
<jamespage> nope
<hallyn> stgraber, hey, do you ever see containers that wont' shut down because ureadahead was still running (or hung) ?
<hallyn> I've reported it as a bug for natty, but got it with an oneiric container on precise too
<hallyn> i don't know what the problem is
<jamespage> its nicely accumumating a layer of dust - just waiting for it to catch fire when I run some java on it!
<roaksoax> jamespage: sounds like fireworks to me.. wait for the hollidays :)
<BrixSat> hello
<BrixSat> im trying to compile a driver and i get the next error
<BrixSat> Makefile:93: /lib/modules/2.6.32-28-generic/build/.config: No such file or directory
<hggdh> Daviey: the server's team to bug-control expired. Is this what you want?
<hggdh> ah, server team's membership, to be precise
<uvirtbot> New bug: #888618 in ec2-ami-tools (multiverse) "ec2-ami-tools has hard coded location list" [Undecided,New] https://launchpad.net/bugs/888618
<Daviey> hggdh: Ah no, i hoped to grab you about that last week.
<Daviey> Can it be re-added?
<Daviey> zul: for squid3, are you adding a transisitional package?
<zul> yep
<Daviey> zul: Are the conf's compatiable?
<zul> Daviey: yeah
<Daviey> rocking!
<roaksoax> zul: why is a squid3 transitional package needed?
<zul> roaksoax: because squid is going away in favor of squid3
<roaksoax> zul: ahh just realized that we have both, squid, and squid3
 * Daviey notes roaksoax is behind on his bug mail.
<roaksoax> Daviey: heh... or in the spam bin
<roaksoax> Daviey: is there any email I should have been aware of?
<Daviey> roaksoax: nah, jdstrand opened a bug asking us to replace squid with squid3 for it to be possible to support it for 5 years
<roaksoax> Daviey: ahh.. I didn't get any
 * jdstrand hugs server team
<Daviey> jdstrand: when do hugs turn into beers?
<roaksoax> Daviey: how was skydiving btw?
<jdstrand> perhaps when I receive one that is owed to me :P
<lynxman> jdstrand: so it's a very good transaction, the server team gives you one... you have to pay one for each guy of the server team? ;)
<Daviey> jdstrand: heh, fair point :)
<Daviey> lynxman: Rick Clark promised to buy every member of the Ubuntu Server Team a beer at UDS.. ~ubuntu-server being an open team at the time doubled it's membership overnight.
<lynxman> Daviey: and then half of them dutifully resigned the next day? ;)
<jdstrand> hehe
<SpamapS> lynxman: so *thats* how we got Chuck!
 * SpamapS hugs zul
<zul> eh?
<zul> okies squid3 should be ready for the MIR report now
<zul> jdstrand: it already had ufw support btw
<ServerNoOb> who has plenty of time to help me? Afraid I may be doomed
<jdstrand> nice
<uvirtbot> New bug: #888637 in clamav (main) "unneeded group write permissions for freshclam network files" [Undecided,New] https://launchpad.net/bugs/888637
<ServerNoOb> Anyone good with dns?
<ahs3> ServerNoOb: yes, somewhat.  what's the question?
<ServerNoOb> is it possible to do this.
<ServerNoOb> ISP----router------wifpc----out to another router -----to ubuntu 10.04 server
<ServerNoOb> I have the first router port forwarding to the wireless pc
<ServerNoOb> the wireless pc is giving ip to the second router
<ServerNoOb> ports forwarded from second router to the ubuntu dns server
<ahs3> tcp or udp ports or both?  dns wants to use udp, typically
<ServerNoOb> dns work on that lan but i think it is broken at the wireless pc... dont think it is passing it off to the second router
<ServerNoOb> will try that
<ServerNoOb> dns is set to udp
<ServerNoOb> on both routers
<ahs3> i think what you'll have to do is debug each step with something like dig
<ServerNoOb> when I try to go  to the domain it says taking too long to respond
<ahs3> i.e., go to the ubuntu server, make sure you can dig there, then go to the next link
<ServerNoOb> does the wireless pc have to have a dns server too or is there a way to passit through
<ahs3> if you want the pc to resolve names, yes it needs a dns server -- or at least a hosts file
<patdk-wk> you don't need a dns server on ANY of those machines or routers
<patdk-wk> it would be helpful if the isp router had a dns server, but not needed
<patdk-wk> ahs3, are you confusing dns server with resolv.conf?
<ahs3> ah, i interpreted the question as "does it need access to a dns server", not "does it need to _run_ a dns server"
<patdk-wk> sounds like he has a dns server running on the ubuntu box
<patdk-wk> so many possible things could be going on
<patdk-wk> but normally dual homing things, expecially laptops, normally don't work well
<ahs3> right, unless done very carefully
<patdk-wk> all my networks use 192.168.1.x :)
<ahs3> heh
<ServerNoOb> ahh does it need to run one
<ahs3> patdk-wk: yeah, that's why this sounds like a debugging exercise to find the link where the dns packets get dropped
<ahs3> ServerNoOb: it doesn't need to run a server, but it must be able to resolve (hence, /etc/resolv.conf)
<ServerNoOb> from the server dig got info
<ServerNoOb> next step up is linksys router
<ahs3> right -- see if you can dig from the other side of the router, and so on...
<ServerNoOb> from the wireless pc it digs too
<ServerNoOb> I think my connection may just be too darn slow
<ahs3> it would have to be *really* bad for dns to fail -- it does a lot of retries
<ahs3> and dig will report the response times
<ServerNoOb> speedtest.net says 0.35Mbps dn and 0.08Mbps up
<ServerNoOb> I would like to get my server wifi working to cut out a few steps
<ServerNoOb> with the desktop version wifi card worked out of the box, but not on server
<ahs3> that should be plenty of bandwidth
<patdk-wk> speed doesn't matter, just latency
<patdk-wk> if you have 30seconds of latency :(
<patdk-wk> ServerNoOb, you know, there is no difference between desktop and server
<patdk-wk> except all the desktop stuff isn't installed
<patdk-wk> so you just need to install the wifi drivers into your server install
<ServerNoOb> dig show Query time: 332mms
<ahs3> long, but not at all unreasonable
<ServerNoOb> ssh is not even making it past first router
<ServerNoOb> connection timed out
<ahs3> that's tcp on a different port, but that sure seems like a clue :)
<ServerNoOb> can you ping it?
<ahs3> what's the ip address?
<ServerNoOb> 206.41.235.152
<ahs3> it's not configured to ignore pings, is it?
<ahs3> apparently not...
<ahs3> PING 206.41.235.152 (206.41.235.152) 56(84) bytes of data.
<ahs3> 64 bytes from 206.41.235.152: icmp_req=1 ttl=242 time=395 ms
<ServerNoOb> nslookup shows it pointed to that IP
<ServerNoOb> now I have pulled everything from nat on router except http and ssh
<ServerNoOb> also removing firestarter
<ServerNoOb> am I still here?
<ServerNoOb> ok I am
<ServerNoOb> how strange
<ServerNoOb> ahs3: now it makes it past first router but pulls the wireless pc's webpage
<patdk-wk> you don't have your wireless router setup as a hotspot capture do you?
<ServerNoOb> no
<ServerNoOb> wish I could
<ahs3> well, and if http is port forwarded to the wireless pc, isn't that correct?
 * ahs3 is a little puzzled by the question...
<ServerNoOb> this pc I am on pulls wifi from my first router then uses eth0 to share net with second router
<patdk-wk> oh well, so basically you have 3 routers
<ServerNoOb> the server with dns and website I want to reach is coonnected to second router
<ServerNoOb> if you conut this pc as a router
<patdk-wk> it routes doesn't it? :)
<ServerNoOb> the it would be second
<patdk-wk> how is the second router setup?
<patdk-wk> I assume you connected it's wan port to your eth0?
<ServerNoOb> yes
<patdk-wk> ya, then talking to stuff on that lan isn't possible
<ServerNoOb> so it pulls an ip
<patdk-wk> unless you setup port forwarding, then you can only talk to one device
<patdk-wk> that is so bad, 3 level deep nat :(
<ServerNoOb> I figured that
<ServerNoOb> was worth a try
<patdk-wk> oh it's possible
<patdk-wk> but many limitations
<ServerNoOb> so I need to make this pc my main server
<ahs3> yeah, very messy.  i wonder if you could subnet the lan on eth0 and have the pc route to it...
<patdk-wk> no idea, I don't thing we even know your goal
<uvirtbot> New bug: #888662 in xxxterm (universe) "Web browsers should share the cache" [Undecided,New] https://launchpad.net/bugs/888662
<ServerNoOb> I will make a graphic and show you ...will you be around for a few
 * ahs3 has to head off to lunch...bbiab
<uvirtbot> New bug: #888671 in facter (main) "Please merge facter 1.6.2 (main) from Debian testing (main)" [Undecided,New] https://launchpad.net/bugs/888671
<ServerNoOb> patdk: still here
<zul> Daviey: you are right the api is silly
<Daviey> zul: oh?
<Daviey> zul: you mean the lack of exposed debug?
<zul> silly-easy
<Daviey> oh
<Daviey> yeah xmlrpc via python is really rather nice.
<Daviey> zul: Have you managed to add extra data?
<zul> Daviey: working on that now
<soren> Is this for cobbler?
<zul> soren: yes
<soren> ok
<soren> There's actually a change under review against Nova that adds bare-metal provisioning.
<soren> If you guys want to do a cobbler driver, you may want to look at it.
<soren> It's targeted at some odd ball embedded platform they have, so it's not the same use case, but it would be great if they would be in the same sort of style.
<zul> soren: yeah i saw i need to review it
<roaksoax> zul: you working on cobbler-enlist?
<roaksoax> or similar?
<zul> roaksoax: kind of
<roaksoax> zul: so how are we gonna register new systems then?
<zul> roaksoax: right now sudo cobbler system --cpu_cores=99 and that info gets exposed from the api
<Daviey> I really think cobbler-enlist is the approach we should be extending
<roaksoax> zul: so we are extending cobbler then and not using ocsinventory or are we doing both
<zul> roaksoax: extending cobbler
<Daviey> The bloated image approacg which 'sudo cobbler system add' depends on has significant more work involved, for a similar end experience.
<zul> I should have a patch soon as an example
<Daviey> I feel that ocsinventory is a Medium priority thing.
<roaksoax> Daviey: well in my mind relies the approach that a system should 1. turn on. 2. obtain a pxe image from cobbler 3. register into cobbler (with all info) 4. it turns off 5. ready to be deployed
<Daviey> roaksoax: that is what we were striving for already, but the image is based on something we get for free.
<roaksoax> Daviey: that's what I mean with
<roaksoax> Daviey: that's what I mean with "in my mind relies the approach"
<Daviey> If we go for the bloated image, we need to worry about creating, maintaining and passing credentials to it.  Which is an issue we currently do not have
<zul> thats something we all agree on
<Daviey> smoser, doesn't agree
<smoser> i never do
<Daviey> I agree that a bloated image might well be nicer, but the added work has little benefit IMO.
<smoser> i just think that you're going to have to bite the bullet at one point or another.
<smoser> that sooner or later (read, sooner) you're going to realize that getting enough stuff to run in that little environment of the installer is a regular PITA
<Daviey> smoser: You could well be right, but in order to make a decent plan on this - we need to document reasons that would cause that.
<smoser> and you'll re-invent lots of things (like facter) that you would get for free if you bit said bullet
<Daviey> smoser: so every dep we need in the d-i env, we need to introduce a udeb - is a PITA, agreed
<Daviey> smoser: even in the minimal image, i'm not sure we'd want ruby, would we?
<smoser> things you need, that will result in reinvention or PITA:
<smoser>  * facter
<smoser>  * ssl support
<Daviey> ssl support we are getting regrdless.
<smoser> really? that is somehow free?
<zul> free as in magic..
<smoser> i thought installer did not have it, and thus you couldnt use it.
<Daviey> smoser: I *do* agree that a bloated image is 'better', but not neccessarily the right choice.
 * zul does his doug henning impression
<smoser> i dont think its necissariliy better.
<smoser> i just think you're going to do a ton of work now fighting to stay in that installer
<Daviey> smoser: well not free, but Colin is adding ssl support to d-i already.
<smoser> and then throw that away in the future
<smoser> i can most definitely grab a *lot* of data through /sys and /proc about a system with nothing more than busybox
 * Daviey loves how the tables have turned. :)
 * Daviey was smoser last cycle, and smoser was Daviey
<smoser> Daviey, we'll, i could agree with you
<smoser> but then we'd both be wrong
<roaksoax> isn't it better to have a live image pxe booted, that runs and grabs the info, and then pushes it to cobbler?
<smoser> what does "live image" mean
<Daviey> roaksoax: yes, but we need to worry about creating, maintaining and passing secure data to it.
<Daviey> smoser: pxe booting a read only minimal image.  aka, bloated image
<roaksoax> yeah
<smoser> doesnt have to be read-only
<roaksoax> Daviey: by secure data you mean cobbler's user/password in order to be able to push that back into cobbler?
<Daviey> I certainly will not block the bloated image approach, as i do think it is cleaner and more extendible.. However, it really needs a solid plan, with clear benefits.
<Daviey> roaksoax: yah
<roaksoax> Daviey: and can't we preseed that or use cloud-init?
<Daviey> roaksoax: well if we go for the bloated image, preseed isn't an option is it?
<Daviey> with the d-i image we can preseed.
<Daviey> cloud-init.. Yes!  That is a good idea.
<Daviey> we'd need to extend the orchestra metadata service tho
<Daviey> (suddenly it's sounding like a significant undertaking, with little end user benefit)
<roaksoax> Daviey: uhmmm not really, we could just obtain a blob of data base64 encoded
<roaksoax> and then decoded on the image
<roaksoax> similarly to what we do with the juju/cloud-init stuff
<Daviey> well sure, but we still need to make and maintain a data service, right?
<smoser> Daviey, not entirely
<smoser> maybe we could just take over the kickstart for this path
<smoser> cloud-inti would hvae bot be extended for a datasource type
<Daviey> "have to be"?
<smoser> then it would just read forom the kernel command line that uesr-data comes from this url (which is its kikstart url)
<smoser> and it consumes it
<smoser> have to be
<Daviey> smoser: How long would that take?
<smoser> but i dont know if cloud-init is necessary or overkill for that little thing.
<smoser> it wouldn't be too bad.
<smoser> its another data source type
<Daviey> utlemming: How long would it take you to fork the livebuild magic to produce a <100MB bootable image?
<roaksoax> but anyways, i think we need to be concerned on extending cobbler to store hw information
<roaksoax> of a system
<zul> Daviey roaksoax smoser: Thats how you expose new things through cobbler:people.canonical.com/~chucks/cobbler/cobbler-cpu-cores.patch
<smoser> i think 100M is unfortunately overly optimistic
<smoser> $ du -hs /lib/modules/$(uname -r)
<smoser> 140M	/lib/modules/3.1.0-2-generic
<roaksoax> zul: Instead of patche item_profile.py you should be patching item_system.py since the system'
<roaksoax> zul: Instead of patche item_profile.py you should be patching item_system.py since the systems, since they are the ones that hold the information of each system
<zul> crap i thought i did that :P
<roaksoax> :)
<zul> roaksoax: but you get the ide
<zul> idea even
<roaksoax> zul: but anyways, if we end up having ocsinventory as a backend, I think we could add a new feature to cobbler to say "system backend is ocs inventory". so it grabs all the hw info from there
<roaksoax> zul: yeah I do, sweeeet
<roaksoax> zul: so I gues you will be working on extending cobbler to store hw info then?
<zul> roaksoax: probably
<Daviey> roaksoax: so one of the *huge* reasons we went with cobbler when we reviewed the options was because we thought it would be easy to extend to make it the heart of orchestra.
<roaksoax> Daviey: which it is
<Daviey> zul: looks like a good patch, and easy to extend, nice work.
<Daviey> zul: I wonder how much work it would be for extensions to be a runtime plugin, rather than patching core.
<smoser> what patch is this ?
<smoser> http://people.canonical.com/~chucks/cobbler/cobbler-cpu-cores.patch
<zul> it would be nice to know what hardware info we need
<uvirtbot> New bug: #888752 in dovecot (main) "dovecot 2 on 11.10 - mysql db access is sortof missing" [Undecided,New] https://launchpad.net/bugs/888752
<the-mgt> if I'm on LTS and run 'do-release-upgrade -d' it's trying to upgrade me to precise
<the-mgt> is there a way to specify a release?
<the-mgt> ahh nm, Prompt=normal
<hallyn> all right, super-friends, tomorrow is a holiday, so i'll see ya'll on monday!
<lynxman> hallyn: enjoy :)
<utlemming> Daviey: sorry I missed your chat...forking livebuild is pretty trivial, but like smoser said, <100MB is going to next to impossiable unless we use a compressed FS or strip out unneeded modules.
<Daviey> utlemming: thanks
<utlemming> Daviey: what are you using the bootable image for
<virusuy> hi
<utlemming> Daviey: I've build a initramfs based boot that used ~100M compressed initramfs before (not Ubuntu though) that booted over PXE. As long as you have sufficient memory, then you could run the root file system out of memory.
<Daviey> utlemming: yeah, did that include python?
<utlemming> Daviey: ah, yeah it did
<utlemming> It was really, really stripped down, and I think it was like 75MB with xz encryption.
<utlemming> Daviey: It was also using a custom compiled kernel, so that helped with the space requirements.
<Daviey> utlemming: that might be worth considering, but i'm concerned about cleanly reproducing and maintaining.
<utlemming> Daviey: actually, I take that back, it was 140M
<Daviey> The concern is also support for unknown hardware, which means we need a rich kernel.
<Daviey> smoser, zul, roaksoax ^^
<utlemming> True...but I would assume that it is things like disk arrays, raid hardware, ethernet, etc. If you drop out the video for linux, 3d acceleration cards, etc., you can save some serious space
<kyconquers> what would be the pros/cons of using exim with cyrus auth vs exim doing auth itself?
<zul> Daviey: im all for it if it can be done easily enough
<Takyoji> Doubt anyone would know, but: know how to disable the 'switch user' option via manually changing it in gconf or a text file?
<utlemming> Daviey, zul: the big problem that I ran into with a large initramfs was that download errors. We saw some problems with TFTP, so we used a patched version of gPXE that had some retry logic.
<zul> yucky
<Daviey> utlemming: In other news, are you able to tackle the keystone MIR - bug 881464 you signed up for? :)
<uvirtbot> Launchpad bug 881464 in keystone "[MIR] keystone" [Undecided,Incomplete] https://launchpad.net/bugs/881464
<utlemming> Daviey: I thought you were going to ask about that...yeah, I'll put that on my high priority list. I got side tracked by UDS and Amazon's new region that just launched.
<Daviey> roaksoax: SpamapS is doing a mysql merge, can you work with him to get it included - or hand off - bug 880339? Thanks
<uvirtbot> Launchpad bug 880339 in mysql-5.1 "AppArmor profile needs update" [Medium,Incomplete] https://launchpad.net/bugs/880339
<Daviey> utlemming: excuses, excuses :P
<Daviey> zul: How is bug 885283 looking?
<uvirtbot> Launchpad bug 885283 in squid3 "please demote squid and promote squid3" [High,New] https://launchpad.net/bugs/885283
<zul> Daviey: need to do the MIR
<Daviey> zul: and bug 879853?
<uvirtbot> Launchpad bug 879853 in munin "Munin upload 1.4.6-1ubuntu1 drops fixes / sponsor debdiff instead" [High,Triaged] https://launchpad.net/bugs/879853
<zul> Daviey: will do the munin tonight after i get back from meeting liams teacher
<Daviey> zul: Great, i think it will be trivial - considering a security member of the MIR team requested it. :P
<Daviey> zul: Ooo, have fun
<Daviey> zul: bug 871278 has landed in upstream trunk now, right?
<uvirtbot> Launchpad bug 871278 in nova "Cannot attach volumes to instances if tgt is used" [High,In progress] https://launchpad.net/bugs/871278
<zul> Yeh
<zul> i think so
<zul> ill upload the nova milestone tomorrow as well
<Daviey> zul: Yeah, it was blocked on Authors file if i saw correctly, now resolved
<Daviey> zul: Great!  It might be good if one of the components, you talk through someone else how to do the process. :)
<Daviey> adam_g: Hey, have you been able to touch cobbler-enlist this week?
<Daviey> zul: In other news, did you see - bug 883988?
<uvirtbot> Launchpad bug 883988 in glance "package glance 2011.3-0ubuntu4 failed to install/upgrade: ErrorMessage: subprocess installed post-installation script returned error exit status 1" [High,New] https://launchpad.net/bugs/883988
<zul> sqlalchemy.exc.OperationalError: (OperationalError) table images already exists u'\nCREATE TABLE images (\n\tid INTEGER NOT NULL, \n\tname VARCHAR(255), \n\ttype VARCHAR(30), \n\tsiz
<zul> that tells me it was a re-install
<adam_g> Daviey: theres a pending MP for bug #868492
<uvirtbot> Launchpad bug 868492 in cobbler-enlist "cobbler-enlist needs to register all interfaces on system, as advertised" [High,In progress] https://launchpad.net/bugs/868492
#ubuntu-server 2011-11-11
<Daviey> zul: Ah, interesting - i assumed an upgrade issue, failure to migrate
<adam_g> Daviey: (tho i just noticed hggdh's comments.)
<Daviey> adam_g: I just added a comment to your facter merge btw
<adam_g> Daviey: yeah, looking at that now. thanks
<zul> Daviey: could be...i dont think glance handles upgrades well
<Daviey> zul: yeah, there was discussion on that recently
<adam_g> im not sure how a glance upgrade from natty -> oneiric would work properly
<Daviey> adam_g: I don't think that had a test case TBH
<zul> adam_g: the packaging will need to have some smarts i think
 * Daviey goes awol
<adam_g>  there were some changes to glance-api.conf mid-cycle that required a section to be added to the middle of the file otherwise the api server stopped working
<bitshift> Hi there, I'm getting a "scripts/Makefile.modpost:42: include/config/auto.conf: No such file or directory" error when trying to compile parts of the kernel (acquired with apt-get source) - what is going on? :<
<qman__> wild guess -- is autoconf installed?
<bitshift> apparently not, though i have build-essential installed - will install autoconf and try again
<bitshift> same error :|
<bitshift> gonna try something 1min
<smoser> utlemming, compressed filesystem is acceptable.
<bitshift> okay now it starts building but hits /bin/sh: scripts/genksyms/genksyms: not found
<smoser> and in my opinion, assuming minimum memory of 256M is ok.
<smoser> i'd say 4G would be fine, but i want to be able to test in a VM.
<twb> smoser: lucid netboot install requires more than 256MB *now*
<twb> I had to allocate another 64MB or so or it would silently fail to install some files, and on reboot it'd get its knickers twisted post-pivot.
<smoser> not more than 256M
<smoser> i know that.
<twb> (Admittedly I can't remember if that was with lowmem)
<smoser> i've booted oneiric in 256
<smoser> with no specific arguments.
<twb> *booting* is of course fine
<twb> I was talking about d-i
<smoser> almost certain i'vve done install
<twb> OK, I'm sorry, I am wrong.  I was using qemu's default, which is 128MB not 256MB
<twb> So I needed at least 192MB to boot and run d-i from network
<smoser> that seems more reasonable.
<twb> Once that was done, lucid would boot and run fine with 128MB
<smoser> kvm default on recent ubuntu is 256 i think
<twb> bitshift: "make deb-pkg" ?
<bitshift> twb: giving this a try at the moment: http://linux.koolsolutions.com/2009/07/05/tip-preparing-your-linux-kernel-sources-for-out-of-tree-kernel-module-compilation/
<bitshift> duno if it applies direct to me but will see
<bitshift> all i need is one module but having to compile all the modules in drivers/net
<bitshift> D:
<twb> bitshift: apt-get build-deb linux-2.6
<twb> If you just want to build out-of-tree modules, install the relevant -dkms package
<bitshift> not doing out of tree modules, just trying to fix the errors that i got which are on that page also
<twb> Why are you reading an article on doing so, then?
<bitshift> because it mentioned the errors I had
<bitshift> and suggested a fix
<bitshift> doesn't hurt to try, right?
<twb> apt-get build-dep linux-2.6; cp /boot/config-NNN .config; make deb-pkg
<twb> bitshift: no it probably won't hurt, I just get annoyed by lots of users stupidly following inappropriate howtos
<bitshift> well i needed a fix, sorry if it makes you mad :/
<twb> Like trying to set up zimbra in lucid by following instructions written for dapper
<twb> bitshift: no worries
<bitshift> seems to be compiling now anyway, slow system so this might take... a while...
<bitshift> is there any way to just build *one* .ko in drivers/net?
<twb> Not that I know of
<bitshift> damn, okay
<twb> You could do something like "make allnoconfig" and then go turn on just that module, but it might compile a bunch of other options out and result in an unhelpful module
<bitshift> yeah i'd rather not risk that
<bitshift> this device might take hours just to do drivers/net
<twb> Turning off debugging (i.e. CFLAGS += -g) in the kernel hacking option will make the build MUCH faster IME
<twb> You might also want to chat with #ubuntu-kernel instead
<bitshift> well if any problems arise i probably will then =]
<bitshift> its just this bloody r6040 module
<bitshift> fgsfds
<twb> Hmm, apt-file says that Debian has that module built, but packages.ubuntu.com won't tell me about it under oneiric/precise
<bitshift> hmm?
<twb> bitshift: you get that module out of the box on Debian
<bitshift> still rocking 10.04.3 on this one
<twb> Ah, OK
<bitshift> got it out of the box on slackware too
<bitshift> but ubuntu, no joy :'(
<twb> Do you realize it's bad juju to just pick up a 3.0 .ko and drop it into a 2.6.32 kernel?
<bitshift> i've not done that...
<twb> It might be OK if you patch the 2.6.32 source to include the r6040 module and then build that
<qman__> network drivers are the sole reason I upgraded my file server from hardy to lucid
<bitshift> its in the 2.6.32 source
<twb> Oh.
<bitshift> lol
<bitshift> using source from my current kernel version
<twb> Carry on then
<bitshift> apt-get source'd
<bitshift> i can't run anything past 10.04 on this without even more modification i think
<bitshift> tried 11.10 server and got a refusal to start due to the lack of the cmov instruction (Vortex86MX)
<qman__> onboard NIC burned out and the replacement I bought wasn't supported in the old kernel
<twb> Maybe apt-file isn't telling me about r6040 in anything below 3.0.0 because there aren't any earlier kernels in sid
<bitshift> ah, well I assure you it's there :>
<twb> Heh yeah
<bitshift> may have to cancel this compile and do it tomorrow, won't break anything if I do that?
<qman__> nope
<bitshift> cool
<qman__> and yeah, ubuntu "i386" isn't really i386, it's i686 with some pretty specific requirements
<qman__> granted it doesn't affect most people
<bitshift> yeah i was kind of sad that i couldnt just run 11.10
<qman__> but it's not spelled out that well until you run into it
<qman__> I have an old K6, had to install the linux-386 kernel
<bitshift> wait what
<bitshift> i dont recall twb leaving
<ruben23> hi guys i just install iptables on my ubuntu serer how to turn it on..any idea..?
<bitshift> wait its right there i cant read
<qman__> iptables is included by default
<bitshift> lol
<qman__> you need only create rules and set policies
<twb> bitshift: tramp bug
<bitshift> qman__: is it actually possible to get 11.10 on something that old then?
<twb> bitshift: I had to pkill -9 emacs
<qman__> yes
<ruben23>  qman__: how to start it..?
<qman__> install from disc if it lets you, then boot live, chroot, install linux-386 kernel
<bitshift> oh right, might have to look into that soon
<bitshift> no the installer wont even start lol
<twb> (It's fixed in HEAD but HEAD introduces a problem with IRC autojoin that ICBF fixing yet.)
<qman__> ruben23, it is started
<qman__> ruben23, sudo iptables -L to show the currently applied rules
<bitshift> twb: emacs for irc? i used that once, didn't much like it
<twb> Emacs is my desktop environment.
<bitshift> LOL really?
<twb> Yes.
<bitshift> wow
<qman__> as an internet troll once said
<twb> Using irssi would be like a GNOME user using kIRC
<qman__> Emacs is a great operating system, but the text editor kind of sucks
<bitshift> lol
<ruben23> qman__:  is thi running already..?---> http://pastebin.com/kRADcAPm
<qman__> yes
<qman__> you have a fail2ban setup applied and not much else
<qman__> FWIW I used to run amarok on a gnome desktop
<bitshift> gonna get some sleep, will probably poke in tomorrow/"later today" and be all "got 99 problems," bye.
<qman__> then they made 2.0, which sucked, and I started using exaile
<twb> qman__: emacs is more a DE than an OS -- consider that it has a standardized widget set and keybindings, libraries for stuff like spelling, a desktop calculator, a bunch of apps, etc.  But it doesn't have hardware drivers, a filesystem, a network stack, resource allocation heuristics, etc.
<twb> Calling Emacs an OS is like pointing at the CRT and calling it the computer
<qman__> fair enough
<twb> Having said that, you can boot movitz (OS) + lice (emacs clone) off a floppy on bare metal x86
<qman__> I've never actually used emacs, I learned vim and have been using it ever since
<skypent> anyone familiar with how to show a blank page (instead of my routers main page) when my server is off?
<twb> skypent: "page" as in HTTP?
<qman__> it appears that your router is trying too hard
<skypent> twb : yes
<qman__> and in that case, it would be your router, not ubuntu, to make that happen
<qman__> though I can't fathom why the server would ever be off
<twb> skypent: what is serving HTTP -- the router, or the server?  And to whom?  Your LAN or the internet?  Are both machines running Ubuntu?
<twb> qman__: because his sister unplugged it so she can plug in the hairdryer
<qman__> my K6 has been online since january
<qman__> about due for a power outage
<twb> qman__: I think the correlation of uptime to penis length is not statistically significant.
<skypent> twb : my ubuntu server is a web server.  As soon as it's on it leads the ip to the main page of my server's /etc/var/www index.html.  When it's off it shows my router's login page.  Just wondering if someone's experience on how to show a blank page when the server is off.
<qman__> that's a function of your router
<qman__> and is a really poorly thought out one, at that
<skypent> :l
<qman__> normal, sane defaults would have the request time out if the server isn't available
<qman__> not hijack the request
<qman__> and with a login page, no less
<twb> skypent: that's your router being "helpful"
<qman__> announcing to the world what router and probably firmware version you're running
<twb> skypent: it can't be fixed from Ubuntu, so you need to talk to your router vendor (or replace the router with an Ubuntu one)
<qman__> it's one step from asking people to own it
<skypent> god damn that router... and it's helpfulness.
<twb> Though FWIW I would run SOHO routers on OpenWRT, not Ubuntu.
<qman__> I use untangle at work
<qman__> my router runs ubuntu though
<qman__> but my router is an ATX desktop with four NICs
<twb> I like openwrt because its has actual packages, so you can e.g. just slap in a USB hdd and "opkg install squid" and bam, you have squid
<twb> And building custom images is reasonably easy.
<patdk-lap> heh, my router is a vmware image
<patdk-lap> and when it was physical, I still only ever ran it with a single nic
<patdk-lap> just can't live without vlans
<qman__> my main goal was performance
<qman__> at the time I was big into counter strike so that came first, did it all by hand
<patdk-lap> never had a reason to push gigabit through my router
<patdk-lap> now some of my servers have quad bonded nics
<patdk-lap> but none of that passes over the router, at that bandwidth
<qman__> made a firewall script to handle port forwarding I'm a bit proud of, though it's trivial for a shell master
<twb> patdk-lap: I rolled out one of those back when C4 was new
<patdk-lap> the only c4 I know of, is explosive :)
<twb> That's PE4
<twb> C4 is CentOS
<twb> Contemporary with Etch IIRC
<patdk-lap> heh
<patdk-lap> mine where all slackware
<patdk-lap> tillI went virtual, then I started with ubuntu 7.04
<skypent> Hello, could anyone go to my ip and see if my router is still broadcasting its login or my actual /etc/var/www contents?  Everytime I go it shows it is, but it might be because of the network i'm on.
<skypent> Kind of pulling my hair out thinking that someone can view the contents of my router... need some piece of mind
<dork> port 80?
<skypent> yeah
<skypent> is it blocked?
<dork> isn't connectable
<skypent> thank god!
<skypent> or... thank you!! ... you are my god... today.
<dork> hah
<skypent> mucha gusta bud
<dork> np
<twb> Assuming he's IRCing from there, of course...
<twb> All 100 scanned ports on 174-23-37-247.slkc.qwest.net (174.23.37.247) are filtered
<skypent> twb what does that mean?
<skypent> out but not in, right?
<dork> i took 'my ip' as in the literal
<twb> dork: eh?
<dork> heh the poor bastard that replaced me when i left my last job
<dork> apparently is hated by everyone
<twb> Because he's an ignorant clown
<dork> he broke the smart host i replaced our old barracudas with a week ago, mail was down an entire week
<dork> my old level 1 guys were IMing me an amusing play by play of it
<twb> dork: presumably because he didn't know to just get the old master.cf out of etckeeper :-/
<twb> Stupid cowboys
<dork> twb: no, it's an amavisd/spamd/clamd quarom w/ postfix, he accidentally turned the bayes filtering on on spamassassin and it wasn't configured at all so it was rejecting every piece of mail for a week
<dork> a weeks worth of free email customer email gone
<dork> lol
<twb> haha
<twb> Pity your users suck enough that you have to parse the 822 bodies
<twb> We do that, but only for one or two users.
<dork> well it's the free accounts that come with internet service so it's all junk anyways
<dork> well junk as in non paying
<dork> lol
<dork> the guy even had the audacity to bitch about 'the guy who set it up' which was me, never even spoke to this guy before and i was jut helping my previous employers out
<dork> talking about how it's a bad idea for a smart host to not give failure receipts for mail blocked for spam
<dork> lol
<twb> badmouthing the last guy is SOP
<twb> I get chewed out occasionally for doing it in front of the customer when the last guy was also worked for my employer
<dork> my new employers love me, the last guy set the bar so low
<twb> Like "some fucking clown thought it clever to hard-code the backup script to look for the backup drive in sde or sdf instead of just using /dev/disk/by-*"
<dork> haha
<twb> dork: we tend to get it in reverse -- because our -fu is strong enough they can usually just call and say "it borked!" and we can fix it while they're on the line, they think they can get by without buying and SLA, or that they can replace us with some indian student straight out of uni
<dork> oh so they hate the new guy
<dork> yeah i dealt with that nonsense too w/ acquisitions
<dork> i'll never look back at having to deal with end users
<dork> actually i'd deal with business customers with SLA's but no residential/SOHO nonsense
<virusuy> hi everyone
<dork> hey virusuy
<tazmania> what is the best vm to use on ubuntu server 10.04 LTS?
<dork> vm?
<tazmania> virtual machine
<dork> you mean for you to host VMs on?
<dork> i guess i don't understand the question
<tazmania> I have already had ubuntu server 10.04 LTS installed and running and I would like to setup a virtual machine on it
<dork> oh
<dork> i don't know what the ubuntu defacto standard is but i use Xen personally
<dork> tazmania: what's the VM gonna be used for ?
<tazmania> the existing ubuntu server is hosting bazaar svn server and I would like to host drupal on the same machine by creating a vm, hopefully, instead of buying another machine
<dork> you can't run both on the same box?
<tazmania> try not to
<virusuy> tazmania: you can use KVM, OpenVZ, XEN, if you need a bare-metal Hypervisor
<virusuy> those runs on Ubuntu
<tazmania> which one is more stable or recommended for ubuntu server
<virusuy> uhmm .. xen or OpenVZ
<virusuy> or you can use Virtualbox, with a Headless configuration
<tazmania> yeah I have come across virtualbox but am not sure if it is suitable or how stable it is
<virusuy> Depends on VM's load
<tazmania> I did a apt-cache search for openvz and it doesn't exist
<dork> i think it's overkill for a drupal cms
<dork> but again i don't know the situation
<tazmania> I have two raid1 drives and quad xeon 3.2ghz and 4gb ddr3
<virusuy> dork: if it's just a CMS
<virusuy> Virtualbox will be ok
<virusuy> tazmania: about how to install openvz on Ubuntu : http://ubuntuforums.org/showthread.php?t=617225
<twb> virusuy: he doesn't have hardware vt?
<dork> tazmania: i think the ubuntu standard is going to KVM
<tazmania> first raid1 has been used for svn and would like to setup drupal on the second raid1
<virusuy> twb: oh, shame on me
<twb> For lucid he should be using kvm
<tazmania> ok. i will investigate further. thanks guys
<virusuy> twb: indeed, thanks for pointing that
<virusuy> tazmania: no problem, good luck
<tazmania> thanks
<tazmania> found this link http://www.howtoforge.com/installing-and-using-openvz-on-ubuntu-10.04
<twb> lucid does not officially support openvz
<twb> It (and xen) were dropped in favour of LXC... which was then disabled :-/
<virusuy> twb: so, we can only install xen
<virusuy> and KVM
<virusuy> right ?
<twb> Well, what I am using is KVM for full virtualization and LXC for jails
<virusuy> nice
<twb> And for LXC running either an old 2.6.32 kernel, or a backport, or a rerolled one to turn LXC support back on
<virusuy> at work we use VMware
<virusuy> but i'm not doing sysadmin task on VMware
<twb> I hate vmware
<dork> i've always used xe
<dork> xen
<virusuy> so, i'm not 'in charge'
<dork> nothing but excellent results
<twb> https://bugs.launchpad.net/ubuntu/+source/linux/+bug/790863
<uvirtbot> Launchpad bug 790863 in linux "Unable to start lxc container after update to 2.6.32-32" [Critical,Confirmed]
<dork> but it has always been rhel xen kernels or xenserver
<virusuy> in fact our VMWare sysadmin complains alot about xen
<virusuy> i dunno why.. just fanboys :P
<dork> virusuy: because it doesn't work with a mouse
<virusuy> dork: probably thats why
<twb> Anyone that needs a mouse to administer a system, is not a system administrator
<virusuy> dork: he's also winadmin
<dork> ^
<virusuy> twb: +1
<dork> he probably needs phpmyadmin
<dork> and WEBMIN
<dork> gasp
<virusuy> twb: tweeting your comment.. epic
<twb> dork: stop it you're hurting me
<dork> lol
<virusuy> do you use twitter?
<twb> No because I am not a 12yo white girl
<dork> haha
<virusuy> twb: you got me!
<twb> See also: "damn kids, get off my c&c milnet"
<roaksoax> Daviey: i have tried to reproduce and doesn't seem reproduceale to me in 2 computers running oneiric
<virusuy> time to sleep
<virusuy> see you tomorrow
<kellnola> hi everyone
<Zanzacar> hi
<Zanzacar> {|@-@|}
<kellnola> ugh, dealing with a client that I replaced disk for in a failed raid1 and the other disk died (not entirely) before the sync could finish
<RudyValencia> Hi, I'm trying to set up WebDAV access based on Linux users with mod_auth_pam, but I can't access it from Windows, and I don't know why it isn't working. Any suggestions?
<RudyValencia> (I want to be able to transfer files to my server without using SCP or FTP.)
<Zanzacar> kellnola: So how are you going to get the data back?
<kellnola> Zanzacar, most of it is there, there's just a lot of media sense key errors
<kellnola> this ticks me off, because we told this person their disk failed months ago and she didn't care to do anything about it. and the the "good" one has failed (partly)
<Zanzacar> I always just laugh because people never want to do any preventative thing its always reactive instead of proactive
<twb> Oh good grief
<twb> in lucid update-grub runs in the postrm of every kernel, so uninstalling twelve kernels is gonna take an extra couple of minutes while it churns through os-prober and such
<twb> And the worst part is, that host isn't even using grub anymore
<twb> Hmm, I should probably wibble kernel-img.conf
<kellnola> they just don't listen
<kellnola> and now for some reason I look bad because the good disk failed on the same day I swapped out the bad one
<kellnola> this is so depressing, that most of our clients don't see the value or can't afford a goddamn server that has hot swappable disks
<Zanzacar> kellnola: I didnt know they had servers with hot swappable disks that pretty impressive. I am kind of new to all this. I am guessing if it is hot swappable that it has to be some kind of raid setup above 0?
<twb> Technically SATA disks are always hot-swappable
<twb> It's only the case that's an issue
<kellnola> uh, most server class machine have that. a disk fails, you slap in the new one, and go. 5 minutes.
<kellnola> this one was a software raid with an lvm on top  of it. it's a process, you just have to know how to deal with it. but you do have to take the server down
<kellnola> to insert the new disk
<twb> kellnola: because the case doesn't have hot-swap bays?
<kellnola> twb, no none
<kellnola> and it wasn't "root" raid and the only disk that could boot was the one that failed ... so ...
<kellnola> and now she is complaining about all this shit and freaking out.
<kellnola> she might want to pay her bills once in a while
<Zanzacar> haha
<kellnola> we have to do all this cheap shit hacky crap for our broke ass non-profit clients
<kellnola> I'm going to bill the living shit out of her
<kellnola> bill her hard
<Resistance> !language
<ubottu> Please watch your language and topic to help keep this channel family-friendly, polite, and professional.
<Resistance> kellnola:  ^
<Zanzacar> are software raids worse then hardware raids?
<kellnola> well, just more of a pain
<Zanzacar> I setup a software raid 1 time and it was a pain, and then when I upgraded I lost the software raid and had no idea of how to get it back haha.
<Zanzacar> it was a semi nightmare but I would think it would be easier if you have done it a few time or know what your doing (unlike me)
<glioros> guys i just restarted my dedicated server.. however it should be noted that i did some changes to the courier imap before restarting it. so the email are not working.. do i need to restart courier imap ?
<glioros> guy please i need an answer i am not receiving emails for 158 sites
<Zanzacar> is there any harm in restarting it?
<Zanzacar> have you tried that?
<Zanzacar> tried it... not that
<glioros> guys anybody online.. really need some help ?
<greppy> just ask your question, if someone is here and can help, they will answer.
<glioros> i changes the imapd settings in particular the MAXDAEMONS and MAXPERIP
<glioros> restart the courier imapd
<glioros> but still the emails are not working
<glioros> any ideas?
<greppy> nope, I haven't kept up on courier.  what specifically is not working?
<OPcwDEbh3> Hi! Recently there was a bug in Apache (rangerequest) which was resolved in release 2.2.21. On my ubtuntu 10.04 apache version is listed as 2.2.14. So this bug is still open in LTS?
<freakynl> Hi, I'm trying to remove old kernels to free up enough space on /boot. Think I have them removed, but dpkg --get-selections still shows a lot of old ones as 'deinstall'. Is there something I'm omitting?
<freakynl> http://pastebin.ca/2093760
<maxb> That's just dpkg remembering that you chose to remove those package names
<maxb> You can use dpkg --forget-old-unavail to prune the list
<maxb> but that's pretty much just a cosmetic difference
<freakynl> I ran aptitude purge <package names>, thx :) Was more wondering if it kept configs behind or something, don't see any other reason to keep them in a list
<betim_> hi, when I installed a server, i setted the option for installing automatic updates, how can I revert that?
<freakynl> hmm what happened to iscsitarget? Upgraded to 11.10 but iscsitarget-module has no candidates available? Should I use another iscsi target?
<uvirtbot> New bug: #888936 in eucalyptus-commons-ext (universe) "eucalyptus-commons-ext version 0.5.0-0ubuntu3 failed to build with openjdk-7" [Undecided,New] https://launchpad.net/bugs/888936
<Daviey> jamespage: How is the complex testing work going?
<jamespage> Daviey: well I've sniffed the openstack-integration tests
<Daviey> jamespage: viable?
<jamespage> well it will be
<jamespage> its a little sparse at the moment and relies on keystone
<jamespage> so we need to address that with the charms
<jamespage> but we should be able to run it against a juju deployed openstack deployment on hardware
<Daviey> well the charms need to start using keystone regardless.
<jamespage> Daviey: agreed
<jamespage> So the immediate focus for the complex testing work will be to get what I have already running on hardware
<jamespage> its works in the cloud now
<Daviey> jamespage: Considering part of the test should also include testing orchestra, could the test case rollout a fresh orchestra server?
<Daviey> on each run?
<jamespage> I think testing the deployment of an orchestra server is a good ISO test case
<jamespage> but I don't want to include it in the complex testing work
<jamespage> its part of the infrastructure that supports complex testing IMHO
<jamespage> it will of course test the juju/orchestra interaction so its a great integration test for that piece
<Daviey> jamespage: Well the main drive for this is testing code before it lands in the archive, orchestra is pretty much developed in the archive.
<Daviey> so yeah, i think your focus sounds good.
<jamespage> great
<Daviey> so it tests, as far as it is a consumer.
<Daviey> i'd like to consider doing a weekly from-scratch test in an automated manner, but perhaps in a different lab
<_ruben> bah .. i'm running into bug #482419
<uvirtbot> Launchpad bug 482419 in ifenslave-2.6 "802.3ad interface bonding fails if started too early" [Medium,Fix released] https://launchpad.net/bugs/482419
<uvirtbot> New bug: #889028 in tomcat6 (main) "upgrade to tomcat6  6.0.28-2ubuntu1.5 failed" [Undecided,New] https://launchpad.net/bugs/889028
<lynxman> Daviey: do you have experience with ubuntu server netboot installs?
<lynxman> I just selected the archive, after that the install screen just sits there idle :/
<lynxman> Daviey: meh nevermind, slow network
<BrixSat> hello, how do i debug wpa_supplicant connection to a wifi network?=
<rbasak> Is it a standard to keep bzr branches in quilt push -a 'd state?
<BrixSat> :)
<BrixSat> can i set the /etc/network/interface  to have my wifi config to connect to my wpa network?
<BrixSat> wireless_send_event--->SIOCGIWAP(disassociated:vMgrJoinBSSBegin Fail !!)
<lenios> BrixSat, you can use /etc/network/interfaces to get wifi
<glioros> guys my emails are not working
<BrixSat> lenios:  and how do i set up my wifi config like ssid and wpa password
<glioros> maybe is that the reason  qmail-queue-handlers[16331]: hook_dir = '/opt/psa/handlers/before-queue' ?
<lenios> you'll need a "wpa_conf /etc/wpa_supplicant.conf" in your interfaces file
<uvirtbot> New bug: #889095 in clamav (main) "package clamav-freshclam 0.97.3 dfsg-1ubuntu0.11.04.1 failed to install/upgrade: AbhÃ¤ngigkeitsprobleme - verbleibt unkonfiguriert" [Undecided,New] https://launchpad.net/bugs/889095
<lenios> and then supply the informations in /etc/wpa_supplicant.conf
<Daviey> lynxman: I think we all have experience with netboot installs. :)
<Daviey> lynxman: HELLO ORCHESTRA
<lynxman> Daviey: sorry, thought it was called something else now, all these name changes got me confused ;)
<lynxman> Daviey: actually it was a fake raid sata card being silly
<Daviey> lynxman: why would you use fakeraid?!
<lynxman> Daviey: I didn't, the stupid card did
<lynxman> Daviey: then I realized and smacked the card
<BrixSat> lenios:  does all go to /etc/wpa_supplicant?
<Daviey> lynxman: great!
<zul> good morning
<jamespage> morning zul
<zul> hey jamespage
<lenios> BrixSat, see http://paste.ubuntu.com/735243/
<lenios> it's what should be in your /etc/wpa_supplicant.conf
<BrixSat> thks lenios__  :)
<lynxman> zul: good moaning :)
<fulcrum> mourning
<raubvogel> If i have a local user in my linux box, how do I make it belong to a group defined in ldap?
<failover2> raubvogel, in your group you can edit the memberUid attr to include the user you want.
<raubvogel> But, if that is a local user, wouldn't that mean an user with the same uid in another machine would belong to the same group?
<raubvogel> user in question is www-data
<failover2> no, in memberUid you put the user uid(username), not the uidNumber
<failover2> i mean, if add www-data in group X, every machine using the ldap server will include www-data in group X
<raubvogel> I see
<zul> lynxman: what happened to the swift upstart jobs you were writing
<lynxman> zul: they're done, did they get included in the package?
<zul> lynxman: i dont think so...is there a bzr branch?
<lynxman> zul: should check, don't have it at hand here :/ will check later
<zul> lynxman: nm found them
<nineteen67comet> Hello. I've been running my own web server (gentoo from 2001-2005, Ubuntu Server 2005-present) and I've never gotten any form of e-mail to work. They are in my home; so I've got the ISP problem, is there a work around?
<lynxman> zul: cool, need some testing, not 100% sure they're hunky dory
<matrix3000> nineteen67comet: Nope, unless you pay for business class.
<matrix3000> Consumer IP address ranges from ISP's are usually on spam block lists around the internet as well.
<matrix3000> This prevents people from getting more bot generated emails
<uvirtbot> New bug: #841853 in swift (main) "Include swift recon scripts in the package" [Medium,Confirmed] https://launchpad.net/bugs/841853
<webPragmatist> hey guys what's the benfit of using reiser?
<webPragmatist> i have an lvm of backups i'd like to be able to reize
<webPragmatist> resize*
<patdk-wk> people still use reiser?
<webPragmatist> patdk-wk:  i just saw it on some howto
<webPragmatist> i was going to use ext4
<patdk-wk> just resize it then
<webPragmatist> but i didn't know if reiser had something to do with the resizing
<patdk-wk> resize2fs
<webPragmatist> patdk-wk: typically on a backup server would you mount /var/backups and throw other server backups in that or do something like create a user called rdiff-backup and store them in the home?
<patdk-wk> wouldn't know
<patdk-wk> I would do whatever the backup software perferred
<webPragmatist> it doesn't seem to prefer anything
<uvirtbot> New bug: #889188 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/889188
<raubvogel> What is the name of the startup script for subversion?
<Zanzacar> I dont know how to word this and I may sound silly but I am going to give it a try.
<Zanzacar> So I was wondering if it is possible to basically have "windows/tabs" in a terminal?
<Zanzacar> such that I could have weechat, elinks, and a base command line all open at the same time.
<Zanzacar> This way I could multitask without having a gui more or less.
<ersi> Zanzacar: What terminal are you using? If it's the standard one "Gnome-terminal", then just press ctrl+shift+n for a new tab
<Pici> Zanzacar: screen
<Pici> !screen
<ubottu> screen is a window manager for terminal sessions, also useful over SSH. The 'byobu' package provides very useful additional utilities. See https://help.ubuntu.com/community/Screen
<Zanzacar> ersi: I wanted to run a terminal only laptop on an old machine, so no gui.
<Zanzacar> Pici I will have to check out screen I knew there had to be something out there.
<ersi> Zanzacar: ah, so you're in console?
<ersi> you can use different tty's, by doing alt+number (0-9)
<ersi> or alt+left/right arrow
<ersi> otherwise I'd say screen, like Pici wrote
<Zanzacar> ersi: I am kind of new to this what is a tty?
<ersi> Zanzacar: It stands for 'terminal' sort of, I think it's related to teleprinting >_>
<ersi> see it as different tabs/sessions
<Zanzacar> I use weechat right now and it uses alt+left/right for switching chat rooms haha
<ersi> hah, d'oh
<Zanzacar> so basically the same idea, but with seperate tty sessions.
<Zanzacar> screen works great thanks guy, I know I can always count on this channel
<ersi> No problem :)
<plm> Hi all...
<plm> people, I'm using ubuntu-server 11.10.. how I add a locale. I want add locale because i wil use  afeature of new postgresql 9.1 for pass ar argument in query for correct locale (collation)
<plm> I tryed add line pt_BR.UTF-8 UTF-8 on file /var/lib/locales/supported.d/local and after #locale-gen and show ok in #locale -a new locale.. but in postgresql sql not works..
<plm> CAP=# select * from test3 order by a COLLATE "pt_BR";
<plm> ERROR:  collation "pt_BR" for encoding "UTF8" does not exist
<plm> LINE 1: select * from test3 order by a COLLATE "pt_BR";
<plm> So I remove line pt_BR.UTF-8 UTF-8 from /var/lib/locales/supported.d/local and #locale-gen and I would like if are there another way to add a locale.. maybe I doing wrong..
<plm> anyone?
<bkerensa> anyone know what the argument for netstat that is that makes hostnames not be truncated?
<jpds> netstat -n
<Flam> Hi, today I tried to sudo apt-get update and I got the error, unknown user: root.  I checked /etc/passwd and, somehow, my root line is like this "Ã¢root:x:0:0:root:/root:/bin/bash"
<Flam> Does anyone know in which log i can find how that happened and how i can fix it?
<matrix3000> can you do a sudo pico /etc/passwd ?
<matrix3000> or sudo vi /etc/passwd
<matrix3000> basically looks like your /etc/passwd got corrupted
<Flam> I can't sudo because my /etc/passwd is corrupted on user root
<matrix3000> have you restarted?
<matrix3000> did anything write to it?
<matrix3000> do a ls -l /etc/
<matrix3000> when was that file last modified
<Flam> -rw-r--r--   1 Ã¢root root    1737 2011-11-11 11:28 passwd
<Flam> i dont know how this happened
<filo1234> Flam: but Ã¢root is only a copy/paste error?
<Flam> no
<filo1234> because you wrote taht two times
<Flam> the 'a' is in the name
<Flam> it got renamed
<Flam> which is why sudo cant find user root
<filo1234> Flam: well this is the problem
<Flam> yes, but how can i find out how that happened
<Flam> and how can i undo it without sudo?  Can i make sudo call user 'Ã¢root' instead of root temporarily?
<filo1234> so this is the mistery
<guntbert> Flam: boot into recovery mode and fix it from there
<filo1234> Flam: use acd live and try to re edit /etc/passwd
<filo1234> cd  live*
<matrix3000> yea, that's what I would suggest
<matrix3000> you need to do like a live cd or someting and try to rewrite /etc/passwd and put the new pass in  there
<filo1234> maybe don't need to change root password
<filo1234> only delete that symbol
<matrix3000> that's what i ment, sorry
<uvirtbot> New bug: #889310 in cloud-live "Ubuntu Cloud instance-store AMI's have 1.4G root volumes" [Undecided,Invalid] https://launchpad.net/bugs/889310
<Flam> For those who said use a live cd or boot into recovery mode, not needed
<Flam> i solved my problem by doing the following: sudo -uÃ¢root nano /etc/passwd
<filo1234> Flam: so was a strange issue
<filo1234> why root becomes aroot is a mistery
<a0lex> hey .. my english is not very well, so i hope u can understand my problem :-) i've installed ubuntu server 11.10 on an old thinkpad.. now my problem is every time i close the screen lid it goes in standby how can i turn it off?
<filo1234> a0lex: do you have isntalled some gui?
<a0lex> no
<filo1234> a0lex: I think that you need to install some powermanager tool
<a0lex> filo1234: okay :-) i will ask google how to install it and so on :-)
<filo1234> a0lex: dpkg -l | grep xset
<filo1234> a0lex: what responds?
<a0lex> nothing
<a0lex> root@ubuntu:/var/www# dpkg -l | grep xset
<a0lex> root@ubuntu:/var/www#
<filo1234> uhm wait
<filo1234> forget it you don't have X naturally :)
<a0lex> have installed  acpi-support  now ..
<filo1234> it isn't a power manager
<a0lex> oh okay =/
<filo1234> a0lex: the problem is that you have a laptop and, obvs a battery power...
<filo1234> otherwise you can disable APM from BIOS
<filo1234> but it uses for battery managment
#ubuntu-server 2011-11-12
<filo1234> oh is gone :( pm-powersave maybe was his goal
<Squidy> hello.. I'm trying to install ubuntu server 10.04 using preseed methods.. however, when the installer is installing the base system.. it stops with an error message about kernel override 'linux-server' not present...  Do you know how to fix that?
<scubes13> I inherited an ubuntu fiesty serverâ¦. I am trying to download the linux-headers for 2.6.22-16-server but us.archive.ubuntu.com fiesty seems to be no moreâ¦ is there somewhere else I may get those updates?
<dork> scubes13: that's some old shit
 * scubes13 nods :(
<qman__> very, very old
<qman__> you're honestly better off installing a new one and migrating the services
<qman__> that's like, three distribution upgrades from lucid, and six from oneric
<qman__> and no, you won't find feisty or gutsy repos online
<scubes13> they're running a much older civicrm install on the same box with custom db.. guess I will just have to dupe the server and see if I can migrate
<qman__> only way to upgrade it at this point is to find the alternate CDs and upgrade from them
<scubes13> ok, thanks dork  ad qman__
<qman__> those versions are nearly 3 years past EOL at this point
<qman__> which is why you should always use LTS for this sort of thing
<qman__> hardy's still in support for a little while, and the upgrade path should be available for a while longer
<scubes13> yah, will be attempting to move the civicrm install and db to a 10.04 box
<scubes13> and will then have to deal with upgrading those apps
 * scubes13 sigh
<Kartagis> hi
<Kartagis> I am trying to start dovecot, no ssl is mentioned in the conf file, and yet the startup error says I do. what to do?
<Kartagis> I am trying to start dovecot, no ssl is mentioned in the conf file, and yet the startup error says I do. what to do?
<Randolph> hi all
<linocisco> hi  we have TP-link wifi CPE and we are offering internet through WiFi . Some paid users are illegally sharing wifi link with home routers. We can't see that sharing from wifi console if they are sharing again with WiFi router in the each home.
<RoyK> linocisco: no, you can't
<RoyK> linocisco: because it's NATed
<RoyK> some ISPs here (in Norway) used to have that sort of rubbish policy 'only one user per internet connection', but they have eventually given up
<RoyK> now they're trying to move people over to 'wireless broadband' as in 3G or 4G where they charge per download amount
 * RoyK has a 60Gbps fiber link at home and shares it with some neighbors without anyone complaining
<RoyK> :)
<air_> RoyK: yay
 * RoyK corrects that to a 60Mbps link :P
<uvirtbot> New bug: #889464 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: subprocess new post-removal script returned error exit status 2" [Undecided,New] https://launchpad.net/bugs/889464
<uvirtbot> New bug: #889149 in openvpn (main) "Ubuntu refuses to restart or shutdown if OpenVPN is running." [Undecided,New] https://launchpad.net/bugs/889149
<mah454> How can understand what user's is online in LDAP ?
<^^robertj> howdy all, is there a way to see what options were compiled into the packaged kernel I'm running?
<RoyK> ^^robertj: /boot/config-`uname -r`
<uvirtbot> RoyK: Error: "^robertj:" is not a valid command.
<^^robertj> RoyK, bah, I forgot I'm _not_ running a packaged kernel :( this is a xen vm instance on linode
<RoyK> ^^robertj: check if there's a /proc/config.gz
<uvirtbot> RoyK: Error: "^robertj:" is not a valid command.
 * RoyK slaps uvirtbot 
<^^robertj> RoyK, that works great ,thx
<robertj> there
<RoyK> not your fault - it's just that stupid bot thinks ^ is a command key, which it shouldn't be so long as nicks can start with that character
<nouitfvf> ^^help
<uvirtbot> nouitfvf: Error: "^help" is not a valid command.
<RoyK> ^guide
<uvirtbot> RoyK: Error: "guide" is not a valid command.
<RoyK> !guide
<ubottu> The Ubuntu server guide may be found at http://help.ubuntu.com/10.04/serverguide/C/
<nouitfvf> ^help
<uvirtbot> nouitfvf: (help [<plugin>] [<command>]) -- This command gives a useful description of what <command> does. <plugin> is only necessary if the command is in more than one plugin.
<jehoshua02> I'm using a variable in a grep statement that contains asterisks. These asterisks expand to the names of files in the current directory, hindering the grep statement from working like I want. Any ideas?
<RoyK> \*
<RoyK> or '*'
<RoyK> jehoshua02: it's the shell doing the expansion, not grep
<jehoshua02> RoyK: I know.
<RoyK> so escape the *
<RoyK> either \* or perhaps double - \\* if single doesn't work
<RoyK> or triple - \\\\*
<RoyK> :P
<jehoshua02> RoyK: That would be fine, but the content I'm grepping is automatically generated. I'm not editing it by hand.
<RoyK> jehoshua02: then use sed or awk or something :)
<RoyK> jehoshua02: it'd be easier to help you if you could pastebin the code you're having problems with
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<jehoshua02> RoyK: here ya go: https://gist.github.com/1360729
<jehoshua02> To make things more complicated, I put a variable in the SEARCH... let me update it for that too.
<jehoshua02> Any ideas? https://gist.github.com/1360729
<RoyK> jehoshua02: erm - I don't quite get it
<Randolph> is there a command line to see only a zombie process ?
<RoyK> Randolph: ps axf|grep Z is a nice start :)
<RoyK> and some awk magick to search only column $3 should do it
<lenios> ps -el | grep 'Z'
<Randolph> RoyK, thank it is OK, I am stupid, it was so simple ...
<RoyK> jehoshua02: as for that script, I think I would have chosen to write it in something else - shell scripting is very basic...
<Randolph> so the process was zmlogger on my ubuntu server 10.04
<RoyK> Randolph: imho zimbra should always run on a dedicated server or vm
<Randolph> RoyK, that's the case
<RoyK> that's the official zimbra recommendation as well...
<RoyK> ah - ok
<Randolph> I know it
<RoyK> which zimbra version?
<jehoshua02> RoyK: hmm... the eventual goal is to pipe the filtered output to another cli utility.
<Randolph> RoyK, 7.0.1.3
<Randolph> RoyK, sorry 7.0.3
 * RoyK is still on zimbra 6 on hardy...
<RoyK> jehoshua02: use perl :)
<Randolph> RoyK, sorry
<RoyK> or python or php or - whatever :)
<Randolph> RoyK, i made Ã  mistake with my keyboard, it is 7.1.3
<RoyK> np
<jehoshua02> RoyK: python and php are installed. I know PHP well enough I should be able to come up with something, although I've never used it for anything other than web development.
<jehoshua02> I give it a whirl.
<Randolph> RoyK, I have made some updates and I have done a reboot my server (my own server not a production server, I am not crazy ;)  )
<Randolph> RoyK, after reboot the zmlogger was in a zombie state
<RoyK> jehoshua02: oh
<RoyK> Randolph: sure it wasn't initialising something?
<Randolph> RoyK, I do not think so because it was late after restarting
<jehoshua02> RoyK: I was also trying to avoid strange workarounds in this bash script that I'm putting together for use on various machines.
<RoyK> jehoshua02: do you have test file for me - lines.txt?
<Randolph> RoyK, look at this , just before zmloggerctl restart : 1986 ?        Z      0:00  \_ [zmlogger] <defunct>
<jehoshua02> well, strange as in requiring too many utilities outside of bash.
<RoyK> Randolph: dunno - ask on #zimbra - it may even be ok
<jehoshua02> Yeah, both files should be there: https://gist.github.com/1360729
<RoyK> ah
<Randolph> RoyK, OK sorry, but it was not really a question
<RoyK> jehoshua02: cat $FILE | grep -i -v "$SEARCH" - or grep -iv "$SEARCH" $FILE
<RoyK> remember those double quotes
<jehoshua02> RoyK: I've been playing around with the quotes...
<RoyK> jehoshua02: also, if you want a direct grep without wildchars, try fgrep
<RoyK> fastgrep - doesn't allow wildchars
<RoyK> well, doesn't use them anyway
<jehoshua02> good to know.
<RoyK> grep won't expand *, it'll treat it as part of a grep regexp
<RoyK> fgrep won't
<jehoshua02> just reallized my test file should have said line to match the SEARCH.
<jehoshua02> I fixed it.
<jehoshua02> Trying it again.
<jehoshua02> Nice. fgrep seemed to do the trick.
<RoyK> hm... I'm on a rather BAD link now, and so far I've only used virt-manager to manage my VMs - how can manage these from the console?
<JanC> RoyK: there is virsh
<RoyK> JanC: thanks
<JanC> it's sort of a shell for libvirt management
<RoyK> yeah, can see that :)
<JanC> there are also some virt-* tools for image management etc.
<JanC> RoyK: libvirt also has Python bindings, so you can script things yourself if needed
<RoyK> seems python is about to take over whatever world perl used to dominate only a few years ago...
<JanC> well, Python has been around for quite some time really  ;)
<JanC> and there are also ocaml & rub bindings
<JanC> ruby
<RoyK> JanC: sure, but it hasn't really gained dominance before, say, the last 5 years or so?
<RoyK> scipy+numpy is really neat, though
<JanC> depends on your fields of interest, I guess
<JanC> Python has always been huge in the graphics community
<JanC> e.g. I think all the font editors (both commercial and open source) have supported Python scripting for years
<RoyK> "Python 2.0 was released on 16 October 2000" <-- there wasn't much before that, was there?
<JanC> (partially because Python's inventor's brother is a typographer and typography software developer :P )
<RoyK> ah
<JanC> RoyK: Just van Rossum is Guido van Rossum's brother... https://en.wikipedia.org/wiki/Just_van_Rossum
<RoyK> k
<JanC> and they wrote some of the most popular add-ons for font design using python, and extensible with python (he probably used it because his brother designed it, but his use probably also influenced Guido for some language design decisions)
<JanC> Python is also quite common in the 3D world
<RoyK> some scientists at work have started to replace IDL and MATLAB with scipy - a bit more open and a wee bit cheaper :P
<JanC> hehe
<JanC> yeah, they have being around in that area for quite some time too
<JanC> s/being/been/
<JanC> although I think Perl was used in that area as well?
<RoyK> yeah, but according to the people I've talked to at work, the progress is still high, in such that they can't use the lucid packages
<RoyK> maybe - but perl deserves the name "pathologically eclectic rubbish lister" (although I have to confess I like it a bit)
<JanC> there is actually a company building IDEs & libraries for scientists based on SciPy
<JanC> and most of that is open source and in ubuntu
<RoyK> erm - what's the name of that IDE again?
<JanC> but as you say, they might be lacking the latest versiosn in the oficial repositories
<JanC> the company is named Enthought
<JanC> http://www.enthought.com/
<RoyK> spyder is the one I'm thinking of
<RoyK> JanC: strange - couldn't find it in the list here http://wiki.python.org/moin/PythonEditors
<JanC> well, I'm not sure it's really a different editor
<JanC> but they bundle up a lot of stuff + provide some of their own libraries
<e-DIO-t> tira leva
<e-DIO-t> wrong ch
<jehoshua02> RoyK: http://stackoverflow.com/questions/878600/how-to-create-cronjob-using-bash/8106460#8106460
<uvirtbot> New bug: #889620 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/889620
<swharper> trying to configure a raid a fresh server install
<swharper> http://dl.dropbox.com/u/3136063/ubuntuinstall.jpg   <---current partition table
<swharper> this hangs at boot though
<swharper> i have 9 drives
<swharper> 8 are for the raid, one for the OS
<swharper> scsi23 is the usb disk with the server installer
<twb> I bought a UPS and hooked it up to nut 2.4 (lucid); on Friday after I went home, it's status changed from OL to OL CAL.  What does the CAL mean?  Google is unhelpful.
<twb> Secondly, it sat at 86Â±2% charge for a week, and when CAL came up, it dropped to 58%-ish -- if its on mains why isn't it charging to 100% ?
<patdk-lap> bad batteries?
<patdk-lap> cal probably means it's in calibration mode
<twb> It's a new ups :-/
<patdk-lap> but I could never find crap that nut supported so gave up on using nut
<twb> Ah *calibration*
<twb> patdk-lap: what do you use instead, wishful thinking? :P
<swharper> anyhow know anything about raid configuration
<swharper> ?
<twb> swharper: mdadm?
<matrix3000> yea
<twb> !anyone
<ubottu> A high percentage of the first questions asked in this channel start with "Does anyone/anybody..." Why not ask your next question (the real one) and find out? See also !details, !gq, and !poll.
<matrix3000> swharper, what are you trying to do with raid?
<swharper> well im trying to set it up during the install
<swharper> here is the current config (all drives below scsi9 are configured identically
<swharper> http://dl.dropbox.com/u/3136063/ubuntuinstall.jpg
<swharper> im trying to partition these drives and still install the OS
<swharper> but when I do, it hangs during boot
<matrix3000> where does it hang at boot?
<swharper> shitâ¦VDI check i believe
<swharper> if tahts the correct acronym
<swharper> i want the OS installed on SCSI2
<swharper> or 4, doesnt really matter
<matrix3000> take that flash drive out
<matrix3000> unplug it for the time being
<matrix3000> what kind of raid are you trying to do?
<matrix3000> RAID 1 with a RAID 5?
<swharper> raid 6
<swharper> its just a media share
<swharper> the flash is the install .img
<matrix3000> well SCSI2 and SCI4 are difference sizes than the others so im assuming that isn't raid
<matrix3000> you want to use SCSI2 for your grub right
<swharper> scsi 2 & 4 arent raid
<matrix3000> you need to mark that as ext4 /
<swharper> they're ext4
<matrix3000> ok sweet
<matrix3000> so SCSI2 needs ext 4 with a mount point /
<swharper> scsi9,10â¦etc are raid
<swharper> ok, yeahâ¦it had a mount point before but when i installed it its now gone
<swharper> ill try redoing it
<matrix3000> and then mount point your RAID6 for /home or something
<matrix3000> if you want the os on the SCSI2 your /boot needs to be on it i believe
<matrix3000> that or /
<swharper> i have it paritioned automatically now
<swharper> which sets the mount point at /
<swharper> what should the raid be set at
<swharper> do not use?
<swharper> swap?
<patdk-lap> twb, normally I use two things, if apc, I just use the apc software
<patdk-lap> if tripplite, I'll just use some scripts I wrote
<matrix3000> swharper: i put swap on all the drives
<swharper> k
<swharper> its goin....
<swharper> actually i bet it freezes at "starting up the partitioner"
<swharper> right now sitting at 50%
<erichammond> Opinions on the simplest/cleanest way to send an email message from the command line on a fresh Ubuntu server?  Installing postfix and feeding the message to /usr/sbin/sendmail seems heavy, though it does take only a couple lines which is important for this demo.
<swharper> yeah i think its freezing at the partitioning
<swharper> i dont get this
<uvirtbot> New bug: #889641 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/889641
<pmatulis> !ssmtp | erichammond
<pmatulis> !find ssmtp
<ubottu> Found: ssmtp
<pmatulis> whatever, erichammond â¤´
<patdk-lap> heh, any nullmailer would work
<patdk-lap> they all have different features depending on if you need sasl auth, spooling, ...
<erichammond> pmatulis: Thanks.  At first glance it looks like ssmtp requires a hardcoded upstream SMTP server.
<erichammond> I'm hoping to be able to provide a generic example where somebody could run a script on a fresh Ubuntu instance on EC2 to send an email to themselves with the only parameter being their email address.
<patdk-lap> erichammond, ya, they all will require a smtp relay host, unless you run a full blown email server
<swharper> waitâ¦.actually it may be building the array
<swharper> the lights are flickering
<swharper> how long, roughly, would it take to create this partition?
<swharper> 6tb raid 6
<swharper> arry
<swharper> array
<erichammond> patdk-lap: Thanks.
<patdk-lap> swharper, how large are the drives? how many drives?
<patdk-lap> and what speed cpu?
<swharper> 7 drives 1.5tb eacvh
<swharper> er 6 drives rather
<powell> ukq@aol.phrack
<powell> Amet etiam feugiat quis primis litora
<powell> phreak
 * powell ! unknown port
<patdk-lap> powell, probably a good 12hours or more
<powell> on linux ?
<patdk-lap> on anything
<powell> gnome
<patdk-lap> you have to read and write out all 7*1.5tb of data
<powell> yea
<swharper> k
<swharper> cool
#ubuntu-server 2011-11-13
<dravekx> hello
<uvirtbot> New bug: #889689 in nagios3 (main) "E: nagios3-common: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/889689
<dravekx> what's a good firewall for 11.10 ?
<ropetin> dravekx: iptables doesn't do it for you?
<dravekx> Is that installed with a fresh install?
<ropetin> Yup, its part of the standard build
<dravekx> ah nice. I did not know that. ty.
<ropetin> Tricky to configure though if you're not sure what you're doing.  I love the ufw front end for basic configs
<dravekx> well, I was looking at shorewall, but someone in #linux said iptables also.
<dravekx> if it's part of the build, I should be fine. it's a home server. :)
<ropetin> ufw is the way to go then.  Google for 'ufw howto' or something like that
<dravekx> great. ty
<ropetin> https://help.ubuntu.com/community/UFW
<dravekx> great! works perfect.
<nyukka> hello
<jehoshua02> Trying to come up with a scriptable way to configure mysql databases to be stored in an alternate location, for both storage space, and disaster recovery reasons.
<jehoshua02> Any ideas?
<ninjix> jehoshua02: puppet their /etc/mysql/my.cnf
<ninjix> I have a few even set to use rsync into ramdisk
<virusuy-away> jehoshua02: yes, take a look at /etc/mysql/my.cnf .. search for datadir
<ninjix> just don't forget to puppet the Â /etc/apparmor.d/usr.sbin.mysqld too if you're running apparmor
<virusuy-away> if you have some issues with storage, change your datadir folder and use any backup system (rsync, bacula,etc.) for backup that DB
<jehoshua02> virusuy-away, ninjix: thanks. I looked into changing the datadir in my.cnf, but there's no (simple) way to script this. So my next idea was to leave it along and mount a folder ontop of the /var/lib/mysql/ datadir. But I think apparmor is hindering writes. Not sure. I'm unfamiliar with apparmor.
<ninjix> have your considered scripting the datadir by using a file in the /mysql/conf.d folder?
<ninjix> you could override the property in the master my.cnf
<jehoshua02> ninjix: I came across that but don't remember why I didn't look into it further...
<ninjix> I wish someone on the community take on the effort spreading the current default mysql my.cnf into more little files. Make it less monolithic with more include folders.
<jehoshua02> ninjix: This guy seems to have figured it out, and it had to do with apparmor, but it's not clear to me how he resolved the issue, or if it's scriptable: http://serverfault.com/questions/227565/moving-mysql-datadir-not-working-problems-with-symlink-in-conf-d
<jehoshua02> ninjix: I mean, I understand that the datadir ought to be highly guarded, but this just seems silly.
<jehoshua02> This looks promising: http://www.ubuntugeek.com/how-to-change-the-mysql-data-default-directory.html
<ninjix> we'll, I refrain from commenting on apparmor or selinux usefulness :)
<ninjix> both of those guides look fine to me
<ninjix> the important thing is to get the permissions correct on the directory
<ninjix> how are you planning to script this?
<jehoshua02> true. -rwx------ mysql mysql?
<ninjix> you using something like Chef for Puppet?
<jehoshua02> ninjix: not even.
<jehoshua02> ninjix: just plain old shell script.
<jehoshua02> #!/bin/bash
<ninjix> hah.. old school sys ops
<ninjix> we'll just make sure you have some logical tests for checking paths exist and permissions are correct
<jehoshua02> I don't consider myself a sys admin. I'm doing this because that's how badly I want a server for my web development projects.
<jehoshua02> However, I'd really like to know how to add more storage and processors when needed. What do they call that? Clustering?
<ninjix> how many servers you planning to use in your development pool?
<jehoshua02> ninjix: right now I only have one.
<jehoshua02> But you know how it goes . . .
<jehoshua02> some guy does something cool out of his garage... it goes viral ... then he has to sell it because he can't maintain it any longer. I'd prefer to avoid that fate.
<jehoshua02> And cling to my invention with my life!
<jehoshua02> :)
<ninjix> that's why we have ubuntu clouds :)
<jehoshua02> ninjix: right now I don't really have a budget for anything.
<ninjix> I'm a big fan of KISS and aways reminding devs not to get overly complex with infrastructure too early on.
<ninjix> MySQL's default install in Ubuntu is excellent for getting an idea off the ground
<ninjix> it will give you plenty of mileage and when the time comes its not too hard to figure out how to scale out your boxes these days. It's a well traveled road.
<jehoshua02> ninjix: keeping all my valuable data separate from all the software muck is all I'm really trying to do at this point.
<jehoshua02> ninjix: I'll worry about clustering, redundant storage, load balancing later.
<ninjix> :)
<airtonix> mysql is pretty poor tbh
<qman__> yeah, if you want to scale beyond a couple servers, it's a bad choice
<qman__> it's fine to work with on one server, but don't get too attached to any mysql-isms if you want to scale later
<jehoshua02> airtonix, qman__: I'm curious how you would solve my problem of keeping my data separate from everything else?
<jehoshua02> I think it's silly I can't just mount a folder right ontop of the datadir and not have to mess with apparmor.
<uvirtbot> New bug: #889732 in samba (main) "package samba 2:3.5.11~dfsg-1ubuntu2.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1" [Undecided,New] https://launchpad.net/bugs/889732
<virusuy-away> jehoshua02: but what about changing datadir option in my.cf ?
<jehoshua02> virusuy: I've thought about that, but I'm still extremely curious why mounting on top of the current datadir doesn't work.
<virusuy> did you try ?
<virusuy> mount on top of current datadir
<jehoshua02> virusuy: yes.
<virusuy> any error or log or something ?
<jehoshua02> virusuy: something like this: https://gist.github.com/1361763
<jehoshua02> virusuy: let me rewind a bit and try it again, and post the error I'm getting.
<virusuy> ok
<virusuy> jehoshua02: what is "sf_mysql_data"
<virusuy> ?
<jehoshua02> It's the name of the virtualbox shared folder.
<jehoshua02> I'm mounting two other sf's exactly the same way, and they work just fine.
<jehoshua02> read and write.
<virusuy> ok, rewind and see which error you got
<jehoshua02> virusuy: I'm thinking this is a permission/apparmor issue, but the wierd part, is that I'm not moving the datadir, and I'm using exactly the same permissions that were there before the mount.
<jehoshua02> k
<virusuy> jehoshua02: could be,
<virusuy> jehoshua02: can you pastebin here the output of aa-status command ?
<virusuy> just execute aa-status in command line .
<virusuy> that command will show you the status of apparmor.
<jehoshua02> sure, give me a minute...
<jehoshua02> one thing I noticed so far, is that my perms are different: I'm using 700, and most of the mysql files are 660. No x.
<jehoshua02> stinker. How do I copy the contents of the directory but not the directory?
<jehoshua02> virusuy: https://gist.github.com/1361763#file__error_cp
<jehoshua02> virusuy: after the mount, I can't write to the directory.
<virusuy> jehoshua02: googgling seems an issue with vbox
<jehoshua02> virusuy: however, I'm mounting two other shared vbox folders, one for git repos, and another for www, and I can read write to them fine.
<virusuy> jehoshua02: oh, then shouldn't be problems
<jehoshua02> https://gist.github.com/1361763#file_aa_status
<jehoshua02> virusuy: There is an aa profile for mysqld...
<virusuy> jehoshua02: yes
<virusuy> take a look at /etc/apparmor.d/usr.sbin.mysqld
<virusuy> that's mysqld's profile
<jehoshua02> virusuy: is there an aa config against mounting?
<virusuy> jehoshua02: let me see
<jehoshua02> virusuy: https://gist.github.com/1361763#file_etc_apparmor.d_usr.sbin.mysqld
<jehoshua02> /var/lib/mysql/ r...
<virusuy> yes
<jehoshua02> I'm unfamiliar with apparmor syntax. Does that mean no writing directly under /var/lib/mysql?
<virusuy> that's means... mysqld will use that folder with read permissions
<jehoshua02> But /var/lib/mysql/** rwk, means?
<virusuy> read and write for any file in that folder
<jehoshua02> virusuy: what's the k?
<virusuy> file locking
<jehoshua02> virusuy: does any of this prevent root from copying files to /var/lib/mysql?
<virusuy> i don't see any rule
<virusuy> but, let's test something
<jehoshua02> virusuy: turn off apparmor?
<virusuy> just for a second
<virusuy> and see if that's the problem
<virusuy> if it is, turn on apparmor
<virusuy> if not, also turn it on
<jehoshua02> sudo /etc/init.d/apparmor stop?
<virusuy> yes
<jehoshua02> https://gist.github.com/1361763#file_stop_apparmor
<jehoshua02> virusuy: selinux too?
<virusuy> jehoshua02: yes, remember to turn them on again
<jehoshua02> let's see . . . echo 0 > /selinux/enforce?
<jehoshua02> virusuy: There's always at least 5 ways to do these things.
<virusuy> jehoshua02: yes
<jehoshua02> :)
<jehoshua02> I guess it's backup. If we forget how to do it one way, we'll remember another.
<virusuy> rsync between /var/lib/mysql and destination folder is the easiest way
<jehoshua02> https://gist.github.com/1361763#file_stop_selinux
<virusuy> is your SF mounted ?
<virusuy> right ?
<jehoshua02> I'm getting mixed results...
<jehoshua02> wait, hold on...
<virusuy> ...
<jehoshua02> sorry it took so long: https://gist.github.com/1361763#file_proper_mounting
<virusuy> so ...
<jehoshua02> You'll see that I list the contents first, then cat/grep out the fstab entry, then apply the mount, then list again to show the difference.
<virusuy> yes
<jehoshua02> mounting is working.
<virusuy> nice
<virusuy> but if you touch
<virusuy> touch a
<virusuy> in /var/lib/mysql
<virusuy> works?
<jehoshua02> I can't write whatsoever...
<virusuy> :-\
<virusuy> i'm out of clue
<virusuy> clues*
<jehoshua02> Should root be able to write? even when mysql is owner?
<jehoshua02> I know, wierd right?
<virusuy> yes , otherwise you could be "locked out"
<virusuy> root is basically... god
<jehoshua02> http://images.daniweb.com/customavatars/avatar152410_5.gif
<virusuy> lol
<virusuy> i guess you will end up with a nice and shiny rsync script :-D
<jehoshua02> I'm afraid I'm too stubborn to give up until I know why it doesn't work.
<jehoshua02> I guess I'll have to give it a break.
<jehoshua02> http://images.daniweb.com/customavatars/avatar152410_5.gif
<virusuy> jehoshua02: that is a god idea
<jehoshua02> Or else I'll end up like this guy.
<jehoshua02> http://images.daniweb.com/customavatars/avatar152410_5.gif
<virusuy> lol
<virusuy> well, it's 6:38 am here in Uruguay
<virusuy> so, i must be in bed right now
<jehoshua02> (freekin funny right? I love it.)
<virusuy> also today is my birthday
<virusuy> so... see you around
<jehoshua02> It's 12:39 and I got church -- happy b-day! yeah, thanks for trying to figure it out with me.
<uvirtbot> New bug: #681724 in libcgroup (universe) "cgroup-bin package installs with errors (failure to parse /etc/cgconfig.conf)" [High,Fix released] https://launchpad.net/bugs/681724
<Dulcin> is anyone familiar with senderid/spf records?
<koolhead17> hi all
<dsirijus> how can i install additional locales via cli?
<dsirijus> i remember having ncurses gui somewhere for that
<RoyK> dsirijus: iirc locale-gen <somelocale>
<RoyK> given you have language-pack-xx-base where xx is that language ...
<dsirijus> RoyK: i don't know exact name of the locale, nor how to setup default locale
<dsirijus> iirc, the ncurses gui was shown on dpkg-reconfigure locales
<dsirijus> now it's not
<RoyK> dsirijus: google for LC_ALL etc - the locale is usually set per user
<RoyK> but start with installing the language pack
<RoyK> or start out finding the names of the locale :P
<dsirijus> yeah, the last time i tried to do all that by hand, all got screwed
<dsirijus> that's why i'm trying to recall which was this gui (cli gui) which set it all up nicel
<dsirijus> y
<dsirijus> RoyK: i'm basically having issue with putty displaying characters
<RoyK> just did a test here
<RoyK> langpacks="";for i in nb nn de sv da; do langpacks+="language-support-$i "; done; apt-get install $langpacks
<RoyK> that install language support for scandinavian languages +german
<koolhead17> :)
<RoyK> the locale is usually two letters
<dsirijus> yeah, found my locale
<dsirijus> but!
<dsirijus> :)
<dsirijus> i think it's the putty issue
<dsirijus> now, how to remove locale?
<dsirijus> :D
<RoyK> it's rarely a puty issue
<RoyK> try export LC_ALL=yourlocale.UTF-8
 * RoyK needs food
 * koolhead17 drops RoyK inside becon well
<uvirtbot> New bug: #889812 in samba (main) "package samba 2:3.5.8~dfsg-1ubuntu2.3 failed to install/upgrade: ErrorMessage: package samba is not ready for configuration  cannot configure (current status `half-installed')" [Undecided,New] https://launchpad.net/bugs/889812
<chroot> hi, how to use vmbuilder create a VM on server .
<muszek> hi... I'm getting a "truncate: not found" error... which package contains it?
<muszek> or which package do I install to have bash give me the "install X to have this package" tips?
<muszek> or which package do I install to have bash give me the "install X to have this file" tips?
<qman__> well, it's on all my lucid boxes and the hardy box doesn't have that feature
<qman__> trying to remember the dpkg switches to find what it's in
<qman__> ah
<qman__> ryan@mediaopty:~$ dpkg-query -S `which truncate`
<qman__> coreutils: /usr/bin/truncate
<koolhead17> Daviey,
<RoyK> chroot: if you're new to VMs on linux, virt-manager is probably the easiest
<Daviey> koolhead17:
<koolhead17> RoyK, wassup dude
 * koolhead17 bows to Daviey 
<jtran> hey all.  i'm trying to setup a pxe server so that i can launch an installation over the network w/ out dvd media.  so i followed the instructions to do a netboot installer, which when i start the client machine it gets to the installer just fine.  however my problem is that the netboot initrd doesn't allow me to choose my own custom local network mirror.   it only gives me the archive.ubuntu as a selectable option.
<jtran> any ideas?
<jtran> i might add, altho i'm doing netboot, i'm not using preseed for automated install just yet, i'm interactively installing
<arooni-mobile> how do i make the default editor vim; and not nano or whatever it seems tob to be now ....
<jtran> arooni-mobile, export EDITOR=vim <--- in your $HOME/.bash_profile
<jtran> and or at the cmd line, type that.
<arooni-mobile> i'm trying to come up with ways to make my terminal sessions more useful.  usually i open a few different tabs on terminals... any tips you folks have for making your ssh terminal work more useful?
<arooni-mobile> how can i make it so that bash is automatically loaded as my shell?
<Patrickdk> chsh
<qman__> arooni-mobile, update-alternatives
<qman__> for the first question, that is
<qman__> the second, change it in /etc/passwd or use chsh
<RoyK> arooni-mobile: and change /etc/default/useradd to bash if you want that for new users as well
<arooni-mobile> how would i make tmux start upon ssh login to my server?  i'm using bash if it matters.
<virusuy> arooni-mobile: do you mean , start tmux when you login trhough ssh ?
<arooni-mobile> virusuy, exactly
<virusuy> arooni-mobile: uhmmm take a look at your .profile file
<virusuy> in your home folder
<arooni-mobile> i esentially cant see a time where i wouldnt want to do that each time i login
<arooni-mobile> unless i'm missing somethiing
<virusuy> .profile is loaded everytime you log in
<Kiall> ubuntu seems to be pushing byobu over tmux ..
<shauno> I have 'if [ $TERM == "xterm" ]; then tmux attach; fi' at the end of my bashrc.  I found if you don't check for a sensible $TERM, you can break things (I think rsync in particular)
<Kiall> Kinda getting used to byobu .. Its enabled by default on all the EC2/UEC/Cloud images now...
<RoyK> hm.. tmux or screen? is tmux any better?
<wakejagr> i installed ubuntu server on a machine with no network connection.  how can i stop the startup scripts from waiting for network configuration?
<jrwr> under lucid's kernel, how do I enable the disk buffer
<jrwr> It somehow got turned off
<patdk-lap> disk buffer?
<patdk-lap> exactly what is the disk buffer?
<jrwr> yes, the "normal" disk buffer that Linux normaly has on
<patdk-lap> there is a vfs read cache, and vfs write buffer
<patdk-lap> but those are not disk buffer
<patdk-lap> there are also disk buffers on your drive and raid cards
<patdk-lap> and how you control them depends on the drive/raid
<jrwr> Guess Im looking for the filesystem buffers
<RudyValencia> I'm trying to set up a Windows XP PXE installation using Linux as the server (not Windows' RIS or WDS), but I can't get it to recognize my NIC, despite integrating the drivers in my setup folder; why?
<jrwr> patdk-lap, How I figured its off is the very slow disk reads and no buffers nor cache when "free" is ran
<patdk-lap> I'm not sure it is possible to turn it off
<patdk-lap> except to tune it
<patdk-lap> but normally you shouldn't except much write buffer usage
<patdk-lap> as it should be written
<patdk-lap> cache usage grows over time
<jrwr> its zero at the moment
<patdk-lap> well, post your free -m output
<jrwr> http://pastebin.com/MGGubS7F
<jrwr> thats without -m
<jrwr> http://pastebin.com/ZnSzpPAp <- with free -m
<patdk-lap> odd
<patdk-lap> unless you tuned the amount of free ram you wanted
<patdk-lap> and it has no ram left for buffers/cache
<jrwr> mope
<jrwr> never used sysctrl on this system
<RoyK> jrwr: what sort of system is this?
<jrwr> Ubuntu - Lucid, VPS with OpenVM
<RoyK> jrwr: I've seen similar thing on embedded stuff
<RoyK> that's about it
<RoyK> and btw
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<RoyK> pastebin.com is an ad havoc
<jrwr> lol, I use pastebinit from the repos thats all
<RoyK> you did?
<jrwr> yes
<RoyK> damn - someone should fix that...
<jrwr> Lucid repos still have it going to pastebin.com
<RoyK> yeah, I just checked
<patdk-lap> oh, openvm
<patdk-lap> I don't think that works for openvm
<RoyK> so does maverick
<patdk-lap> cause you aren't in conrtol of the kernel, your using the host kernel
<jrwr> ah
<patdk-lap> yep, it's a vps thing
<patdk-lap> it doesn't show
<jrwr> well i guess I shot my self in the foot with a crap VPS Provider
<patdk-lap> no, all vps providers would be that
<patdk-lap> you need a vm provider if you really want that
<jrwr> no, the disk speed is still crap
<jrwr> ps aux takes about 2 minutes to print anything
<jrwr> anything not FS based is fine
<RoyK> bug 648298 - seems someone has released a fix for pastebinit...
<uvirtbot> Launchpad bug 648298 in pastebinit "pastebinit should use paste.ubuntu.com by default" [Wishlist,Fix released] https://launchpad.net/bugs/648298
<RoyK> jrwr: hehe - seems they don't sell for quality, then :P
<RoyK> jrwr: how much do you pay per month for that VPS?
<jrwr> RoyK, 130 for 1 year
<jrwr> 1TB of BW a month, 50GB disk,
 * RoyK wonders if that machine can possibly sustain 1TB/m with that i/o performance
<RoyK> s/\/m/\/mon\/
<RoyK> \o/
<RoyK> og - and btw, if anyone cares, pastebinit is configurable in $HOME/.pastebinit.xml - it's all documented if you know sufficient python to RTFS :Ã¾
<patdk-lap> royk, if it's configurable, doesn't matter, if it's not default :)
<patdk-lap> 130/year? that sounds like the going price for crap vps's
<patdk-lap> about 11 a month
 * patdk-lap wonders if that is in usd
#ubuntu-server 2012-11-05
<keithclark> maybe scrap?
<keithclark> I unplugged, revbooted and plugged back in.  No access to the drive though
<keithclark> This is messed up
<escott> :-/
<keithclark> Windows is much easier!
<escott> keithclark, whenever anyone says that i always ask "have you ever actually tried to install windows"
<keithclark> Yup
<keithclark> I've installed Windows from 3.1 and up.  OS/2 as well
<escott> i guess its what you are used to then
<keithclark> yup but doesn't help me here
<escott> keithclark, if you can be more specific about the errors when you try to boot we can try to offer suggestions
<keithclark> I told you the error on bootup
<escott> keithclark, "no accesss to the drive" that one?
<escott> a little more context would help
<escott> when do you see that during the boot
<keithclark> It is stuck at 'mountall:  fsck /boot .....'
<escott> keithclark, yes, and then you tried the install cd and what did it say
<NomadJim> Already asked this in #ubuntu, but just found this channel.  I'm coming from debian. Is there much of a difference administrating an ubuntu server versus a debian one?
<escott> NomadJim, its more or less the same people in this channel as others
<keithclark> rebooting now....
<escott> NomadJim, so crossposting is discouraged
<NomadJim> heh
<escott> also this channel is super quiet tonight
<keithclark> escott, you are doing fine here@!
<keithclark> escott, fsck /boot [390] terminated with status 1
<escott> keithclark, so that indicates that /boot had errors but they were fixed
<escott> keithclark, the important question is "why"
<keithclark> escott, never gets past that
<escott> keithclark, but that is you booting the installed system
<escott> if we cant trust that /boot isn't corrupted then there isn't much point booting the system installed under /boot. so get your install media and boot that
<keithclark> yes.  with the usb in.  If I take it out, it boots
<escott> im really confused about what is going on now
<escott> i thought it wasnt booting
<keithclark> So am I
<escott> booting the hard disk you get what
<keithclark> If I boot no usb drive, it works\
<escott> booting the usb you get what
<keithclark> If I put the usb drive in no boot
<escott> so why are you trying to boot the usb drive?
<keithclark> I'm not
<keithclark> Just trying to simply add a usb drive.  Should be easy
<keithclark> This is a disaster
<escott> keithclark, ok. so just boot the system with the usb out for now. then we can fix your fstab entry so that the usb boots
<escott> rather so that the usb mounts
<escott> because you probably typoed the fstab
<keithclark> I copy/
<escott> then when that is working we can make sure that you can cleanly reboot
<keithclark> pasted the fstab
<keithclark> machine rebooted with no usb  drive in
<keithclark> drive plugged in
<keithclark> (windows is much easier!)
<escott> i thought you werent able to boot at all. but it boots without the usb so that means it fails to see the desired drive and passes on it but for some reason with the drive in there it is not passing
<escott> basically mountall is trying to mount everything in fstab and for some reason this external is causing that to hang or slow down. perhaps the external is really large and hasnt been fscked?
<keithclark> escott, I have no idea
<escott> keithclark, lets just start with your fstab
<keithclark> ok
<escott> why dont you put that on paste.ubuntu.com
<keithclark> http://pastebin.ca/2248397
<escott> keithclark, the last line is all kinds of wrong
<escott> see that line two above it that begins UUID thats what your line needs to look like
<escott> UUID=the_uuid_goes_here_without
<uvirtbot> New bug: #1075010 in lm-sensors (main) "lm-sensors package out of date" [Undecided,New] https://launchpad.net/bugs/1075010
<escott> UUID=the_uuid_goes_here_without_quotes_and_CAPITALIZATION_shouldnt_MATTER /media/external ext4 defaults 0 2
<escott> keithclark, does that make sense?
<escott> after making that change try to "mount /media/external" and see if it works without sudo. if it does then your fstab is good
<keithclark> ok,boots
<keithclark> >No access to the drive though
<escott> where are you seeing that error message
<keithclark> no error
<keithclark> no driber
<keithclark> no drtivber
<escott> you mean once it is booted the /media/external is not mounted?
<keithclark> yup
<keithclark> No drive
<escott> two possibilities
<escott> (a) you need to "sudo update-initramfs -uk all"
<escott> and if that doesnt work then (b) add "mount /media/external" to /etc/rc.local
<keithclark> reboot on a?
<keithclark> (windows was plug and play)
<escott> yes
<escott> keithclark, generally hotplugging a usb would cause it to mount, but that depends on your installing all the gui tools. ive been assuming that since you are in the server channel you did a server install
<keithclark> yup, server install
<escott> keithclark, so if you do "sudo apt-get install ubuntu-desktop" and login to a normal desktop you would have hotplug usb mounts
<escott> but thats only for the logged in user
<escott> problem is a server doesn't have a logged in user, so it doesn't know who to mount usb disks for
<keithclark> should not need that
<escott> which wouldn't matter for an ext4 but most usb disks are ntfs in which case it is important
<escott> so rather than having it automount only if its a POSIX filesystem they just say
<keithclark> Nope, usb not mounted
<escott> you installed a server OS you presumably know how to configure it
<keithclark> ok, so nobody is new at servers?
<escott> keithclark, then its probably a race between mountall and the usb bus coming up or something
<escott> add "mount /media/external" to /etc/rc.local
<escott> most people who are new to ubuntu don't jump to the server install
<keithclark> I did
<escott> they would usually select the desktop os, and once they are familiar they would install the server
<keithclark> I've been running Ubuntu in
<escott> its fine to do what you did, but you did jump into the deep end
<keithclark> since 2007u
<escott> the server is meant to be lightweight
<keithclark> yup
<escott> optimized for the webservers/sql servers etc you run on it
<escott> so lots of nice user friendly stuff is not setup by default
<keithclark> yup
<escott> if you are less performance sensitive you can install ubuntu-desktop
<keithclark> Windows server is different
<keithclark> Don't like it
<escott> in which case you have a desktop that also has server applications
<keithclark> Never the less, does not help me
<keithclark> I guess I'm screwed?
<escott> did you add mount /media/external to rc.local?
<keithclark> there is nothing in meida
<escott> keithclark, so "mount /media/external" is listed in rc.local above the exit 0 and you rebooted and its still not mounting?
<keithclark> yup
<minorix> hello all
<escott> keithclark, that doesn't make much sense. if "mount /media/external" works then putting that in rc.local should also work. you could check the syslogs in /var/log
<keithclark> well this is a stock ubuntu server install
<keithclark> maybe a rething
<keithclark> k?
<escott> keithclark, can you paste your /etc/rc.local just in case there is something wrong there?
<keithclark>   GNU nano 2.2.6                            File: /etc/rc.local
<keithclark> #
<keithclark> # By default this script does nothing.
<keithclark> exit 0
<keithclark> http://pastebin.ca/2248402
<escott> keithclark, you need to put "mount /media/external" in the line just before "exit 0"
<escott> and it should NOT have a # at the beginning
<keithclark> I don't understand......windows is plug and play
<escott> this isnt F**** windows
<keithclark> now the mo
<escott> if you want plug and play install ubuntu-desktop
<keithclark> ubuntu-desktop=overhead
<holstein> yeah, you just plug a USB stick in using nautilus, or most other GUI file managers keithclark
<holstein> keithclark: that "overhead" is what auto mounts USB drives... and "plus and plays"
<holstein> plugs*
<escott> the whole "windows does it better" when i've told you three times to put this one line in rc.local and you haven't done it is kinda pissing me off
<keithclark> escott to be honest,you've told me lots of one line fixes that have not rung true./
<holstein> keithclark: and to be fair, you are asking for desktop functionality from a server OS
<escott> keithclark, the first one you typed in wrong
<keithclark> holstein, true
<holstein> keithclark: you can use a desktop version of ubuntu and run all the server services.. might be easier to "get your feet wet"
<escott> keithclark, when you install a server OS there is an expectation that you will be able to read and understand manpages
<holstein> thats the way i did it.. i used linux for years before jumping into a headless commandline only rig.. and then i knew how to search google for how to mount a USB stick... or to ask the bots
<escott> so if you would prefer i can just !fstab you and leave you on your own
<holstein> !mount
<ubottu> mount is used to attach devices to directories. See also https://help.ubuntu.com/community/Mount
<escott> but its really rude when im trying to help you to constantly be complaining that windows is better
<keithclark> escott, point taken
<keithclark> And rightly so
<escott> keithclark, if the last two lines of your rc.local are "mount /media/external" followed by "exit 0" then it should work the way you want
<escott> having to put this in rc.local is a little unusual, but its possible with a USB disk that maybe the USB stack isn't up when mountall is run so it just doesn't mount the USB disk because it isn't there
<keithclark> hmm didn't work....not mounted
<escott> keithclark, but if you type "mount /media/external" at the console right now it does work
<holstein> keithclark: what are you mounting? i typically just run "sudo fdisk -l" and i have a mount point created and sudo mount the partition i want to the location i want.. as in !mount
<keithclark> there is nothing in /media
<holstein> keithclark: i added one drive to !fstab for auto mounting on a server...
<holstein> keithclark: i usually just specify
<keithclark> there is nothing  in /media
<escott> keithclark, this is what is driving me nuts. earlier you said when i asked you the same question, that "mount /media/external" was working and now its not?
<keithclark> ok never mind
<keithclark> i give up
<holstein> keithclark: on mounting? manual mounting is not trivial.. have you read...
<holstein> !mount
<ubottu> mount is used to attach devices to directories. See also https://help.ubuntu.com/community/Mount
<holstein> sudo fdisk -l lists the drives and partitions... then you can just follow the commands to mount to where ever you lke
<holstein> lkike*
<holstein> like**
<keithclark> holstein, yup, windows just does it
<escott> alright im leaving this channel before i start throwing stuff
<holstein> keithclark: sure.. so does ubuntu.. and other desktop os's
<holstein> keithclark: you are not using an environment which supports auto mounting
<keithclark> holstein, automouting is enabloed\
<holstein> keithclark: ive never used automounting in a command line system
<keithclark> holstein, there you go
<holstein> keithclark: i have just mounted.. on the command line... as i am suggesting you do... i have also added to the fstab
<holstein> keithclark: i have never wanted the overhead of automounting on a command line system
<holstein> keithclark: i cant imagine the work flow where you would want a usb stick auto mounting with a server os.. though, everything is open and anything is possible
<holstein> keithclark: i usually suggest using the desktop os, and getting used to the ins and outs of linux.. you are dealing with a lot of unknowns
<holstein> keithclark: if i wanted something to auto mount with the server,, i would just add it to fstab.. though, since it is implied that the machine is more than likely going to stay on, its not so much of a concern
<keithclark> Ok, Linux is not for me then
<holstein> keithclark: you mean, ubuntu server is not for you then
<keithclark> yes, that is the easiest
<holstein> keithclark: if you want usb sticks to mount when you plug them i.. ubuntu can do that.. lots of os's, including windows can
<holstein> keithclark: what is the easiest? ubuntu server?
<holstein> keithclark: ubuntu server is *not* the easiest.. its the most "minimal" in some ways..
<holstein> https://help.ubuntu.com/community/Mount/USB is what i use keithclark
<holstein> for a typical ntfs drive sudo mount -t ntfs-3g /dev/sdb1 /media/external
<holstein> OR, from ubuntu, xubuntu, ubuntustudio, kubuntu.. any of the desktop variants, as well as windows you can just plug it in the machine, open a file manager and start browsing[C
<chilicuil> hi, good morning, has anyone tried maas in ubuntu 12.10?, I've made it performe in ubuntu 12.04, but right now in ubuntu 12.10 isn't working.., I've already downloaded the iso files.., however it don't provide ip's, the web interface show nothing about dhcp/dns management, and I installed maas-dns & maas-dhcp
<James> hi
<Guest96387> ok
<Guest96387> help
<Guest96387> how to reduce power when i hosting server
<Guest96387> ?
<holstein> reduce power consumption?
<cornfeed> hello, i am trying to setup an irc server and have hit an odd wall. I have got inspircd running, and I can use telnet & ircII to test it locally, but i cant connect to it remotely for my life. I have no firewall, but just to be safe, iptables -L shows all ACCEPT
<cornfeed> any ideas about how I can get remote connections to work? netstat -tap shows *:ircd
<Iceman_B> lo
<Iceman_B> how can I configure dhclient to keep requesting a lease until it gets one, upon server (re)boot?
<webwurst> In Quantal you can create snapshots of runnig virtualized qemu-kvm-geuest with "$ sudo virsh snapshot-create-as". To freeze the guests filesystem you can add the parameter "--quiesce". In the guest you need to have a running qemu-guest-agent for this feature to work. But in Quantal this agent "qemu-ga" seems missing?
<webwurst> I can find it in Precise in the package "qemu-kvm".
<webwurst> Why is it removed from Quantal?
<webwurst> Has anyone used "QEMU Guest Agent (qemu-ga)" on Ubuntu?
<jamespage> webwurst, I feel I should have done now
<jamespage> webwurst, its in the qemu-kvm package
<jamespage> ah - I see your point now
<jamespage> lemme take a look
<koolhead17> jamespage: I hope we have https://bugs.launchpad.net/quantum/+bug/1069966 backported :)
<uvirtbot> Launchpad bug 1069966 in quantum "rootwrap error with L3 agent" [Undecided,Fix committed]
<koolhead17> for cloud archive
<koolhead17> also hello jamespage :)
<jamespage> koolhead17, as its already landed in stable/folsom it will make it
<jamespage> koolhead17, can't say exactly when just yet tho
<jamespage> koolhead17, morning!
<koolhead17> cool. hopefully by this week? :)
<taalas> Hi. I have started using Ubuntu Server on our application server a while ago, and so far I am very happy with it. One thing I would need advice with: Is there a way to (periodically) get info about my software raid status? Currently I am not sure if I would be notified if any errors occured? What's the best way to solve this?
<xnox> taalas: install monitoring. There are lighweight options like: logwatch / logcheck
<xnox> taalas: or you can setup nagios+check_mk. Check_mk is a utility that generates nagios configs for you and it has support to auto-detect raid.
<xnox> taalas: that means you will get a nice history/web interface to check status as well as receiving notifications if it goes down.
<taalas> monitoring is a package?
<xnox> no. it's a statement. As in "You should invest time and create monitoring for your systems"
<taalas> Ah ok, i wasn't sure if I would be able to succesfully configure a full Nagios install, check_mk seems like a good solution then.
<taalas> I see (monitoring)...sorry for the confusion ^^
<taalas> Will give Nagios a try then and possibly also monitor other things as well
<taalas> Many thanks
<ak5> hello, anyone around?
<vezq> sure
<ivoks> taalas: if somethign happens with mdadm raid, mdadm-monitor will send you an email
<ivoks> you don't need to install anything
<ivoks> of course, you do have to have MTA set up correctly
<taalas> ivoks: yes, that was what I was hoping, thanks. The MTA should be working correctly (though I did have some confusion as to what the right way is to forward emails to root to another user, me)
<ivoks> taalas: edit /etc/aliases and run newaliases
<taalas> check_mk is great tip nonetheless, since I was looking for a simple monitoring solution for other components as well. Nagios3 seems to run fine from the package, I am not sure yet if check_mk needs to be started somehow, currently it doesn't seem to be running after the package installation
<taalas> ivoks: yes, that's what I did. I did notice rare occasions though, where mails to root bounced. Quite possibly another mistake on my part though
<ivoks> if you misconfigured mail server...
<taalas> Other processes send mail just fine (although not to root)
<xnox> Daviey: about servercloud-r-vmbuilder - I totally agree with "vmbuilder" should die in favor of launching cloud-images.
<xnox> Daviey: I actually want a static download that can be quickly relaunched locally on the ssh+libvirt/kvm, instead of running slow debootstrap / creating my own images.
<xnox> rbasak: ^^
<xnox> =)
<Daviey> xnox: \o/
<Daviey> xnox: seen cloud-localds?
 * xnox is talking as a person who had to run "internal cloud" which was a single beefy KVM host with no openstack magic.
<rbasak> xnox: I have a work item to wrap cloud-localds into a friendly one-step tool for "I want a virtual machine NOW"
<xnox> Daviey: was that around in 2011? First time I see it =) looks nice.
<xnox> rbasak: + add blogging =)
<rbasak> xnox: juju deploy blog :-P
<xnox> rbasak: in soviet russia, cloud deploys YOU =)))))
 * xnox is on Wednesday of my post-UDS processing
<Daviey> eek
<xnox> Daviey: what does maas/juju use python-oauth for?
<Daviey> xnox: maas uses it to create an authenticated metadata service.
<xnox> Daviey: between master and it's nodes?
<Daviey> right
<xnox> ack.
<xnox> Daviey: that basically means maas/juju doesn't need porting to python-oauthlib \0/ less work =)
<Daviey> sounds good... i thiink
<xnox> Daviey: yeah. We were in the session of s/python-oauth/python-oauthlib/ but were not sure about maas & friends. Turns out openstack is python2 and not moving any time soon & you use server bits from oauth (not just client bits).
<xnox> Daviey: so the python3-oauthlib will be pushed on the desktop only, e.g. for client apps that need python3 porting.
<Daviey> xnox: well...
<Daviey> xnox: it's not captured... but something i wanted us to try and achieve this cycle is porting openstack depends to py3.
<xnox> Daviey: you want python3-only on the server cd, while still using python2 code? =)))))
<Daviey> So we can support openstack moving to py3 quicker.
<xnox> I see, you do.... =)
<Daviey> xnox: No... no hurry for py3 this cycle or next
<Daviey> but if we can get as many deps to py3 as possible, we are getting near :L)
<xnox> Daviey: the best way to do that, is to add an extra tab on the python3-only blueprint named something like "openstack" or "server". Barry is coordinating both core-dev & community/motu efford around porting packages there.
 * Daviey feels co-ordinated already!
<xnox> It is mostly tracking upstream (dead, doing the port, welcomes the port, patches available), status in debian and status in ubuntu.
<xnox> Some of the rdeps were as easy as simply package needs patching.... others were more than that.
<xnox> Daviey: qa team are very interested in python3-libvirt which is not there currently.
<Daviey> rbasak: I suspect you are just triaging, but do you want to review the debdiff on bug 1074357 ?
<uvirtbot> Launchpad bug 1074357 in elinks "Merge elinks (0.12~pre5-9) (universe) from Debian Unstable (main)" [Medium,Triaged] https://launchpad.net/bugs/1074357
<Daviey> xnox: python3-libvirt is C bindings?
<xnox> Daviey: I don't know =) qa is asking for it and I didn't have time to look at it last cycle.
<Daviey> it's something that would scare me, i suspect.
<Sander^work> Is it safe to do an apt-get upgrade compeard to dist-upgrade in a production enviroment?
<xnox> Daviey: that's easy bit $ python3 -c "from medication import anxiety; anxiety.feed('Daviey')"
<Daviey> ImportError: No module named medication
<xnox> Sander^work: depends. apt-get upgrade is ok for -updates & -security. Between releases you want do-release-upgrade or apt-get dist-upgrade.
<xnox> Sander^work: otherwise you will be stuck in a partial upgrade with packages from both releases.
<Daviey> erm, dist-upgrade doesn't bounce between releases
<xnox> Sander^work: sorry, I meant if you changed your sources to point to next release.
<xnox> If you didn't change your source to point to new release, either upgrade or dist-upgrade should correctly apply updates/security.
<Sander^work> xnox, Ok. What's the diffrence between upgrade and dist-upgrade when I dont change the source?
<henkjan> Sander^work: smarter dependency handling in dist-upgrade. See 'man apt-get'
<Daviey> Sander^work: it is ofc' calculated risk aswell.. Whilst there is a good level of regression testing between updates, it's possible an issue was introduced that causes you pain.  If the machine controlled my life support machine, i'd be slightly more careful.. But for most scenarios, sure
<Daviey> You sould keep up with security updates regardless.
<Daviey> If i was being more paranoid, i'd have a staging archive for local testing.
<xnox> Sander^work: in essence dist-upgrade will consider removing packages to complete upgrades of larger number of packages. This may have unpleasant side-effects if you have non-dpkg managed software that depends on system packages that dist-upgrade decides to remove.
<xnox> Sander^work: use dist-upgrade, but read the output it prints, especially the list of packages it tries to remove/additionally install.
<Sander^work> xnox, the only diffrence is that it wants to install a new kernel.. from 2.6.32-28-server to 2.6.32-44-server
<xnox> Sander^work: that makes sence, because the metapackage gained a dependency on a new package, which previously was not installed at all. Such change is considered "major" by apt-get upgrade.
<Sander^work> xnox, question is if there is any security vulnerabilities in my old kernel.
<xnox> Sander^work: for example why it is considered "major": it may break by hand compiled kernel modules that are not managed with dkms, e.g. system may fail to reboot into new default kernel.
<xnox> Sander^work: well, the decision is yours if you want it or not =) "Power to the sysadmins"!
<Sander^work> xnox, Yeah.. I've had a system not boot once, because virtual integration components wasnt compatible with a newer kernel.
<xnox> Sander^work: and "security" vulnerabilities in that kernel may not apply to your use-cases & existing security measures. An offline server in a locked bunker doesn't really need security updates.
<_ruben> and the other possibility: the sec vulns in the old kernel that *do* pose a risk for you, might still be present in the new one ;)
<xnox> _ruben: I like that one =)
<Sander^work> xnox, a local root vulnerability is enough for me to upgrade.
<xnox> ack.
<rbasak> Daviey: elinks debdiffs look perfect
<ironm> Hello. When I try to install a solaris 11.1 VM on KVM host (last ubuntu-server 12.04) I am getting the following boot error: http://rsync.it-infrastrukturen.org/.solaris111-kvm-boot-error/solaris11.1-kvm-boot-error.png
<ironm> config: http://rsync.it-infrastrukturen.org/.solaris111-kvm-boot-error/sol111vm.xml
<ironm> Do you have any idea how to trace it? (kvm debug level or whatever ...). Thank you in advance for any hints.
<Daviey> rbasak: thanks
<zul> yo
<koolhead17> zul: Y0 YO :)
<ivoks> hi all
<koolhead17> hi ivoks
<zul> hallyn: ping when you are awake/conscious/non-jetlag/whatever
<hallyn> next week?
<hallyn> breakfast, will ping you in a bit
<patdk-wk> I hope my breakfast isn't able to move, let alone ping
<hallyn> bah!   makes a boring life
<hallyn> i'll ping my lunch later
<zul> hallyn: k
<dimitrig_> hi, what does this line from top mean, when it comes to cpu useage on all my cpu cores: Cpu(s): 65.3%us, 32.6%sy,  0.0%ni,  0.0%id,  0.0%wa,  0.0%hi,  2.1%si,  0.0%st
<dimitrig_> i.e. the 'us' , 'ni' , etc
<dimitrig_> ok, i found the answer in man pages, sry
<jdstrand> Sander^work: for more information on vulnerabilities that were fixed in the latest kernel, you can look at Ubuntu Security Notices (http://www.ubuntu.com/usn/)
<hallyn> zul: oh, sorry, i got carried away on email :)  what's up?
<zul> hallyn: so i have libvirt 1.0.0. but im getting a weird error when starting domains
<Iceman_B> something is seriously hogging my line, so my ssh connection is slooo-o-o-o-o-o-o-w too, how can I get real-time info about my network stats?
<hallyn> zul: qemu, lxc, or both types of domains?
<zul> hallyn: qemu mainly havent gotten to lxc yet http://pastebin.ubuntu.com/1334899/
<hallyn> ugh
<hallyn> jdstrand: do you know if there have been a set of LSM for libvirt patches lately from upstream?
<zul> hallyn: i can throw it up if you want to play with it
<hallyn> zul: i need to do some bookeeping first to make sure etherpads don't go down before i save all their contents, but yeah
<zul> hallyn: k
<hallyn> zul: if you jsut wanna push to a ppa i'll grab the source as well
<rbasak> Iceman_B: try iftop and/or mtr
<zul> hallyn: i was just going to upload the source
<jdstrand> hallyn: they actually have done quite a bit in there lately
<jdstrand> that error is quite generic and I haven't looked at the upstream changes closely
<hallyn> zul: ok
<hallyn> jdstrand: drat - thanks.
<zul> hallyn: have fun with that one :)
<jdstrand> hallyn: if I had to guess, I would look at this series: "[libvirt] [PATCH 0/3] apparmor: bug and typo fix and add tapFD relabeling"
<hallyn> jdstrand: thanks
<zul> shazbut
<Iceman_B> rbasak: tnx
<Iceman_B> rbasak: neither of the program,s are present
<rbasak> !apt | Iceman_B
<ubottu> Iceman_B: APT is the Advanced Package Tool, which together with dpkg forms the basic Ubuntu package management toolkit. Short apt-get manual: https://help.ubuntu.com/community/AptGetHowto - Also see !Synaptic (Gnome), !Adept (KDE) or !KPackageKit (KDE)
<SpamapS> rbasak: hey, btw, are you going to be able to fix apt this cycle?
<SpamapS> Failed to fetch bzip2:/var/lib/apt/lists/partial/us-west-2.ec2.archive.ubuntu.com_ubuntu_dist
<SpamapS> s_precise-updates_universe_source_Sources  Hash Sum mismatch
<SpamapS> never fails to hit when I need things to work most
<SpamapS> :-
<rbasak> SpamapS: I'm hoping to do it this cycle, yes. Just sorting out exactly what my schedule will be this week
<rbasak> Interestingi that you got it in precise-updates
<SpamapS> rbasak: kind of laughable to think you could sort 6 months into the future, isn't it? ;)
<rbasak> SpamapS: I need to get it done by FF :-/
<SpamapS> rbasak: yeah, updates and security are still vulnerable.. just less churn than dev release
<rbasak> SpamapS: we knew it was theoretically vulnerable, but wasn't aware of anyone hitting it in the wild after the cache header tuning on archive.u.c
<ironm> Hello. Can anyone confirm the following issue, please? When I try to install a solaris 11.1 VM on KVM host (last ubuntu-server 12.04) I am getting the following boot error: http://rsync.it-infrastrukturen.org/.solaris111-kvm-boot-error/solaris11.1-kvm-boot-error.png
<SpamapS> rbasak: since this is the S3 mirrors, its entirely possible its only a problem with those
<ironm> config: http://rsync.it-infrastrukturen.org/.solaris111-kvm-boot-error/sol111vm.xml
<ironm> Do you have any idea how to trace it? (kvm debug level or whatever ...). Thank you in advance for any hints.
<SpamapS> rbasak: I hit it quite often when there are updates actually
<rbasak> Hmm
<rbasak> Anyway all the more reason to fix it :)
<SpamapS> some of the charms ignore and move on.. others stop dead
<SpamapS> rbasak: seems so straight forward, but I suppose the politics are as tricky as the solution
<rbasak> SpamapS: I think the politics are sorted now. I just have to implement a production-quality apt with a fallback. The fallback is a bit awkward to do in the spaghetti that is the apt pseudo-event-driven download code
<rbasak> Interesting that the juju user story only needs apt and not debootstrap.
<SpamapS> rbasak: debootstrap was removed from the equation with juju 0.6 using cloud images for containers
 * rbasak nods
<hallyn> Daviey: oh, you misspoke at the uds summary :)  we are NOT going to not autostart virbr0 in general.  Only if 192.168.122.x is already in use.
<Daviey> hallyn: wait, i thought i said.. We are ceasing to autostart?
<Daviey> hallyn: if i did get it wrong, it looks like only you noticed... So don't tell anyone.. we'll keep it our secret. :)
<hallyn> Daviey: yes, you said we are ceasing to autstart.  that is not the case
<hallyn> somebody cheered when you said it, so i got a bit worried :)
<hallyn> "we'll keep it our secret" - i can just hit 'backspace' in the irc logs right?  :)
<Daviey> hallyn: i thought your irc 'client' allowed /bin/rm?
 * jpds puts more apparmor on Daviey's client.
<uvirtbot> New bug: #1075234 in nis (universe) "doesn't work with YP/NIS server defined in /etc/yp.conf" [Undecided,New] https://launchpad.net/bugs/1075234
<hallyn> heh
<hallyn> zul: (phew) done with bookkeeping for a bit (until Daviey yells at me :)  have you pushed the libvirt src you were working with?
<zul> hallyn: yep http://people.canonical.com/~chucks/libvirt/
<hallyn> might duck out for lunch first.  hey lunch - I'm PINGING You!
<hallyn> thanks
<RoyK> any news on sanlock for ubuntu_
<RoyK> ?
<RoyK> setting up a KVM cluster on some shared filesystem is a PITA without it...
<hallyn> RoyK: DIUI it's packaged in debian and not in ubuntu?
<hallyn> ah i see the needs-packaging bug
<elijahchancey> hey everybody. i think there's an issue with the apt repos hosted on AWS. who can i talk to about this?
<hallyn> ivoks: is bug 882485 interesting to you?  Interesting enough to help push it?
<uvirtbot> Launchpad bug 882485 in ubuntu "[needs-packaging] Sanlock" [Wishlist,Confirmed] https://launchpad.net/bugs/882485
<sarnold> elijahchancey: It's probably a known issue, a resync has been started
<elijahchancey> sarnold: will the resync fix the issue described by: http://askubuntu.com/questions/209844/latest-ec2-ubuntu-instance-seems-broken ?
<elijahchancey> sarnold: also, how long does that process typically take?
<sarnold> elijahchancey: that hash-mismatch was exactly the error I saw reported thta kicked off the resync
<sarnold> elijahchancey: they suggested an hour is reasonable, and four hours is the "it should not take longer than this"
<med_> stupid question time: why is there a manifest generated for ubuntu-####-desktop but not ubuntu-####-server in releases.ubuntu.com
<med_> ?
<med_> is that because u-server is more likely to download packages at install time?
<elijahchancey> sarnold: great. thank you so much!
<sarnold> elijahchancey: you're welcome :)
<RoyK> hallyn: DIUI?
<hallyn> jdstrand: oh i see, the patces you cited might *fix* the issue :)
<hallyn> RoyK: missed a word there :)  do i understand it *right*
<hallyn> RoyK: i'll follow up on that, that needs to get packaged, thanks.
<RoyK> :)
<hallyn> (s/get packaged/pushed into the archive)
<RoyK> looks like the package existing is ok
<RoyK> but I had some issues with it and moved to centos for this kvm test-cluster
<hallyn> stgraber: http://lists.linuxfoundation.org/pipermail/containers/2012-November/030813.html  proposed deprecation of clone-children
<_KaszpiR_> http://i49.tinypic.com/rhl74k.png
<_KaszpiR_> so I've decided to make an experiment and found out that my server strange locksups
<_KaszpiR_> *lockups
<_KaszpiR_> as we can see i'm connected via putty over ssh and can see the htop running
<_KaszpiR_> but closing app will end in freezeof the console
<acidflash> x
<RoyK> _KaszpiR_: setup netconsole or an old-fashioned network console, or perhaps syslogging to another server. you may get some results from that, like an OOPS or perhaps a Panic
<_KaszpiR_> ah right, i didn; have time for that/forgot
<_KaszpiR_> now time to do it
<RoyK> syslog may die during such an event, so better use a console thing
<uvirtbot> New bug: #1075292 in lxc (universe) "please install nano package by default on ubuntu template" [Undecided,New] https://launchpad.net/bugs/1075292
<sarnold> heh, apt-get purge nano is the second or third step I take on my new installs..
<_KaszpiR_> RoyK can I send netconsole to a couple of addressess?
<sarnold> yes
<smoser> jamespage, still around?
<_KaszpiR_> RoyK ok, netconsole set up
<_KaszpiR_> time to squeeze the shit out of that box
<_KaszpiR_> ;D
<Daviey> hallyn: Hey, are you planning to get libvirt 1.0 into ~ubuntu-virt PPA?
<NomadJim> ext3 is the standard file system for all linux servers pretty much right?
<_KaszpiR_> NomadJim yes
<Daviey> erm, probably ext4 now.
<NomadJim> cool wanted to double check before diving into learning one
<Daviey> there isn't exactly much to learn
<NomadJim> that's good to know
<Daviey> it's like learning how a lightbulb works :).. Sure, if you are interested... otherwise just use it. :)
<Daviey> btrfs has stuff to learn.
<NomadJim> i want to know if a filesystem impacts how much data is sent over a network
<NomadJim> is the main reason i'm looking into it
<_KaszpiR_> hm
<Daviey> erm
<NomadJim> given that the same file is stored but on different file systems
<_KaszpiR_> it's rather more dependand ont he services
<patdk-wk> in reality? unlikely
<_KaszpiR_> like access the same file via rsync,samba, nfs
<patdk-wk> how quickly a filesystem can locate data, via seq, random, ... depends
<patdk-wk> but normally the disks themselfs slow it down more
<Daviey> in the case of rsync, fat32 tends to transfer more than a linux filesystem :)
<NomadJim> interesting hmm
<_KaszpiR_> cause fat32 has specific 'modified' times
<NomadJim> i was thinking of a border case where you have many small files
<NomadJim> and there might be a potential for a lot of empty space per file
<_KaszpiR_> there's reiserfs
<Daviey> NomadJim: I bet my hand you will struggle to measure a difference.
<_KaszpiR_> or xfs
<Daviey> especially with the kernel (& readahead) doing caching
<NomadJim> love me some caching
<NomadJim> On most file systems you can specify block size right?
<NomadJim> so my border case isn't really file system dependent i guess?
<hallyn> Daviey: well zul is packaging it, but i'm tossing him a debdiff right now to fix a snafu in qemu+apparmor behavior
<hallyn> Daviey: i think it was just going to go into the archive...
<hallyn> or did you mean for quantal?
<Daviey> hallyn: precise/quantal
<Daviey> hallyn: seems to be interest, http://t.co/uvptv48w
<hallyn> Daviey: perhaps, but (a) i'd have to make sure the versions in there now aren't serving a unique need, and (2) they'd require backproted newer qemus as well
<Daviey> gah
<hallyn> iirc 1.0 requires qemu 1.2 or somesuch
<hallyn> bc they use a newer api instead of cvhecking 'qemu --help' output :)
<hallyn> according to someone at the uds session.  i haven't checked
<_KaszpiR_> hm maybe the server was locking due to the dust? XD
<hallyn> zul: your libvirt-1.0.0 plus http://people.canonical.com/~serge/libvirt-1.0.0-aa.debdiff  launches qemu vms for me
<hallyn> (haven't run a full qrt)
<hallyn> jdstrand: thanks!  just used two of the patches in the thread you pointed to, al lthat was needed  \o/
<jdstrand> hallyn: awesome! :)
<hallyn> guess i may as well run qrt on this instance now :)
<RoyK> NomadJim: most systems use a filesystem for stuff on drive and then some networked filesystem like nfs or smb/cifs or afs or whatever for transferring data between filesystems. unix filesystems have datestamps too, mtime, ctime and atime
<RoyK> atime isn't too much used these days on large setups, since inducing a write on every access is somewhat bad to performance
<sarnold> .. and drive lifetimes, with limited write cycles
<NomadJim> RoyK:  thanks didn't know about the networked filesystem for transferring
<NomadJim> RoyK:  this is something that you have to go out of your way to setup though right? nfs? It's not like the command line tools like scp, rsync, etc use it behind the scenes
<RoyK> NomadJim: nfs and smb and the rest are used to mount filesystems like they were local
<RoyK> NomadJim: just like in windows where you mont \\somehost\somesher to G:
<RoyK> NomadJim: just like in windows where you mont \\somehost\someshere to G:
<RoyK> NomadJim: NFS was introduced in 1989, and has improved rather a bit since then...
<stgraber> hallyn: might be worth passing --dhcp-leasefile to lxc's dnsmasq with a value other than /var/lib/misc/dnsmasq.leases (the current default)
<stgraber> hallyn: otherwise all the dnsmsq on the system end up using the same lease file, making dhcp pretty random :)
<stgraber> (mostly a problem when also using libvirt I guess)
<hallyn> stgraber: sounds worthwhile, yes
<hallyn> stgraber: so that's the default, and so rebooting the host in general will provide persistent mappings as one would expect?
<stgraber> ah, actually libvirt is setting --dhcp-leasefile already, so it's really just lxc that'd need fixing
<stgraber> yep, if it's set to a path that's not wiped on reboot, we'll have persistent IPs across reboots
<stgraber> I suppose we could use /var/lib/misc/dnsmasq.$INTERFACE.leases => /var/lib/misc/dnsmasq.lxcbr0.leases
<stgraber> that'd make it easy to find (same path as dnsmasq) and avoid any potential clash
<hallyn> stgraber: worth opening a bug for, or will we remmeber next time we're pushing?
<stgraber> hallyn: I'll just push the change to bzr
<stgraber> hallyn: I'll also make dnsmasq start with -K (authoritative) so that if you move containers from a bridge to another you don't need to wait 15s or whathever the DHCP timeout is
<hallyn> do you do that often?
<stgraber> not terribly often but there's no good reason not to run the DHCP server as authoritative when we're sure it's the only DHCP server on the network
<hallyn> <nod>
 * RoyK works too much with microsoft systems
<stgraber> hallyn: pushed to bzr
<RoyK> it's something like drinking too much methanol, making you drunk, irrational and blind all that the same with little to gain
<hallyn> jdstrand: d'oh, qrt fails bc 'virsh capabilities' now lists a secmodel entry for 'none' instead of not listing it
<blkperl> Hi, I'm having trouble getting a Dell PowerEdge R610 to load ubuntu, have install it boots into a black screen
<blkperl> s/have/after
<blkperl> figured it out needed to set a rootdelay for grub in our kickstart config
 * TheLordOfTime yawns.
<TheLordOfTime> evening everyone.  anyone here bugcontrol want to review whether i'm correct on an old php5 bug?
 * TheLordOfTime could self-review, but would rather someone else check his work :P
<TheLordOfTime> s/work/research./
<halvors> How do i setup isc-dhcp-client to request a IPv6 prefix via DHCPv6 Prefix Delegation?
<halvors> How do i setup isc-dhcp-client to request a IPv6 prefix via DHCPv6 Prefix Delegation?
<blkperl> halvors: you don't have to ask multiple times, its just a matter of waiting for someone with the knowledge to look at the window
<blkperl> s/the window/this channel
<halvors> blkperl: Ah ok, sorry :) Just that this problem is driving me crazy, i have to do this. :-S
<sarnold> halvors: I can't volunteer him to help you, but at UDS dtaht mentioned that exact problem...
<TheLordOfTime> halvors, you realize patience is a virtue with everything right?
#ubuntu-server 2012-11-06
<halvors> yes :)
<TheLordOfTime> mmkay, just making sure :P
<bearly230> Hey all I'm working with ubuntu 12.04 server and trying to setup ldap with kerberos and when I run the command sudo krb5_newrealm I keep getting an error message "kdb5_util: Password mismatch while reading master key from keyboard" I've run this command 3 times and keep getting the same error. Is there a file I need to delete so I can rerun the command and have it work? Thanks.
<halvors> How can i prevent Ubuntu from routing between vlan's using the "ip route" command?
<qman__> it won't do that unless you explicitly configure it to
<bearly230> Hey all I'm working with ubuntu 12.04 server and trying to setup ldap with kerberos and when I run the command sudo krb5_newrealm I keep getting an error message "kdb5_util: Password mismatch while reading master key from keyboard" I've run this command 3 times and keep getting the same error. Is there a file I need to delete so I can rerun the command and have it work? Thanks.
<qman__> !patience | bearly230
<ubottu> bearly230: Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com or http://ubuntuforums.org or http://askubuntu.com/
<halvors> qman__: Talking to me?
<qman__> yes
<qman__> ubuntu does not route out of the box
<qman__> you have to set it up to do that
<qman__> if you want to enable routing but filter what gets routed, you need to set up iptables
<qman__> and if you want to filter traffic as it passes through a bridge, you need ebtables
<bearly230> Hey all I'm working with ubuntu 12.04 server and trying to setup ldap with kerberos and when I run the command sudo krb5_newrealm I keep getting an error message "kdb5_util: Password mismatch while reading master key from keyboard" I've run this command 3 times and keep getting the same error. Is there a file I need to delete so I can rerun the command and have it work? Thanks.
<sarnold> bearly230: 19 minutes isn't much time to wait...
<bearly230> How long would you suggest post once and wait 24 hours? 20 mins is more than a reasonable time between posts.
<sarnold> three times in thirty minutes is definitely too much :) try every half-hour, tops...
<sarnold> don't overlook askubuntu.com -- I've usually preferred irc over websites, but I think the stackexchange folks figured out how to make 'web forum' question-and-answer sites not suck. It's a different audience, might work well. :)
<bearly230> The purpose of not flooding a channel is so everyone can talk. With as quite as this room is. You never know when someone will actually come on that can answer the question.
<bearly230> I've already googled the error and didn't locate any answer.
<sarnold> that's a good point, but I've got two new joins and one guy re-joining :) hehe
<bearly230> irc isn't like it use to be.
<sarnold> indeed. :/
<bearly230> to quite these days (
<halvors1> qman_: I prevented routing between vlans using iptables, just woundering if it is possible using "ip route" command.
<halvors1> ?
<sarnold> bearly230: man, I can't see anything in the krb5 code that would give you that error condition except a mis-typed password. :(
<bearly230> sarnold: kind of hard to believe I would mistype the password each time I ran the command, 5 times now. But I am human. So has to be computer, can't be me I'm perfect. hehe
<sarnold> bearly230: indeed. :)
<sarnold> bearly230: can you strace the silly thing? (I'm not sure if it is setuid or something, might forbid it...)
<sarnold> or try with a password you cannot mistype? 'a' for example? :)
<bearly230> sarnold: Just prompted me again. This time I did the password with my eyes shut. And it worked.
<sarnold> bearly230: hahaha
<bearly230> sarnold: guess it want to make sure the pw was so secure that I didn't even see nothing echo to the screen.
<TheLordOfTime> so either your PW was typed incorrectly when you set it up, or you type better when you are blind.
<TheLordOfTime> and the PW is never shown on screen ;P
<TheLordOfTime> nor the number of characters ;P
<sarnold> bearly230: reminds me of a story I heard of someone who couldn't log in while standing but could log in while sitting.. something about keycaps being fiddled with, and touch-typing while sitting but look-typing while standing. :)
<sarnold> yeah, I'm upset at many gui tools showing the number of chars in passwords, that drastically reduces the search space for brute-forcing.
<TheLordOfTime> and now you know why most stuff I do is CLI
<TheLordOfTime> including logging in on this system :P
 * TheLordOfTime manually starts X
<sarnold> well, that, and it often sucks less. :)
<TheLordOfTime> true statement!
<sarnold> hehe, I miss inittab's :5: vs :3: configuration... It's been long enough that I even forget the details. :(
<ak5> hey, I just edited my /etc/network/interfaces to have a static ip for eth0, now I want to change my default dns server, but it says to not manually edit /etc/resolv.conf - how do I do this in ubuntu?
<volga629> Hello Everyone, on 12.04 TLS server looking for this package libffi5 ?
<volga629> ruby1.9.2 : Depends: libffi5 but it is not installable
<volga629> ant help thank you
<volga629> any
<ak5> when I log into my ubuntu server and do man <something> (less is throwing the error)
<ak5> I am getting "WARNING: terminal is not fully functional"
<uvirtbot`> New bug: #1075456 in dovecot (main) "wrong path given in README" [Undecided,New] https://launchpad.net/bugs/1075456
<_ruben> hm .. ipv6 address of nl.archive.ubuntu.com appears unreachable
<_ruben> and it's back
<uvirtbot`> New bug: #1075484 in mysql-5.1 (main) "upgrade of mysql-server-5.1 to 5.1.66-0ubuntu0.10.04.1 removed InnoDB datafiles" [Undecided,New] https://launchpad.net/bugs/1075484
<dsavi> hey, does anyone know how to set up mail forwarding with dovecot/postfix/mysql?
<ahasenack> hi, I have a question about lxc
<ahasenack> is there a way to make a specific block device available inside the container?
<ahasenack> or should I create it manually, with mknod, or perhaps using a loop device attached to a file i create locally?
<ahasenack> with manually, I actually meant manually and internally
<ahasenack> inside the container
<ahasenack> I see the config has lxc.cgroup.devices.deny = a
<ahasenack> and then allows apparently all block devices
<ahasenack> lxc.cgroup.devices.allow = b *:* m
<ahasenack> but there is this comment right above that: # Allow any mknod (but not using the node)
<ahasenack> "not using the node", I don't understand that bit
<tjaalton> I installed maas on quantal, and I get a timeout acquiring lock in errors.log when trying to access the website
<hallyn> stgraber: libvirt is adding its own fuse /proc/mem support for lxc.  (duplication everywhere)
<hallyn> if i'm reading this right, they're actually implementing the fuse bits themselves
<tjaalton> ok my problem was avahi-daemon not running
<zul> ahasenack:  yeah you would have to update your cgroups with the block major/minor and then use lxc-attach in the container (i think)(
<tjaalton> btw, is maas suited as a general cobbler replacement, where you can modify the preseeding and whatnot
<tjaalton> *generic, duh
<ahasenack> zul: lxc-attach? didn't know about that one, for now I'm just passing "dm-12" to the openstack.cfg that the charm uses, and closely watching to see if that index changes during reboots. There may be a better way, still experimenting
<hallyn> no, not lxc-attach
<hallyn> i was using a pre-mount hook to set that up, one sec
<hallyn> ahasenack: zul: i did http://s3hh.wordpress.com/2012/10/22/easily-making-a-blockdev-available-to-a-container/
<hallyn> ahasenack: zul: stgraber is going to implement a simpler lxc- command to do it
<hallyn> (this cycle)
<zul> hallyn: cool...still doesnt help libvirt thoguh ;)
<hallyn> d'oh
<hallyn> missed that bit
<hallyn> you said 'lxc-attach' :)
<ahasenack> it's cool, I'm experimenting
<ahasenack> going step by step, see where it fails each time, and improving
<ahasenack> hallyn: the hook, that's in the lxc config, right
<ahasenack> lxc.hook.pre-mount
<ahasenack> among many others
<hallyn> ahasenack: yes, but again that's not with libvirt
<hallyn> libvirt has it's own device attach stuff
<ahasenack> ok
<ahasenack> still, those hooks might prove useful
<stgraber> hallyn: yay, more duplication! (especially as we already have the code for the fuse filesystem...)
<hallyn> stgraber: yup.
<halvors> Hi!
<halvors> I'm trying to setup nagios3 on Ubuntu 12.10, but can't get it to work due missing "generic-switch" template. I placed the switch.cfg in "/etc/nagios3/objects" and i followed this guide...
<halvors> http://nagios.sourceforge.net/docs/3_0/monitoring-routers.html
<vagy> hello, i run 10.04 as a guest on virtualbox. How would i do a fsck without using a live cd?
<vagy> running headless
<patdk-wk> vagy, reboot?
<vagy> patdk-wk: i can't see or interfere with virtualbox while booting this vm (i run it on a headless 10.04 as well)
<vagy> so a headless 10.04 is host to a headless 10.04 guest
<bc> is there some obvious way for me to determine if I'm running LTS (or what ever) on some random server out of a hundred to which I connect?
<patdk-wk> well, I can't help you with virtualbox
<patdk-wk> bc, cat /etc/lsb-release
<bc> patdk-wk: thank you; lsb_release -sd
<patdk-wk> that too
<bc> patdk-wk: just found the page when you replied. :)
<uvirtbot`> New bug: #1075589 in clamav (main) "package clamav-freshclam 0.97.6+dfsg-1ubuntu0.12.04.1 failed to install/upgrade: subprocess installed post-installation script returned error exit status 128 (dup-of: 1074708)" [Undecided,New] https://launchpad.net/bugs/1075589
<caribou> smoser: any chance of having this MR reviewed : https://code.launchpad.net/~louis-bouchard/ubuntu/oneiric/grub2/grub2-lp669481-oneiric/+merge/131625
<TheLordOfTime> SpamapS, alive?
<caribou> smoser: I thought I had assigned it to you but doesn't look like  it
<smoser> i'll look at that today.
<smoser> thank you
<uvirtbot`> New bug: #1064748 in quantum "a port which is not able to delete is made when floatingip create fails." [Undecided,Confirmed] https://launchpad.net/bugs/1064748
<uvirtbot`> New bug: #1069966 in quantum "rootwrap error with L3 agent" [Undecided,Confirmed] https://launchpad.net/bugs/1069966
<uvirtbot`> New bug: #1070335 in quantum "l3 db operations failed in multiple transactions" [Undecided,Confirmed] https://launchpad.net/bugs/1070335
<uvirtbot`> New bug: #1072713 in quantum "Linux bridge port update causes exception" [Undecided,Confirmed] https://launchpad.net/bugs/1072713
<uvirtbot`> New bug: #1051744 in quantum "remove default value of 'local_ip' of 10.0.0.3 in ovs_quantum_plugin.ini " [Undecided,Confirmed] https://launchpad.net/bugs/1051744
<caribou> smoser: thanks
<uvirtbot`> New bug: #1053364 in nova/folsom "Add SIGPIPE handler to subprocess execution in rootwrap and utils.execute" [Medium,In progress] https://launchpad.net/bugs/1053364
<uvirtbot`> New bug: #1056720 in quantum "L3 agent external network flag" [Undecided,Confirmed] https://launchpad.net/bugs/1056720
<uvirtbot`> New bug: #1057558 in quantum "I can't add interface to router, if there is another port in non-shared network of other tenant" [Undecided,Confirmed] https://launchpad.net/bugs/1057558
<uvirtbot`> New bug: #1059393 in quantum "Ryu plugin does not support Security Groups" [Undecided,Confirmed] https://launchpad.net/bugs/1059393
<uvirtbot`> New bug: #1060559 in quantum "l3_agent not disabling namespace use" [Undecided,Confirmed] https://launchpad.net/bugs/1060559
<uvirtbot`> New bug: #1061391 in quantum "nvp_plugin does not update device_id in nvplib" [Undecided,Confirmed] https://launchpad.net/bugs/1061391
<uvirtbot`> New bug: #1061781 in quantum "get_network in nvp plugin didn't return subnet information" [Undecided,Confirmed] https://launchpad.net/bugs/1061781
<uvirtbot`> New bug: #1064070 in quantum "tap device added to integration bridge without tag" [Undecided,Confirmed] https://launchpad.net/bugs/1064070
<uvirtbot`> New bug: #1064235 in quantum "router create with external_gateway_info fails with 500 always." [Undecided,Confirmed] https://launchpad.net/bugs/1064235
<uvirtbot`> New bug: #1064261 in quantum "Port create with invalid IP data creates port." [Undecided,Confirmed] https://launchpad.net/bugs/1064261
<SpamapS> TheLordOfTime: just now online. Wassup?
<TheLordOfTime> SpamapS, just some minor bugchecking, need someone to check my research on the php5 package.
<TheLordOfTime> SpamapS, https://bugs.launchpad.net/ubuntu/+source/php5/+bug/723480  <--- I believe this was fixed in 5.3.6-11, there's a debian changelog suggesting that
<uvirtbot`> Launchpad bug 723480 in php5 "php5-fpm uses too high value for pm.max_children by default" [Low,Confirmed]
<TheLordOfTime> wanted someone to check the research before i mark that as "Fixed" and quoting the changelog
<TheLordOfTime> (Oneiric has that fix afaict, but Lucid does not... not sure that matters)
<TheLordOfTime> (if it does, that needs a Lucid SRU)
<halvors> I'm trying to setup nagios3 on Ubuntu 12.10, but can't get it to work due missing "generic-switch" template. I placed the switch.cfg in "/etc/nagios3/objects" and i followed this guide...
<halvors> (15:54:32) halvors: http://nagios.sourceforge.net/docs/3_0/monitoring-routers.html
<SpamapS> TheLordOfTime: well perhaps you can share the changelog bit you intend to quote?
<TheLordOfTime> lemme pastebin
<hallyn> zul: no utlemming to be seen.  he's next on the schedule to chair mtg.  which i assume happens in 5 mins?
<zul> *sigh*
<TheLordOfTime> SpamapS, this'd be my closure message: http://pastebin.com/gYwgMKGc
<zul> i thought he was around
<zul> maybe ttx would like to run the meeting :)
<TheLordOfTime> is the server team meeting in 5 minutes? ;P
<TheLordOfTime> s/;P//
<TheLordOfTime> (apparently that was leftover from an incomplete message)
<hallyn> i thin kit's in 5 mins
<hallyn> 1600 utc
<TheLordOfTime> that should be in about 4 minutes, unless i'm off by an hour
 * TheLordOfTime thinks this through: Eastern US standard time = UTC-0500, 1600 - 0500 = 11:00...
<ttx> polom
<TheLordOfTime> yep, 3 minutes if time servs me right.
<TheLordOfTime> SpamapS, i did check, Lucid won't have that fix, though.  is php5 still "updated" for lucid?
<TheLordOfTime> i.e. are SRUs still accepted for it.
<TheLordOfTime> smb, you are needed in #ubuntu-meeting
<zul> rbasak:  #ubuntu-meeting please
<TheLordOfTime> ^ that
<uvirtbot`> TheLordOfTime: Error: "that" is not a valid command.
<TheLordOfTime> STOP NINJAING ME ZUL!
<TheLordOfTime> :P
<lynxman> zul++
 * TheLordOfTime casts "Slow" on zul.  zul loses 50% speed.
<TheLordOfTime> okay, enough with my offtopicness.
 * TheLordOfTime pokes SpamapS to make sure SpamapS hasn't died.
<TheLordOfTime> SpamapS, did you check that pastebin?
<SpamapS> TheLordOfTime: yes, sorry distracted..
<TheLordOfTime> no problem :)
<SpamapS> TheLordOfTime: re the second question, yes, lucid SRU's are accepted, though only for high/critical bugs
<TheLordOfTime> ah, so this would not need lucid fixing :P
<SpamapS> TheLordOfTime: Lucid server packages are supported for 2.5 more years
<TheLordOfTime> SpamapS, if only high/crit bugs are being fixed in Lucid, then excluding that all currently supported releases have the fix for that bug.
<SpamapS> TheLordOfTime: so the default appears to be 5, instead of 50, so, it does seem like thats Fixed
<TheLordOfTime> i'll mark that :)
<TheLordOfTime> SpamapS, that's the conclusion I came to as well, but i wasnt sure about whether it needed fixing in Lucid first :p
<TheLordOfTime> hence asking for a research-check ;)
<SpamapS> TheLordOfTime: we never fix in old releases first
<SpamapS> TheLordOfTime: dev release first, then backport to wherever it might make sense
<TheLordOfTime> SpamapS, this had already been fixed in dev and the other releases
<TheLordOfTime> in *this* circumstance that's the case
<SpamapS> TheLordOfTime: thats almost always the case.. that its fixed in newer releases first
<TheLordOfTime> SpamapS, i've done a few SRUs before, i'm aware it gets fixed release -> older in reverse-chrono order.
<TheLordOfTime> s/release/devRelease/
<TheLordOfTime> the question was whether lucid factored into this one bug
<SpamapS> yeah ok we're just talking about nothing. +1 go forth, fix released that bug, and continue your awesome help with PHP :)
<TheLordOfTime> yep.
<TheLordOfTime> this was me just sifting through old bugs that were likely fixed :P
 * TheLordOfTime yawns as he realizes his local builders failed again
<ahasenack> hallyn: hey, that blog post of yours (http://s3hh.wordpress.com/2012/10/22/easily-making-a-blockdev-available-to-a-container/), it's missing a link to the actual script
<ahasenack> hallyn: "So I use this script to set a container up to use a particular block device." <-- "this script" was meant to be a link probably
<ahasenack> it changes color when I hover over it :)
<hallyn> me mess up a blog posting?  impossible!
<hallyn> (j/k i hate blogging)
<hallyn> ahasenack: thanks!  updated
<ahasenack> hallyn: thanks! :)
<Daviey> hallyn: you blog great
<hallyn> aw shucks, thanks
<hallyn> stgraber: if you get bored at some point, my initial notes, in preparation for an email to the kernel team (or for a patch :) for a syslog ns design are at https://wiki.ubuntu.com/LxcSyslogNs
<hallyn> smb: ^
<uvirtbot`> New bug: #1031119 in nova "nova: proxy floating ip calls to quantum" [Medium,Fix committed] https://launchpad.net/bugs/1031119
<stgraber> hallyn: nice. Looks good. Only quickly read through but do you expect anything to be needed to make attaching to the syslog ns to work?
<stgraber> hallyn: thinking of the case where you start a daemon using lxc-attach, attaching to all namespaces from the outside, if that daemon uses the log buffer, it'd be nice to have that land in the right syslog ns
<hallyn> stgraber: hm, trying to parse that after thinking about cgroups, one sec...
<hallyn> stgraber: in that case, which would you call the right syslog ns?
<hallyn> i can definately say this much:  netfilter printks would go to the container syslog,
<hallyn> bc it would have lxc-attached to the netns, and netns would be 'owend' by the container syslogns
<hallyn> what i'm not sure about is whether we also have a syslogns pointer in nsproxy.  that depends on whether we need it, or whether we can get what we need with pointers from other namespaces to the syslogns
<hallyn> i should probably go to lkml with this soon, bc this design could easily be rejected.  the inter-relations between namespaces becomes ever more complex.
<hallyn> in fact, as i type, i wonder if it's better to restrict and simplify it - so only a user namespace can point to a syslog ns
<hallyn> as it is, every ns and task is owned by a user ns.  this would keep the relations impler
<hallyn> it would also mean that a container without its own userns could not have its own syslogns
<hallyn> (i'm done :)
<zul> hallyn: those patches work for me
<lifeless> smoser: around ?
<smoser> here
<lifeless> smoser: hey. So I was asking about the cloud-init-nonet upstart job. Specifically I've seen references to it in a bug, but its not in the cloud-image filesystem tarball, so I'm a little confused about *where* it can be found.
<smoser> lifeless,
<smoser> ubuntu@quantal$ dpkg -S /etc/init/cloud-init-nonet.conf
<smoser> cloud-init: /etc/init/cloud-init-nonet.conf
<smoser> ubuntu@quantal$ dpkg-query --show cloud-init
<smoser> cloud-init 0.7.0-0ubuntu2
<smoser> it should be in precise also. and maybe even oneiric.
<lifeless> smoser: *blink*. Clearly I fail.
<lifeless> smoser: thank you.
<smoser> no problem. :)
<lifeless> massive problem for my geek cred... but I can deal :)
<hallyn> zul: cool
<ahasenack> is there something new in lxc in quantal, related to apparmor?
<ahasenack> I can't even apt-get install lxc inside an lxc container
<ahasenack> apparmor_parser: Unable to replace "/usr/bin/lxc-start".  Permission denied; attempted to load a profile while confined?
<sarnold> I don't know when it was introduced, but yes, lxc containers are contained with apparmor
<ahasenack> I see there are two lxc profiles at least
<ahasenack>  /etc/apparmor.d/lxc/lxc-default-with-nesting and /etc/apparmor.d/lxc/lxc-default
<ahasenack> the -with-nesting one seems the right one, as it also allows mounting of cgroup
<ahasenack> not sure how either one is selected, or if I have to do something
 * ahasenack debugs
<ahasenack> I'm also getting apparmor errors when trying to mount cgroup inside lxc
<ahasenack> so I guess nested lxc doesn't work
<ahasenack> but I think it used to, I vaguely remember it working in precise
<ahasenack> but I could be wrong
<ahasenack> [15799.661604] type=1400 audit(1352226887.742:122): apparmor="DENIED" operation="mount" info="failed type match" error=-13 parent=31318 profile="lxc-container-default" name="/sys/fs/cgroup/cpuset/" pid=31326 comm="mount" fstype="cgroup" srcname="cgroup" flags="ro"
<ahasenack> not using the lxc-default-with-nesting profile then
<uvirtbot`> New bug: #1066115 in cloud-init "The landscape client plugin doesn't create the config file with the proper permissions" [Undecided,New] https://launchpad.net/bugs/1066115
<danieltlx> Hello, I'm trying to install phantom.js on remote ubuntu 10.04 x64 server. I'm accessing it using gitbash from my pc. I did download the .bz2 file, using "wget". how do I install it now? what should be done? do I need to "run" it ? thanks.
<sarnold> danieltlx: probably just scp it to your server, bunzip2 the file, put it in place in your web hierarchy, chown it to the correct owner, and chmod to permissions that forbid writing
<uvirtbot`> New bug: #1064771 in ubuntu-se-server "FrigÃ¶ra diskutrymme pÃ¥ adder" [Medium,Confirmed] https://launchpad.net/bugs/1064771
<uvirtbot`> New bug: #1070345 in cloud-init "need to restart landscape after updating config" [Medium,Fix committed] https://launchpad.net/bugs/1070345
<uvirtbot`> New bug: #1075736 in lxc (universe) ""lxc-create -u ubuntu" fails if /var/cache/lxc too old?" [Undecided,New] https://launchpad.net/bugs/1075736
<joren> Hey, can anyone tell me if it's possible to run a maas cluster without any "nodes"
<joren> like, add the master server as a node?
<bigjools> what are you actually trying to achieve?
<joren> I guess I was thinking I'd use maas as an easy way to manage vms, is that not quite what it is?
<bigjools> no, it's not, maas manages real hardware
<bigjools> you can set up VMs as nodes but it's mainly for developer testing
<joren> makes sense, sorry for the dumb question then :)
<joren> that does still sound pretty useful so maybe I'll leave it installed on this server
#ubuntu-server 2012-11-07
<resno> ive got a server install but i want to go more minimal.. can i easily remove apps or should i reinstall?
<patdk-lap> you can easily uninstall
<patdk-lap> though I always do minimal installs
<resno> whats the easiest way to remove those extra packages?
<resno> i had like wpa-supplicant installed
<resno> patdk-lap: ^
<patdk-lap> I think wpa-supplicant is in minimal also
<resno> really?
<patdk-lap> maybe not
<patdk-lap> apt-get purge fuse.* libfuse.* mlocate ppp.* rsyslog ufw dhcp.* libntfs.*
<patdk-lap> that is what I normally remove from a minimal install
<resno> you even remove stuff from a minimal install?
<patdk-lap> hmm, it's a server, I don't need dhcp, fuse, ntfs, mlocate, ppp
<resno> whats rsyslog for?
<patdk-lap> normal logs
 * jdstrand_ raises eyebrows at removing the syslogger
<patdk-lap> jdstrand_, that was tune for using syslog-ng
<patdk-lap> that is installed on the next line :)
<resno> patdk-lap: should i just reinstall and use minimal? or can i easily weed out the extra installs
<resno> err, packages*
<patdk-lap> I dunno about easily
<resno> you use puppet?
<patdk-lap> nope, don't do enough to care
<patdk-lap> and most of my vm's are all different, not the same
<patdk-lap> so really not worth it for me really
<resno> ill just try using tasksel. hopefully thatll bring it down a bit
<patdk-lap> hmm?
<patdk-lap> tasksel only increases it
<resno> it had "basic server" checked before.. so i unchecked it...
<resno> so, i broke the vms network connection, any suggestions to how to recover it?
<koolhead17> philballew:
<philballew> can I use your picture of the the openstack book?
<philballew> koolhead17,
<koolhead17> philballew: which one
<philballew> koolhead17, hum, did you post a pic with your new openstack book review?
<philballew> if not, maybe I am loosing it
<koolhead17> philballew: heh ur. i don`t see any pic there :P
<philballew> ah, heres my review
<philballew> http://philipballew.wordpress.com/?p=195&preview=true
<koolhead17> 404
<philballew> nice!
<philballew> http://philipballew.wordpress.com/2012/11/07/openstack-cloud-computing-cokbook-review/
<philballew> koolhead17,
<philballew> koolhead17, thoughts?
<koolhead17> philballew: looks great. can u tweet the new link so tht i can RT :P
<philballew> koolhead17, yeah the link now is: http://philipballew.wordpress.com/2012/11/07/openstack-cloud-computing-cookbook-review/
<balboah> my god the "scanning disks" step before partitioning are taking minutes for my new server install
<uvirtbot`> New bug: #1075917 in lxc (universe) "[wishlist] Support for lxc.network.gateway in precise" [Undecided,New] https://launchpad.net/bugs/1075917
<uvirtbot`> New bug: #1075948 in cinder (main) "Cinder installation depends on installing Git" [Undecided,New] https://launchpad.net/bugs/1075948
<Darkstar1> Hi guys.
<Darkstar1> Can I (or rather is it wise to) apply fail2ban on the apache port? I ask because the site was getting about 3.5k fake requests per min, so we called the provider and he said it was nothing special, and to install fail2ban
<Delemas> I just rolled 12.10 out as a DNS server. At every login it complains it will check /dev/sda1 (my ext2 256M boot drive) for errors. The drive is fine and a full fsck from a rescue disk finds nothing. Anyone else seen this?
<ironm> hello. Please allow me one question:  I have 8 ethernet interfaces on ubuntu-server 12.04 KVM host. The host doesn't support the IOMMU flag in the BIOS. I would like use bonding of interfaces (4 groups with 2 interfaces each). Is it recommended to do it on the KVM or VM side? (due to performance)
<danieljs> Hello. I'm trying to install phantomjs under ubuntu 10.04 x64. I get "Segmentation fault" everytime I try to run it. Anyone knows what's the problem ?
<holstein> danieljs: pastebin the entire error if convenient
<danieljs> ok
<danieljs> :~/phantomjs-1.7.0-linux-x86_64/bin# ./phantomjs
<danieljs> PhantomJS has crashed. Please read the crash reporting guide at https://code.goo
<danieljs> gle.com/p/phantomjs/wiki/CrashReporting and file a bug report at https://code.go
<danieljs> ogle.com/p/phantomjs/issues/entry with the crash dump file attached: /tmp/6dc0a3
<danieljs> 05-25d0-0a0c-565d487d-295cb741.dmp
<danieljs> Segmentation fault
<fego> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<danieljs> ok. sorry.
<holstein> danieljs: where did you get that application? i would try going one version or the other to troubleshoot
<danieljs> PhantomJS has crashed. Please read the crash reporting guide at https://code.goo
<danieljs> gle.com/p/phantomjs/wiki/CrashReporting and file a bug report at https://code.go
<danieljs> ogle.com/p/phantomjs/issues/entry with the crash dump file attached: /tmp/6dc0a3
<danieljs> 05-25d0-0a0c-565d487d-295cb741.dmp
<danieljs> Segmentation fault
<danieljs> oops
<danieljs> http://paste.ubuntu.com/1339977/
<danieljs> like that ?
<holstein> danieljs: yup :)
<danieljs> :-)
<rbasak> phantomjs is packaged - 1.4 in precise, 1.6 in quantal. You could try using that unless you have the latest version
<danieljs> I use phantomjs 1.7
<holstein> danieljs: sure, but ubuntu is not packaging that.. and you'll need to go to the package maintainer to troubleshoot
<danieljs> tried the packaged version. also tried the build
<TheLordOfTime> did you build from source for that?
<holstein> danieljs: i would try the one in the repos to troubleshoot
<danieljs> that ? https://code.google.com/p/phantomjs/issues/detail?id=860&thanks=860&ts=1352298059
<danieljs> emm. so the problem is that phantom 1.7 does not work with ubuntu 10.04 x64 ?
<danieljs> I does work on my local ubuntu 12.04. I must install phantomjs on our server, which is ubuntu 10.04.
<danieljs> I'm new with this stuff.
<holstein> danieljs: i would ask the maintainer.. it might also be easier to upgrade to 12.04
<holstein> danieljs: you can also try older versions of phantomjs and see if they are more compatible with ubuntu 10.04
<danieljs> I asked my boss to update to 12.04
<danieljs> we can't do that for some reson..
<holstein> danieljs: well... you will at some point
<holstein> danieljs: im not saying that is the only solution
<holstein> im just saying, the package maintainer is the best place to get help.. it will likely be suggested to try the most recent version
<danieljs> you mean to talk with the maintainer of phantomjs ?
<holstein> danieljs: correct.. the person that is responsible for the software
<holstein> danieljs: i would try the packaged version that rbasak mentioned as well
<danieljs> precise and quantal are names of alternative packages ? do I get it right ?
<holstein> danieljs: those are releases... precise is 12.04... quantal is 12.10
<danieljs> aha (-; oops
<holstein> danieljs: the newer versions of phantomjs dont have to support ubuntu 10.04
<holstein> i always say, if the software is all open, then anything is possible.. but the question is, is it worth it
<danieljs> but I am using the new version of phantom - 1.7
<holstein> 10.04 will reach EOL.. you *will* want to upgrade to 12.04 at some point.. this might be the easiest way to get a safe and secure setup for a production environment
<holstein> danieljs: you are using software that may or may not be intended for 10.04
<holstein> danieljs: if it were me, i would ask the maintainer about 10.04 support.. i would look at how i built/installed.. i would try older versions that might be 10.04 appropriate for troubleshooting
<holstein> https://groups.google.com/forum/?fromgroups=#!topic/phantomjs/bFWkivibo5w
<hallyn> ivoks: around?
<ivoks> hallyn: yes?
<ivoks> a bug?
<ivoks> the bug?
<hallyn> ivoks: d'oh, where'd the number go...  one sec :)
<hallyn> ivoks: yeah bug 882485 , is that someting on your radar?
<uvirtbot`> Launchpad bug 882485 in ubuntu "[needs-packaging] Sanlock" [Wishlist,Confirmed] https://launchpad.net/bugs/882485
<ivoks> hallyn: not really, but i can look at it
<ivoks> hallyn: sounds like something that would fit into ubuntu-ha-maintainers ppa
<hallyn> ivoks: meaning i should ping roaksoax ?
<ivoks> hallyn: or me :)
<hallyn> ivoks: but it's packaged in debian, so seems like it should be fine for universe...
<hallyn> heh, great :)
<danieljs> holstein: thanks a lot for the support.
<Darkstar1> Can I (or rather is it wise to) apply fail2ban on the apache port? I ask because the site was getting about 3.5k fake requests per min, so we called the provider and he said it was nothing special, and to install fail2ban
<andresama> hi
<andresama> i am having some troubles setting an startup script on ubuntu 12.04
<andresama> its the beanstalkd service
<hallyn> (deep sigh) all right i guess i'll go verify the lxc precise-proposed bugs, they're holding up new srus
<SpamapS> andresama: can you be more specific?
<andresama> yes, i just installed beanstalkd
<andresama> with apt-get
<andresama> but if i reboot the server it does not start automatically
<andresama> so i was trying chkconfig with no luck, and i saw ubuntu is using upstart
<andresama> with upstart how can i set this service to start
<uvirtbot`> New bug: #1076031 in lxc (universe) "ubuntu-cloud options parsing bugs" [Undecided,New] https://launchpad.net/bugs/1076031
<uvirtbot`> New bug: #1076028 in maas (main) "maas-cluster-controller should conflict with tftpd-hpa" [Medium,Confirmed] https://launchpad.net/bugs/1076028
<Darkstar1> Anyone here with fail2ban experience?
<Darkstar1> I need to know how to configure it to mitigate the effects of a DDoS attack
<patdk-wk> hmm, install it, it works :)
<hallyn> SpamapS: so 1 of 7 bugs in the lxc precise sru was not actually fixed.  I'll upload a new version with that missing bit in, with bumped version #.
<Darkstar1> patdk-lap: it does I'm sure. Already seen some bans in the iptables, but It hasn't really mitigated this DDos
<hallyn> SpamapS: i'm pushing version with the final bit in, with bumped version #
<patdk-wk> Darkstar1, maybe you don't get what it does, fail2ban is not anti-ddos
<Darkstar1> patdk-wk: I'm still getting a lot of fake page requests showing up in the error log from certain IPs
<hallyn> SpamapS: if i do so, do i need to do a -r<two-versions-prior> to get all the bugs in changelog?  or can you accept the 0.7.5-3ubuntu64 for the 6 fixed bugs?  (i expec tnot, but ....)
<SpamapS> hallyn: so 1 wasn't fixed? Did it regress things?
<hallyn> SpamapS: nope, just a missing bit
<hallyn> (missing switch fromnetstat -xa to netstat -xl)
<SpamapS> hallyn: seems like it would be better to release with 6 fixes and 1 non-fix that doesn't hurt anything than to delay all those fixes for another week+
<SpamapS> hallyn: ahh, but the changelog says it fixed that one?
<hallyn> SpamapS: that'd be great. do i just manually re-mark the nonfixed bug as not fixed?
<hallyn> yeah
<SpamapS> hallyn: bug#?
<Darkstar1> patdk-wk: even if it's not I would've thought it would've picked up a few of the ip addersses that are requesting fake pages more than 50 times in the minute
<SpamapS> hallyn: I'd rather see the P's and Q's minded, but if its something minor..
<hallyn> bug 1043018
<uvirtbot`> Launchpad bug 1043018 in lxc "lxc-ls lists running containers multiple times" [Low,Fix committed] https://launchpad.net/bugs/1043018
<patdk-wk> Darkstar1, well, by default it doesn't block anything, did you enable it to? and did you teach it to know what a fake page to block is?
<patdk-wk> yep, fail2ban doesn't come with a script to block *missing* pages
<Darkstar1> patdk-wk: I meant missing page requests.
<Darkstar1> Actually those should turn up a 404 as well, So I just need to "teach it to block an ip that generates too many 404s in a certain amount of time. Right??
<patdk-wk> yep
 * Darkstar1 sighs another long tutorial reading :/
<hallyn> ivoks: sorry, one more - bug 1075950 - do you remember having to deal with that in the past?
<uvirtbot`> Launchpad bug 1075950 in libvirt "Starting clustered lvm vg pool fails with status 5" [Medium,Confirmed] https://launchpad.net/bugs/1075950
<xnox> hmm....
<ivoks> hallyn: monitoring?
<ivoks> hallyn: yes... i've seen bugs about it
<ivoks> hallyn: we have patched lvm's code, instead of setting configuration option
<ivoks> hallyn: so, even if one sets monitoring to y in lvm.conf, this is being ignored
<ivoks> hallyn: one needs to explicitly add --monitor y to lvm cli
<ivoks> hallyn: monitoring-default-off.patch
<ivoks> hallyn: in lvm2
<hallyn> ivoks: so do you think i should mark the bug as affecting lvm2?
<ivoks> hallyn: yes, it's a lvm2 bug...
<ivoks> not a libvirt one
<hallyn> ivoks: <nod>  thanks
<ivoks> we have simillar problem with clvm in pacemaker environment
<ivoks> we patched pacmaker's OCF to explicitly use --monitor y
<hallyn> all right i'll mark it against lvm2, and i guess put down a note to patch it myself in 10 days if noone else (actual maintainer) gets to it
<ivoks> hallyn: good luck :)
<hallyn> heh, thanks
<SpamapS> hallyn: You know just upload another lxc to precise-proposed with bug #1043018 fixed (use -v back to the pre-proposed version as usual), I'll queue-jump it to get it into precise today, and we'll get it out to users by next Wednesday
<uvirtbot`> Launchpad bug 1043018 in lxc "lxc-ls lists running containers multiple times" [Low,Fix committed] https://launchpad.net/bugs/1043018
<SpamapS> hallyn: I'm starting my SRU run here in a few minutes anyway, so its good timing. Just ping me when its uploaded.
<hallyn> SpamapS: thanks, pushed
<uvirtbot`> New bug: #1076075 in maas (main) "maas_cluster.conf ends up with the wrong URL after upgrade." [Critical,Confirmed] https://launchpad.net/bugs/1076075
<Darkstar1> is there anyplace where I can see who initiated a server restart?
<Darkstar1> Can anyone help me with my fail2ban config? This: http://fpaste.org/4DSC/ isn't working
<mgw> Darkstar1: I think you could surmise who restarted by looking at auth.log and syslog
<Darkstar1> mgw: ok thx
<SpamapS> Darkstar1: restarts are root level activities, so.. you know.. root did it. Whoever was acting as root.. well.. auth.log would definitley show su's and sudo's..
<mgw> in particular arth.log
<mgw> e.g., from one of my systems:
<mgw> auth.log.1:Oct 29 12:31:14 ubuntu sudo:  xxx : TTY=tty1 ; PWD=/home/xxx ; USER=root ; COMMAND=/sbin/reboot
<mgw> so grep all your auth logs for reboot
<Darkstar1> mgw: just did. No output
<mgw> What is your uptime? That will pinpoint when it was rebooted
<Darkstar1> mgw: I know when it was rebooted. as the time shows up in the output to last
<mgw> do you see anything interesting in syslog just before that time?
<mgw> Darkstar1: ^
<Darkstar1> sec checking
<sliddjur> Can I get help with ACL here or is there some special channel for those matters
<baldfat> what is the best practice for having a console close? My  Linux server has about 20 consoles open from former ssh sessions that timed out.
<mdeslaur> SpamapS: am I crazy, or did we ship precise's php5 with magic_quotes turned on by default?
<uvirtbot`> New bug: #1052677 in horizon "Error when clicking on OpenStack logo" [Medium,Fix released] https://launchpad.net/bugs/1052677
<koolhead17> do we have zeromq supported with ubuntu pkg
<sarnold> koolhead17: apt-cache search zeromq returns libzmq1 and libzmq-dev, among other packages
<sarnold> koolhead17: note it is in universe, so community supported
<koolhead17> sarnold, AFAIK i remember it was decided it will go to main sometime in R i wonder if i wrongly interpreted it :(
<mdeslaur> SpamapS: oh, only for CGI though
<sarnold> koolhead17: could be, could be, my tools make it easy to see current easier than future :)
<koolhead17> sarnold, true :)
<SpamapS> mdeslaur: IIRC, thats one of those "CGI is f*'d anyway" things
<mdeslaur> SpamapS: hehe
<SpamapS> There was some rason
<SpamapS> reason even
<mdeslaur> SpamapS: it was just unexpected...and I originally thought it was turned on for more than just CGI
<mdeslaur> SpamapS: I've stopped panicking now :P
<SpamapS> mdeslaur: :)
<SpamapS> "DON'T PANIC: its just php"
<mdeslaur> hehehe
<mdeslaur> "The uneasy feeling you are experiencing is perfectly normal."
<uvirtbot`> New bug: #1076107 in requests (main) "Upgrade to new upstream version 0.14.2" [High,Fix released] https://launchpad.net/bugs/1076107
<JoeyG> Hi Team, I'm hoping someone can help. I'm trying to install Ubuntu Server 12.04.1 on an Apple Mac Mini 2012 (which according to MacOSX has an 'AppleBCM5701Ethernet'. The installer can't find the interface, and I can't get the interface to work once Ubuntu installed. Any suggestions? There was some other oddities with the 2012 Mac Mini that I posted about here: http://ubuntuforums.org/showthread.php?p=12340780#post12340780
<sd> Hello i need help with mod_proxy in apache anyone can help me, i try to run two server on port 80
<sd> i can pay for your time
<sarnold> JoeyG: have you tried loading all the modules in /lib/modules/`uname -r`/kernel/drivers/net/ethernet/broadcom/ ?
<JoeyG> sarnold: just the tg3 ones as apparantly that's what is applicable, but I will try load all of them now
<sarnold> JoeyG: there's a handful there, just run 'modprobe b44` and so forth ...
<sarnold> JoeyG: tg3 was going to be my guess for first choice, but .. you never know. :/
<JoeyG> no luck unfortunately :(
<JoeyG> It's quite annoying as I have a 2010 Mac Mini here that Ubuntu 12.04.1 installed on perfect, but I need to be able to support the new ones as that's all I'll be able to buy >_<
<sd> hello are there a apache expert here?
<sarnold> sd: it may work better to ask a specific question
<sd> i Have two webserver, i want to run all websitet in port 80
<sd> i use apache mod_proxy there i have problem for setup there
<JoeyG> sd: What is the purpose of 2 web servers? Redundancy? Load Balance? 2 Different applications?
<JoeyG> You haven't really explained a situation where mod_proxy should be used yet
<sd> No same server
<sd> but i want to run in same ip
<sd> so i have two webservers..
<JoeyG> so 1 physical server
<JoeyG> but 2 instances of apache? Or 1 instance of apache but 2 different websites?
<sd> Yes joeyG
<sd> Server 2 are to testing
<sd> and 1 to orginale website.
<sarnold> why does a testing website also need to be served on port 80?
<sd> not really testing but small other sites
<JoeyG> sd: if you are using only 1 server, sounds like you would be better off using VirtualHosts on the one instance of apache?
<sd> Yes i know JoeyG
<JoeyG> So why not use VirtualHosts?
<sd> I want to use seperate machines
<ablyss> He thinks mod_proxy will allow him to run two apache servers on port 80
<sd> because dont want to come problem in orginale server.
<sd> Yes ablyss
<ablyss> when in fact mod_proxy does external redirects
<sd> So what are solution for that, i have only 1 ip?
<ablyss> 1 machine ?
<sd> 2 machines
<ablyss> you need a router than can forward port 80 to two machines first.  What u using for router?
<ablyss> er, never mind that.
<sd> ablyss i using router
<sd> cisgo router
<ablyss> basically you want to use mod_proxy to forward a virtual host to another machine
<JoeyG> WTF sd, you said 1 physical server.
<JoeyG> So you have one public facing server, and one non public facing server, you want public facing server to proxy requests on that are not hosted locally on that server, to the private server.
<sd> Can i use htacces?
<uvirtbot`> New bug: #1076155 in tomcat7 (main) "tomcat7 from aptitude repositories does not deploy or explode applicationsapplications" [Undecided,New] https://launchpad.net/bugs/1076155
<sd> hello how can i reset my mysql server?
<sarnold> sd: what do you mean by 'reset'?
#ubuntu-server 2012-11-08
<fang0654> Anyone know of any way of automatically updating tripwire when security updates are installed, or of a better means of checking that no system files are tampered with automatically?
<fang0654> nevermind, looks like debsums will do what I need
<BaldFat> I have samba working on my server for printer but no file shares show
<uvirtbot`> New bug: #1076277 in rrdtool (main) "package rrdcached 1.4.7-1 failed to install: le sous-processus script post-installation installÃ© a retournÃ© une erreur de sortie d'Ã©tat 139" [Undecided,New] https://launchpad.net/bugs/1076277
<danieljs> Hello. I'm trying to install Phantomjs 1.7 on Ubuntu 11.04 x64. the hosting is mediatemple. I get "segmentation fault". Anyone can help? thank you.
<TheLordOfTime> danieljs:  you know 11.04 is end of life right?
<uvirtbot`> New bug: #1076286 in puppet (main) "Puppet agent not correcly configuring facts synch'd from master" [Undecided,New] https://launchpad.net/bugs/1076286
<cjs> I did an install of a server from the Ubuntu alternate install disc with two mds: /boot and LVM container, and a root and swap inside the LVM container. However, when I try to boot that disk, it just hangs with a blank screen (apparently before or around the very start of grub). Any thoughts on what's wrong?
<cjs> (And yes, I'm going to re-do the install from the server disk. Brain fart.)
<uvirtbot`> New bug: #1076290 in cobbler (universe) "cobbler-web throws 500 internal server error" [Undecided,New] https://launchpad.net/bugs/1076290
<danieljs> Hello. I'm trying to install Phantomjs 1.7 on Ubuntu 11.04 x64. the hosting is mediatemple. I get "segmentation fault". Anyone can help? thank you.
<danieljs> I can't install a newer version of ubuntu on mediatemple...
<gucki> good morning
<gucki> I'm using latest ubuntu quantal server and have a serious kvm memory problem.
<gucki> A kvm guest i started with -m 2048 (so 2048 of ram) is actually taking 2700 (res) and 4700 (virt) as seen by top or ps on the host...?! :-(
<gucki> how can i debug and fix this? :-)
<cjs> gucki: That may not be a problem.
<gucki> cjs: why not? the guest is consuming much more resources than it should?
<cjs> gucki: Possibly not. Let me just check my guests.
<cjs> gucki: Though I am on an 8.04 system here.
<cjs> gucki: Ok, so my guests set up for 1572864 bytes of memory have a VSS of 1787264 and RSSs ranging from 612600 to 788200
<cjs> Oh, wait, one has a VSS of 1818048.
<koolhead17> here i am , this is me!!
<gucki> cjs: mh, so a little overhead but not that much as on my system...
<cjs> gucki: I'm guessing that my RSS is considerably less than allocated because I rebooted yesterday and these VMs don't do much (and in particular, don't use much memory).
<cjs> But remember, with all memory in use, you'd expect RSS (when you're not paging to swap) to be the size of the memory allocated to the VM *plus* whatever KVM is using for its own code, data, etc.
<cjs> And VSS may not all be memory that's actually in use. I believe that VSS represents all mapped pages, regardless of whether they've ever been backed by disk or physical RAM.
<cjs> So, you might be able to work out what's going on by looking at your total RAM+swap in use, and figuring out how much larger that is than the memory allocated to the guests.
<cjs> (Oh, yeah, RSS may also represent shared pages, if I recall correctly. So four VMs would share the pages holding the KVM code that they're running.)
<gucki> cjs: yes, so i'd expect an rss of 2048mb + a few megs (not 700!) for kvm..
<gucki> cjs: guess i'll write to the kvm mailinglist..
<cjs> gucki: Yeah, I guess 700 MB is a bit much.
<cjs> gucki: But as I said, take a look at total memory usage of your system and see if there's hundreds of megs not account for there, too.
<Daviey> koolhead17: Have you met evilnickveitch ?
<Daviey> koolhead17: evilnickveitch is the evilest, bestest doc king in the world (second to you ofc.).
<koolhead17> hello evilnickveitch :)
<evilnickveitch> ah! koolhead17 , yes, we have conversed briefly!
<Daviey> koolhead17: he might be able to help you drive the docs you were talking to me about.
<koolhead17> Daviey: we exchanged email
<koolhead17> thanks Daviey :)
<koolhead17> hello evilnickveitch again!! :D
<evilnickveitch> so there Daviey, nobody needs you :P
<evilnickveitch> hi koolhead17 , we should catch up sometime :)
<koolhead17> evilnickveitch: yes sir!!
<koolhead17> evilnickveitch: Daviey is Daviey :D
<Daviey> evilnickveitch: I am just a dumb manager now, i know.
<koolhead17> Daviey: so your saying manager role makes ppl dumb :D
<Daviey> koolhead17: Yep.
<koolhead17> evilnickveitch: pm?
<evilnickveitch> ok
<koolhead17> Daviey: now that is harsh!! :D
<cjs> So when my 12.04 amd64 server install boots, I get a grub menu, and things seem to work ok if I do a rescue boot. But if I do a non-rescue boot, I end up with a blank screen. (The monitor's still getting a signal, but there's no text or anything else.) Ctrl-Alt-F1 through F8 don't bring up anything, either. Ideas?
<cjs> Anybody here know how I change the option to abort or continue a boot when the RAID is broken?
<xnox> cjs: dpkg-reconfigure mdadm
<xnox> should offer to answer boot-degraded question.
<xnox> or you can set boot option to boot-degraded.
<xnox> rebuild initramfs.
<ironm> Hello. I run buntu-server 12.04 based KVM host. I am not sure if it is my wrong configuration or a kvm networking issue. Both  <interface type='direct'> and <interface type='bridge'> *don't* work. Only  <interface type='network'> works as expected. Config files including description of the test environment are at http://rsync.it-infrastrukturen.org/.kvm/ and in this file: http://rsync.it-infrastrukturen.org/.kvm/README-kvm-networking-
<ironm> issues.txt
<ironm> http://rsync.it-infrastrukturen.org/.kvm/README-kvm-networking-issues.txt
<RoyK> xnox: ut should be *default* to boot degraded!
<RoyK> !bug 1059541
<uvirtbot`> Launchpad bug 1059541 in initramfs-tools "Change default behavoir to boot degraded RAID" [Undecided,New] https://launchpad.net/bugs/1059541
<ironm> Is there any possibility to run KVM in debug mode or other ubuntu specific trace possibilities? Thank you in advance for any hints.
<xnox> RoyK: the decision was from before my time. At the time there was a divide between: never boot system if it's known to not have assumed reliability vs always boot even if degraded.
<patdk-lap> heh, every hardware raid I have ever worked with, boots degraded
<cjs> xnox: Thanks!
<a_ok> I'm using lsyncd, but the ubuntu package only contains an old fashioned init script. how do I make it start on boot?
<RoyK> xnox: I'm not blaming you, just saying that RAID is pretty useless if a server fails to boot with a single dead drive
<a_ok> RoyK: depends on why you are using it. If you are going for speed for example RAID can make quite a difference
<patdk-lap> heh?
<patdk-lap> a raid with one disk bad, working, is faster than a raid with one disk bad that won't boot
<cjs> xnox: Actually, dpkg-reconfigure mdadm didn't seem to do the trick, because it didn't add bootdegraded=true to my linux line in the grub config.
<xnox> cjs: did you run update-initramfs ?
<cjs> xnox: (Or at least, that's what I'm told on boot.)
<RoyK> a_ok: it's no point in checking if a disk is missing - if you can mount it, mount it - if you can't, it'll throw you into single anyway
<cjs> xnox: I thought that dpkg-reconfigure did that for me.
<xnox> cjs: there are two interfaces one is a fine in the initramfs and the other one is linux-kernel boot option.
<a_ok> patdk-lap: mmm guess I budded in a conversation without having all the background info sorry.
<xnox> cjs: can you unpack initramfs and check? Instructions here: https://wiki.ubuntu.com/Initramfs
<cjs> So I need either one, but not both? I.e., my system should work without the bootdegraded=true, so long as other things are set?
<cjs> xnox: Ah, I just tried the reconfigure again, and it printed, afterwards: "update-initramfs: deferring update (trigger activated)".
 * RoyK guesses Dell has hired high school kids cheaply to develop their iDRAC software
<cjs> xnox: I use "update-initramfs -u"?
<cjs> xnox: yeah, update-initramfs -u did it. Thanks.
<otfrom> 'lo all
<uvirtbot`> New bug: #1076353 in nova (main) "nova [-] Could not find driver for connection_type None" [Undecided,New] https://launchpad.net/bugs/1076353
<caribou> smoser: thanks for the Merge on recordfailtimeout for Oneiric
<caribou> smoser: anything else that is required ? You mentioned something about not being marked Merged
<uvirtbot`> New bug: #1076306 in openssh (main) "Upgrading of OpenSSH on 10.04 LTS" [Undecided,New] https://launchpad.net/bugs/1076306
<BaldFat_> I have Samba serving printer fine but not files. Nothing in my samba logs and my smb.conf looks standard. What tools can I use to trace down my issue?
<smoser> caribou, you must have requested merge review from some group, and i'm not in that group, so i couldn't mark the thing as "merged" . maybe you can.
<caribou> smoser: lemme check...
<caribou> smoser: if you meant the "Status" field switched to Merged, looks like I just did, so yes I can
<caribou> smoser: anything else needed so it get uploaded to -proposed ?
<caribou> (thought I think you mentioned that it had already been done)
<smoser> caribou, i thought i uploaded. did i not?
<caribou> smoser: maybe you did, but I thought it had to be flagged as Merged for the upload to happen
 * caribou is still getting familiarized with the whole SRU proces
<smoser> caribou, its interesting...
<smoser> ubuntu distributed development has different levesls of acceptance.
<smoser> in the end, the archive is definitive.
<caribou> smoser: ok, just got your email. That's what I thought
<caribou> smoser: just that I went to look at the SRU request queue and did not see anything related to grub2
<smoser> i just sent you an email. http://paste.ubuntu.com/1342560/
<smoser> (for anyone playing along at home)
<caribou> smoser: is the process different for packages in Universe (which is the case for grub2) ?
<smoser> grub2 is not in universe.
<smoser> but it is no different for packages that are.
<Daviey> tyhicks: Hey, are you looking to merge acpid? :)
<Mez> 3
<Aison> it looks like some service on my server is blocked by ufw
<Aison> fileserv kernel: [876531.112366] [UFW BLOCK] IN=bond0.10 OUT= MAC= SRC=10.0.0.2 DST=239.255.255.253 LEN=131 TOS=0x00 PREC=0x00 TTL=1 ID=0 DF PROTO=UDP SPT=34570 DPT=34570 LEN=111
<Aison> this is logged on my server
<Aison> and the source is my server, destination some multicast address
<patdk-wk> aison, and your question?
<Aison> patdk-wk, oh yes :P well, why is something blocked coming from the same machine?
<Aison> it is sent by 10.0.0.2 and received bei 10.0.0.2?!?
<patdk-wk> cause that is not *coming* from your machine
<patdk-wk> IN=bond0.10 OUT=
<patdk-wk> so it came IN bond0.10 and to you
<Aison> but src is 10.0.0.2
<Aison> hmm
<patdk-wk> you have never heard of address spoofing, or more than one machine configured with the same ip?
<Aison> and I read the logs on 10.0.0.2
<Aison> patdk-wk, it is just a small testing network
<Aison> there is by sure no other machine with same ip
<patdk-wk> if it was going OUT from your machine it would say
<patdk-wk> IN= OUT=bond0.10
<patdk-wk> but it's multicast, it might be looping your outgoing packet back in to you
<patdk-wk> I'm not sure on the rules about that
<Aison> yes, that's what I think also, but then I wounder what application on 10.0.0.2 creates this multicast packet
<uvirtbot`> New bug: #1076442 in nova (main) "nova-novncproxy has a missing dep on websockify" [Undecided,Confirmed] https://launchpad.net/bugs/1076442
<SirScott> mdadm --device --scan is giving me an ARRAY of '/dev/md/0' and not '/dev/md0'.  Is that really what I want in my mdadm.conf?
<xnox> SirScott: sure, it's valid name.
<xnox> SirScott: read the manpages. It could be that you have a partinionable md device.
<SirScott> xnox: thanks, don't know why i didn't bother noticing it in /dev/md/
<SpamapS> Sirthe question is, why doyou want an mdadm.conf ?
<SpamapS> doh
<SpamapS> I hate when they leave
<xnox> SpamapS: that was what I was thinking as well... but hey it was easier to answer the question that was asked =)
<tyhicks> Daviey: Hey - I'll take a look at the merge today
<uvirtbot`> New bug: #1076464 in logwatch (main) "unmatched entries for gnome-screensaver" [Undecided,New] https://launchpad.net/bugs/1076464
<uvirtbot`> New bug: #1076461 in logwatch (main) "unmatched entries for smartd" [Undecided,New] https://launchpad.net/bugs/1076461
<Daviey> tyhicks: thanks!
<tempspace> Has anybody run into any issues with Ubuntu Server and the Intel Xeon SandyBridge E E5-4650
<zul> hallyn: im going to upload libvirt 1.0.0 if you have any objections
<NotLarry> I did a reboot -n on ubuntu 11.04 server this morning and now I get "ALERT! /dev/mapper/MachineName-root does not exist" and a busybox, initramfs prompt.  Raid array, which checks out at boot.  Nothing strange has happened (i applied not updates or installs) and the system had already rebooted twice today.  Can someone point me to what is going on?  No encrypted drives  or directories.  and ls /dev/mapper/ shows a link to ../d
<sarnold> NotLarry: cut off at "../d"
<NotLarry> ../dm-0, which seems to exist
<uvirtbot`> New bug: #1076489 in php5 (main) "Cannot be uninstalled without installing Apache2" [Undecided,New] https://launchpad.net/bugs/1076489
<Daviey> jamespage: ceph ftbfs in precise, expected
<Daviey> ?
<Daviey> jamespage: armel, armhf still building
<ironm> hello. Please allow me one question. Is it possible to bring during the boot "unused" eth interfaces up? (without giving them an IP address)?
<ironm> I run ubuntu-server 12.04.1 LTS
<ironm> I have in iterfaces like:
<ironm> auto eth1
<ironm> iface eth1 inet manual
<zul> Daviey: i think its a build ordering issue for ceph
<Daviey> zul: took 1 hour, 38 minutes, 0.1 seconds
<Daviey> sadly i can't tell you the milliseconds, which are vital
<zul> heh
<NotLarry> thanks all, after about the 4th reboot it came up
<jamespage> Daviey, it may be fussy about leveldb
<jamespage> infact it is - I remember now
<cornfeed> is there a way to tell apt to make sure installs fresh copies of all the config/init/default files again?
<cornfeed> for a certain package?
<escott> cornfeed, http://serverfault.com/questions/82801/linux-how-to-restore-config-file-using-apt-get-aptitude
<cornfeed> fancy, good find, thanks!
<cornfeed> hmm didnt work
<cornfeed> brb
<cornfeed> wow, i ended up having to extract it manually
<BaldFat_> cornfeed: apt-get purge <package> then apt-get install <package>
<cornfeed> yep didnt work either
<sarnold> really?
<BaldFat_> purge should get rid of everything. What package may I ask?
<sarnold> I've never seen that one fail; though you're not always in a position to be able to _use_ it...
<cornfeed> couldnt make this stuff up
<cornfeed> yeah the weirdest thing is the file it was complaining about didnt even exist
<BaldFat_> cornfeed: fact is stranger then fiction
<cornfeed> inspircd
<escott> BaldFat_, purge doesnt forget config modifications for some reason
<BaldFat_> so this is a package and not something you built?|
<cornfeed> i have compiled it manually, then that didnt work so i removed all the files I had in place, rebooted, and tryed installing through apt, which resulted in that error
<cornfeed> correct
<cornfeed> built, removed (entirely), then did apt
<BaldFat_> purge should and I swear it has before but who knows. I really find apt and aptitude as not the best (DUCKS) I love zypper for the last 5 years it has been great for me and the one server tht uses it.
<cornfeed> yeah, apt leaves alot to be desired
<cornfeed> i like gentoo's portage soooo much
<escott> cornfeed, something like --force-confnew should work for you
<BaldFat_> cornfeed: yeah that makes sense then. I hate building stuff because you have to manually look at the sh and figure out what got sent where. PC-BSD and Mac has the solution but no one will ever do it in Linux I am afraid
<escott> or a purge followed by a --force-confmiss
<BaldFat_> cornfeed: Google says they use Ubuntu mainly because apt and aptitude is MUCH better then yum and zypper :P
<cornfeed> lol
<cornfeed> linux and opinions
<cornfeed> a source of endless hilarity and argument
<BaldFat_> make it so much more fun. We can fight among ourselves for decades instead of the OS wars
<BaldFat_> also VIM
<cornfeed> lol
<BaldFat_> the newer people aka the last 2 years or so have no idea the rpm vs deb and vim vs everything wars were. That's a good thing.
<BaldFat_> cornfeed: This seems like a solution: dpkg -i --force-confmiss <package>
<cornfeed> tried that too
<cornfeed> no luck
<zul> hallyn: ping
<escott> i think the force confmiss only forces the installation of missing config files. so you would have to remove the file in question first
<cornfeed> okay, so this leads to another question. who do I contact to get a package updated?
<autif> I have hit this bug while customizing an installation. https://bugs.launchpad.net/ubuntu/+source/debootstrap/+bug/1001131
<uvirtbot`> Launchpad bug 1001131 in debootstrap "debootstrap fails to install customized Ubuntu" [Undecided,Confirmed]
<autif> I was hoping someone could point me to how to go about repackaging debootstarp from a deb file
<autif> into a udeb
<Daviey> dave@voodoo:~$ curl http://libvirt.org/news.html 2>/dev/null | grep "Chuck Short"
<Daviey>       ARMHF: implement /proc/cpuinfo parsing (Chuck Short),<br />
<Daviey>       ARMHF: CPU Support for armhf. (Chuck Short),<br />
<Daviey> woot!
<zul> whee!
<jamespage> nice one zul!
<jamespage> zul, are you or hallyn planning a libvirt upload for raring anytime soon?
<zul> jamespage: im sitting on one right now but i have to talk to hallyn first probably monday
<jamespage> zul, any chance you could enable the rados pool support?  I think it just needs a bd on librbd-dev
<zul> jamespage: it runs win28k just fine :) sure..
<jamespage> zul, lo
<jamespage> l
<jamespage> can't type
<zul> too much karaoke
<tboat> hey all! I'm currently trying to configure OpenVPN on my 12.04 server, and I get the following server when attemting to create ssl authentications: ./easy-rsa/build-ca: 8: ./easy-rsa/build-ca: ./pkitool: not found
<tboat> or does anyone have a link to a good OpenVPN setup guide?
<sarnold> tboat: looks like pkitools is packaged in /usr/share/doc/openvpn/examples/easy-rsa/2.0/pkitool in the openvpn package
<tboat> yes, and it i moved it to the openvpn/easy-rsa folder, where i am running the build-ca command
<tboat> so it is there, but doesn't pick it up
<sarnold> it is perhaps not executable in a documentation directory :)
<tboat> i copied it from the doc directory to /etc/openvpn
<tboat> had to edit /vars, got it figured out :)
<ironm> hello. Is there any other possibility on ubuntu-server 12.04.1 LTS for interface bondind (teaming/aggregation) than using ifenslave ?
<Daviey> zul: can you triage bug 1076442 pls
<uvirtbot`> Launchpad bug 1076442 in nova "nova-novncproxy has a missing dep on websockify" [Undecided,Confirmed] https://launchpad.net/bugs/1076442
<Daviey> bug 1052677 , bug 1073289 , bug 1073275
<uvirtbot`> Launchpad bug 1052677 in horizon "Error when clicking on OpenStack logo" [Medium,Fix released] https://launchpad.net/bugs/1052677
<uvirtbot`> Launchpad bug 1073289 in nova "nova-common has an incorrect dep on python-nova (= 2012.1-0ubuntu2)" [Undecided,New] https://launchpad.net/bugs/1073289
<uvirtbot`> Launchpad bug 1073275 in python-glanceclient "python-glanceclient has a bad version dep on python-prettytable" [Undecided,New] https://launchpad.net/bugs/1073275
<AaronHome> Hello.  I have an Ubuntu10 server that has its one ethernet port config'd in /etc/network/interfaces as "eth0". I've built a new Ubuntu12 server on another disk, attached to another machine.  Now time to swap.
<AaronHome> But the old Ubu10 bug, with the new Ubu12 disk in it boots ok, but inisist on 'talking' to the ethernet port that used to be "eth0" as "eth2".
<AaronHome> I've no idea why, but would _like_ to keep it as, or change it back to, "eth0".
<AaronHome> Can I do that somehow?
<erichammond> smoser, utlemming: http://cloud.ubuntu.com/ami/ is showing the AMI id for the old 099720109477/ubuntu/images/ebs/ubuntu-precise-12.04-amd64-server-20120424 instead of the newer 099720109477/ubuntu/images/ebs/ubuntu-precise-12.04-amd64-server-20121026.1
<smoser> erichammond, unfortunately thats a known issue.
<lifeless> AaronHome: you have udev rules that are pinning the new boxes ethernet ports as eth0/eth1
<erichammond> smoser: It came up here: http://askubuntu.com/questions/214431/
<AaronHome> lifeless: Those are autogenerated then?  _I_ never created them intentionally/manually.
<lifeless> yes
<AaronHome> lifeless: Found it (/etc/udev/rules.d/70-persistent-net.rules) Changed it.  Thanks.
<lifeless> no probs
<uvirtbot`> New bug: #1076656 in mysql-5.5 (main) "mysql --ssl-capath option doesn't work" [Undecided,New] https://launchpad.net/bugs/1076656
<joren> Is there a recommended way to setup an apt cache/proxy server these days? What's the best tool to use for that?
<patdk-lap> apt-get install apt-cache-ng
<lifeless> apt-get install squid-deb-proxy
<patdk-lap> I always have issues using squid to cache apt repo's
<joren> k, thank you both
<joren> I'll use the ng thing, I think that's what I was looking for
<patdk-lap> then for existing systems, you need to add someting like:
<patdk-lap> Acquire::http::Proxy "http://xxxx:3142";
<patdk-lap> into /etc/apt/apt.conf
<joren> cool
<joren> easy enough
<joren> would be easier if puppet was everywhere :P
<patdk-lap> heh, I do it at system install, so not bad
<patdk-lap> and use different dns overrides for local or general internet caches
<joren> cool, ya, I'll have to add it to my preseed
<joren> local mirror is long over due
<joren> er local cache
<jcastro_> just put the same cache server in your preseed
<bananapie> I installed fail2ban, it doesn't work because I don't accept passwords on ssh.
<jcastro_> and after the first installation you'll be good
<joren> well, *seems* to work
<joren> I guess the really test will come later on
<joren> real, rather
<joren> bananapie, http://serverfault.com/questions/248376/fail2ban-bans-me-after-a-series-of-successful-logins <- perhaps?
<joren> though, you probably don't need fail2ban on ssh if you only allow ssh keys.
<bananapie> joren: Nice :D
<bananapie> I stopped using passwords years ago.
<patdk-lap> joren, still need it :(
<patdk-lap> I have had people dos a t1 line, doing ssh attempts
<joren> I guess if you only have 1.5mbit, then ya :P
<patdk-lap> so just to keep bandwidth under control :)
<joren> and ya, I guess it's still useful
<bananapie> How can I simulate ssh hacking on my server ?
<bananapie> I did for i in `seq 1 50` ; do ssh serverip; done;
<bananapie> But it didn't ban me
<bananapie> I didn't even see anything in the logs :(
<joren> oh, if it's *not* banning you, that server fault thing probably wouldn't do it
<beeg98> I would just use ssh randomuser@myserver
<joren> his for thing shoulda done it
<joren> bananapie, nothing shows up in /var/log/authlog ?
<bananapie> dat's right
<bananapie> nothing shows up in auth.log, even though I see the traffic with ngrep
#ubuntu-server 2012-11-09
<joren> Maybe you're LogLevel value is too low
<bananapie> ;)
<joren> in /etc/ssh/sshd_config or whatever
<bananapie> LogLevel INFO
<bananapie> hmm, I see 'failed publickey for root...' not even though it doesn't say 'debug.
<bananapie> I think it might be the kernel's rate limiter
<joren> maybe watch ssh servername ?
<Xanthippus> Any tips for securing an Ubuntu Server?
<bananapie> I think it's "a Ubuntu server" and not "an Ubuntu server".
<Xanthippus> Either way :P
<bananapie> Usually, you use 'an' in front of a vowel, but I think because of the way Ubuntu is pronounced, it's an exception.
<bananapie> check netstat -antup make sure there are no unnecessary services running.
<joren> https://help.ubuntu.com/community/Security might be some good reading
<Xanthippus> Lots of udp and tcp
<Xanthippus> From command
<Xanthippus> What are the 0.0.0.0 IPs?
<bananapie> that means it's listening on all interfaces on your server
<Xanthippus> tcp and udp6 = IPv6 correct?
<Xanthippus> tcp6*
<patdk-lap> heh?
<patdk-lap> there are so many more protocols than tcp and udp, and neither of them have anything to do with ipv6
<Xanthippus> patdk-lap: I just did a netstat -antup, and I am currently looking at protocols
<patdk-lap> does netstat show sctp?
<bananapie> hmm, try netstat -atup instead, it will resolve service names, it will make it easier to read :)
<Xanthippus> Well the tcp6 and udp6 protocols have IPv6 addresses, which are with colons, like Mac addresses right?
<bananapie> the lines that are interesting are the ones with *:* in the Foreign adderss section
<patdk-lap> nope, seems netstat is limited to tcp and udp
<bananapie> I set the LogLevel in sshd_config to VERBOSE, and I see all my failed connections.
<bananapie> fail2ban now works, thx!
<joren> cool
<bananapie> nevermind
<joren> hmm
<bananapie> I no longer see 'failed public key' in my logs, I think rsyslog is supressing information.
<joren> can you use "watch ssh servername" instead of your for loop?
<joren> or make your 50 number higher?
<bananapie> I like watch :D
<bananapie> OH!
<bananapie> I found the problem
<bananapie> the second server I am using for the tests doesn't have a private key. I ran ssh-keygen, and fail2ban is now banning the server.
<joren> huh, I guess that makes sense
<bananapie> Thanks, fail2ban is working now.
<Xanthippus> bananapie: What's the directory for configing PostFix again?
<Xanthippus> And how do I install modsecurity for nginx?
<bananapie> /etc/ contains most configuration fies.
<bananapie> and most configs are either /etc/[softwarename].conf or /etc/[softwarename]/[configuration files]
<Xanthippus> Oh okay
<Xanthippus> How do I know if I'm using those authentification keys you mentioned?
<bananapie> Fail2ban is easy to install, nice!
<Xanthippus> I'm on step 11 of this guide, what do I enter for SMTP_HOST and SMTP_PORT? http://www.thefanclub.co.za/how-to/how-secure-ubuntu-1204-lts-server-part-1-basics
<bananapie> anyway know an easy command to cause failed logins on an imap server ?
<bananapie> given that you want to run an smtp server, you could enter 127.0.0.1 as the host
<Xanthippus> aka localhost?
<Xanthippus> Can I keep the port also?
<Xanthippus> noob question: how do I save rules to iptables?
<Xanthippus> I typed iptables-save, would that work?
<bananapie> iptables-save saves it yes, but you have to update /etc/network/interfaces as wel
<bananapie> well
<bananapie> try adding  the following line at the end of the eth0 interface
<bananapie> pre-up iptables-restore < /etc/iptables.rules
<Xanthippus> I use wlan0
<Xanthippus> And uh oh, I think I have a rootkit...?
<patdk-lap> yes :)
<Xanthippus> bindshell "infected" at ports 465
<patdk-lap> heh?
<Xanthippus> How do I get rid of this thing?!
<patdk-lap> what is, this thing?
<Xanthippus> A rootkit I think
<Xanthippus> I ran chkrootkit
<patdk-lap> netstat -anp
<Xanthippus> What am I looking for in netstat?
<patdk-lap> the name of the progrm on port 465
<bananapie> 465 = encrypted smtp
<patdk-lap> normally
<bananapie> ok
<Xanthippus> I think it's bindshell
<Xanthippus> idk
<Xanthippus> That's what chkrootkit said
<Xanthippus> There's no program on 465 here
<patdk-lap> what ip?
<Xanthippus> All in the 10k
<patdk-lap> heh?
<patdk-lap> how can it detect something there, if there isn't something
<patdk-lap> seems odd
<bananapie> I think he means RFC1918's 10.0.0.0/8
<Xanthippus> All the ports listed by netstat are in 14,000
<Xanthippus> How does someone find your server if you just activated it?
<patdk-lap> simple :)
<patdk-lap> isn't the normal time to infection of a winxp computer on the internet, 14min?
<Xanthippus> unhide.rb says warning from rkhunter
<Xanthippus> What does that mean?
<Xanthippus> Oh, btw, that port 465 thing with bindshell, it is false positive
<Xanthippus> http://benohead.com/chkrootkit-false-positive-bindshell-infected-port-465/
<patdk-lap> heh, you could fix your smtp server too, 465 went away a long time ago
<patdk-lap> replaced with port 587, submission port
<Xanthippus> How would I config that, patdk-lap ?
<patdk-lap> depends on your smtp server
<Xanthippus> ...would that be PostFix?
<patdk-lap> I dunno, did you make an account for me on your server? :)
<Xanthippus> lol no!
<patdk-lap> I would find it strange postfix would be on port 465, it isn't by default
<Xanthippus> Oh, so PostFix is the SMTP server
<Xanthippus> Thought it was something like Dovecot or mailman
<patdk-lap> postfix is A smtp server, no idea if it is the one installed on your server
<patdk-lap> if it is, edit /etc/postfix/master.cf
<patdk-lap> though, sounds like you have a lot to learn about just email alone :)
<Xanthippus> Exacly
<Xanthippus> I have no idea how to use as of yet
<Xanthippus> Turns out 465 is not the SMTP port
<Xanthippus> Like I said earlier, false positive
<Xanthippus> smtp is at port 25
<patdk-lap> I know
<bananapie> encrypted smtp or smtps is 465
<patdk-lap> smtps is 465
<patdk-lap> ssl smtp
<patdk-lap> tls smtp is 587
<Xanthippus> Oh okay there's an smtps on 465
<patdk-lap> 465 stopped being used before it was used
<Xanthippus> submission is on 587
<patdk-lap> 587 is much better
<Xanthippus> Should I disable 465 entirely?
<patdk-lap> I would
<patdk-lap> 587 serves the same purpose
<Xanthippus> How would I disable it?
<Xanthippus> Would I block it w/ ufw?
<patdk-lap> just comment it out in /etc/postfix/master.cf
<bananapie> gtg
<Xanthippus> Okay
<uvirtbot`> New bug: #1076811 in cloud-init "Cloud-init modules do not reflect loaded config" [High,Fix committed] https://launchpad.net/bugs/1076811
<Xanthippus> patdk-lap: is it this line? smtps         inet           smtpd
<Xanthippus> I don't know which line it is...
<hallyn> zul: was out all day...  no objections to libvirt 1.0.0 upload.  as i say the qrt needs an update (sigh, may need python xml parser at this point) but all tests passed in spirit
<patdk-lap> that and any line that starts with a space under it
<Xanthippus> starts with a space under it?
<patdk-lap> #smtps     inet  n       -       -       -       -       smtpd
<patdk-lap> #  -o smtpd_tls_wrappermode=yes
<patdk-lap> #  -o smtpd_sasl_auth_enable=yes
<patdk-lap> #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
<patdk-lap> #  -o milter_macro_daemon_name=ORIGINATING
<Xanthippus> Ah
<Xanthippus> k did it
<Xanthippus> How do I reload settings?
<patdk-lap> service postfix restart
<Xanthippus> k
<uvirtbot`> New bug: #1076825 in nova (main) "Can't configure nova to use MySQL as backend" [Undecided,New] https://launchpad.net/bugs/1076825
<Xanthippus> patdk-lap: I restarted it, and it gave me a bunch of unused parameters
<Xanthippus> If a hacker wanted to hack your local machine via a port, would he be unsuccessful if the router blocked that port from the outside?
<beeg98> if he was attacking from the outside.
<beeg98> if he somehow already got in (either an employee that is already in or via some other hacked service) then the router no longer protects you.
<Xanthippus> Then it is up to the local firewall, correct?
<patdk-lap> the router doesn't protect anything you go out and get too
<patdk-lap> like you viewing websites or other things
<sarnold> .. and browsers make it easier to fire up network connections than one may like..
<Xanthippus> Ah
<Xanthippus> But, if, say, a hacker from the outside tried to hack my server via a port
<Xanthippus> It would <supposedly> be blocked by the router right?
<patdk-lap> router? no, firewall, sure
<Xanthippus> Oh okay
<NomadJim> with ubuntu server releases like Precise and Quantal are packages locked? Like the vim on Precise is never going to get an upgrade and you'd need to go to Quantal for that unless you backport
<NomadJim> besides security updates
<patdk-lap> yes, except if you use backports
<sarnold> NomadJim: there's an 'SRU' process to get updates outside of security fixes distributed to existing distributions
<ScottK> But that's for bug fixes.
<Xanthippus> How would I set up my mail account on my server with Mail on OS X?
<Xanthippus> What do I input for Incoming Server?
<NomadJim> ok cool thanks
<sarnold> Xanthippus: 'incoming server' sounds like it might be asking for your imap4 server details
<Xanthippus> I'm sorry, what would that be :-/
<Xanthippus> It'd prob be a default value since I most likely didn't config it yet
<Xanthippus> I have Dovecot, PostFix, and SquirrelMail on my server, if that helps
<sarnold> have you set up dovecot or cyrus or imap4d or something similar yet?
<Xanthippus> I have Dovecot
<patdk-lap> now ask if he has *configured* it :)
<sarnold> haha :)
<Xanthippus> Sorry!
<patdk-lap> a very basic mail server can take a few hours to configure
<patdk-lap> though, I normally spend a few days
<patdk-lap> mailserver have lots of moving parts and stuff to make sure you protect against to limit abuse, spam, backscatter
<Xanthippus> Abuse like...
<patdk-lap> compromised passwords, open-relay, ...
<NomadJim> is there a tool to check your mailserver for problems
<NomadJim> that you like to use
<patdk-lap> generally if you want others to accept your email, reverse-dns setup, dkim, spf, dmarc, ...
<ScottK> dmarc is sufficiently new I wouldn't put it on that list.
<patdk-lap> NomadJim, the wild? and check your logs?
<NomadJim> i need to get more intimate with my logs
<patdk-lap> scottk, just setting up the dmarc dns entry so you get reports back is very useful
<Xanthippus> reverse dns is... reversing a name i.e. google.com and getting its IP?
<sarnold> NomadJim: last time I had to run a mail server myself, I found this _very_ useful: telnet relay-test.mail-abuse.org
<NomadJim> sarnold:  nice thanks
<sarnold> Xanthippus: other way around, taking 4.2.2.1 and turning it into a human-friendly FQDN
<Xanthippus> aka DDNS, which I have
<sarnold> NomadJim: if you don't have telnet installed you can probably use nc as well...
<sarnold> Xanthippus: no, that's altogether different :)
<Xanthippus> Um what
<sarnold> Xanthippus: ddns is a way to update a dns server with a new hostname / ip binding -- many ddns providers aren't authoritative for the zones in question, so they can't provide reverse dns
<ScottK> patdk-lap: I agree.  I have set it up myself.  I even wrote a tool to make it ~easy to figure out - http://www.kitterman.com/dmarc/assistant.html - but that's really not a newbie kind of thing.
<NomadJim> reverse dns and dns always confuse the hell out of me
<Xanthippus> IKR
<NomadJim> always appreciate a refresher
<patdk-lap> well, nothing about email is noobie friendly though
<sarnold> Xanthippus: for fun, run "host <your hostname>" -- pretend it gives you back the ip address 10.12.14.16. Then run "host 10.12.14.16" and see what the _reverse_ lookup shows...
<patdk-lap> I was looking at http://www.unlocktheinbox.com/ when I setup mine
<patdk-lap> receiving email is simple
<patdk-lap> sending email is not simple, cause your assumed to be a spam source, till you can pass as many technical issues as the receive wants to put on you
<Xanthippus> If it's simple as you describe, patdk-lap , then that's now my first order of business
<patdk-lap> receiving is as easy as setting an mx entry, and listening on port 25 :)
<Xanthippus> Because right now, all my logging services etc are configed to send email to me@myddns.com
<sarnold> patdk-lap: .. though receiving is often made difficult to try to raise the technological hurdle of people sending mail; you know, assume they're spammers first :D
<patdk-lap> sarnold, well I said receiving was easy, not keeping out spam :)
<sarnold> patdk-lap: yes :)
<Xanthippus> To recieve mail from outside, I need to open port 25 in router, correct?
<patdk-lap> firewall
<Xanthippus> Just firewall on server?
<patdk-lap> routers do ip addresses, not ports
<Xanthippus> No, like port forwarding on router
<sarnold> .. except in the case of NAT-routers..
<sarnold> exactly
<patdk-lap> Xanthippus, then your probably have port 25 blocked by your isp
<Xanthippus> Why would you think that, patdk-lap ?
<patdk-lap> well, nat routers is a firewall, nat is a firewall service :)
<sarnold> many ISPs will unblock if you ask politely. some will remind you that your AUP says "run no servers". hehe. :)
<patdk-lap> ya, normally the isp will require you pay for static ip for that
<patdk-lap> and normally do't run nat-routers on them
<Xanthippus> My router's running DD-WRT, and it has NAT/QoS section, so I would assume my router is "NAT router"...
<patdk-lap> you can always give it a shot
<Xanthippus> Wait, if opening ports on the router isn't necessary, I can close 22 aka ssh?
<Xanthippus> Because I have confirmed that I can SSH to server via this port
<sarnold> keep it forwarding :)
<Xanthippus> k
<sarnold> though consider moving to another port to (slightly) cut back on automated probing
<sarnold> and consider disabling password access, if you haven't already
<Xanthippus> Automated probing by who
<sarnold> worms
<patdk-lap> the evil one
<Xanthippus> Password access = enter password to access shell?
<Xanthippus> lol patdk-lap
<sarnold> Xanthippus: yes. ssh keys are more secure by a factor of millions. :)
<Xanthippus> Okay, how do I know if it's not using both, if that's even possible
<Xanthippus> Because when I SSHed from my Mac for the first time, it asked if I wanted to remember an RSA key or something
<sarnold> Xanthippus: look for "PasswordAuthentication no" in your /etc/ssh/sshd_config file
<sarnold> Xanthippus: that would be the server's key, so you could tell if it is being impersonated in the future
<Xanthippus> If it's #PasswordAuthentification yes then remove # and put no?
<sarnold> yes. make sure you can log in with a key first :)
<beeg98> after you test your key, and change that option, restart the ssh service.
<Xanthippus> The key locations are in the config file itself right?
<NomadJim> the EOL dates listed are when there are no more security patches right? https://wiki.ubuntu.com/Releases
<sarnold> Xanthippus: yes, in AuthorizedKeysFile, though most people don't need to touch it. it just looks into ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2 by default.
<NomadJim> so if I wanted the longest possible security support Precise is the release for me
<sarnold> NomadJim: correct on both.
<sarnold> NomadJim: do note that some aspects of the distribution are supported for less than five years: https://wiki.ubuntu.com/PrecisePangolin/ReleaseManifest
<Xanthippus> Is there a private/public key?
<Xanthippus> Which do I use?
<Xanthippus> And in terminal, how do I incorporate certs?
<sarnold> Xanthippus: on the client, the private lives in ~/.ssh/id_rsa, public lives in ~/.ssh/id_rsa.pub -- and on the server, the public lives in ~/.ssh/authorized_keys.
<sarnold> Xanthippus: ssh-copy-id is handy to automate logging in and copy-pasting the public portion onto the authorized_keys file
<escott> Xanthippus, every ssh server has an RSA key that identifies that computer (to protect against MITM attacks if you connect a second time and the key changes) that was the key you were being asked to remember or not
<escott> NomadJim, no more anything dates and 12.04 is the most recent LTS
<Xanthippus> Hi guys, I'm back
<Xanthippus> How would I login to SSH with an authentication key on OS X?
<escott> Xanthippus, same way as anywhere else. ssh-keygen; ssh-copyid user@remote; ssh user@remote;
<escott> Xanthippus, you do have to configure the ssh server to be running on OSX and verify it accepts auth-key logins
<Xanthippus> My server is on Ubuntu, and I want to connect to it from OS X
<holstein> !ssh
<ubottu> SSH is the Secure SHell protocol, see: https://help.ubuntu.com/community/SSH for client usage. PuTTY is an SSH client for Windows; see: http://www.chiark.greenend.org.uk/~sgtatham/putty/ for it's homepage. See also !scp (Secure CoPy) and !sshd (Secure SHell Daemon)
<Xanthippus> brb
<stiv2k> hello
<stiv2k> today i woke up to find my server with a flashing caps lock key
<stiv2k> i.e., kernel panic
<stiv2k> what can i look at to see what may have gone wrong?
<holstein> stiv2k: auto upgrade? hardware broken?
<stiv2k> holstein i beg your pardon?
<holstein> stiv2k: im suggesting you look at an auto upgrade that might have broken something.. unless you dont do auto upgrades, then you can ignore that.. or maybe a bad component. motherboard failure.. etc
<stiv2k> holstein, oh, i think its setup to only automatically do security updates
<stiv2k> and... the hardware shold be fine afaik... i was asking more along the lines of what log file might be able to tell me what happeneds
<stiv2k> it stayed online for like two weeks no problems until this morning
<holstein> stiv2k: i would just poke around in the logs... depends on the issue. it might have locked before it could log.. the machine is back up?
<stiv2k> yes it is after i did a hard restart
<stiv2k> my irc client is actually running on it
<stiv2k> so me being here talking to you means its working :P
<holstein> i would probably just remove the install from the equation.. run a live CD on the hardware with the hard drive out
<holstein> stiv2k: i dont know that you are using it for IRC
<stiv2k> i know that's why i mentioned it :)
<Xanthippus> Back
<Xanthippus> How do I use the ssh-copy-id?
<Xanthippus> Do I run it from the server or from the computer I'm trying to connect it to?
<holstein> https://help.ubuntu.com/community/SSH/OpenSSH/Keys is what i used
<tsimpson> from the computer you want to send the key from
<holstein> if you are just wanting to connect locally to another box on the lan, you can just use the password
<Xanthippus> No, I plan to SSH from outside
<escott> holstein, i think you are confusing telnet with ssh. there is no security risk to doing password across an unsecured network, its just inconvenient
<Xanthippus> Okay, I did the ssh-copy-id command from my Ubuntu server, and inputted "me@mymac" as the parameter
<escott> Xanthippus, its from the client to the server
<Xanthippus> AH
<escott> Xanthippus, on client you run ssh-copy-id user@server
<Xanthippus> So can I just delete authorized_keys on the server and do on the client?
<escott> the auth_keys file resides on the server. the server checks that to compare to the credentials presented by the client
<escott> you have enabled the ubuntu system to ssh into the mac
<Xanthippus> AH
<holstein> i didnt mean to imply you could or should do the password.. just that it might be easier to configure rather than configuring a key
<escott> (without the password)
<Xanthippus> Using the key I generated on the Ubuntu machine?
<holstein> the key is the way to go though... if you dont mind setting it up
<escott> Xanthippus, yes
<Xanthippus> Ah
<Xanthippus> Why can't anyone just "ssh-copy-id"?
<Xanthippus> Isn't that more insecure?
<Xanthippus> Than a passowrd?
<escott> Xanthippus, auth keys are more secure
<escott> copy-id requires a password to do the initial setup
<escott> thereafter you could disable password access
<escott> and you would be more secure
<escott> it might help to take a step back and talk about public vs private keys
<Xanthippus> Okay, it appears that Mac doesn't have ssh-copy-id
<Xanthippus> But I found this, which one do I use? http://www.commandlinefu.com/commands/view/188/copy-your-ssh-public-key-to-a-server-from-a-machine-that-doesnt-have-ssh-copy-id
<escott> when you ssh-keygen you create id_rsa and id_rsa.pub
<escott> you copy id_rsa.pub to the server and put it in the servers auth_keys file
<Xanthippus> So do ssh-keygen from client?!
<escott> you can do that with  ssh-keygen on the client and then "scp ~/.ssh/id_rsa.pub user@server:~/.ssh/id_rsa.pub.client"
<Xanthippus> So do I delete the keys that I created on my server? :-/
<escott> Xanthippus, no need to
<escott> unless you want to
<Xanthippus> I did that ssh keygen on my server, but that's obviously wrong right?
<escott> presumably you trust both systems equally so you might be just as happy going from ubuntu->mac as from mac->ubuntu
<Xanthippus> I don't do ubuntu --> mac
<Xanthippus> Only for ftp
<escott> you may not in practice do it, but in theory would you disallow it?
<Xanthippus> ...no
<escott> then don't worry about it... if you were to be concerned that the ubuntu server was untrustworthy you would delete the line in the macs auth_keys file
<Xanthippus> Or just delete the whole file altogether because there's only 1 key
<escott> sure
<escott> the auth_keys file is a list of identities to accept and allow access
<Xanthippus> Okay, so down to business: Where do I run the ssh-keygen? Mac or Ubuntu? Ubuntu is the server
<Xanthippus> I know
<escott> you run ssh-keygen on the client. that defines an identity for the client
<escott> you copy the id_rsa.pub from the client to the server (via scp or sneakerNet)
<Xanthippus> Okay
<escott> and add the id_rsa.pub (its a single line) to the authorized_keys file on the server
<escott> you can further modify that line in authorized_keys to further restrict the conditions under which that key is accepted (ie accept only from certain ip addresses, or restrict the programs that can be run, etc)
<Xanthippus> Oh okay, there we go. I generated key on Mac
<escott> Xanthippus, so now you need to copy it to the server. "scp ~/.ssh/id_rsa.pub user@ubuntu:~/id_rsa.pub.mac"
<Xanthippus> I can add the .mac extension?
<escott> then you can "ssh user@ubuntu" and you will see id_rsa.pub.mac in $HOME
<escott> Xanthippus, sure extensions are meaningless
<Xanthippus> Oh...
<Xanthippus> How about this: scp ~/.ssh/id_rsa.pub user@machine:.ssh/authorized_keys
<escott> and you dont want to confuse id_rsa.pub from the mac with the id_rsa that exists on the server
<escott> thats ok ONLY IF authorized_keys is empty
<escott> otherwise you blew away your configuration
<Xanthippus> There is no authorized_keys
<escott> then you can do that.
<Xanthippus> Awesome
<escott> finally you have to correct permissions of the file on the server
<escott> so "ssh user@ubuntu" followed by "chmod 600 ~/.ssh/authorized_keys"
<escott> and "cat ~/.ssh/authorized_keys" to double check it is what you want it to be
<Xanthippus> It's complained that authorized_keys doesn't exist
<Xanthippus> Does it need to be a folder?
<escott> what is the exact command you wrote?
<Xanthippus> scp ~/.ssh/id_rsa.pub user@machine:~/.ssh/authorized_keys
<escott> that should be ok.
<Xanthippus> Well here's what came of it: scp: /home/user_of_ubuntu_server/.ssh/authorized_keys: No such file or directory
<Xanthippus> OH my mistake
<Xanthippus> Deleted the entire ~/.ssh directory, sorry
<Xanthippus> Okay, I coped it. Now what?
<escott> Xanthippus, now ssh user@machine
<escott> you have to fix up two sets of permissions
<Xanthippus> ?
<escott> chmod 700 ~/.ssh; chmod 600 ~/.ssh/authorized_keys;
<Xanthippus> Oh okay
<escott> then "ls -l ~/.ssh" and verify that . has rwx------ and that authorized_keys has rw-------
<Xanthippus> Both have rw
<Xanthippus> Do I need to run chmod as root
<Xanthippus> ?
<escott> Xanthippus, the directory "." needs rwx
<escott> no you own the files you can chmod them
<Xanthippus> Oh
<escott> and it would be "ls -al ~/.ssh" forgot the a
<Xanthippus> . is drwx
<Xanthippus> so is ..
<escott> yes but after the drwx it should be all -'s for "." and after the rw all -'s for auth_keys
<escott> for ".." its going to be something like rwx-r-xr-x depending upon configuration
<escott> but we don't care about ".."
<escott> ".." is ~ we are trying to secure ~/.ssh which is "."
<Xanthippus> Oh
<Xanthippus> Well there are no 's
<Xanthippus> Just dashes
<escott> thats what we want
<escott> drwx------ and -rw-------
<Xanthippus> Oh okay
<Xanthippus> Well then in that case it's all good
<escott> Xanthippus, so now you can test it
<Xanthippus> logout then login?
<escott> "exit" from the ssh session, and try ssh user@machine again
<escott> it should just let you in
<Xanthippus> If I have pwd authentification, I have to enter that?
<Xanthippus> Because it's still asking me for it
<escott> did you put a password on the key you generated with ssh-keygen
<escott> because if you did it would ask you for that password, because it needs that to unlock the id_rsa file
<escott> and then you are usually ok for the rest of your desktop session on the client
<Xanthippus> Yes I did put a passphrase
<Xanthippus> Should I try again?
<Xanthippus> It's asking for the user password, not the passphrase in the key
<Xanthippus> Should I disable that?
<escott> there shouldn't be anything to disable
<escott> ssh -v user@machine and look for the line(s): debug1: Authentications that can continue: publickey,password and debug1: Next authentication method: publickey
<escott> is it listing publickey at all
<Xanthippus> Yes
<Xanthippus> It actually uses it as first method, idk what goes wrong
<escott> Xanthippus, does it ever list publickey?
<Xanthippus> Um, id_rsa and id_dsa?
<Xanthippus> It tried both, and apparently failed, because it fell back to password
<escott> no in the line Authentications that can continue, in the first occurence of that line. does it list publickey
<Xanthippus> Yes, publickey, password
<escott> so it tried publickey and failed
<escott> ok
<Xanthippus> idk why, I recreated the .ssh directory, there should be anything conflicting there
<escott> Xanthippus, is it finding the correct id_rsa and id_rsa.pub above that
<Xanthippus> Found key that matches known_hosts...
<escott> not that one further up
<escott> the 6th or 7th line from the top
<escott> maybe closer to 10th
<Xanthippus> identity file ~/.ssh/id_dsa typr -1
<Xanthippus> type*
<Xanthippus> The line above that is rsa
<escott> thats the dsa... presumably you had an rsa
<Xanthippus> No there is dsa and rsa
<escott> but those are the correct locations of those files on the mac
<escott> or would be the correct location
<escott> and further down just after the first instance of Authentications that can continue it should say:
<escott> debug1: Offering RSA public key: /something/.ssh/id_rsa
<Xanthippus> Yes, it does offer it
<escott> Xanthippus, then the problem is likely permissions on the server
<Xanthippus> Then it loops back to "Authentications that can continue"
<escott> Xanthippus, so ssh user@machine again
<Xanthippus> verbose?
<escott> no
<escott> we actually want to login
<Xanthippus> k I'm logged in
<escott> (a) cat ~/.ssh/authorized_keys and make sure its contents match the id_rsa.pub on the mac
<escott> (b) ls -al ~/.ssh and maybe paste that to us
<Xanthippus> I included the a in parentheses?
<escott> no
<escott> (a) and (b) are two things to do
<Xanthippus> Okay it spit a bunch of random characters lol
<escott> yes. but are those the same random characters as in id_rsa.pub on the mac
<Xanthippus> How do I make sure they match?
<escott> you just have to check the first few
<Xanthippus> Oh okay
<escott> it should begin ssh-rsa AAAA
<escott> it should begin "ssh-rsa AAAA"
<escott> and the characters after the AAAA are the important ones
<Xanthippus> Yeah I noticted
<Xanthippus> They both start w/ it
<Xanthippus> Yeah, went through half way through the first line, and it looks the same
<escott> so what are the permissions of ~/.ssh
<Xanthippus> On which machine?
<escott> ls -al ~/.ssh
<escott> on the server
<Xanthippus> drwx
<Xanthippus> authorized_keys = -rw
<escott> can you just paste the output of ls -al ~/.ssh
<Xanthippus> I found something in sshd_config I think: # Don't read the user's ~/.rhosts and ~/.shosts files
<Xanthippus> IgnoreRhosts yes
<escott> no thats different
<Xanthippus> But it also says: # For this to work you will also need host keys in /etc/ssh_known_hosts
<Xanthippus> And the line under it is: RhostsRSAAuthentication no
<escott> Rhosts is about peering hosts... it utilizes auth_keys but its not relevant
<Xanthippus> Oh okay
<Xanthippus> Could the "AllowUsers" string I added be the problem?
<escott> where did you add this?
<Xanthippus> Very bottom
<escott> very bottom of what
<Xanthippus> Thought it'd make it... more secure?
<Xanthippus> sshd_config
<escott> i dont know what that does. i would guess its unrelated because you can ssh with password
<escott> but i dont know
<Xanthippus> It only allows certain user on the server I guess) to login.
<Xanthippus> (on the server I guess)*
<Xanthippus> So I guess if some guy/gal tried to brute force w/ some random username and maybe blank password, they couldn't
<escott> Xanthippus, if you look at /etc/shadow you will see that the only user who has a password on your system is the one you are currently logged into. so there is no way to brute force anything
<escott> i need to sleep
<escott> its probably incorrect permissions in ~/.ssh
<escott> but you havent sent them to me so i cant say
<Sander^work> Will it work to take a backup of / with eg. rdiff-backup, and use it to restore back an upgrade in case it fails?
<vezq> basically yes, but I would create a disk image too if possible
<Sander^work> vezq, Will a disk image with dd be inconsistent?
<vezq> dd works okay but takes also unused space, clonezilla is option take image
<uvirtbot`> New bug: #1076898 in mysql-5.5 (main) "failed to install lamp-server through tasksel in a fresh install of ubuntu 12.10 - package mysql-server-core-5.5 (not installed) failed to install/upgrade: cannot copy extracted data for './usr/bin/my_print_defaults' to '/usr/bin/my_print_defaults.dpkg-new': unexpected end of file or stream" [Undecided,Invalid] https://launchpad.net/bugs/1076898
<AlphaWolf> I've got 2 partitions I'm trying to format and mount. I've put more information (fdisk -lu and more specific information) on Ubuntu Pastebin if anyone can help. I've tried GParted but it just sees the disk and no partitions. http://paste.ubuntu.com/1332125/
<patdk-wk> fdisk /dev/sda, d 2, d 3, n p 2 enter enter
<AlphaWolf> Thank you, patdk-wk! I've verified the new table and saving it/rebooting :)
<eagles0513875__> hey guys I am trying to setup samba to be accessible not only to windows machines in the work group but mac machines as well. how do i go about doing that i am following 2 how to's at the moment and im a bit stuck
<eagles0513875__> the how to's are https://help.ubuntu.com/12.04/serverguide/samba-fileserver.html and https://help.ubuntu.com/12.04/serverguide/samba-fileprint-security.html any one have any ideas of what I am doing wrong?
<uvirtbot`> New bug: #1077003 in ntp (main) "ntp ignores config option "interface ignore all"" [Undecided,New] https://launchpad.net/bugs/1077003
<uvirtbot`> New bug: #1077020 in cloud-init (main) "cloud-init ca-certs leaves a blank line in /etc/ca-certificates.conf" [Undecided,New] https://launchpad.net/bugs/1077020
<drag0nius> would it be hard to set up backup WAN for ubuntu server?
<drag0nius> like if primary goes down it instantly switches to backup
<drag0nius> and then switch to primary when i tell it to
<sarnold> drag0nius: if you just want to protect against dead nic / switch then something like this may work: http://ubuntuforums.org/showthread.php?t=785471
<drag0nius> basically i've access to 2 networks
<drag0nius> one quicker & faster
<sarnold> drag0nius: as I understand it, if you want to failover to different routes entirely, something like bgp or ospf may be needed -- but that's a bit outside of my experience.
<drag0nius> and another one perfectly stable
<drag0nius> but less responsive and slower
<Free99> hey everyone... having a strange issue with a 12.04.1 x64 server: I add rules to UFW allowing SSH access, but nobody can access. Seems like iptables is ignoring the UFW chains, but I'm not sure
<holstein> Free99: can you connect locally? maybe its just the router firewall?
<Free99> I can connect locally, and nope, no firewall between us
<Free99> holstein: this server's been in production for at least a month, and until now had no issues or changes
<holstein> Free99: if you can connect to it inside your network from another box, that makes me thinnk its not the local firewall on the box that is the issue
<ewindisch> how do I report bugs against cloudarchive? Apport hates it.
<Free99> holstein: I thought you meant connecting via localhost when you said locally
<Free99> but no, outside the machine I cannot connect
<holstein> Free99: yup.. i should have clarified... i would try bringing the firewall down if that is safe to test that way temporarily
<holstein> Free99: i am using ufw to set rules without any issues... but who knows
<Free99> I tried that too, ufw disable then enable, even service ufw restart
<holstein> Free99: can you connect with the firewall is down?
<Free99> holstein: tcpdump says I'm receiving the request packets for port 22 but somehow, despite netstat showing ssh (which I've also restarted) as listening on 22, the packets don't get through to SSH
<Free99> *sshd
<holstein> Free99: and you can connect localhost...
<thesheff17> Free99: did you change ENABLED=yes in /etc/ufw/ufw.conf?
<Free99> holstein: can connect localhost, but not outside whether firewall open or closed. I didn't change the /etc/ufw/ufw.conf
<Free99> should I try reinstalling UFW or SSH?
<holstein> i dont think that will hurt anything Free99 .. and maybe someone has a better idea while you are doing that
<Free99> holstein: the rules for port 22 show up in the list when I do "ufw show raw" but...
<holstein> Free99: well, if its disabled, its disabled. makes me think its not a firewall issue
<holstein> take it out of the equation and go from there
<Free99> I'd normally try to figure this out so as to file a bug report or whatever, but this is kind of... well, I need this fixed pronto
<holstein> Free99: sure, but we dont know that this is a bug yet.. could be misconfiguration
<holstein> Free99: i would take ufw out of the equation.. disable the firewall.. check that its down, and troubleshoot ssh seperate
<Free99> thing is, UFW may be down but iptables is still up, yes?
<holstein> Free99: i usually pull the firewall down. to remove it from the euquation.. you dont have to do this, but you can do that however you choose
<batzi> hi
<batzi> i trying to improve the usage of my ubuntuz 10.04 usage - so there is an question regarding the usage of remote x session on osx ? is this a wise way to go or should i use some remote desktop app?
<xnox> how/where are the cloud images generated? I'd like to experiment and request for a few settings changes by default.
<Xanthippus> Hi everyone
<Xanthippus> I'm having trouble with RSA key authorization on my server
<Xanthippus> I am currently using the same keys on another server, and they work just fine. How come this one isn't working?
<Xanthippus> I am forced to keep PasswordAuthentification on because I can't SSH with the key method
<MoleMan> How can I give a user access to control a single service? (I have an account that is used to manage web hosts and I want it to be able to reload/restart apache)
<Seveas> Xanthippus, usually /var/log/auth.log on the server will provide you with clues. Common problems are file permissions on the ~/.ssh/authorized_keys file or public key authentication not being enabled
<Seveas> MoleMan, sudo is your friend. You can limit his sudo access to only restart apache
<Xanthippus> I checked my sshd_config already, and compared it w/ the sshd_config of the working server
 * genii-around gets some highlight about "coffee" and investigates
<MoleMan> Seveas: can that be controlled within the sudoers file then?
<Xanthippus> Add him to the group sudo...?
<Seveas> MoleMan, something like this line: his_login your_hostname=(root) /etc/init.d/apache2
<genii-around> Xanthippus: That would be too far-reaching for only allowing start-stop of apache
<Xanthippus> Oh :-/
<Seveas> MoleMan, the sudoers file allows fine grained access control. At work we have a sudoers file that's over 100 lines long :)
<Xanthippus> What would I be looking for in auth.log if there's an error w/ the keys?
<Seveas> Xanthippus, grep sshd /var/log/auth.log. I think it says failed publick key authentication
<Xanthippus> I think I found an error...
<Xanthippus> Error attempting to parse .ecryptfsrc file; rc = [-13]
<Seveas> oh yeah, if your homedir is encrypted, you password will be needed to decrypt it
<Seveas> so either don't encrypt your homedir on that server or live with passwords :)
<Xanthippus> AH
<Xanthippus> Any way to remove that?
<sarnold> Xanthippus,Seveas: or use sshd_config option AuthorizedKeysFile to store authorized_keys files outside the encrypted homedir
<Xanthippus> Holy chiz I think somebody's trying to get in
<Seveas> sarnold, you'll still need access to your homedir don't you? :)
<sarnold> Seveas: not if you store them all in /etc/users/<username>/authorized_keys or something
<sarnold> Seveas: might be a bit ugly, but does let you use both
<Seveas> Xanthippus, I don't know the "official" way to undo homedir encryption. I'd rsync the decrypted to /var/tmp, log in as root, remove the encrypted one and move the unencrypted one from /var/tmp to /home
<Seveas> sarnold, but then you still need to type in your password to access your other files...
<Seveas> (such as .bashrc...)
<sarnold> Seveas: hrm. before or after the key?
<MoleMan> Seveas: is there any way I could allow access to any 'service apache2' command? would 'service apache2 *' work or something?
<Seveas> sarnold, the key can't unencrypt anything...
<Seveas> MoleMan, that should work
<sarnold> Seveas: indeed
<sarnold> Seveas: but my hope is that you can make a configuration that requires key for authentication then password to decrypt your data -- best of both.
<Seveas> sarnold, what's the use of that?
<Seveas> (I would in this case use ldap and store the keys in there)
<Xanthippus> I think it'd be more efficient to move the authorized_keys
<sarnold> Seveas: it'd keep ssh-robots from eventually guessing password and logging in..
<Seveas> hmm, fair enough
<Seveas> I use iptables for private servers or fail2ban for more public servers to chase robots away
<Seveas> (and only pubkey authentication, so their password attempts are futile anyway...)
<Xanthippus> I'm going through the logs, and I'm getting a lot of break in attempts from this IP...
<Xanthippus> ...all failed of course
<Seveas> Xanthippus, welcome to the internet :-)
<Xanthippus> Man now I'm really freaking out about those keys
<Seveas> !info fail2ban | Xanthippus
<ubottu> Xanthippus: fail2ban (source: fail2ban): ban hosts that cause multiple authentication errors. In component universe, is optional. Version 0.8.7.1-1 (quantal), package size 86 kB, installed size 434 kB
<Xanthippus> I have that on my server
<Xanthippus> I put jail profiles on ftp and something else, I forgot
<Xanthippus> I think the profile's enabled on ssh too
<Xanthippus> Wait, my ~/ directory is encrypted when it says something about cryptswap at boot?
<NotLarry> I have an ubuntu 11.04 that drops me to initramfs with an error "ALERT! /dev/mapper/servername-root does not exist." When I ls for it in /dev/mapper it shows it is a ln to ../dm-0  which does exist.  My google skillz are lacking.
<sarnold> NotLarry: no luck yet? :(
<genii-around> Sounds like initrd has no raid support
<sarnold> NotLarry: try symbolhound, it may do a better job than google on 'ln' and '../dm-0' and so forth
<NotLarry> This box has been running for about 4 months now.  I moved it to a new location and this is how it is coming up.
<sarnold> anything interesting in dmesg?
<genii-around> After a physical move like that I'd suspect of course a component. Like a ribbon came loose, etc
<sarnold> or a drive just stops spinning...
<genii-around> Yup
<jjcm> Hey all
<jjcm> I just set up a vps, and while I can ssh to it fine, I cant seem to ping it or get any connection on 80
<jjcm> Can someone help me troubleshoot?
<jjcm> There aren't any restrictions in iptables
<jjcm> apache's ports.conf register 80 just fine
<xnox> are there restrictions / firewall by your vps provider?
<xnox> e.g. on amazon, gandi, etc you need to open ports via their interface / api tools.
<jjcm> Unsure.
<jjcm> Lemme poke around
<jjcm> I can defininitely hit apache locally
<jjcm> so that's running at least
<jjcm> lemme check their web interface
<jjcm> Looks like that may have been it
<jjcm> Didnt' realize they used a whitelist for ports
<jjcm> xnox: many thanks, that worked.
<xnox> np, typical.....
<Xanthippus> Hi guys
#ubuntu-server 2012-11-10
<ekaj> I installed Ubuntu Server 12.04 on a Dell XPS 400, and I'm trying to connect to the internet... but when I do ifconfig, it just shows the loopback interface (no eth0) - I have an onboard ethernet port, and put ina card incase that port was bad, but neither work, and lspci shows both ethernet controllers... any idea what to do?
<ekaj> Brb..
<ekaj> Basically I am having this problem, but "sudo dhclient" isn't fixing it: http://askubuntu.com/questions/62908/no-internet-connection-ifconfig-shows-errors
<ekaj> Meh, found a fix
<ekaj> Okay...
<ekaj> I did 'sudo ifconfig eth0 up' to turn on the port, but now it only has an IPv6 address and no IPv4, so it still won't work =p
<vezq> try commenting out eth0 stuff from /etc/network/interfaces and reboot
<ironm> good morning. I have managed it to install a ubuntu-server 12.04.1 VM on raw disk device due to the following .xml config file: dev75.xml_INIT http://paste.debian.net/207998/
<ironm> I am able to boot from this raw disk device without kvm (after removing disk devices with kvm host) but I *can't* boot this images as VM (I use the following .xml config for the VM boot): dev75.xml_POST - http://paste.debian.net/208001/
<ironm> What do I miss in dev75.xml_POST to get this VM image booting frow raw disk device /dev/sdb ?
<ironm> thank you in advance for any hints.
<sim642> Can someone explain how I could get audio working on Ubuntu Server?
<ironm> sim642, does your server hardware support audio ?
<sim642> It's an old laptop, so yes
<ironm> sim642, have you tried to install the following alsa tools?
<ironm> ii  alsa-base                             1.0.25+2+nmu2                        all          ALSA driver configuration files
<ironm> ii  alsa-utils                            1.0.25-3                             amd64        Utilities for configuring and using ALSA
<ironm> sim642, server is usually a machine without GUI
<sim642> I have those alsa packages installed
<sim642> Technically that laptop is a server, because the screen is broken
<sim642> When i want to run alsamixer for example I get an error
<sim642> "cannot open mixer: No such file or directory"
<ironm> ironm@wheezy:~$ which alsamixer
<ironm> /usr/bin/alsamixer
<sim642> It's the same for me
<sim642> ironm, well "sudo alsamixer" works fine
<ironm> sim642, try to run this script (I wrote it for my wheezy debian live images ) .. they should work also for ubuntu 12.04
<ironm> init-alsa-audio.sh
<ironm> http://paste.debian.net/208009/
<ironm> ok
<ironm> s/they/it/
<sim642> I just discovered that if I run audio-requiring programs with sudo then they all work
<sim642> It'd be better if they worked without sudo too
<ironm> sim642, you are missing your user added in /tc/group ... like audio:x:29:ironm
<ironm> sim642, ironm@wheezy:~$ grep ironm /etc/group
<ironm> cdrom:x:24:ironm
<ironm> floppy:x:25:ironm
<ironm> audio:x:29:ironm
<ironm> dip:x:30:ironm
<ironm> video:x:44:ironm
<ironm> plugdev:x:46:ironm
<sim642> I'm kind of new to this stuff, what's the number on each line?
<TheLordOfTime> user id number i think
<ironm> you need to add only the username after :
<ironm> ":"
<sim642> After adding that, do I need to reload the groups or something?
<ironm> try it ;)
<sim642> still doesn't work
<ironm> sim642, reboot your system
<sim642> ironm, It works! Thanks for the help
<ironm> yaw :)
<ton1c>  
<uvirtbot`> New bug: #1068145 in puppet (main) "Fix for CVE-2012-3867 (puppet) is too restrictive - TLS certificates now break" [High,Triaged] https://launchpad.net/bugs/1068145
<duli> I'm trying to install ubuntu server 12.04 on a USB flash stick (8GB), but it stops on 31% (installing central packages). Any clues?
<ironm> duli, why don't you use the ubuntu live image ?
<ironm> duli, you can "dd" it to the usb stick and boot from it
<qman__> because he probably wants a persistent system
<uvirtbot`> New bug: #1077434 in apache2 (main) "Apache 2.2.14 Server Status no longer available" [Undecided,New] https://launchpad.net/bugs/1077434
<ironm> qman__, I can't remember if ubuntu live offers persistence live images
<ironm> it is at least possible with debian live images
<ironm> qman__, persistent system are not safe ... it is better to use non-persistent systems ...
<ironm> and in case one need some other stuff just to create new live images with this additional content
<qman__> what?
<qman__> of course persistent systems are safe
<qman__> what do you think installing is
<qman__> just because he's installing to a flash drive doesn't mean he wants a live system
<qman__> or even moving it to different hardware
<ironm> persistent systems are easy to manipulate
<anzenketh> I am trying to figure out how to disable the calendar php module. It looks like it is pre-compiled. Will I have to compile from scratch to get rid of it?
<ikonia> anzenketh: why do you want to disable it ?
<ikonia> anzenketh: is it causing a problem ?
<anzenketh> Free up memory.
<anzenketh> Don't need it.
<ikonia> do you know how much memory it's using
<ikonia> (that one module)
<ikonia> do you know it's actually a module ?
<anzenketh> It shows up on the php -m list.
<ikonia> I'm not trying to be funny about it, it just seems a random thing to suggest
<ikonia> recompiling the whole of PHP and breaking the package managers compatability for a core web component to disable a module you don't even known how much ram it's using
<anzenketh> It is not necessarily that it itself is using up too much memory. It is that apache is using too much memory due to it has over 40 modules
<anzenketh> Default
<anzenketh> Of php
<ikonia> anzenketh: I'd suggest looking at where apache is eating the ram
<ikonia> disable any un-needed modules within apache
<anzenketh> I know where. It has 40 php modules. running.
<ikonia> anzenketh: how do you know that's eating the ram ?
<anzenketh> Experance.
<ikonia> anzenketh: how do you know it's those modules
<duli> ironm: i'd like to use ubuntu on the flash drive as a server solely for manage virtual machines. The real storage will be built on 3 HDs using ZFS
<anzenketh> From experance the more php modules you have enabled the more memory it eats up.
<ikonia> anzenketh: that's not an acceptable proof
<ikonia> for all you know those 40 modules could be using 1K between them
<duli> I guess dd the installed system will be the solution
<anzenketh> Also considering that there is no website running.
<anzenketh> This is a default installation.
<ikonia> that has nothing to do with it
<anzenketh> # php -m |wc -l
<anzenketh> 24
<anzenketh> root     32207  0.0  4.2 47972 33276 ?       Ss   Oct15   1:46 /usr/sbin/httpd
<anzenketh> # php -m |wc -l
<anzenketh> 49
<anzenketh> root      4268  0.0  0.5 111388 11120 ?        Ss   12:35   0:00 /usr/sbin/apache2 -k start
<anzenketh> Just forget it no-one knows.
<anzenketh> It is stupid that ubuntu does not allow you to remove modules without re-compiling php
<TheLordOfTime> or you are impatient
<TheLordOfTime> or you can find someone who knows the packaging to create you a forked version
<TheLordOfTime> its not stupid because if you really care enough to nit-pick modules you'll do it yourself
<TheLordOfTime> you'll notice centos has the same issue with preconfigured compiled php5 with modules
<anzenketh> I know packaging. I was hopeing there was some way to use dpkg--reconfigure to configure what modules to get installed.
<TheLordOfTime> want to know something?
<ikonia> you're still not showing me any reason why you think this is eating ram
<ikonia> you've just done a count on the php modules
<TheLordOfTime> dpkg-reconfigure only allows you to change its config-time stuff, not compile time.
<TheLordOfTime> and ikonia's right there's no ervidence here of it eating up memory
<ikonia> we know the number, you've said the number, why do you thin it's eating ram, how much is it eating
<anzenketh> I came here to ask a simple question. Is there a way to remove the php modules without re-configuring php
<anzenketh> I think I have my answer it is no.
<ikonia> I don't think you have your answer
<TheLordOfTime> we're trying to figure out whether your issue is actually php
<TheLordOfTime> or something else
<TheLordOfTime> if it is PHP, well fine, we'll help you rebuild it.
<TheLordOfTime> if it isn't, we can help narrow down the cause
<ikonia> I think you're just flying blind and can't backup anything so dodging the question when people are actually trying to help you
<TheLordOfTime> i agree with ikonia
<anzenketh> The top memory hog on my server is java
<anzenketh> I already know that.
<ikonia> anzenketh: ok, java is not apache
<TheLordOfTime> then don't use Java?
<TheLordOfTime> </obvious>
<ikonia> anzenketh: but if you think you apache module is big, lets look at that
<anzenketh> Can't it is required for a application on the server.
<ikonia> anzenketh: how big is your apache process ?
<TheLordOfTime> that was a joke, i was being intentionally asinine :p
 * TheLordOfTime points at ikonia's questions, and says "You should answer them"
<anzenketh> www-data  4391  0.0  0.3 111412  6484 ?        S    12:35   0:00 /usr/sbin/apache2 -k start
<ikonia> come on
<anzenketh> root      4268  0.0  0.5 111388 11120 ?        Ss   12:35   0:00 /usr/sbin/apache2 -k start
<anzenketh> Is the root.
<ikonia> I want more than that
<ikonia> the root is just the one that spawns the children
<anzenketh> Yes I know.
<TheLordOfTime> ikonia's looking for cild processes too
<TheLordOfTime> child*
<anzenketh> www-data 4391 0.0 0.3 111412 6484 ? S 12:35 0:00 /usr/sbin/apache2 -k start is the child
<ikonia> anzenketh: you seem to think you know what you are doing, so I'll leave you to it
 * TheLordOfTime walks off to deal with a misbehaving nginx server
<ikonia> i'm not going to "beg" to help you or pull info out of you
<shauno> it is valid to not that assumptions aren't evidence.  they're a start, not an endpoint
<anzenketh> I apologize if I came off hostile. Do I know the specifics of ubuntu no. When disable extentions on the servers I am used too it is eaither recompile on cpanel servers or edit a extentions.ini file.
<anzenketh> I know I am shaving off a small point percential
<anzenketh> I came here with a question. I am trying to figure out how to disable the calendar php module. It looks like it is pre-compiled. Will I have to compile from scratch to get rid of it?
<ikonia> anzenketh: I think you are making a bad call
<ikonia> recopmiling something has big significance, and if you have nothing to suggest it's a problem, you are making a bad call
<anzenketh> I won't recompile if it requires it.
<ikonia> disabling things you have no evidence are a problem, is a bad idea
<TheLordOfTime> anzenketh, ikonia's right, you know.
<ikonia> it's up to you what you do, as I said, I'm not going to pull info out of you, you feel you know the problem without any reason, so I can't help you why you are just going to fly blind and not approach it logcially
<ikonia> I won't comment on it again, good luck
<anzenketh> Yes I am aware that ikonia is right. recompiling has big significance. Not only is it a lot of work it breaks things and it hard to undo.
<anzenketh> Which is why I won't do it if it requires it.
<TheLordOfTime> which is why we suggest you find evidence PHP modules are the problem.
<TheLordOfTime> there's methods to reduce PHP's memory usage without messing with what modules it loads
<anzenketh> I am not calling it being a problem. It is a performance tweak. A vary small one but when you back is up against the wall what are you going to do.
<TheLordOfTime> heck, we run into that a lot with NGINX, its why one of our people (nginx's people) wrote a guide for configuring php correctly to use low-memory or low resources
<TheLordOfTime> (granted, php5-fpm, but...)
<TheLordOfTime> argh, lag...
<uvirtbot`> New bug: #1008385 in apache2-mpm-itk (main) "apache-mpm-itk writes wrong process name in /proc/$$/status" [Undecided,Confirmed] https://launchpad.net/bugs/1008385
<TheLordOfTime> i'm going to agree with ikonia, if you're going to plunge blindly into saying "I think the loaded modules are at fault" without even doing research or *testing* things that're online for streamlining its mem usage (PHP), i'm going to walk off as we
<TheLordOfTime> ll
<TheLordOfTime> and to answer your question about what to do when you're up against the wall:
<TheLordOfTime> "Ask for help finding out what is at fault with eating up the memory.  Not blindly assuming something the software loads automatically is the problem."
 * TheLordOfTime walks off to find coffee
<anzenketh> Thank you for your assistance. I am getting the impression that it is not possible to disable the default PHP modules without re-compiling. So due to the problems with re-compiling and time time required to repackage it I am just not going to worry bout it.
<anzenketh> I will continue to research the real problem. Java.
<asdadasdas> hi, how can i enable root acces to SFTP with Openssh
<TheLordOfTime> you shouldnt.
<asdadasdas> hi, how can i enable root acces to SFTP with Openssh
<guntbert> asdadasdas: simply said: don't - what is your real goal?
<uvirtbot`> New bug: #1077483 in autofs5 (main) "automount.8: "Macro ".RE" without ".RS"; some spelling corrections to the manual" [Undecided,New] https://launchpad.net/bugs/1077483
<ChmEarl> any real difference between useradd & adduser ?
<andol> ChmEarl: adduser is a higher level Perl script which relies on the useradd binary.
<guntbert> ChmEarl: one is the tool that actually does the dirty work (not recommended to invoke directly), the other does things a little smoother
<ChmEarl> andol, thanks - I never had to add -m
<gdeeble> Evening, just curious if anyone can help me with Vlans and using EBox/Zentyal? I set up each vlan(vlan1 and Vlan2) in the network interfaces, and when I restart now, the server can't get out to the internet but will work internally, but causes Samba not to start. I am just playing around with this but trying to learn as I want to divide my network up in time so that I have my computers
<gdeeble> on 1 vlan and my other devices on another vlan. Maybe I'm going about this wrong and someone can show me the right way. Currently there is just a hub off the server for testing.
<duli> anybody out there using zfs on ubuntu?
<duli> does it work properly?
<ikonia> it works in the sense of a fuse file system
<ikonia> it's not in the official ubuntu kernel, so you'll need to get an external kernel
<duli> ikonia: hum, ok, but in terms of stability, replacing drives etc.
<ikonia> depends on where you get the kernel from
<ikonia> the patche versions, the base kernel it's applied to, who builds it etc
<duli> I was hoping to install the dkms through the ppa
<duli> ppa:zfs-native/stable
<duli> but I won't go through the trouble if someonte tells me "it's not worth it"
<ikonia> it's worth trying if you want zfs, but just keep in mind it's not in the mainline kernel, so it's stability will depend how the kernel progress and the compatability with the patches
<duli> hum, ok
<ikonia> if you want ZFS though, I'd use an OS that supports it properly
<ikonia> (from my perspective)
<duli> the concept of having hds being used as if they were RAM is very attractive
<duli> but I'm not willing to get away from ubuntu in order to use it
<ikonia> err as if they are ram.....
<ikonia> it's just disk pools
#ubuntu-server 2012-11-11
<brunost> hi! I'm working on setting up a little home server (my first server I may add) and I am trying to figure out what would be the best way to deal with a drive to run the OS on
<gdeeble> You only have 1 drive?
<gdeeble> or multiple?
<brunost> gdeeble: I'll have a raidz of 4 drives for storage
<brunost> I am trying to figure out what solition to go for for storing the OS
<brunost> optimally a solution like freenas where it loads an image from a pendrive to ram would be the best
<brunost> but I don't really have enough knowledge about this myself to figure out if this is a clever solution
<gdeeble> brunost: See I have my os on 1 drive then mounted my raid to a mount point.
<ironm> duli, I was thinking also about such concepts (just using xen ... but I didn't get the xen live image working as wanted wanted and had to stop due to missing time resources)
<ironm> <duli> ironm: i'd like to use ubuntu on the flash drive as a server solely for manage virtual machines. The real storage will be built on 3 HDs using ZFS
<ironm> but ubuntu-server is definitively the best base for kvm hosts
<brunost> ofc I'll keep the OS on a separate drive, just not sure if I should try out loading from usb to ram or use a 2.5" drive of some sort
<duli> ironm: i think so algo.
<duli> ironm: but I've given up the idea of using ubuntu-server on a usb stick
<duli> would require a lot of tweaks to reduce disk writes
<gdeeble> brunost: depends on your needs. I have a little hard drive running my os, but USB solutions are def. nice as long as everything wants to play ball.
<duli> I'll go with a simple notebook hd (5400 rpm) to t install the sustem
<brunost> gdeeble: thats the thing, will I get it to play nicely
<ironm> duli, I gave such ideas too ;) ... I run ubuntu-servers as kvm hosts on raid5 or raid6 (with 4 or 8 drives) .. and use additional raid5 or raid6 as storage for VMs
<ironm> duli, well .. when you run in live you don't need really to care if your KVM host have enough RAM (ECC)
<ironm> gdeeble, I use own debian live images (booting from a USB stick) for my daily work .. it works great :)
<duli> ironm: sure, but my concern would be the usb key falling appart in a short period of time
<duli> ironm: since you mentioned kvm
<ironm> duli, yes .. that can happen
<gdeeble> brunost: I never had success myself but I am still a novice at this. I ended up using Zentyal which uses ubuntu with a web management face.
<ironm> gdeeble,  eg. ... http://rsync.it-infrastrukturen.org/postgresql/live-wheezy-amd64-awesome-public-databases-20121024e.iso
<duli> ironm: is it possible to open a vm machine remotely, using the virt-manager?
<ironm> duli, yes
<ironm> duli, like: ironm@wheezy:~$ virt-manager -c qemu+ssh://192.168.1.75/system
<duli> ironm: ah, that's so great!
<duli> ironm: so I can perfom the os install on the vm remotely, right?
<gdeeble> ironm: I always ran into something but I think my problem was lack of patience and knowledge when I was trying.
<ironm> duli, 192.168.1.75 is a ubuntu-server KVM host (HP DL385g7 ,,, with 32 or 64GB ECC RAM and 2 pieces of P410 RAID controller with 1GB cache each ... and 16 SCSI drives)
<gdeeble> but that was a few years ago.
<ironm> duli, you have to put .iso images for the installation inside /var/lib/libvirt/images/ an the KVM host, but the installation of VMs happen mostly from remote client (with the command like above)
<duli> ironm: ah, ok, that was my doubt
<duli> well, fair enough
<duli> seems nice
<ironm> virt-manager doesn't offer you the possbility to use local .iso images on the virt-manager client for installation on the KVM host
<ironm> duli, you need "virtual machine host" tasksel option of ubuntu-server to install the KVM host. You need also the ssh-server tasksel option for virt-manager (remote)
<duli> ironm: ok, that's totally fine. I could always do a scp to the kvm host
<duli> ironm: ok,. I just complet4ed the install and selected those to options
<duli> ironm: I already have ssh access to it
<duli> ironm: do you recommend ant specific tutorial on kvm/ubuntu?
<ironm> gdeeble, now a day linux live images are very comfortable
<ironm> duli, eg. this one : Red_Hat_Enterprise_Linux-6-Virtualization_Host_Configuration_and_Guest_Installation_Guide-en-US.pdf
<ironm> I can't find the link
<duli> ironm: no prob., I'll go through the redhat manuals
<duli> tks a lot
<ironm> duli, give me few minutes . I have some links also for ubuntu
<duli> ok
<ironm> duli, may I pc you? (query)
<duli> sure
<LeChacal> hello, i am trying to setup the 2nd nic in my server for a local connection to another machine through a swtich using static IP and it isn't working, this is my interface file http://paste.ubuntu.com/1349628/ am I missing something in my interface file or something else i needed to do. If I reboot the interface doesn't automatically come up and if I bring it up manual it doesn't ever list as having the address set in the interface file.
<qman__> two things
<qman__> you can't have more than one default gateway without a lot of extra config, or it will just choose at random which interface to send traffic out of
<qman__> and you're missing auto eth1
<qman__> and you can't have IPs from the same subnet on different interfaces
<qman__> I lied, three things
<LeChacal> ok so do i just not set a gateway on the 2nd nic then?  And I have differnt subnets DHCP gives out 192.168.1.x and the static is 192.168.0.141.
<qman__> yes
<qman__> you only set a gateway on your internet-facing side
<qman__> if you have more than one internet-facing address, you have to do some extra stuff to get it to either prefer one or load balance
<qman__> dhcp sets a gateway automatically, so just remove the manual one
<LeChacal> ok i have made the changes and rebooting, ill see if that was all my problems shortly
<LeChacal> qman_ thank you that seems to fix my problem
<uvirtbot`> New bug: #1070322 in quantum (main) "again creation of quantum db" [Undecided,New] https://launchpad.net/bugs/1070322
<star314> Hi! How can I (temporary) disable a software raid device, e.g., /dev/md2 from the system such that it will not re-added after a system restart?
<star314> I've tried mdadm --stop /dev/md2 and removing it from /dev/mdadm/mdadm.conf
<star314> but this didn't work.
<bananapie> Is there a command in ubuntu to which I can pipe an email and an IP address and it would send an abuse report to the abuse email for the given IP ?
<bananapie> I got hits attacks from 200 different IPs in a 24 hour period, I could never work on this list by hand.
<patdk-lap> bananapie, only 200?
<bananapie> that's if I count each IP only once.
<dassouki> I'm looking for a scheduling service for my employee similar to ms exchange
<dassouki> we use google mail
<queency> hello all: can someone tells me where is the logs of start-stop-deamon ?
<bananapie> queency, what is it you are looking for ?
<bananapie> some daemons send information into /var/log/syslog when starting or stopping, but not all do.
<queency> My main task is fly away when starting with start-stop-deamon and i don't know why !
<bananapie> what do you mean fly away ?
<queency> die
<queency> btw how can i replay like you did with the starting of "queency," ?
<mrrothhcloud__> anyone here used Transcenders?
<gucki> does it make any sense to have "R/W multiple sector transfer" enabled for sata disks? i see it's set to 0 for all my hdds...
<patdk-lap> that is extreemly odd
<patdk-lap> generally you want it to be atleast 8
<jacobw> i have a problem using --location with virt-install, the files are downloaded to /var/lib/libvirt/boot/ but disappear immediately after they are downloaded and seabios in the VM hangs on booting from ROM
<NomadJim> anyone running an ubuntu webserver that can share some anecdotal evidence of how often they have to patch their server?
<ikonia> you patch your servers when ubuntu provides package updates
<ikonia> it's that simple
<DaveR> iirc there is a setting to have your sever automatically deploy security related patches
<ikonia> yes, but that's not wise
<ikonia> as you don't want to blindly patch unless you have a test system first
<DaveR> that's fair
<greppy> NomadJim: I use apticron to get emailed notifications of pending updates.
<NomadJim> ikonia:  i'm looking for number of times/year or some other kind of statistic
<ikonia> NomadJim: it changes from release to release and version to version, you can't guess how many bugs or security alerts will be found
<NomadJim> because it's going to be different based on packages, i'd like to focus on people with web servers
<ikonia> NomadJim: it will differ for different people depending on what packages they are using
<NomadJim> yup
<NomadJim> maybe i'll compile something if I can't find it on google
<DaveR>  NomadJim, I make a point on my box to check weekly.  Having said that though, I will say this: my box is for personal use and therfore if it breaks/gets owned its not that big of a deal.
<DaveR> ie: I'm not saying that weekly updates are the best or that it's how you should do it
<greppy> I still like apticron as a way to get notification of new package updates.
<NomadJim> yeah i think automatic notification like greppy said would be best when i'm actively administering a production server
<greppy> that way you don't have to remember to login and check, if there is an update, you get an email.
<NomadJim> i have a whole bunch of personal use servers
<NomadJim> but i usually outsource it to a managed provider if it gets important
<NomadJim> so I am not very good at best practices
<NomadJim> greppy:  might be kind of cool if someone combined apticron + uptime monitoring
<NomadJim> as a service for lazy people
<ikonia> or you could just not be lazy
<ikonia> and run the server properly
<NomadJim> ikonia:  i'm talking about a business idea as opposed to personal administration
<ikonia> doesn't seem a good idea to me personally
<NomadJim> i bet someone is already doing it though
<NomadJim> what's the downside of having apticron in addition to the normal uptime monitoring most services provide
<ikonia> that's not what it was meant to do
<ikonia> so you're just adding a pointless function to it
<ikonia> there are tools for monitoring - this isn't one of them, so adding one random monitoring measure to it doesn't seem good
<NomadJim> I'm talking about uptime monitoring services like https://www.pingdom.com/
<ikonia> yeah, I'm saying I think it's a bad idea
<NomadJim> I think it would be valuable if they added apticron notifications as well to their offering
<ikonia> that's not what the tool was meant for
<NomadJim> notifying of updates isn't what apticron is for?
<ikonia> no, monitoring
<ikonia> there are already monitoring plugins for most proper monitoring solutions
<ikonia> sorry, I just think it's a bad/pointless idea
<NomadJim> apticron doesn't do the monitoring it's an addition
<ikonia> what ?
<NomadJim> i'm not quite sure what you're arguing
<ikonia> that uptime monitoring included as part of aptcron is a bad idea
<ikonia> which is what you stated
<NomadJim> i'm saying uptime monitors like https://www.pingdom.com/
<NomadJim> could add apticron
<ikonia> why ?
<greppy> NomadJim: xymon can monitor apt status, including apticron.
<ikonia> there are already solutions/plugins for proper monitoring solutions
<ikonia> tools like pingdom are not monitoring solutions
<NomadJim> greppy:  that's cool. currently trying to learn zabbix, don't know if that's equivalent ot xymon
<greppy> NomadJim: xymon used to be hobbit which used to be big brother.  I find that I prefer it to most other monitoring solutions.
<NomadJim> http://en.wikipedia.org/wiki/Comparison_of_network_monitoring_systems
<NomadJim> looks like they are pretty similar
<NomadJim> at least in terms of features
<bananapie> fail2ban
#ubuntu-server 2013-11-04
<jparkton> anyone know a good server vps with bind, irc, I can host other sites off for about $20/month?
<jparkton> and have root or at least sudo ?
<jrwren> digital ocean?
<jparkton> maybeh
<Beatstreet> what the best place to look to see if I can tell why a sever keeps locking up/going offline?
<genii> Beatstreet: Lots of logs to check in /var/log ... most usually: syslog, faillog, dmesg, kern.log and then the logs for the repective things running on the server are in that dir as well. The usual ones to check would be auth.log, apache error and access logs, mail logs, and so on
<Beatstreet> thanks
<genii> Beatstreet: The most usual reason is brute-force password attempts at ssh, the auth.log will show those.Another is automated probes for known exploits in web pages, those are usually found in the /var/log/apache2/error.log
<Beatstreet> thanks genii
<genii> Beatstreet: You're welcome :)
<Beatstreet> Think I have a hdd going bad but smartmomtools not seeing it but every time the box locks up when it comes back a raid device is resyncing
<genii> Beatstreet: If it's hardware failure, the dmesg is where it will normally show
<Beatstreet> it completes but a few hours later box goes offline
<Beatstreet> ok
<joossee> ersi?
<babinlonston> Hi All , What is Reverse proxy and what the use of it , in which environment i need it ? and when i need to configure a reverse proxy , How to do it in ubuntu ?
<BradTN> Can anyone here please help with a Software raid 5 issue?
<BradTN> going on 7 hours in standstill
<psivaa> hallyn_: hello :), trusty lxc smoke tests are hanging halfway down the tests. reported bug #1247860 with as much information as i could add
<psivaa> the VM where the tests are running is active at present if you'd like more information
<psivaa> xnox: ^ if you'd like to help :)
<psivaa> https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1247860
<xnox> hallyn_: stgraber ^^^ lxc smoke-test hangs, see above.
<hallyn_> yea looking
<hallyn_> nothing helpful in logs
<hallyn_> ubuntu-cloudimg-query trusty - confused by argument trusty :(
<hallyn_> (waiting for a trusty vm to install locally)
<AtuM> I have a really weird problem... while the server boots up I loose VGA signal, connection to the server via ssh is impossible, but the network comes up - it responds to ping. I can only get to the console via the recovery mode..  I have no idea where to start looking - I'm not that used to upstart and Plymouthd
<AtuM> This happened after I mistakenly unplugged the system drive and then restarted the machine.. fsck reports all fs are clean even after forced check.
<joossee> atum; where in the bootprocess do you lose VGA?
<joossee>  /when
<AtuM> joossee, I think it's after the fsck completes..
<joossee> black screen?
<AtuM> joossee, I can't really tell anything more since I see nothing and can't access the server
<AtuM> joossee, "no signal" even
<joossee> atum; i had thisproblem as well but related to a video card not a HDD... hrmmm\
<joossee> isthe volume in question HW raid ?
<AtuM> joossee, I've tried plugging in a different monitor
<AtuM> joossee, no.. it's not mirrored.. the root fs is on a single ssd drive
<joossee> atum; maybe im misundestanding here (im new)but you get the GRUb selection screen yes?
<AtuM> there's one more fact I've spotted.. when in recovery mode - whatever I select from the menu (other than open shell as root), I get a plymouthd error when trying to cancel whatever is running - since nothing really completes
<AtuM> joossee, yes.. grub shows up.. then a part of boot process also goes well.. then "blank"
<joossee> ... ok this problem isabovemy pay grade... someonemore experienced might offermore... my only suggestion is google "nomodeset" and "quiet splash" in grub. try it and see if you can get to CLI
<AtuM> joossee, I can even go to advanced menu and select recovery mode to get to the console.. but if I select "boot normal" it does the same thing
<AtuM> joossee, thanks!
<wagonboi> I keep getting locked out from my ubuntu box by Fail2ban and denyhosts, but I can't whitelist my IP because it changes about every day. What free DNS service can i set up on my windows machine so that I can set it's address in the whitelist and not be blocked anymore?
<joossee> wagonboi, who or what is assigning the IP?
<wagonboi> joossee, I use my phone and tether my Windows machine to it. My phone's IP resets about every day. When I try to SSH into my ubuntu server, it sometimes blocks my (phone's IP).
<joossee> wagonboi, wow.. whos your cell provider that that actually works well??
<joossee> wagonboi, you are going to have to disable your whitelisting scenario for this too work i think
<wagonboi> T-Mobile, but they want me to pay for tethering which sucks. I have to use SSH tunneling to hide my desktop's user agent in order to browse the internet
<wagonboi> this is why getting to my ubuntu box is so important :)
<joossee> wagonboi, just switch to android and you can do that for free after rooting
<wagonboi> nope, they check the user agent on internet traffic
<joossee> wagonboi, you mean a webpbrowsers user agent?
<wagonboi> if they detect a windows machine, they intercept the traffic and send you to an upsell page. yes, web browser UA
<joossee> wagonboi, have you tired using firefoxplus the useragent spoofing plugin?
<wagonboi> yes, I use it but I want to watch Amazon Prime videos which is not compatible with user agent spoofing
<joossee> wagonboi, what OS is on the phone?
<joossee> moreto the point:can younot use a VPn to your home network to solve this problem?
<wagonboi> Android
<wagonboi> I want to tunnel traffic on a Per-application basis, not all of my traffic, therefore SSH tunneling is ideal
<joossee> wagonboi, like put tomatoUSB on your rotuer and have it act as a VPN server then use android to connect ot it?
<joossee> oi c
<joossee> hrmmm
<wagonboi> I just need a way to be whitelisted on my ubuntu box, no matter what iP I have
<joossee> suggestion: https://play.google.com/store/apps/details?id=com.dyndns&hl=en
<joossee> can you whitelist based on domains or just IP's?
<joossee> (i thinkassigning A DYNMAIC dns to a cell phone is not gonna work anyways but...
<wagonboi> I just installed NO-IP, I just hope fail2ban works witha DNS hostname
<wagonboi> ok I fixed it. I set my NO-IP's account DNS hostname as whitelisted in fail2ban and removed Denyhosts since it kept blocking my IP. Fail2ban already monitors SSH brute force attacks so denyhosts is redundant IMO
<wagonboi> not to mention removing an IP from denyhosts requires editing 5+ files!! http://bitmonger.blogspot.com/2013/01/remove-delete-ip-address-from-denyhosts.html
<joossee> wagonboi, awesome
<hallyn_> psivaa: my local run of lp:~serge-hallyn/+junk/lxc-test succeeded on trusty.
<psivaa> hallyn_: as i said in the bug it did to me too, but hangs in the precise vm host
<hallyn_> i'm on trusty vm on precise host
<hallyn_> psivaa: oh wait.  trusty kernel does not yet have full apparmor support
<hallyn_> jjohansen: ^ correct?
<hallyn_> psivaa: in which case, just disable the lxc tests for now
<tyhicks> hallyn_: that's correct
<hallyn_> tyhicks: thx
<tyhicks> hallyn_: he's in the process of getting a pull request together but I don't see anything on the kernel-team list yet
<hallyn_> ok.  the failure may have nothing to do with that, but some of the tests explicitly tset for apparmor so i just don't see any point running them.
<hallyn_> marked the bug invalid - thx
<psivaa> hallyn_: ack, will do
<psivaa> hallyn_: the tests are disabled now, how do i know when it could get enabled?
<hallyn_> psivaa: well, technically when you find that /sys/kernel/security/apparmor//features/mount/  exists
<souliaq> Hi, I want to autostart xinit, and after that autostart and sdl game in ubuntu-server, how can I achieve that?
<joossee> man this channel really lacks the jocularity of #ubuntu lol
<jkitchen> loooooool
<npc_> Hi, i'm not have a lot experince with ubuntu server. How simplest way i can create backup ?
<joossee> npc_, https://help.ubuntu.com/community/BackupYourSystem
<joossee> npc_, start there and comeback as you encounter problems
<npc_> joossee, i saw this when i googled, but which tool do you recommend ?
<joossee> i recommend raid level 5
<joossee> but that is hardware
<joossee> so youreon your own!
<sarnold> raid is not backup
<jkitchen> raid is just a way of kicking that MTBF a bit further down the road
<npc_> we have VPS server, and i need update system, but before update i want create backup
<jkitchen> it depends on what you're trying to back up
<jkitchen> and how much downtime you can absorb
<jkitchen> for simple, you could just use tar and create a tarball of your important files and such
<jkitchen> but if you're looking at a database server and you have a requirement of low or no downtime... it's a different story
<joossee> sarnold, semantics!
<npc_> for now some downtime is'n big problem :)
<jkitchen> this reminds me I need to submit my talk for SCaLE
<jkitchen> I think my system design philosophy needs to reach a broader audience
<sarnold> joossee: don't get me wrong, raid is a decent thing to do :) but it can't help you against rm -rf / or malicious intrusion or fire.
<jkitchen> in my environment upgrading the OS is a trivial thing. I just change the OS and then reboot the machine
<sarnold> jkitchen: look into kexec you might even be able to avoid reboots
<jkitchen> sarnold: no, the reboot actually wipes/reinstalls the machine
<npc_> i need backup for LAMP + server configuration
<joossee> sarnold, agreed
<sarnold> jkitchen: ah, pxe booting?
<jkitchen> sarnold: yea
<jkitchen> pxe + foreman + puppet = win.
<jkitchen> I can deploy a new database server by turning it on.
<jkitchen> the next round of servers we deploy will just be fully rack-n-stack by remote hands
<sarnold> jkitchen: you might like to investigate juju and maas :)
<jkitchen> ah.
<jkitchen> perhaps
<jkitchen> I'm doing pretty well with puppet
<sarnold> you can use your puppet recipes in juju charms
<jkitchen> the only real problem I ave right now is bootstrapping the environment
<sarnold> and let juju and maas handle machine provisioning
<jkitchen> some day, perhaps
<jkitchen> one thing at a time
<jkitchen> today I'm trying to tackle this godawful san
<joossee> anyone here using a TPLINK WDN4800 ?
<jkitchen> not I.
<jkitchen> my servers are all wired and my desktops are all macbooks :)
<jkitchen> npc_: so, you're gonna want to back up things in /etc/apache2, for starters
<joossee> bro id love to wire this server but i cant have two 100' cables running thru the kitchen so... if i can get close to 150MBPS over 5ghz ill be very happy
<jkitchen> assuming you're using the standard ubuntu way of doing apache bits
<jkitchen> npc_: then, you'll want to shut down your database and back that up. if it's mysql, it's /var/lib/mysql (right?)
<jkitchen> postgresql is /var/lib/postgresql
<jkitchen> back up any code you have that you can't redeploy
<npc_> yes apache, mysql
<jkitchen> if you don't have a deploy method for your code, you need to do that as well, but that can be done later.
<jkitchen> my philosophy is the only thing I should need to keep from a server is any databases or files which can't be rebuilt.
<jkitchen> so my /var/lib/postgresql /var/lib/mongo /var/lib/redis and /srv/www/uploads are on separate volumes which get brought in by puppet after the machine boots
<jkitchen> everything else is disposable
<jkitchen> code is deployed from git
<npc_> what about this https://help.ubuntu.com/10.04/serverguide/backup-shellscripts.html ?
<jkitchen> npc_: do you have an nfs mount you can put the backups on?
<jkitchen> really you need to identify *what* you need to back up and then it's as simple as making a tar of that and moving it off the server
<jkitchen> don't try to focus on a tool, because really how is not nearly as important as *what*
<npc_> i just want have current system configuration, if something goes wrong
<jkitchen> npc_: then really the easiest and most reliable way to do that is instead of rebuilding your existing machine, make a new one and migrate to it
<jkitchen> you mentioned VPS, so this should be pretty easy. if you're with bitfolk I know they'll give you a temporary free vps to do exactly that
<jkitchen> other places might not, but really, whatever the cost is should be fine to absorb
<npc_> we have VPS on mediatemple.net, we can take backup service for 20$/month. I planning think about this later. I thought there is simplest way with terminal create all system backup
<Corey> npc_: Oh, you mean the GoDaddy company? :-)
<Corey> jkitchen: You're everywhere.
<jkitchen> Corey: are you calling me fat?
<Corey> jkitchen: You're the center of my ever expanding universe. It matches your ever expanding waistline. :-)
<jkitchen> <3
<jkitchen> I'm working on the waistline thing.
<jkitchen> #c25k week 4 starts tonight.
<jkitchen> 16 minutes of intervals :(
<jkitchen> almost double what week 3 had me doing
<jkitchen> npc_: there are plenty of simple ways
<jkitchen> but they may not be the best way
<jkitchen> I really do think you'll be way better off just migrating to a new server rather than trying to rebuild your existing one
<jkitchen> I think that will end in way more pain and time and money expenditure than just having another box for a month
<jkitchen> it'll also allow you to iron out wrinkles before you take the downtime plunge
<jkitchen> there's a reason companies use staging environments
<jkitchen> I'm simply trying to keep you from shooting your foot completely off :)
<ses1984> hi, i have been really confused about interactive/non interactive environment variables all day, been reading and testing things all day and feel like i'm not learning anything
<ses1984> i'm trying to serve an application with apache mod_wsgi
<ses1984> the user www-data is the user that's running the apache processes, so i tried to set env vars for that user, to be used in the application
<ses1984> it wasn't working, and i think the reason for that is that i was setting interactive environment variables, but apache is running non-interactive
<ses1984> in other words if i'm logged in as www-data at a bash prompt, i see all the env vars that i would expect, but if i try to get that same info through apache, i see a totally different, much smaller list of env vars
<ses1984> presumably because when apache starts, it's non-interactive, therefore all the env vars i set that only apply to interactive mode will not be set in that context
<ses1984> so, how can i set env vars so that they are availble to applications served through apache
<Rory> See, I know the answer. But people have no patience.
#ubuntu-server 2013-11-05
<michele2> hi there
<michele2> hi there
<sarnold> michele2: hello; note that irc tends to be quiet unless there's something specific to discuss. :)
<MavKen> I have installed 13.10 on my vps but others recommend not to use 13.10 on production server... do any of you use this version on production server?
<pmatulis> MavKen: it depends what your needs are
<MavKen> I host about a dozen static sites and a site that uses codeigniter
<MavKen> so far, haven't had any issues.
<pmatulis> MavKen: if 12.04 gives you want you want then use it since it's an LTS and is supported longer (until april 2017).  then again, 14.04, the next LTS, is out in 6 months so you might consider installing 13.10 and then do a single release jump to it and stick with it for 5 years
<sarnold> MavKen: probably the most annoying issue is that you'll have to upgrade in eight months or so.
<sarnold> MavKen: you may wish to consider upgrading to 14.04 LTS when it is available and you feel comfortable doing the upgrade, and sticking with that for a few years, to reduce the cost of maintenance / ownership
<MavKen> yeah, since I have mostly static sites, I just zip them up, clean install os then unzip.. planning to install 14.04 once it is available
<wew> I want to ask question how to grep in order to get only the essid and signal level when i issue the iwlist command.
<wew> I want to ask question how to grep in order to get only the essid and signal level when i issue the iwlist command.
<pmatulis> wew: man grep
<wew> pmatulis: sorry for that question im a beginner in pmatulis at the moment i use this command "iwlist wlan1 scan | grep -e ESSID -e Signal"
<wew> *beginner in ubuntu
<wew> but what i want to get is only the ESSID name and signal level and nothing else
<pmatulis> wew: maybe pastebin the entire output of 'iwlist wlan1 scan'
<pmatulis> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<MavKen> where can i edit the script that is used when a new user is created?
<pmatulis> MavKen: you don't want to do that
<MavKen> why?
<pmatulis> MavKen: explain your rationale, you're prolly missing something
<MavKen> in my /etc/skel folder I have public_html and then the twitter bootstrap framework... when I create a new user, I want the username to be inserted into a php file as the "project name" appearing the in title/navbar
<pmatulis> MavKen: i feel you're toiling around in the wrong boiler room.  sounds like you should be doing this with an external shell script
<MavKen> so i would like config.php created in the process with the following line: <?php $site_title = "<username entered here>"; ?>
<pmatulis> MavKen: editing system utilities is not the way.  these changes will conflict if the utility ever gets upgraded.  i also feel that you should separate the system-level stuff from application-level stuff
<wew> pmatulis: this is the link http://pastebin.com/p1z7Y4YS
<wew> http://pastebin.com/p1z7Y4YS
<MavKen> ok
<wew> hello there can someone help me how to use grep in this problem given . http://pastebin.com/c01UX1B8
<trupheenix> hello. Are there any kind people here who can help me with postfix and sasl? I keep getting this error:     pwcheck_method: auxprop
<trupheenix>     auxprop_plugin: sql
<trupheenix>     mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5 NTLM
<trupheenix>     sql_engine: pgsql
<trupheenix>     sql_hostnames: 127.0.0.1, 192.0.2.1
<trupheenix>     sql_user: username
<trupheenix>     sql_passwd: secret
<trupheenix>     sql_database: dbname
<trupheenix>     sql_select: SELECT password FROM users WHERE user = '%u'@'%r'
<trupheenix> oops
<trupheenix> sorr
<trupheenix> y
<trupheenix> I keep getting this error warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
<sarnold> trupheenix: is an saslauthd running? can you find what socket file postfix is expecting and see if anything else has that socket open? (lsof or fuser...)
<trupheenix> sarnold, how do i do that? :(
<trupheenix> sarnold, ok i got it. let me try
<sarnold> trupheenix: hrmm, looks like things can be complicated here. Check out these urls for some additional reading: https://help.ubuntu.com/12.04/serverguide/postfix.html#postfix-sasl  and  https://help.ubuntu.com/community/Postfix#Authentication
<sarnold> (the community guide looks a bit dated, I saw references to 6.06...)
<trupheenix> sarnold, so what are you suggesting?
<trupheenix> sarnold, ok let me figure out what file is postfix looking for
<trupheenix> sarnold, I'm trying to use Cyrus SASL.
<trupheenix> sarnold, but looks like now I will have to use DoveCot. DoveCot on POP3 seems to work OK.
<joossee> can anyone help me get my video card to work? firemv2400 im reading this but it is way above my paygrade: https://bugs.launchpad.net/ubuntu/+source/xserver-xorg-video-ati/+bug/1091380
<joossee> can i revert to xorg 7.0 in 12.04?
<wew> hello there can someone help me how to use grep in order to get only the signal level and ESSSID when issuing iwlist command ? thanks.
<webdev13> hi guys , i dont know that much about linux commands and ubuntu
<webdev13> i'm trying to add new virtualhost , but i have no idea how to do this on apache server
<sarnold> webdev13: I hope this is helpful to you: https://help.ubuntu.com/12.04/serverguide/httpd.html#http-configuration
<webdev13> sarnold , i already have virtualhost , system admin made it for me
<webdev13> i want to add new one , i dont know which file  i should edit and how to access it ?
<Pupeno> Hello.
<trupheenix> can anyone here help me with dovecot installation?
<trupheenix> my dovecot process doesn't seem to start at all
<trupheenix> any postfix dovecot experts here?
<pmatulis> !ask | trupheenix
<ubottu> trupheenix: Please don't ask to ask a question, simply ask the question (all on ONE line and in the channel, so that others can read and follow it easily). If anyone knows the answer they will most likely reply. :-) See also !patience
<trupheenix> !patience
<ubottu> Don't feel ignored and repeat your question quickly; if nobody knows your answer, nobody will answer you. While you wait, try searching https://help.ubuntu.com/ or http://ubuntuforums.org/ or http://askubuntu.com/
<trupheenix> ok. So i have set up postfix+dovecot with postgresql as the backend store. I have setup postfix to use sasl authentication via dovecot. I have checked SMTP,POP3 and IMAP logins and they work fine. However now I have issue with mailboxes. Is it compulsory for dovecot to have home directories for each e-mail id?
<trupheenix> my postfix installation is not delivering mails to dovecot. Here is my postconf output: https://gist.github.com/anonymous/7318863 Here is my doveconf output: https://gist.github.com/anonymous/7318896 Finally here is my output from tail -f /var/log/mail.* when I send a mail: https://gist.github.com/anonymous/7318945 Can anyone tell me why postfix is not handing over the mails to dovecot and why am I getting a not delivered responder eventhough
<trupheenix> the us
<trupheenix>  <trupheenix> er exists on my server? I was able to send mails from this same user but now I cannot receive it. Any help would be appreciated.
<jdstrand> adam_g: hey, I think there was a breakdown in the process-- keystone 1:2013.1.4-0ubuntu1 dropped the fix for bug #1202952 that was in the security update for 1:2013.1.3-0ubuntu1.1
<jdstrand> adam_g: I mentioned that one in irc. I also mentioned another one
 * jdstrand goes to look
<jdstrand> adam_g: actually, nm-- both patches are in there. the ChangeLog and debian/changelog didn't list one
<NaGeL> can someone help me with this problem?
<NaGeL> http://askubuntu.com/questions/371563/port-25-smtp-port-connection-refused
<babinlonston> im using kvm and other Distribution were installed as Guest operating systems  there are  /dev/sda6 , /dev/sda7 /dev/sda8 /dev/sda9 ,  there are upto /dev/sda15 available in my PC , i need to create a backup of /dev/sda6 to /dev/sda14 , if there is some issue i need to restore from that /dev/sda14 to /dev/sda6 , how can i Do it guide me to snapshot it ... I'm using LVM for /
<remix_tj> NaGeL: try with netstat -alptn | grep 25
<remix_tj> you'll see if the mailserver is bound only to localhost
<remix_tj> or to any address
<NaGeL> tcp        0      0 0.0.0.0:25              0.0.0.0:*               LISTEN      12775/master
<NaGeL> tcp6       0      0 :::25                   :::*                    LISTEN      12775/master
<NaGeL> thats what i get
<remix_tj> uhm strange
<NaGeL> yes
<remix_tj> and from your machine you cannot do telnet IP_OF_SERVER 25
<NaGeL> telnet: Unable to connect to remote host: Connection refused
<NaGeL> that is what i get
<ikonia> connection refused is probably being blocked by the auth rules
<ikonia> eg: telnet localhost 25
<ikonia> try that
<NaGeL> that works
<NaGeL> as the guide says i use dvecot for smtp auth and there is a line like this
<NaGeL> # Disable LOGIN command and all other plaintext authentications unless
<NaGeL> # SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
<NaGeL> # matches the local IP (ie. you're connecting from the same computer), the
<NaGeL> # connection is considered secure and plaintext authentication is allowed.
<NaGeL> disable_plaintext_auth = yes
<NaGeL> can this be the problem?
<ikonia> NaGeL: ok, so it looks like it's only accepting connections to localhost/from localhost
<NaGeL> nope.. set it to no, still connection refuised
<ikonia> set what to no
<NaGeL> disable_plaintext_auth = no
<ikonia> you're not getting that far
<NaGeL> in dovecot
<ikonia> dovecot is not your mail server
<NaGeL> but thats what i use for smtp auth.
<ikonia> you have a mail server running on port 25 that is only accepting connections to localhost
<NaGeL> yes, and thats kinda problem.
<ikonia> right, so why are you looking at dovecot or user auth
<NaGeL> dunno.. i have no idea where to look, i'm just trying out things.  and as i said i set dovecot's SALS as the smtp auth
<NaGeL> OOOH smtps is working
<NaGeL> cool
<NaGeL> then its better if the stmp is blocked becouse it will work only ina secure connection
<NaGeL> thanks ikonia remix_tj  for the help!
<jcastro> gaughen, ok I've approved another batch of blueprints
<jcastro> I was thinking of scheduling either today or tomorrow, how do you feel you're getting on with them? Mostly done or still gathering?
<jrwren> NaGeL: who is your ISP? many ISPs (comcast for example) block outgoing port 25 in an effort to reduce spam from bot nets.
<strixUK1> hi.  i have a from-scratch ubuntu 12.04 server installation, and i am scratching my head why it doesn't perform comparably to the machine it's replacing (hostgator-configured, centos 5.9-based thing).
<strixUK1> example: loading a 230-odd MB SQL dump takes 45 sec on new machine, and 30 sec on old.
<strixUK1> any pointers as to what sort of tuning i should be looking at?
<strixUK1> i've already compared active mysql configuration on the new box, and updated those parameters that needed it
<TheLordOfTime> strixUK1: why is a 15 second restore making you scratch your head...?
<TheLordOfTime> 15-seconds-difference *
<strixUK1> because the machine is unloaded and a 50% extra load time indicates something isn't right
<ikonia> it's not %50 load time
<strixUK1> it's not the absolute difference that bothers me, but the relative difference
<ikonia> are the machine identical
<ikonia> is it consistantly the same difference
<strixUK1> yes, consistently the same (plus or minus small variation)
<ikonia> are the machines the same
<strixUK1> the machines aren't really similar.  i'm not really sure what the spec of the old machine is because it's a hostgator dedicated box, and they're not particularly forthcoming about their machine specs.  the new machine is a slightly older cpu architecture, but it has more memory.
<ikonia> then why are you comparing them
<ikonia> and why do you think something is wrong
<strixUK1> the other big differences are that the new box runs in a xen VM, where the old one is running in a qemu VM; and write latencies in the new box are maybe 2-3 times longer than the old machine.
<ikonia> a machine you don't know the spec of is slightly faster with a small import than a totally different machine
<strixUK1> (if a 230 MB dump is 'small')
<ikonia> it is
<strixUK1> an sql search-and-replace operation takes about 70 sec on the old box and about 120 sec on the new, but that's very roughly comparable with the difference in sql load
<trupheenix> hello ikonia can you help me with a problem I'm facing in postfix?
<ikonia> trupheenix: no idea.
<ikonia> trupheenix: ask the channel, some good people in here
<TheLordOfTime> strixUK1: if the machines are not identical, then you are comparing apples and oranges
<strixUK1> if the new machine really is that much lower performance than the old, then there's nothing much i can do about it and will just live with it, but i'd like to ascertain that it isn't anything to do with the tuning or other configuration between the two
<TheLordOfTime> if the hardware is different, it's apples v. oranges.
<ikonia> strixUK1: why don't you forget the old machine, as it's a pointless comparison, and just look at what the new one is doing and see if you can make it better
<strixUK1> TheLordOfTime: perhaps.  i'm not expecting identical performance, or even faster performance on the new box, but a 50% difference seems.. surprising.
<ikonia> strixUK1: why is it surprising, you don't even know the spec of the old machine
<TheLordOfTime> ^ that
<strixUK1> ikonia: exactly, so my question is is there anything i should be looking at tuning-wise to improve upon?
<ikonia> a machine you don't know the spec of, is faster than a machine you do know the spec of, it's a pointless compariosn
<ikonia> strixUK1: you tune problems, looking for problems will indicate what to tune
<TheLordOfTime> exactly what ikonia said
<strixUK1> because they're similar classes of machines, and i would not expect such a significant difference in performance, even if the new box is possibly a bit older
<TheLordOfTime> as long as the restore didn't cause any problems there's nothing to fix
<TheLordOfTime> similar "classes" of machines have substantial variance inside their own class too you know
<TheLordOfTime> so unless you're comparing *identical hardware* your comparison is void
<ikonia> strixUK1: focus on the new machine, forget the old one, look for problems, fix problems
<TheLordOfTime> exactly
<TheLordOfTime> unless you're restoring 25MB SQL backup files every day it's not anything to worry about
<strixUK1> what i do know about the old machine is the processor (Xeon(R) CPU E3-1265L V2 @ 2.50GHz), vs new machine (Xeon(R) CPU X3210  @ 2.13GHz)
<ikonia> strixUK1: you don't know that as they are virtual machines
<TheLordOfTime> ^
<ikonia> that is the host, not the guest
<strixUK1> yeah, i just want to make sure that there isn't anything i can/should be doing with the new machine before i make it go live
<strixUK1> right
<ikonia> strixUK1: yes, there is lots you can do with the new machine,
<ikonia> strixUK1: but you have to work out where the bottlenecks are and see if they are config or limitations
<ikonia> config can be fixed, limitations can't
<strixUK1> hang on, the guest machines don't change cpu types?  (i'm in touch with one of the xen developers and can ask if necessary)
<strixUK1> right, so that's my question.  what should i be looking at in terms of config of the new machine?
<ikonia> strixUK1: forget all that - just focus on making the new machine work as good as it can
<TheLordOfTime> exactly what ikonia said
<ikonia> strixUK1: look where your bottlenecks are that would be the first point
<strixUK1> alright, how do i go about evaluating that sort of thing?
<ikonia> doing tasks and monitoring resources
<ikonia> seeing what tasks make what resources get utilized,
<ikonia> seeing if resources are maxed out for a period
<ikonia> seeing if that maxing out is causing wait on other resources
<strixUK1> well, i can tell you that iostat doesn't indicate a lot of activity during this DB load
<ikonia> strixUK1: activity, no, wait ?
<strixUK1> eg, the device containing / is mostly idle during the load with occasional bursts of 40-60 MB/sec
<strixUK1> which i presume is because most of the write activity is sticking around in os cache rather than being flushed to disc
<ikonia> strixUK1: is the database on / ? is the backup being read from ?
<ikonia> from /
<strixUK1> yes and yes
<ikonia> strixUK1: what is the wait time on the device ?
<strixUK1> not much read activity either, but again i presume the dump is in os cache
<strixUK1> average await is around 30 ms
<ikonia> ok, so that's almost half a second
<ikonia> do you find that acceptable ?
<strixUK1> (which, as i said earlier, is rather slower than the old machine, which is about 9 ms)
<strixUK1> what's half a second?
<ikonia> strixUK1: ok, so why is there wait time, is it because it's waiting on another resource, is it because the disk device is slow, is it because the host the vm is running on is overutilized ?
<patdk-wk> do what?
<patdk-wk> 30ms == 500ms?
<ikonia> oops
<strixUK1> right
<ikonia> bad maths there
<ikonia> 300ms sorry
<patdk-wk> normal time for a green disk is 15-30ms
<patdk-wk> normal time for a 7200rpm disk is 8-12ms
<ikonia> the green ones I have are faster than that
<patdk-wk> ikonia, only if they are running in non-green mode
<ikonia> patdk-wk: so you mean from "standing start"
<patdk-wk> pretty much
<ikonia> never measured that to be honest
<patdk-wk> just let it idle for 30seconds :)
<patdk-wk> well, it should sleep after 11seconds or so
<patdk-wk> then access something random
<strixUK1> again, the hardware is not new, and my host noticed that one of the pair (software raid1) was a bit slower than the other.  he's at the DC at the moment swapping out the slower one.  but the difference wasn't enough to account for 9ms vs 30 ms latency.
<strixUK1> however, it could well be the speed of disc
<ikonia> raid1 will depend on the slowest disk
<ikonia> so it can delay writes
<patdk-wk> idle with burts sounds like bad spots on the disk
<patdk-wk> is that read or write load?
<patdk-wk> write load shouldn't be affected
<strixUK1> patdk-wk: or cache flushing
<patdk-wk> if so, you did improper test :)
<strixUK1> this machine has no load to speak of and it has 7 GB of memory, so it seems likely that most activity will be sticking around in cache
<strixUK1> patdk-wk: i'm not particularly interested in disc performance because there's nothing i can actually do about that.
<ikonia> 7GB of ram....
<ikonia> that's an odd number
<patdk-wk> oh?
<patdk-wk> so what is the problem that is attempting to be solved then?
<strixUK1> if this load operation is operating mostly from/to cache, then the difference in performance is accounted for not by disc but by OS config.
<ikonia> strixUK1: the disk performance seems a factor
<strixUK1> hostgator doubtless tune their machines much better than me, hence why i'm wondering what bits of the OS might be relevant to this sort of activity
<strixUK1> ikonia: it's a VM, albeit the only VM on the machine, hence the odd number.  the physical machine has 8 GB in it.
<strixUK1> and i have done zero tuning of the base operating system (ubuntu 12.04 server), because i've never had to before.
<ikonia> so it's a 8GB physical machine allocated 8GB to a vm
<ikonia> sorry 7 gb to a vm
<strixUK1> right.
<ikonia> why would you run that configuration, surly just using the host would be better
<strixUK1> host's choice, i guess.  not completely sure why he wants this running in a VM, but that's what hostgator do, too.  (in their case, qemu, not xen)
<ikonia> ok, just seems a bit odd
<strixUK1> in principle, the VM could be migrated elsewhere for upgrade or whatever, but that doesn't really apply when the disc is local to the machine rather than on a SAN
<patdk-wk> it does, you can migrate the disk and memory at the same time
<patdk-wk> expecially if they do a drbd of the disks between machines
<strixUK1> yes, in principle, but i gather than migrating disc is a bit hairy ;)
<patdk-wk> dunno :) do it in vmware every day
<strixUK1> okay, well, that's the answer then i guess
<strixUK1> malc hasn't said anything about block device replication, so i assume that's not happening.  he's a small operation.
<Msi> what is like the top 10 home server usages?
<patdk-wk> ask google?
<genii> Msi: It probably varies according to need. The ones I commonly know of or use: remote access to CCTV systems, centralized file storage and access, SSH jump-off point to machines on the LAN inside the house, small web and email servers if you want to host your own with a static IP, home automation control.
<strixUK1> and PVR/HTPC
<joossee> ok its officaly: i hate the ubuntu desktop
<joossee> whats a good window manager for hands on server administration?
<joossee> can i install the mint one?
<genii> joossee: The usual convention is to run servers headless and administer them remotely by SSH at commandline, or by a web-based control panel like Zentyal or similar.
<patdk-wk> yuk, web-based control panel?
<joossee> genli .. and I am noblely working towards that goal but in the interim i reallyneed to at least be able to open files as root :)
<sarnold> yeah if you want the yakuza to help you administer your machines :)
<sarnold> joossee: sudo vim /path/to/filename   or sudo emacs /path/to/filename  ...
<joossee> ok if xorg.conf does not exist i can create it and set params and xorg will use it?
<sarnold> yeah
<joossee> is it still used in 12.04 xorg? still at /etc/x11/xorg.conf ya?
<sarnold> /etc/X11/xorg.conf -- note the X
<joossee> oh crap
<joossee> is there avim quick reference sheet thats good?
<genii> !xorgconf
<ubottu> The /etc/X11/xorg.conf file is deprecated, but sometimes may still be needed to pass values to specific drivers. Generic xorg.conf generation: http://ubottu.com/y/xorgconf - ATI/AMD ( fglrx driver ) specific: http://ubottu.com/y/atiamd - NVidia ( nvidia driver )specific: http://ubottu.com/y/nvidia man xorg.conf for file structure and syntax.
<sarnold> genii: neat :)
<sarnold> joossee: 'i' to enter insert mode, <esc> to return to command mode; :wq<enter> to save and exit, :q!<enter> to quit without saving
<joossee> got it ty
<joossee> man trying to get my video card to dual screen is making me crazy
<sarnold> joossee: oh, you're the guy who pasted that bug link last night "this is above my pay grade"... agreed, that looked like a problem ripe for driving someone crazy.
<genii> joossee: For graphical issues, you're more likely to find help in the regular channels like #ubuntu ( or if Mint, then #linuxmint-help on irc.spotchat.org )
<joossee> ya i actuallykinda spam both at the same time :)
<joossee> here is more of a server question though: i wanna have a nice cirtualization server, i have 28GB of ram. Do i need a swap file? PS i use volume encryption
<Rory> joossee: You don't necessarily need a swap file/partition but if you have the space for one, there's absolutely no harm
<sarnold> joossee: I like having swap partitions, if some unbacked memory is really unused, the kernel can shove it off to swap and use the memory for something more important. you won't want much swap _traffic_ on your system, but having some swap available is convenient.
<joossee> yes that what i figured
<joossee> i am having some difficulty using encrypted partiions and a swap file on said partiions?
<joossee> can someone explain the relationship between LVM and encrupted partitions?
<sarnold> joossee: note that VMs often require less 'ram' than a physical system would, because the host's block cache will provide for much of the 'caching' needs.
<joossee> interesting
<xnox> joossee: what's confusing between LVM and encrypted partitons?
<xnox> joossee: encrypted volume can provide a single volume (device that one can format as a file-system or swap space).
<xnox> joossee: lvm provides logical volumes, thus one can turn one device into something that can have multiple volumes without repartitioning.
<xnox> joossee: typically one puts lvm VolumeGroup on an encrypted partition - such that despite single partition in the partition table, one has multiple logical volumes for various file systems / mount points / swap.
<joossee> xnox, ty. so procedurally i create the encrypted partition and then a LVM inside of it?
<joossee> and within LVM i can have root fs and swapspace?
<xnox> joossee: yes. Conceptually the correct terms are: hard-drive -> partition -> encrypted LUKS volume -> LVM's Volume Group (VG) -....> multiple LVM's Logical Volumes (LVs) -....-> formated with e.g. ext4, SWAP, etc.
<xnox> joossee: not sure why you need to create it, as that's one of the automatic partitioning recipes options in both server and desktop installer.
<joossee> xnox; multiple physical raid volumes. guided doesnt allow me to include them as /home
<xnox> joossee: a tick box to encrypt whole install, or in server install it's one option down "Use full disk, setup lvm".
<joossee> xnox; in 12.04?
<joossee> didnt see that
<joossee> i will look again next go around\
<xnox> joossee: enter manual mode, setup raid volumes as you wish, and then go back and partition automatically "Use entire disk, ecrypt + LVM"
<xnox> joossee: so yeah with raid you want it different.
<xnox> joossee: do you want everything encrypted or just /home ?
<joossee> xnox; everything but /boot
<xnox> joossee: well, that's everything =) at the moment /boot is always unencrypted.
<xnox> joossee: are you following Ubuntu Server Guide?
<xnox> joossee: https://help.ubuntu.com/12.04/serverguide/advanced-installation.html covers LVM and RAID.
<xnox> hm. encryption (LUKS) should be added.
<joossee> xnox, no... i have done this a few time for bootsticks and whatnot
<joossee> and im familiar with hardware
<jamescarr> probably better suited here
<jamescarr> W: Failed to fetch http://ppa.launchpad.net/ubuntu-x-swat/r-lts-backport/ubuntu/dists/raring/main/binary-amd64/Packages  404  Not Found
<jamescarr> did it change?
<joossee> finally got my FireMV 2250 working perfectly. thanks guys
<Silvio-> Hey guys one of my sites was hit with a vuln: http://www.exploit-db.com/exploits/29290/, i updated my php using apt-get install php5, this brought my update to PHP 5.3.2-1ubuntu4.21 with Suhosin-Patch (cli) (built: Sep  4 2013 19:13:13)
<Patrickdk> Silvio-, and what about it? it was fixed Thu, 03 May 2012 15:42:08
<Patrickdk> since you didn't update your system for like, half a year, what do you expect?
<Silvio-> how do i know if my current php is protected?
<Patrickdk> http://people.canonical.com/~ubuntu-security/cve/2012/CVE-2012-1823.html
<Patrickdk> learn how to read CVE's
<Patrickdk> fixed in 5.3.2-1ubuntu4.15
<Silvio-> yea i need too, but if i read that correctly i am patched
<Silvio-> thank you
<Rory> Silvio-: If your server was compromised, upgrading PHP will only close the door to future compromises, it won't un-hack you
<Silvio-> ya i know it sucks, im trying to figure out what if the php has a backdoor
<sarnold> it need not be in php
<sarnold> your best bet is to take the machine offline and redeploy a replacement
<Rory> That's the only way to be sure, unfortunately
<Silvio-> damn
<Rory> Yeah it's a massive bummer
<sarnold> if you're curious what they've done, it might be worth investigating. just be careful what you do with the hard drive or filesystem images.
<Silvio-> ya im just a dev, our it guy is gone until monday
<sarnold> yikes
<Silvio-> ya i have some understanding but not much, i can see he was posting stuff eventually the server crashed
<Silvio-> thats why i found out the site was down
<Silvio-> that also might mean he wasnt able to do what he wanted so he killed the server?
<Silvio-> or am i being too optimisic
<Rory> Id you're a dev, and there's a systems guy who is supposed to be in charge, I'd recommend letting the systems guy know immediately
<Rory> If*
<Silvio-> i did tell him
<Rory> Was it compromised and posting spam or something?
<Rory> What was the actual nature of the hack?
<Silvio-> basically im trying to secure this as best as i can for when he comes back
<Silvio-> http://www.exploit-db.com/exploits/29290/
<Silvio-> this is what he used
<Rory> Yes but what did he do with it?
<Rory> Oh haha we've had that one too
<Silvio-> sucks i dont know what was posted
<Rory> OK let me re-phrase - how do you know you are compromised?
<Trudko> hi guys, I am going to install bunch of stuff regarding Ruby On rails development on my env, thing is I done this few times already, including installation on ubuntu server. What is best way how to automate installation ? I need to install Ruby, apache, mysql, rbevn etc etc
<sarnold> Trudko: you have many choices: you can configure preseed files if you're doing multiple installs, you can use juju charms if you want something suitable for 'private cloud' use, or you could use puppet or chef or shell scripts ...
<Trudko> sarnold, what about capistrano?
<sarnold> Trudko: it's quite popular in the rails world, I've never used it myself. does cap make it easy to configure non-rails services?
<Trudko> sarnold, not sure frankly I also heard about it from rails world
<sarnold> Trudko: I ha dthe impression it was more aimed at the gem bundles and database migrations and so forth -- but then I've never _used_ it. sorry. :)
<Trudko> no problem :)
<joossee> is there a trick to getting an adapter into 5ghz modein ununtu 12.04?
#ubuntu-server 2013-11-06
<Level15> hi, all. i have 12.04 server up and running. It comes w/ php 5.3, but my app requires php 5.4 or superior. I tried these instructions but they also installed newer apache which broke, among other things, the svn published via apache. Any hints on how to *just* install newer php but no other mods to system? Thanks.
<Level15> or better, any directions on how to get php 5.4 on ubuntu 12.04?
<rbasak> Level15: one of the Debian PHP maintainers also maintains an Ubuntu PPA for various versions of PHP. See https://launchpad.net/~ondrej/+archive/php5 and https://launchpad.net/~ondrej/+archive/php5-oldstable. Of course this is unsupported by Ubuntu for security updates etc; just by the PPA maintainer (but in practice he's great at keeping up).
<Level15> rbasak: i'm gonna try odstable to see if it works better than the newer one
<dannymichel> I added my site and configured my virtual host with what you see here. problem is nothing shows up when i visit the address. http://pastie.org/8458722 no mater what kind of file i put in the public_html directory
<jkitchen> dannymichel: what's in your access.log?
<jkitchen> also, what are the permissions on /home/danny ?
<dannymichel> owned by www-data and 755 chmod
<jkitchen> /home/danny is owned by www-data?
<dannymichel> one second. let me find out where that access log is supposed to be
<dannymichel> /home/danny/public_html is owned by www-data
<dannymichel> this is ubuntu 13.10 btw
<jkitchen> no, what's the perms on /home/danny
<dannymichel> where are the access logs again?
<jkitchen> likely APACHE_LOG_DIR is /var/log/apache2
<dannymichel> http://pastie.org/8458726
<dannymichel> http://pastie.org/8458728
<dannymichel> Any ideas?
<jkitchen> oop, sorry
<jkitchen> coworker asked me something
<jkitchen> also, what's the permissions on /home/danny (NOT /home/danny/public_html)
<dannymichel> im not sure how to check that jkitchen
<jkitchen> dannymichel: ls -ld /home/danny
<dannymichel> drwxr-xr-x
<dannymichel> im a newbie, but not sure how the containing folder's permissions has anything to do with this jkitchen
<dannymichel> Anybody have any ideas?
<dannymichel> I added my site and configured my virtual host with what you see here. problem is nothing shows up when i visit the address. http://pastie.org/8458722 no mater what kind of file i put in the public_html directory
<dannymichel> http://pastie.org/8458728
<dannymichel> http://pastie.org/8458726
<photon> is gcc 4.9 available in 13.10 backports?
<dannymichel> jkitchen, any ideas at all?
<jkitchen> dannymichel: one thing I would do is put the error and access log for that domain in a different file
<jkitchen> like ${APACHE_LOG_DIR}/dev.dmichel.net.access.log
<jkitchen> that way you can know for sure that you're even hitting that vhost (as opposed to some other vhost)
<gyre007> is it possible to create a bridge without assigning it an IP address and make it permanent ? ie sticking this all into network-interfaces ?
<jkitchen> gyre007: iface brX inet manual
<gyre007> jkitchen: ah nice one man..
<jkitchen> now, that may not actually define the bridge
<jkitchen> I'm not sure
<jkitchen> the only time I've used inet manual is when I was using the interface either in a vlan or lacp group (or both)
<gyre007> auto blah; iface blah inet manual does seem to work
<gyre007> yeah that's exactly what I need it for
<gyre007> VLAning
<jkitchen> yup, then that's what you want
<jkitchen> because you configure the vlanned IPs on blah.<vlanid>
<gyre007> aaand I got it :)
<gyre007> thanks to you
<gyre007> cheers for that
<jkitchen> np :)
<gyre007> yeah vlanned IPs are done via tagging
<gyre007> :)
<gyre007> cheerios
<joossee> guys i checked off mail server when doing my install.. how do i configure it or what is the email server it installs?
<ScottK> joossee: Your best bet is to read the Ubuntu Server Guide (see the channel topic).  It discusses it.
<pplcf> I have almost 1:1 proportion of CPU load / IO wait, is bad?
<pplcf> is it bad?*
<mattwj2002> anyone here?
<sarnold> mattwj2002: it gets quiet this time each day.. but folks are aroud
<dannymichel> I added my site and configured my virtual host with what you see here. problem is nothing shows up when i visit the address. http://pastie.org/8458722 no mater what kind of file i put in the public_html directory
<dannymichel> http://pastie.org/8458726
<mattwj2002> ok cool :)
<dannymichel> http://pastie.org/8458728
<pneftali> anyone knows how to upgrade/update apache 2.2.x to 2.4.x in an old ubuntu 10.04 ?
<dannymichel> No matter what I do, I cant enable htacces in Ubuntu 13.10
<dannymichel> http://pastie.org/8458980
<sarnold> dannymichel: note that <directory> is for directories in the filesystem, and <location> is for URLs
<sarnold> dannymichel: (I don't think it's related to the problem you're having now, but I thought I'd mention it anyway)
<dannymichel> ok
<trupheenix> hello. Can anyone here help me with a postfix and dovecot issue I'm facing for virtual users? In my case postfix is not delivering mails to dovecot LDA. I have explained entire problem here https://gist.github.com/anonymous/7332276 with logs and configuration files.
<pneftali> hm i have an outdated apache (2.2.14) in my ubuntu 10.04 box. updating apache to latest, step 1) sudo apt-get update step 2) sudo apt-get install apache2 ... this correct ?
<Rory> pneftali: Yes, but you'd be better off running "sudo apt-get upgrade" to update all your packages, not just apache
<Rory> !info apache2 raring
<ubottu> apache2 (source: apache2): Apache HTTP Server metapackage. In component main, is optional. Version 2.2.22-6ubuntu5.1 (raring), package size 1 kB, installed size 29 kB
<pneftali> cool, thanks Rory
<pneftali> Rory: but if i want to update just apache2, i should go with "apt-get install apache2", right ?
<Rory> pneftali: Yes
<Datahunter> my ubuntu server 12.04 crash many time. Finally, i setup netconsole to see dead message. How can i troubleshoot this problem.
<Datahunter> i get msg as below: apache2 invoked oom-killer: gfp_mask=0x0, order=0, oom_adj=0, oom_score_adj=0
<Rory> Datahunter: That is an out-of-memory error
<Datahunter> i sure that i has enough memory to run the system.
<Datahunter> Nov  4 22:44:59 myserver [151773.305429] active_anon:124309 inactive_anon:72595 isolated_anon:0
<Datahunter> Nov  4 22:44:59 myserver [151773.305431]  active_file:1807567 inactive_file:622889 isolated_file:0
<Datahunter> Nov  4 22:44:59 myserver [151773.305433]  unevictable:0 dirty:58 writeback:0 unstable:0
<Datahunter> Nov  4 22:44:59 myserver [151773.305436]  free:813309 slab_reclaimable:541977 slab_unreclaimable:22343
<Datahunter> Nov  4 22:44:59 myserver [151773.305439]  mapped:19484 shmem:152 pagetables:4313 bounce:0
<Datahunter> Nov  4 22:44:59 myserver [151773.327346] Node 0
<Datahunter> Nov  4 22:44:59 DMA free: 15892kB min:124kB low:152kB high:184kB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB isolated(anon):0kB isolated(file):0kB present:15652kB mlocked:0kB dirty:0kB writeback:0kB mapped:0kB shmem:0kB slab_reclaimable:0kB slab_unreclaimable:16kB kernel_stack:0kB pagetables:0kB unstable:0kB bounce:0kB writeback_tmp:0kB pages_scanned:0 all_unreclaimable? no
<Datahunter> Nov  4 22:44:59 myserver [151773.364482] lowmem_reserve[]:
<sgran> please use a pastebin for that
<sgran> also, you clearly don't have enough memory :)
<Rory> Datahunter: How much memory does apache normally consume? What applications are running through apache? Do you have a swap partition/file ?
<Datahunter> how can i use "pastebin". i 'm using Pidgin connect irc
<sgran> http://paste.ubuntu.com/
<Rory> !paste | Datahunter
<ubottu> Datahunter: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imagebin.org/?page=add | !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Datahunter> Here is my crash period   http://203.194.130.59/uptime.png
<Datahunter> i 'm try to upload dead message to paste.ubuntu.com
<Rory> Datahunter: How much memory does apache normally consume? What applications are running through apache? Do you have a swap partition/file ?
<Datahunter> memory usage: http://203.194.130.59/memusage.png
<Datahunter> i see i has many "unused"
<Rory> Datahunter: Is it a 32-bit or 64-bit installation?
<pneftali> weird, i'm still getting apache 2.2.22 after apache install
<Datahunter> @Rory 3.2.0-23-generic x86_64
<Rory> pneftali: Not weird, 2.2.22 is the latest version on 10.04
<Rory> !info apache2 raring
<ubottu> apache2 (source: apache2): Apache HTTP Server metapackage. In component main, is optional. Version 2.2.22-6ubuntu5.1 (raring), package size 1 kB, installed size 29 kB
<Datahunter> @ubottu,Rory:  full dead msg:  http://paste.ubuntu.com/6369401/
<Rory> Datahunter: Can you pastebin the file /var/log/apache2/error.log
<Datahunter> @ubottu,Rory:   I 'm running apache inside LXC (cgroup),  so i un-believe the apache can crash the system.
<Datahunter> @Rory:  i  double checked the apache error log. I can not find any useful msg. -__-
<pneftali> Rory: ic. is there a way to install 2.4.6 in ubuntu 10.04 ?
<Rory> pneftali: Possibly, take a look here https://help.ubuntu.com/community/UbuntuBackports
<Rory> Well, Datahunter the oom thing means "out of memory"
<pneftali> Rory: hmm. what about executing "apt-add-repository ppa:ptn107/apache" and then do another update and apache install ?
<Rory> pneftali: I'm not familiar with that repository, as always, use PPAs at your own risk
<Rory> !ppa
<ubottu> A Personal Package Archive (PPA) can provide alternate software not normally available in the offical Ubuntu repositories - Looking for a PPA? See https://launchpad.net/ubuntu/+ppas - WARNING: PPAs are unsupported third-party packages, and you use them at your own risk. See also !addppa and !ppa-purge
<Rory> pneftali: It would be better to check if there's an official backported version
<Datahunter> @Rory: I know what is OOM.  In addation, I disable the OOM-killer by "echo 1 > memory.oom_control"
<Datahunter> @Rory: But no help in my situation -__-
<Rory> Datahunter: You could also try asking in #apache they might know more about diagnosing if it's a memory leak or something
<Datahunter> @Rory: Are you mean that OOM break the cgroup memory control ?
<Rory> Datahunter: I don't know much about how to diagnose this problem beyond that fact that apache is eating more and more memory until it uses all your system has
<pneftali> Rory: thanks :)
<Rory> pneftali: Bear in mind Ubuntu 10.04 won't be supported for long, so a proper "fix" would be to upgrade to 12.04 :)
<pneftali> Rory: Yep. That's the plan.
<Datahunter> i can not sleep deeply as this problem happen mayn time @@||
<dannymichel> No matter what I do, I cant enable htacces in Ubuntu 13.10
<dannymichel> http://pastie.org/8458980
<pneftali> hi again - is there an update command that only updates the core os ?
<Rory> pneftali: What do you mean by "core OS" - you can update specific packages with "sudo apt-get install packagename"
<pneftali> Rory: all patches made to the os itself, not including patches to programs installed...
<Rory> pneftali: Do you mean just the Linux kernel?
<pneftali> yep
<pneftali> Rory: in my case it's for Ubuntu 10.04
<Rory> pneftali: If you run the command: "sudo apt-cache search linux-image" you will see which packages are available
<Rory> pneftali: If you're unsure, put the full output from that command onto http://paste.ubuntu.com and I will tell you which to install
<pneftali> Rory: it's a long list: http://paste.ubuntu.com/6369613/
<Rory> pneftali: Can you tell me the output of the command "uname -a"
<pneftali> Rory: Linux xxx 2.6.32-25-generic #44-Ubuntu SMP Fri Sep 17 20:05:27 UTC 2010 x86_64 GNU/Linux
<Rory> pneftali: sudo apt-get install linux-image-3.0.0-32-generic
<pneftali> Rory: do I need to back up files ?
<Rory> pneftali: No. When you reboot you will see the new kernel version in the Grub menu, it will automatically boot to the most recent
<Rory> pneftali: If for some reason it doesn't work you can just choose an older kernel version from Grub, and uninstall the new one
<pneftali> cool. thanks a lot Rory :)
<d1b> do you guys even qa ?
<d1b> https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1244176 <-- seriously?
<d1b> wtf?
<Rory> d1b: FYI "you guys" includes yourself
<d1b> Rory: BEFORE RELEASE
<Rory> !attitude
<ubottu> The people here are volunteers, your attitude should reflect that. Answers are not always available. See http://wiki.ubuntu.com/IRC/Guidelines
<d1b> hey look i only hit this problem because ubuntu do-release-upgrade thingy failed and caused my installation to be fried
<d1b> way to go!
<d1b> Rory: ubuntu has commercial support as well
<d1b> i don't see how no one at canonical did not hit this problem before release
<Rory> What could I say that would satisfy you right now?
<bekks> d1b: On a server, I'd use LTS releases only.
<Rory> If the answer is "nothing" then you're just here to rant aren't you?
<d1b> Rory: the answer is why hasn't this issue been fixed and what can i do to help
<d1b> or " how can we make sure this cannot happen again?"
<Rory> The bug was filed after the release
<d1b> bekks: yeah but some of us like to run recent stuff and test it out :-)
<d1b> Rory: i am just so shocked that no on did not hit this problem prior to release
<d1b> is in the errata?
<Rory> Yes, the bug you listed
<bekks> d1b: Well, I do not know a single person who actually uses an USB keyboard on a server - - even when not running LTS versions.
<d1b> bekks: hehehe this is a micro server that doesn't have ps/2
<bekks> Noone of my servers even have a keyboard...
<d1b> bekks: again micro server for home -- so no netboot install / pxe start up
<d1b> otherwise yeah --> doesn't matter
<bekks> No keyboard needed, since the microservers do have an ILOM, too.
<d1b> mine doesn't, but it does have pxe boot/ could netboot it.
<d1b> i didn't go for ILOM :-)
<d1b> iirc it doesn't have ipmi either.
<bekks> Then you have a desktop only :)
<akis63> hi all. does anyone know why Zeitgeist 'activity log manager' cannot record browsers activity?
<photon> Is there any way I can install gcc 4.9 on 13.10 with backports?
<bekks> photon: No, since there are no backports currently from 14.04 :)
<photon> bekks: ah ok, thanks. any chance there will be gcc 4.9 backports available at some point in the future?
<bekks> Maybe, if someone puts gcc 4.9 in backports.
<photon> that'd be great.
<jcastro> gaughen, any objection to me scheduling the sessions today?
<Silvio-> which sessions?
<gaughen> jcastro, go for it.
<Silvio-> are these public?
<gaughen> Silvio-, for vUDS
<jcastro> yep
<Silvio-> what is vUDS
<jcastro> let me get you the  URL
<gaughen> Silvio-, http://uds.ubuntu.com/
<gaughen> and yes they are public
<jcastro> http://summit.ubuntu.com/uds-1311/track/servercloud/
<jcastro> Silvio-, it's the developer summit where we plan what's going to happen in ubuntu for that cycle
<allaire> Any reason why my `locale` is never set when I directly ssh into a user, but it is set if ssh with another user and then do `sudo su myuser`, now `locale` is correctly set to us utf-8 :/
<Silvio-> oh that is very cool
<Silvio-> are you an ubuntu developer?
<jcastro> me? no I'm the cloud community guy, but I help schedule the event
<jcastro> basically, find what you're interested in, and you can listen in on the google hangout, or participate in the IRC chat, etc.
<Silvio-> thats cool
<Silvio-> ill be around
<joossee> guys im looking at the server guide under mail. is postfix the mail server component?
<joossee> nm... how can i check if postfix is running on my system?
<sk1pper> joossee: sudo netstat -tulpen
<joossee> ok it seems SMTP and 993 are open
<joossee> and the mail ports are managed by dovecot...?
<jemurray> joossee: ps -ef | grep post
<joossee> man is it even possible to setup a mail server using dyndns ?
<joossee> i get the feeling like this is not gonna workout
<andol> joossee: Possible yes, adviseble no.
<joossee> lol
<josePHPagoda> Hello everyone!
<joossee> HOWDY!
<TheLordOfTime> o/
<josePHPagoda> I'm wondering if anyone here has found a good mysql client for linux (besides the CLI one)
<josePHPagoda> (I know this is more of the server aspect of things, but #kubuntu referred me over here)
<joossee> is virtualization covered in the server guide?
<joossee> man i should just look sorry
<TheLordOfTime> josePHPagoda: define "mysql client"
<TheLordOfTime> josePHPagoda: i just use the MySQL Workbench from mysql's community downloads, it seems to work OK for me...
<TheLordOfTime> link that up to my MySQL instances and i can write SQL scripts, edit tables, create the structure of a DB on MySQL from a ERD, etc.
<TheLordOfTime> s/structure of/relationships within/
<TheLordOfTime> but you're right, josePHPagoda, this would probably be better asked in #ubuntu
<TheLordOfTime> (i'm not sure if the workbench in the repos works well enough for use...)
<josePHPagoda> TheLordOfTime: I've had stability issues w/ it.  Maybe it's improved since I last checked though
<TheLordOfTime> josePHPagoda: when did you last check :P
<josePHPagoda> a yearish
<TheLordOfTime> i use the version *not* in the repositories, because it seems to work better
<TheLordOfTime> they redesigned a lot of it in the past year I think...
<TheLordOfTime> I personally think it's stable enough for use, with an occasional crash because I broke something, but i think it's still the most *decent* available item out there
<TheLordOfTime> http://dev.mysql.com/downloads/tools/workbench/  <-- 6.0 is new
<josePHPagoda> ok
<josePHPagoda> i'll try that out
<josePHPagoda> does it work ok on 13.10?
<TheLordOfTime> MySQL has a 13.04 version of the .deb it *should* work, but since all my systems are 12.04 I can't say whether it works OK on 13.10 or not
<TheLordOfTime> because i keep to stability, and grab the cutting edge only for what I need
 * TheLordOfTime is poweruser ::
<josePHPagoda> ok
<josePHPagoda> seems happy
<blizzow> I'm installing a new copy of 13.10 server.  On boot, I have a weird error in /var/log/syslog "whoopsie[908]: Could not get the Network Manager state:"
<blizzow> I'm concerned that some network manager garbage is interfering with my ldap authentication because whenever I try to authenticate against my ldap server, I get messages in syslog saying "ldap_simple_bind Can't contact LDAP server"
<blizzow> I'm able to ping and telnet to my ldap server by it's hostname.  :/
<jrwren> how can I see the definition of a purely virtual package?
<Rory> jrwren: Do you mean to see which packages it will install?
<Rory> for example
<jrwren> yes
<Rory> !info kubuntu-desktop
<ubottu> kubuntu-desktop (source: kubuntu-meta): Kubuntu Plasma Desktop/Netbook system. In component universe, is optional. Version 1.291 (saucy), package size 3 kB, installed size 55 kB
<jrwren> !info nvi
<ubottu> nvi (source: nvi): 4.4BSD re-implementation of vi. In component universe, is optional. Version 1.81.6-10 (saucy), package size 261 kB, installed size 594 kB
<Rory> Oh sorry I thought that had a link
<jrwren> that doesn't look virtual, but in precise it claims to be purely virtual
<Rory> jrwren: http://packages.ubuntu.com/raring/nvi
<Rory> jrwren: http://packages.ubuntu.com/precise/nvi
<pmatulis> blizzow: you have network manager installed?
<blizzow> pmatulis: The only thing I ticked during the installation is [*]openssh server  I then went in and manually changed /etc/network/interfaces
<blizzow> that also brings up another point, is there a way to manually configure the network during installation instead of grabbing a dhcp address?
<blizzow> I find it strange that if the install process does not get a dhcp assigned address, it will take you through a nice network configuration interface.  If not, you're forced to log into the console or find the ip address in a roundabout way to log in.  Only then can you manually configure /etc/network/interfaces.
<edux> does ubuntu 13.10 supports xen paravirt ?
<edux> i mean, does it work? because i can't kick a virtual machine
<edux> pygrub boots, and then after selecting the standar option it crashes
<edux> no particular error message
<edux> any idea?
<eagles0513875> hey guys i am noticing something interesting to get apache2 mpm event working with php-fpm and fastcgi i need to have prefork version installed along side it? that doesnt seem to make much sense.
<kpettit> anybody know how to tell if a client is polling my ntp server?
<bekks> kpettit: Check wether you configured a ntp client.
<kpettit> I've got some phones that don't have the right that I've told to use my server for NTP.  but they still have the wrong time.  So I"m trying to verify they are communicating wiht my server
<kpettit> bekks I have, they are phones with a NTP setting that points to my server
<sarnold> kpettit: if this is a one-time issue I'd aim for wireshark or tcpdump.
<kpettit> sarnold: thanks that was perfect
<kpettit> tcpdump udp port 123    showed me what I need
<ycy> there's something strange in your neighborhood, who you gonna call?
<genii> Ray Parker Jr
<ycy> that's right
<pjetr> hello, I've just received my astalavista scan report, and was wondering if somebody could explain some things to me.
<pjetr> maybe first off, http://astalavista.com offers a cloudbased server scan
<pjetr> and the first one is free
<pjetr> I've got 3 significant warnings, the first being TCP timestamps: It was detected that the host implements RFC1323. The following timestamps were retrieved with a delay of 1 seconds in-between...
<pjetr> but in the manpages, they make it seem like RFC1323 is a good thing, where as astalavista clearly make it seem like it's a bad thing
<pjetr> http://manpages.ubuntu.com/manpages/natty/en/man7/tcp.7.html
<pjetr> anybody who can point me to some information for this layman?
<dannymichel> No matter what I do, I cant enable htacces in Ubuntu 13.10
<dannymichel> http://pastie.org/8458980
<Rory> dannymichel: What are you trying to do?
<Rory> dannymichel: I'm not sure how what you said ties up with your paste
<dannymichel> im trying to use htaccess Rory . i thought AllowOverride All would do it
<Rory> dannymichel: You may need to edit that option in the global Apache preferences as well ( /etc/apache2/apache2.conf )
<Rory> dannymichel: And don't forget to issue "sudo service apache2 reload" to apply those changes you make to config files
<dannymichel> this is my apache2.conf Rory http://pastie.org/8460889
<Rory> dannymichel: That's your entire /etc/apache2/apache2.conf ?
<Rory> You know what, I'm just going to point you here https://help.ubuntu.com/community/EnablingUseOfApacheHtaccessFiles
<dannymichel> no, thats just where it mentiones allowoverride Rory
<Rory> OK 1 sec
<dannymichel> ok http://pastie.org/8460896
<Rory> dannymichel: You need to make a <directory> entry for the folder where the .htaccess file is located, and AllowOverride All there
<Rory> dannymichel: Also you've referred to it as "htaccess" throughout, just to check you are aware it needs to be named ".htaccess" (with the dot)
<Rory> Worth asking
<dannymichel> yes, im aware of htaccess files
<josePHPagoda> ok, so this is very puzzling...  I have told apache to run as my user (joseph) and to run in the group (joseph)
<josePHPagoda> I have a bind mount that I want apache to serve from
<josePHPagoda> the mount is there
<josePHPagoda> i can go to /home/joseph/Projects and then pwd and ls and it is all happy
<josePHPagoda> when I try to open it via the webbrowser, I get apache's Forbidden message
<josePHPagoda> when I restart Apache, it tells me that /home/joseph/Projects doesn't exist
<josePHPagoda> any ideas what could be happening?
<rbasak> josePHPagoda: check /var/log/kern.log. Do you see AppArmor denials?
<josePHPagoda> rbasak: I do not.  The logs there don't say anything about apache at all
<josePHPagoda> i just see something about mysql, postgres and dhclient.
<josePHPagoda> nothing from apache, and when tailing the logs, I don't see any new lines added when I cause the error to occur.
<rbasak> I don't know then, sorry.
<josePHPagoda> is there an easy way to temporarily disable apparmor just for testing?
<jjohansen1> josePHPagoda: yes
<jjohansen1> josePHPagoda: you can use
<jjohansen1>   sudo /etc/init.d/apparmor teardown
<jjohansen1> to remove all loaded profiles, or if you need to disable from boot, add the following to the kernel boot cmdline
<jjohansen1>   apparmor=0
<josePHPagoda> ok
<rbasak> Many options documented here: https://help.ubuntu.com/community/AppArmor
<josePHPagoda> it's not apparmor
<josePHPagoda> just confirmed that
<josePHPagoda> i'm trying to use a fuse mount
<josePHPagoda> specifically, sshfs
<josePHPagoda> could it be that apache doesn't see the fuse mount somehow?
<josePHPagoda> ah! looks like this is the issue http://ubuntuforums.org/showthread.php?t=1330646
<rbasak> josePHPagoda: interesting. Thank you for sharing the solution.
<josePHPagoda> it's kind of puzzling
<josePHPagoda> I've not done much w/ fuse
<Level15> hi, all. I have KVM on a 4 network interfaces server. i want my vms to have bridged network to my lan. should i set up a single bridge with all 4 nics or 1 bridge per nic?
#ubuntu-server 2013-11-07
<AtuM> is 12.04 server still plagued with the mdraid bug, or was that fixed already? I've read this: fixed the bug in Ubuntu-3.2.0-24.38, at what kernel release is 12.04 server nowdays?
<jkitchen> mdraid bug?
<AtuM> the md package
<AtuM> i think
<AtuM> there was a bug in the kernel module I think... with in 3.2.0-22.35 it came in ubuntu.. but should be fixed now.. I just don't know what version is the latest 12.04 kernel at
<AtuM> I've had a serious outage because of it - and because the server was kept out-of-date intentionally
<roaksoax> lynxman: ping
<lynxman> roaksoax: pong
<gyre007> gents
<gyre007> how can I create bridge on start ? I have the following in my /etc/network/interfaces but its not doing the job: https://gist.github.com/milosgajdos83/7354992
<pmatulis> gyre007: why would you think that lxcbr1 is a bridge there?  what instructions did you follow?
<gyre007> pmatulis: just followed a interfaces man pages...but like I said im missing something...I know I have to create it somewhere ? rc.local ?
<pmatulis> https://help.ubuntu.com/lts/serverguide/network-configuration.html#bridging
<pmatulis> gyre007: â
<gyre007> pmatulis: I cant add any ports to that bridge as they are added automatically when LXC containers are starting which are linking to that bridge
<gyre007> so when they're not running there are no ports added to the bridge
<gyre007> unless youre pointing to the bcast address ?
<pmatulis> gyre007: if you're using LXC, you shouldn't need to do anything at all, it will take care of itself
<gyre007> you need to create the brdige though
<gyre007> and lxc will link to it
<gyre007> and i need to have it created permanently and thats what i struggle with
<gyre007> one bridge is created by default
<gyre007> but i need more than 1
<gyre007> different IPs and VLAns
<pmatulis> gyre007: https://help.ubuntu.com/lts/serverguide/lxc.html
<gyre007> pmatulis: dude yes I read this
<gyre007> but this one is talkigng about the DEFAULT bridge which is crated by upstart job
<gyre007> i need more than
<gyre007> one
<pmatulis> gyre007: right ok
<gyre007> unless you're saying i should create some upstart job too ?
<gyre007> why other brdiges
<gyre007> mm
<gyre007> i could...but I thought there would be easier way
<pmatulis> hallyn_: do you know how to set up a 2nd bridge with LXC? â
<hallyn_> pmatulis: a second bridge on the host?
<pmatulis> gyre007: ask your question to hallyn_
<hallyn_> oh sorry
<gyre007> any ideas ? :)
<hallyn_> gyre007: lxc doesn't have a variable/switch you can set to make more bridges.  So I'd recommend adding an entry to /etc/network/itnerfaces,
<gyre007> I have
<hallyn_> or else another upstart job...  but /etc/network/interfaces would be better
<hallyn_> ok.  and does it work?
<gyre007> thats why I cam here as it doesn seem to work : https://gist.github.com/milosgajdos83/7354992
<hallyn_> looking
<gyre007> I think I'll have to add it into rc.localor create some kind of upstart job
<gyre007> basically I need that bridge to be permanent...not to be removed on reboots....
<hallyn_> uh
<hallyn_> are you running network-manager?
<gyre007> im running virtual box/vagrant
<gyre007> not sure how it handles networking
<gyre007> im not sure if it uses network manager
<gyre007> possibly ?
<hallyn_> type 'sudo status network-manager'
<gyre007> sec
<gyre007> doesnt look like that upstart job exists: status: Unknown job: network-manager
<hallyn_> gyre007: ok - then i think your only problem is that your itnerfaces entry isn't telling it that it's a bridge.
<hallyn_> normally you'd say '  bridge_ports ,soemthing>'.  but for an emptyone i'm not sure what you put down :)
<hallyn_> maybe just '  bridge_ports' withnothing after it?
 * hallyn_ tries
<gyre007> yeah thats exactly the case...it just doesnt know that its a bridge...but how do I tell it when I can bridge any port to it
<gyre007> hallyn_: thats exactly the question im trying to answer :)
<hallyn_> yeah - it's not an lxc question, it's an interfaces(5) question... empty bridge_ports does not work :)
<hallyn_> gyre007: 'bridge_ports none'
<hallyn_> there you go: bridge-utils-interfaces(5) has the skinny
<gyre007> I see
<gyre007> hallyn_: I think I LOVE YOU :-)
<gyre007> haha thanks man
<hallyn_> heh - np - have fun
<tboat> hey all, so i have set up a new user on my server, however I am getting a pubkey error when attempting to connect.  do i need to setup seperate keys for each user, even if logging in from the same machine?
<gyre008> is there any iptables switch how I can list rules for ALL tables and chains with one command ?
<gyre008> as oppose to -t TABLE one after another ?
<tboat> iptables -L or iptables -L -v
<gyre008> tboat: that doesnt list nat table
<gyre008> i want ALL tables
<tboat> not sure then sorry
<gyre008> no probs ;)
<tboat> any ssh pros around? can i copy my current authorized_key files to a new users home directory?  or do i need to create a new key/auth file for the new user?
<Trudko> Hi guys I am trying to setup appache and I have this config file: http://pastie.org/8463273 . It is RoR application(passenger apache) so I had to run ln -s /home/user/websitesfolder/myappfolder/public  /home/user/websitesfolder/myappfolder but i get error /home/user/websitesfolder/myappfolder/public': File exists
<glad> hi guys i'm new here and i've no sound on edubuntu 13.04 any help pls
<eagles0513875> hey guys is anyone trying out xen on 13.10? it seems for me it kernel panics or something but i am not able to tell what when i boot onto the xen kernel
<eagles0513875> hey thumper-hacking
<photon> How can I redirect output starting with "ABC" to one file, output starting with "xyz" to a different file with grep? I know how I can do it for filtering out one string ( program | grep "blah" > blah.txt ), but not how to do it for multiple.
<ryan-c> I'm getting "ImportError: No module named apt" trying to upgrade my 13.04 server to 13.10. Anyone know hot to fix?
<ryan-c> works after installing python-apt and python3-apt
#ubuntu-server 2013-11-08
<sond> howdy all - i have one of these: Ubuntu 12.04.1 LTS (GNU/Linux 3.2.0-52-virtual x86_64) that appears to have its /boot partition %100 full due to automatic security updates ... do i just delete the earlier ones and edit the grub ? or whats the "best" way to sort this ?
<sarnold> sond: best is to delete a kernel or two by hand, then use dpkg --purge to remove the corresponding packages for the kernels you've removed once dpkg will function again.
<sarnold> sond: best of course is to keep at least two kernels around -- whatever you're currently running, and maybe the newest kernel or the next newest kernel.
<sond> sarnold: thanks.. its an interesting situation which i can foresee reoccurring on other VMs - there's approx 18 of them in there..  the /boot partition was automatically assigned 200mb during the install which is now of course full.. been trying to figure out why things wernt working
<sond> approx 18 kernels *
<sarnold> sond: it's frustrating, I know I've cleaned this up at least once or twice, but most of the time apt seems to prune /boot on its own without any manual intervention.
<sond> sarnold: in my /boot should i delete all of these : abi-3.2.0-XX-virtual,  config-3.2.0-XX-virtual,   initrd.img-3.2.0-XX-virtual,  System.map-3.2.0-XX-virtual,  vmlinuz-3.2.0-XX-virtual ? for each unwanted kernel ?
<sarnold> sond: I only delete the 'big' things and let dpkg --purge clean up the mess
<sond> sarnold: cool i was kinda hoping you would say that
<sarnold> :)
<sond> sarnold: i'll report back in a bit..
<sond> sarnold: dpkg: error: --purge needs at least one package name argument ........ what do i give it ?
<sarnold> sond: it'll be linux-image-... ... check dpkg -l | grep "^ii  linux"  for a quick list of choices...
<Beatstreet> I have a HDD giving me problems. sdd1 and sdd2 are both part of different RAIDs. the RAID with sdd2 is running strong but sdd1 keeps getting kicked out as failed device. How can I format just that partiton?
<sond> sarnold: thanks..
<sarnold> sond: is dpkg happy again?
<sond> brb..
<sond> sarnold: dpkg not happy yet .. having probs with the syntax .. want to do a dpkg -P --force --nodepends
<sarnold> sond: hrm :( what kinds of packages depend upon your linux packages?
<sond> sarnold: ok.. i did this dpkg --purge linux-headers-3.2.0-45 and it didnt like it
<sond> sarnold: possibly because i manually removed the ramdisk and vmlinz
<sond> *corresponding
<sarnold> sond: I don't think that'd be it; I just did dpkg --no-act --purge ... on some of my linux-headers- packages -- linux-headers-version-generic required the linux-headers-version package
<sarnold> sond: in the end, also deleting linux-headers-generic and linux-generic did the job
<sarnold> sond: you can put linux-headers-generic and linux-generic back..
<sond> sarnold: weird.. its working now
<sond> i think.. brb
<sond> sarnold: yep , its seems to be behaving now..  i appreciate your assistance : )
<sond> sarnold: it would appear that i had to remove the linux-headers-3.2.0-XX-virtual   before  the linux-headers-3.2.0-XX
<sarnold> sond: aha! :) thanks
<sarnold> there has been plenty of churn in the kernel packaging over the years, I forget some of the details :/
<sond> sarnold: you mentioned earlier that you thought that apt may have / should have sorted out bloated /boot partition..
<sarnold> sond: yeah
<sond> sarnold: coz if it doesn't this could be a major if you dealing with lots of VMs
<sarnold> sond: yeah :)
<sond> Beatstreet: is it real raid or fake raid (mdadm) ?
<Beatstreet> mdadm
<leif_> greetings
<leif_> greetings
<leif_> :)
<leif_> patdk-lap, by any chance danish
<LeMike> helloo. i got a server, that crashes every morning during backups and sometimes even turn off. the system.log has no hint what went wrong. any other things I can lookup?
<rbasak> hallyn_: did you have any other fixes to SRU along with bug 1248394? I've prepared a debdiff for that one and attached to the bug. libvirt isn't in the precise server packageset so I can't upload it without poking Colin.
<rbasak> hallyn_: looks like the previous SRU is still in flight?
<xnox> Are there cloud images for trusty yet? https://cloud-images.ubuntu.com/query/trusty/server/released-dl.current.txt ?
<rbasak> xnox: not released. Daily: https://cloud-images.ubuntu.com/query/trusty/server/daily-dl.current.txt
<rbasak> xnox: the first "release" will be alpha-1 I think. Not sure.
<xnox> rbasak: but we have daily trusty images ? Ah, i guess i need to change to daily channel instead of using released on.
<xnox> yeap, daily stream works.
<martinrame> hi, I need to create a new partition after /dev/sda5. My layout is this: http://pastebin.com/fGU2BA9u, can anyone help me?
<martinrame> my problem is that if I create a new primary partition, it only has 1Gb, and I need to get at least 100Gb.
<martinrame> sorry it only creates 1Mb.
<geser> martinrame: your extended partition (sda2) isn't large enough to create a larger partition
<martinrame> geser: what can I do, then?
<geser> you would need to resize sda2 first and make a backup first in case something goes wrong
<hallyn_> rbasak: i was going to sru 1245322 next week.  fix isn't yet upstream
<zetheroo> I would like to setup a secondary DNS server at the workplace using Ubuntu  -- is this simple to do?
<rbasak> hallyn_: that's not for precise though, right?
<leif_> grettings
<hallyn_> rbasak: oh, no. saucy.  forgot you were doing precise
<leif_> any one wana chat casual on severs / network stuufff
<leif_> :)
<leif_> hmmm'
<leif_> damm this place is dead
<leif_> gret
<leif_> greetings
<hallyn_> rbasak: so if you get a chance to verify bug 1190387 that'll speed along the precise libvirt sru i guess
<hallyn_> (i can next week, but not this week)
<leif_> evning hallyn_
<hallyn_> leif_: hi - about to change locales, will be afk for a bit
<leif_> ok
<leif_> just borred
<hallyn_> leif_: play around with juju+lxc :)
<rbasak> hallyn_: np. AIUI, it's not quite that urgent. At least nobody has been chasing me about it. I think we'll care more by the next juju upstream release.
<leif_> :)
<leif_> still to new to launch juju
<leif_> is still trying to learn apache and lamp
<leif_> looking for a newbie friendly moneterig tool
<hallyn_> leif_: monitoring?
<hallyn_> if so, what do you want to monitor?
<leif_> well is a newb but is rearly diiging the sever / nework stuff
<leif_> so just a basic thing
<hallyn_> rsyslog for local activity, and i guess nagios is the cool kids' tool
<leif_> ok thanks
<leif_> is that open source or
<hallyn_> tail -f /var/log/syslog | ccze -A is my old standby :)
<hallyn_> yes
<hallyn_> SpamapS_ used to be a big nagios proponent iirc
<leif_> thanks mate
<leif_> hmmm maybe i should start whit firing up a game sever
<HiddenDjinn> how much room do i need in a vps for family mail, some personal cloud storage, and a couple of low traffic vhosted domains?
<patdk-wk> HiddenDjinn, 20tb
<HiddenDjinn> patdk-wk, i doubt that
<patdk-wk> why?
<patdk-wk> that is how much I'm using for the same stuff
<patdk-wk> and since I am not you, I can't know how much YOU need, only how much I need
<HiddenDjinn> i'm basically pulling a "take back my data" moment, and i'm doing all but the mail and cloud storage with a 20Gig/512MB ram vps fine
<HiddenDjinn> i'm just wondering how much or if i need to upgrade
<patdk-wk> not going be running spamass or clamd in there then
<patdk-wk> not enough ram
<HiddenDjinn> patdk-wk, oh, upgrading is definitely an option atm
<HiddenDjinn> patdk-wk, how much ram do i need to run spamassassin and clamd?
<patdk-wk> depends
<patdk-wk> I normally end up with 150megs for clamv or other virus program, and 200megs for spamass
 * hallyn_ is confused by thsi conversation (but that's ok)
 * patdk-wk is confused too
<hallyn_> I occasinoally have my web and mail server on an efika mx, which has 8G disk and 512m ram
<hallyn_> patdk-wk: just the switch from 20tb disk to ram requirements :)
<patdk-wk> guess since he figured there was no way we could guess diskspace, ram is easier
<patdk-wk> you could get away with 512m ram, but you have to be careful
<HiddenDjinn> patdk-wk, so a gig would keep everything probably performing the same as it has been?
<hallyn_> patdk-wk: yeah it's tight and sometimes slow.
<hallyn_> but at 5W i can live with ti :)
<patdk-wk> a gig will give you enough room with alittle slack, sure
<hallyn_> (right now it's in a container on a 2T/16G system)
<HiddenDjinn> well, i have 20 gig of disk, and that's more than enough
<HiddenDjinn> hallyn_, even
<HiddenDjinn> patdk-wk, thanks
<HiddenDjinn> and i'm guessing at that low level of ram, running a 64 bit os doesn't make any sense
<bekks> HiddenDjinn: Having 64bit hardware and not running 64 bit OS is just a waste of resources with no savings at the power level, etc.
<HiddenDjinn> bekks, well, the hardware is virtual
<bekks> HiddenDjinn: The said still applies.
<HiddenDjinn> bekks, if there's no real advantage in memory management or the like, i see no reason to do so
<bekks> You see no reason for not wasting resouces? Odd.
<HiddenDjinn> bekks, i don't see it as a waste of resources unless there is a performance advantage
<HiddenDjinn> bekks, and, iirc, the performance differences were minor below 4g
<bekks> Using only half if the registers of the CPU without any savings - is wastingvresources.
<HiddenDjinn> or was that below 2 gig? i forget
<bekks> HiddenDjinn: http://developer.amd.com/community/blog/2008/03/06/myths-and-facts-about-64-bit-linux/ :)
<hallyn_> as i recall it was on powerpc that you really saw performance benefits to 32-bit
<sarnold> heh, I thought x86 32 bit was so register-starved that we couldn't have nice things
<CAPTAIN_CAPSLOCK> test
<MrSmithGer> hi
<xibalba> how do i disable ipv6?
<bekks> !ipv6
<ubottu> For an introduction to IPv6 and information on tunneling IPv6 through IPv4 connections, see https://wiki.ubuntu.com/IPv6 | To disable IPv6 see https://help.ubuntu.com/community/WebBrowsingSlowIPv6IPv4
<MrSmithGer> i am wondering, why do kernel updates always get released on fridays?
<bekks> MrSmithGer: Maintainers got some time to do so at friday night ;)
<MrSmithGer> And leave the boxes unattended over the weekend?
<bekks> MrSmithGer: Huh?
<MrSmithGer> bekks: i don't work at the weekend. Upgrading kernels and leaving for two days...
<MrSmithGer> not a good idea.
<toabctl> how does canonical create the uec images for ubuntu? is there some documentation for that?
<bekks> MrSmithGer: No one forces you to actually update your kernels over a weekend.
<MrSmithGer> bekks: I know. But i hate leaving unfinished business :-)
<bekks> MrSmithGer: I dont see unfinished business at that point at all. Updates have to be tested, planned, executed, controlled, rolled back if necessary, etc. - thats not done at a friday afternoon.
<MrSmithGer> bekks: exactly. That is why i don't do that on fridays. Why not bundle updates up and release them on monday or tuesday?
<MrSmithGer> beeks: The last kernel update was in QA for over two weeks. A few more days won't hurt.
<bekks> MrSmithGer: Why not releasing updates over the weekend and let people download it instead? Planning phase can begin at Monday then.
<bekks> MrSmithGer: You should do your own QA, since you are administering your servers. Canonical/Ubuntu is not responsible for your non-testing ;)
<MrSmithGer> bekks: Or that. The thing is, getting in important updates on fridays and then leaving for the weekend just feels bad.
<bekks> I dont feelbad about that at all. It will take weeks to apply those updates even if they would have been released on a Monday.
<MrSmithGer> Depends on the kind of updates
<MrSmithGer> Wouldn't you speed up the process for remote execution fixes?
<bekks> No. I would speed up ITIL processes controlling the application of fixes.
<jrwren> amd64 over i686 every time, because 4 times the register file  :)
<MrSmithGer> granted.
<MrSmithGer> I hope someone is going develop something similar to splice so that we can apply kernel updates without rebooting.
<MrSmithGer> bekks: What is your ITIL process for applyinf fixes?
<bekks> MrSmithGer: Get notified about fixes, setup a test environment, test the fixes, test dependencies to other required and optional applications, approve the fix, communicate a planned downtime, apply teh fix in the downtime, test it briefly, start up applications again, communicate the end of the downtime.
<AleksEst> what is the difference between debian7 server and ubuntu server? I just don`t get it
<bekks> MrSmithGer: You see, applying a fix is not a job for a friday afternoon, and it basically doesnt matter if it is released on a friday :)
<MrSmithGer> bekks: hmm i disagree. We have a similar process for fixes. And if you spent all week getting system up to date it really pisses me off when i know that monday begins with the same stuff.
<MrSmithGer> it's a psychological thing.
<MrSmithGer> takes away the feeling of having accomplished anything.
<bekks> MrSmithGer: ITIL doesnt care about psychologics ;) And since we have to plan downtimes, etc., we cant just spend a week for updating every bit and byte, since we are a bit... conservative, regarding updates.
<MrSmithGer> bekks: Being conservative and careful is ok. But you how this works with the brass. Say you receive an update notification on friday, fix the test env and the leave for the weekend and someone hacks into your live boxes on sunday the suits will blame who? the admin of course who didn't fix live.
<MrSmithGer> bekks: ITIL processes or not.
<bekks> MrSmithGer: We run several hundred database servers, a lot of them mainatained and monitored 24/7.
<bekks> MrSmithGer: And noone is directly reachable :)
<MrSmithGer> bekks: my operation is bit smaller.
<MrSmithGer> bekks: If noone in their right mind applies fixes on friday, why release them then? Why not wait one or two days?
<byprdct> how can I find out if the server is serving files via gzip?
<byprdct> is there a web service I can use or an ubuntu command?
<byprdct> terminal command
<bekks> MrSmithGer: Why waiting when the fixes are ready, and why no allowing people to download fixed already? :)
<bekks> MrSmithGer: Thats what weekends are for - unattended, not-monitor-worthy, large-data transfers.
<MrSmithGer> bekks: simple. less liability for admins.
<bekks> MrSmithGer: Yu still have to pay the admin to apply the monday-afternoon-released fix on monday night.
<bekks> Doesnt matter for the business, actually.
<MrSmithGer> bekks: Actually with proper load balancing, replication and such you can do that tuesday morning
<bekks> And your admin still gets liable when someone hacks your server at monday night. Same game, different day.
<MrSmithGer> you're right.
<MrSmithGer> but it's only one night. less exposure :-P
<bekks> If you are afraid of that, hire some nerday students to watch out for updates and apply them hourly :P
<MrSmithGer> LOL
<MrSmithGer> well. i'll be leaving.
<ph8> ubuntu images in Microsoft Azure somehow manage to mount /dev/sdb1 to /mnt (an annoying mount indeed!). Now it's not in /etc/fstab and i've grepped /etc/init.d for it (trying to remove the auto mount) - do you have any idea where else i might look?
<ph8> ah found it
<ph8> there's a super secret mount config
#ubuntu-server 2013-11-09
<a1fa> how does one report outage to ubuntu.com?
<a1fa> it looks like the ports.ubuntu.com is down
<a1fa> it went down while i was pulling an upgrade from the ports server :(
<sarnold> a1fa: try us.ports.ubuntu.com, that's currently up and responding to me. perhaps it's part of a planned pile of hardware moves that are expected to take all weekend; I have'nt seen a list of affected services, though...
<a1fa> sarnold : i cant change it, its part of a script ;( maybe i can put it into the hosts file
<sarnold> a1fa: :( worth a shot, 91.189.91.11 for me...
<a1fa> same here
<a1fa> i'll put it into hosts file an dhopefully the script recovers
<a1fa> otherwise, i need to do this from scratch
<a1fa> nope, system locks the /etc/ file :( i am screwed
<sarnold> a1fa: can you throw a dns recursor in the middle that you can configure to lie? pdns-recursor can be configured to serve a handful of hosts from /etc/hosts ..
<a1fa> i could i suppose, i need to reconfigure a man in the middle gateway
<a1fa> funny, / is rw, yet /etc/ is read only
<a1fa> yet /etc is not a mount point
<a1fa> and etc is not a symlink
<a1fa> ewww ;( /dev/root is write protected
<a1fa> oh well
<a1fa> was there an annonouncment posted somewhere?
<sarnold> a1fa: ah, sorry, my mistake, that was some QA hardware. I suspect this wasn't planned.
<a1fa> looks like ubuntu.com is down now too
<a1fa> and its back up
<a1fa> and down again
<a1fa> it looks like certain /24 segments are down
<pmatulis> some canonical services are down.  folks aware
<a1fa> ^^^
<a1fa> no sheet
<a1fa> :*
<a1fa> they need to stop letting interns make network changes
<a1fa> and ports is back now
<a1fa> finally
<a1fa> i think when they took down ubuntu.com someone finally realized they screwed up
<a1fa> so mad
<sarnold> "power problems" at one of the data centers
<a1fa> lies :)
<a1fa> get that interns head on the podium
<sarnold> lol
<a1fa> i am surprised they dont have power backup
<a1fa> we have batteries + diesel generators
<a1fa> in our datacenters
<jkitchen> every datacenter has that.
<jkitchen> mostly it's a matter of how much redundancy is involved and how long they can be online without grid power and where their replacement fuel comes from and how fast it shows up and such
<a1fa> i am just saying it is highly unlikely it was power, unless they are hosting this thing in the philipines
<a1fa> i had a dc in new jersey that lost power during sandy and was down for 7 days
<a1fa> we had armed guards watching our diesel tanks, and we never lost power
<a1fa> we lost power feed from the grid, but we made our own power for 7 days with armed guards watching the tanks
<pmatulis> a1fa: you said that already
<a1fa> had to re-word it, it did not sound right
<a1fa> sarnold : where did you read this thing about power?
<sarnold> a1fa: internal irc
<a1fa> interesting
<a1fa> the route never changed
<a1fa> i guess they only lost certain racks
<a1fa> 91.189.88.132 responded during the outage, 88.140 did not
<a1fa> 14  SOURCE-MANA.edge5.London1.Level3.net (212.187.138.82)  175.448 ms  175.225 ms  175.067 ms
<a1fa> 15  vlan28.honeymelon.canonical.com (91.189.88.132)  93.153 ms  93.252 ms  93.522 ms
<a1fa> 14  SOURCE-MANA.edge5.London1.Level3.net (212.187.138.82)  90.638 ms  90.869 ms  90.828 ms
<a1fa> 15  sawo.canonical.com (91.189.88.140)  92.775 ms  92.527 ms  93.389 ms
<a1fa> i wonder how much infrastructure is there between those two hosp
<a1fa> hops
<a1fa> sarnold do you know?
<sarnold> a1fa: no idea, sorry
<a1fa> surely it's a load balancer
<a1fa> or not
<a1fa> it looks as if they exposed this infrastructure to the internet, with no firewalls infront of it
<a1fa> https://help.ubuntu.com/community/
<a1fa> Generated Sat, 09 Nov 2013 01:46:36 GMT by yangmei.canonical.com (squid/3.1.19)
<a1fa> all lies ;)
<a1fa> squid reverse proxy
<a1fa> sarnold : can you pass a message to them
<a1fa> sarnold : some things are still down
<a1fa> sarnold : ie, https://help.ubuntu.com/community
<sarnold> a1fa: heh, yeah, there's quite a lot down at the moment
<a1fa> https://wiki.ubuntu.com/
<a1fa> its also exponsing all their infrastructure
<sarnold> a1fa: there's extensive monitoring in place with end-to-end service checks for nearly everything; it'll all show up..
<sarnold> heh, the wiki worked for me. I wonder why..
<a1fa> maybe i am cached to a bad server
<a1fa> Generated Sat, 09 Nov 2013 01:52:29 GMT by baham.canonical.com (squid/2.7.STABLE7)
<a1fa> Apache/2.2.14 (Ubuntu) Server at baham.canonical.com
<a1fa> ah.. this could be the magic lepricon leszi.canonical.com
<a1fa> is this the router/firewall?
<a1fa> developer.ubuntu.com is also down
<esde> i'd like to backup my current package/conf/whatnot for a few packages before i run apt-get upgrade so that if it breaks something i can restore back, how can i do that?
<leif_> greetings
<leif_> greetings
<HiddenDjinn> can you set postfix to handle multiple domains without setting the hostname each time in /etc/hostname?
<andol> HiddenDjinn: That really depends what you want to do, but most likely the solution involves virtual_alias_domains alt. mydestination.
<HiddenDjinn> andol, ok...
<andol> HiddenDjinn: Also, running your own mail server really isn't the thing one wants to do without reading a bit of documentation...
<HiddenDjinn> andol, read a few docs, a few more guides, just had that particular question
<HiddenDjinn> andol, following a guide on it
<leif_> morning from denmark
<goc> hello lads and gals i have a problem, im running ubuntu 13.10 and i have installed lamp, everything is fine and running but the problem is i cant find the root apache2 folder
<goc> its not in /var/www
<goc> not in /home and my cfg file i empty
<goc> hope someone can help me, thanking you in advance
<goc> also i am new to linux switched yesterday from windows had enough of it im amazed with linux as i am confused
<sabgenton> what is in $SSH_ORIGINAL_COMMAND  and how do you get it to exist?
<HiddenDjinn> where does mail typically log its activity?
<HiddenDjinn> ok, i think i have a problem
<HiddenDjinn> i can receive mail fine, but other mail hosts are refusing to talk to postfix so that i can send a test mail
<hypoclone> hello room can i get anyone to help with installation and configuration of postfix on 12.04?
<hypoclone> i need help installing and configuring postfix on 12.04 can anyone help please
<a1fa> anyone familiar with wpa_supplicant here?
<a1fa> this thing is so confused
<hypoclone> hello i need help installing and configuring postfix on 12.04 can anyone help please
<qman__> it is very well covered in the server guide, please read it first
<adej> i need help installing and configuring postfix on 12.04 can anyone help please
<adej> does anyone care to help installing and configuring postfix on 12.04 can anyone help please
<qman__> adej, please stop spamming the channel and read the server guide, that topic is extremely well covered in it
<adej> qman am not spamming i am new  to irc and i need help aint that is what this is about
<qman__> adej, I see five repeats in the last half hour, that is spamming; postfix is the main mail server used on ubuntu and it is covered in great detail in the server guide, which is in the topic
<qman__> if you have a more specific issue that is not covered there, then come back and ask
<Beatstreet> when I created a software RAID during OS install I had to select "physical volume for RAID" on the drive I was using as part of the RAID
<Beatstreet> if I want to later format the drive
<Beatstreet> just to clean the drive and then readd to RAID
<Beatstreet> I see commands for formatting like "sudo mkfs.ext3 /dev/sda1"
<Beatstreet> but what is the command if it's not an ext3 device but rather a RAID device?
<qman__> "physical volume for RAID" is just a partition type, which is different from a normal linux filesystem partition
<qman__> if you want to erase the disk, you should zero it, not create a filesystem
<Beatstreet> the drive is having issues and I was hoping a reformat might clear it up - last try before replaceing
<qman__> it won't
<qman__> if you want to check the disk, use smartmontools
<Beatstreet> it's not failing read/write on smartmontools
<qman__> what sort of issue
<qman__> crashing? corrupt data? dropping out of the array?
<Beatstreet> the box locks up after the RAID starts and I am seeing errors in smartmontools, no issues with short/long test though
<qman__> oh, the tests don't mean much
<qman__> the error log is what matters
<qman__> if there are errors in the log, it's bad
<Beatstreet> ATA Error Count: 12 (device log contains only the most recent five errors)
<qman__> yep, time to replace
<Beatstreet> no chance it's just a bad sector?
<Beatstreet> that I can work around
<qman__> nope
<qman__> that sort of methodology hasn't worked since drives were sub-10GB
<qman__> modern hard disks don't work that way
<qman__> if the drive is locking up, and there are errors in the log, it needs replaced
<Beatstreet> ok, thanks qman__
<qman__> modern drives have some extra space on them they use to remap bad sectors
<qman__> once they run out of remap space, it's over
<qman__> you might see one bad sector, but that means there were actually at least a few dozen
<Beatstreet> sucks - 3TB drives are no cheap
<Beatstreet> *not
<qman__> yeah
<qman__> if it's under warranty, that's good enough to get it replaced
<qman__> at least with seagate, I haven't had to do a WD yet under those conditions
<Beatstreet> Error 12 occurred at disk power-on lifetime: 19422 hours (809 days + 6 hours)
<Beatstreet> it's old - got my moneys worth I guess
<Clem> Hello, how can I install php5.3 by apt-get install php5-fpm in 12.04LTS?
<Clem> It says "The following packages have unmet dependencies:
<Clem>  php5-fpm : Depends: php5-common (= 5.3.10-1ubuntu3.8) but 5.5.5+dfsg-1+debphp.org~precise+2 is to be installed". What's the matter?
<HiddenDjinn> ok, i got postfix working, finally
<gyre007> guys I have the following network config, and I'm wondering why when I start the container it doesn't get IP address assigned ? https://gist.github.com/milosgajdos83/7389533
<gyre007> this is macvlan in vepa mode....for example if I create a container in veth mode it DOES get an IP assigned automatically....
<gyre007> do I need to create separate bridge for this ?
<ubun>  I setuped a bind9 server with ubuntu behind my router, the router uses a dhcp server for my lan-network, can I use the DNs server like this way or should he has his own dhcp sever?
<BadRobot> Hi, hoping for a bit of help please, I've got 2 nearly ident nginx & php5-fpm configs, the only difference is the document root folder, the URL (it is a sub domain of the working config) and the unix socket name. the root domain config has been working fine for months, but the new subdomain config will not & throws 111:connection refused in the nginx log.  I have an appropriate php5-fpm config in fpm/pool.d for it, am I missing
<Thomas_> Hi  Trying to upgrade a server to 13.10 via 'sudo apt-get install update-manager-core;do-release-upgrade -d' but getting error message 'ImportError: No module named apt'. Any help?
<Thomas_> Er, seems python-apt is missing
<logic_prog> I'm runnning a server on ubuntu and need to simulate dropped connections. Is there a linux tool that will randomly close / re-open port 8080 ?
<logic_prog> perferably something that does not require running sudo
<Thomas_> Hi  I updated to Ubuntu 13.10 and all apache virtual hosts have stopped working? They're all still listed in /etc/apache2/sites-enabled but when visiting any of them I see just the 'It works!' page. Also there are virtual hosts in /etc/apache2/sites-available but if I 'a2ensite something' it says 'ERROR: Site does not exist'
<Thomas_> Updated to 13.10 and now get "You don't have permission to access / on this server." when visiting any apache virtual hosts??????
<Thomas_> They're all enabled etc.
<Rory> Thomas_: What is in /var/log/apache2/error.log (or similar)
#ubuntu-server 2013-11-10
<ankrj> Hi, can anyone point in the right direction for recieving mentoring to write apport hooks
<ankrj> Hello, I'm a newbie contributor from India and would like to get started on writing Apport hooks
<ankrj> Could you tell me someone who can provide one on one mentoring just to make sure that I'm on the right path and not making mistakes doing so!
<ankrj> :)
<LeMike> hello. i can reach my server via ssh but the ping fails. it shows pages via HTTP but no pong is coming...
<LeMike> is that normal? how could that be?
<jkitchen> LeMike: do you have ane firewall rules to drop icmp packets?
<LeMike> on my machine not
<jkitchen> on the server
<LeMike> hm. when I do  `iptables -L` i only see fail2ban-ssh . or don't I see it there?
<jkitchen> dunno
<jkitchen> it could be a number of things, really
<LeMike> i am pinging and the other side does tcpdump on icmp. nothing happens...
<lens> hi guys - i just rebooted my server, still df shows 84% usage in my /dev/vda folder, is this normal ?
<scoft> JOIN #google
<scoft> ?
<techkid> I can't seem to get locale to work properly on lucid, http://paste.ubuntu.com/6396145/ and http://paste.ubuntu.com/6396149/
#ubuntu-server 2014-11-03
<sync0pate> is administering your own mail server as much hassle as it seems?
<sync0pate> I only really need it for my own personal e-mail
<sync0pate> and it's proving to be a pain trying to get anything working.
<LinStatSDR> Sometimes, setting up very small services such as that is more of a hassle than just using gmail
<sync0pate> I don't like gmail.
<sync0pate> I want to use my own domain.
<sync0pate> but it is seeming like such a hassle.
<sync0pate> I don't understand why setting up a web server (or a million other types of server) is so easy
<LinStatSDR> Do you have a static ip or you using dydns
<sync0pate> static
<LinStatSDR> That's good then.
<sync0pate> and yet mail.. which is so ubiquitous
<sync0pate> seems impossible
<LinStatSDR> I can assure you it is possible. :D
<sync0pate> I've just been trying it out on a temporary digitalocean vps at the moment
<qman__> running a mail server is kind of a big deal compared to most basic services
<qman__> but it's not impossible
<LinStatSDR> Have you consulted the "youtube".
<qman__> I followed the vmail tutorial linked in the server guide to set mine up, and I put up scrollout F1 in front of it for spam filtering
<LinStatSDR> err, "the youtube" rather lol
<qman__> make sure you set up your SPF records, and make sure you use a good spam filtering system
<qman__> and you won't have too much trouble
<qman__> unfortunately I haven't had much luck upgrading my mail server
<qman__> it's still running lucid and a release upgrade breaks my mail config
<qman__> so I'll probably have to set up a new one
<LinStatSDR> :(
<qman__> but that's why I have KVM and snapshots
<sync0pate> consulted youtube?
<sync0pate> for server things?
<sync0pate> no, I've not.
<sync0pate> I hate video tutorials of this kind of thing.
<qman__> I would not consult youtube either
<qman__> I would follow the server guide
<sync0pate> the server guide?
<qman__> yes
<qman__> it's in the topic
<sync0pate> Yeah.. I'll maybe start again with that tomorrow
<sync0pate> give it one last shot
<LinStatSDR> Give it more than that, otherwise you would have just wasted the time you've spent thus far.
<sync0pate> so better to waste more?
<sync0pate> got it.
<sync0pate> lol
<LinStatSDR> Better than giving up dude.
<sync0pate> there are plenty of times when it's better to just give up.
<sync0pate> I can't spend too long on it tomorrow
<sync0pate> I have actual work to do too
<LinStatSDR> Just poke at it every now and then when you have time :D
<qman__> the configuration to make it function is not too difficult
<qman__> the anti-spam is the hard part
<sync0pate> spamassassin?
<qman__> which is why I chose to stand up scrollout F1 in front of it
<LinStatSDR> I vote exchange server in this case
 * LinStatSDR giggles
<lordievader> Good morning.
<saladim> im getting always Permission denied for my sbuild. i dont seem to be able to get sbuild set up propper
<MarkDenz> I got an abuse notification from my hoster (and some org) that a small server of mine answers SSDP requests and I should look that nobody abuses this. I don't have any in depth knowledge about SSDP. Any idea what I could do? Here some info: http://blog.sucuri.net/2014/09/quick-analysis-of-a-ddos-attack-using-ssdp.html
<patdk-wk_> MarkDenz, why are you running upnp on a server?
<MarkDenz> patdk-wk_: testing services with other VMs
<MarkDenz> patdk-wk_: should make it only available internally I guess
<patdk-wk_> what does upnp have to do with that?
<MarkDenz> testing upnp discovery within the network
<ac_slater_> hey guys. I have a lab of machines currently running 12.04 LTS server. Upon boot, /tmp fails to mount and I get a scary option to boot a single-user root shell without a password. This is awful. Any clue what provides this? BUSYBOX=Y in initramfs.conf ?
<lordievader> ac_slater_: It's single user mode, you can also boot it by appending the 'single' kernel parameter.
<ac_slater_> lordievader: right, I disable this via grub2
<ac_slater_> but yes, it can still be done
<ac_slater_> I'd just rather not have a prompt for it
<lordievader> ac_slater_: A prompt for what?
<ac_slater_> lordievader: when /tmp can be mounted... I get 'Press R for root shell' ... or something like that
<ac_slater_> maybe, 'Press R for manual recovery'
<lordievader> ac_slater_: Is it defined in /etc/fstab?
<ac_slater_> yes
<ac_slater_> I've fixed the actual issue (which is well documented) ... but I'd just like to disable any prompting for root anything
<ac_slater_> whether that is fixing upstart, disabling busybox on boot ,etc
<lordievader> ac_slater_: It is not busybox, but I don't know how to disable it. (Apart from setting a root pw, but that ain't Ubuntu policy)
<ac_slater_> lordievader: I guess ill mess with /etc/init/rc-sysinit.conf and other files to see.
<sudormrf> sorry about that
<kevindf> Hello, I've set up a OpenVPN server on my Ubuntu 14.04 home server, I can succesfully connect to the server but if my firewall is enabled I cannot get internet access, If I disable my firewall everything works completely fine. I tried adding serveral iptables but none of them worked. Obviously it has something to do with the iptables. Anyone know what i'm doing wrong?
<kevindf> I do have iptables-persistent installed
<lordievader> kevindf: What what it is dropping.
<kevindf> So basically if I connect to the VPN with firewall disabled, my ip changes and everything works fine, but with firewall enabled I don't get a network connection on the machine connected to the vpn
<kevindf> basically*
<lordievader> kevindf: Checkout what the firewall is dropping...
<ac_slater_> I know this might not be appropriate, but I think I'm going to file a bug report for this. The user shouldnt be prompted for single-user mode shell in all cases. This should be configurable... and not by changing the mess that is /etc/init/*
<sudormrf> there we go
<kevindf> lordievader How can I check that? As i'm fairly new and experimenting with servers
<lordievader> ac_slater_: I think it is by design, in this case it ain't a critical mount but suppose /lib would fail I'd like the option to fix the mess.
<lordievader> kevindf: Let iptables log the dropped packets and see if it drops openvpn traffic.
<ac_slater_> lordievader: it should log and tell you to chroot in and fix
<ac_slater_> lordievader: but this isnt a perfect world. Kernel option `splash quiet` hides the prompts
<lordievader> ac_slater_: Matter of opinion.
<ac_slater_> and when would /lib ever fail? People put that on a seperate FS ?
<lordievader> You can...
<ac_slater_> I've never seen it
<ac_slater_> but yea you're right
<sync0pate> OK, so, I have postfix set up and a mailbox working, using Sentora (zpanel) on 14.04
<sync0pate> and I want to get a catch-all e-mail working, but nothing seems to work
<sync0pate> I'm getting "Recipient address rejected: User unknown in virtual mailbox table"
<sync0pate> and I've googled that and followed about 5 different sets of instructions to fix it, with no joy.
<sync0pate> anyone have any idea what I can try?
<avid_fan> sync0pate: I'm not familiar with zpanel, but a quick Google search returned the following: http://www.cyberciti.biz/faq/howto-setup-postfix-catch-all-email-accounts/
<avid_fan> sync0pate: Seems pretty straightforward.
<sync0pate> it does, doesn't it avid_fan ..
<sync0pate> avid_fan, sorted it
<teward> sarnold: if you're around, mind a PM?
<sync0pate> following those instructions, but I had to use the entire e-mail instead of just the username
<sync0pate> just in case anyone else has the same thing
<sarnold> teward: sure
<avid_fan> sync0pate: But that seems to work?
<sync0pate> seems to
<avid_fan> sync0pate: Cool.
<sync0pate> with just the username it creates a mail loop (?!)
<avid_fan> sync0pate: Good to know.
<Pici> 70
<Plizzo> Hi there! I recently had a RAID5 crash where two of my disks broke down on the same night, leaving me with a bit of corrupted data. Iâve ran badblocks on all of the disks, which returned nil, but I also have some smart tests, and I am wondering if you could help me interpret them to find the bad disks.
<nezZario> Ok folks.. I'm really not all that skilled with ubuntu servers in specific.. I actually thought this was a debian server for a few minutes .. But anywho, something has a serious issue here with dependencies, ... I really have nothing to go on here
<bekks> Plizzo: USe smartctl to run the long selftests.
<nezZario> http://pastie.org/private/egdrtvg7i8ansa2ek9za <-- Apt will not get past this -- upgrade, update, anything merrily tells me this must be fixed first
<Plizzo> bekks: I have, and I have the log files ready.
<Plizzo> bekks: Two of them are showing errors, but I just want a second opinion
<bekks> If they show errors, they are broken.
<bekks> :)
<Plizzo> bekks: Alright, but would you mind looking at them, just for the fun of it? :P
<bekks> Just pastebin them then.
<Plizzo> bekks: /dev/sda: http://paste.ubuntu.com/8808108/
<nezZario> I see some mention about forcing installation of older packages but I really don't want to blindly start purging and (trying?) to install packages
<Plizzo> bekks: /dev/sdc: http://paste.ubuntu.com/8808123/
<bekks> nezZario: Why do you want to do that?
<Plizzo> bekks: /dev/sdd: http://paste.ubuntu.com/8808126/
<Plizzo> bekks: /dev/sde: http://paste.ubuntu.com/8808128/
<nezZario> bekks: that's the closest thing I can find to a "solution" via googling.. some are saying purge X packages, some say install some older packages via dpkg -i
<bekks> Plizzo: sdc is dead, sdd is dead, sde is dead, too.
<bekks> nezZario: Why are you trying that?
<Plizzo> bekks: How would you see that, to me, it only seems that sda and sdd are broken
<nezZario> I'm not, I just said that.  Although it does make a small amount of sense, from what I'm interpreting here, it's trying to install a new kernel image and a dependency is newer than what that package is expecting
<bekks> Plizzo: Take a look at the "Seek_Error_Rate".
<nezZario> As I said previously, I'm really lost otherwise, other than the fact that I can't use apt
<Plizzo> bekks: Are those values bad, Iâm not really good at judging this.
<bekks> nezZario: WHY are yiu thinkting about that? Whats the _actual_ issue behind your questions?
<bekks> Plizzo: They indicate a dead drive.
<nezZario> bekks: see http://pastie.org/private/egdrtvg7i8ansa2ek9za
<sarnold> nezZario: I suggest another apt-get update; it feels like your mirror might have been out of sync when you started
<Plizzo> bekks: Alright. This is really hard, because I managed to start my corrupted raid, and the disks are still functioning.
<bekks> Plizzo: And "Hardware_ECC_Recovered" with values of 1837712040 indicate thats its even more dead.
<nezZario> apt-get update, apt-get -f install yields same error about linux-server dpeending on an older version of linux-image-server
<Plizzo> bekks: And all those disks indicate so?
<bekks> Plizzo: Even though the drives  are working now, they will gonna die soon. sdc is a bit more alive, the others are dead.
<Plizzo> bekks: Alright, thanks for your feedback!
<sarnold> nezZario: I -think- the linux-server package in that release is just a pointless metapackage; perhaps it can just be deleted?
<bekks> Plizzo: You're welcome :)
<sarnold> nezZario: .. dunno if it'll sort your actual issue, but check apt-cache show linux-server and see if it looks useless :)
<nezZario> sarnold: that may of worked
<sarnold> nezZario: cool; make sure you still have e.g. linux-image-generic  installed, so you will get kernel security updates when they are published
<nezZario> yep, that looks like it cleaned it up
<nezZario> thanks sarnold :)
<sarnold> nezZario: nice
#ubuntu-server 2014-11-04
<jeremy_carroll> Question. I was looking at performance of a program communicating with itself via localhost (TCP). I'm seeing some retransmissions, and an rto of 200ms when speaking between both the programs. Wondering where I should start debugging since local communications should not see a rexmit if it's healthy
<jeremy_carroll> Example: ESTAB      0      65              127.0.0.1:41690            127.0.0.1:22144    timer:(on,212ms,0) uid:1000 ino:380496980 sk:ffff8801ca163600
<sarnold> jeremy_carroll: 200ms sounds suspiciously like the TCP_CORK entry in the tcp(7) manpage
<jeremy_carroll> sarnold: Yeah. Everything right around 200ms. Which I thought was RTO. Checking man entry
<jeremy_carroll> sarnold: No shit. This looks exactly right. I do not think the program is setting TCP_NODELAY. So it's most likely waiting for CORK
<jeremy_carroll> sarnold: I looked at the C code for the program. It's not setting TCP_CORK specifically. I'll look for setsockopts on startup to see if it's doing so. This is not a default option, correct?
<sarnold> jeremy_carroll: well, I don't know that TCP_CORK is the right option to set, since you'd need to unset TCP_CORK when you want the data to fly on the wire; setting TCP_NODELAY is more likely the solution
<jeremy_carroll> sarnold: Yeah. Thanks for the tip. I think you are right that this has 'something' to do with Nagels. NO_DELAY, CORK, etc.. Very helpful. timer being set made me think it was rexmit / rto. Though now I know the timer can be for other options, such as CORK.
<sarnold> jeremy_carroll: I hope that's it; if so, it'd be simple enough fix. I'd be curious to know the results when you've got something sorted out :)
<abhishek> I mounted a partition(multipath) from SAN. This is working too slow. may u explain why is it slow ? this is working fine in another nodes
<abhishek> I mounted a partition(multipath) from SAN. This is working too slow. may u explain why is it slow ? this is working fine in another nodes
<lordievader> Good morning.
<gambol> Hey anyone is using pxe for ubuntu server? Looks I am hitting the same thing with:  https://bugs.launchpad.net/ubuntu/+source/net-retriever/+bug/1067934
<uvirtbot> Launchpad bug 1067934 in net-retriever "spends 10+ minutes deduplicating Package lists" [High,Fix released]
<gambol> both precise and trusty tested.
<gambol> every pxe installation will hang me 10 more mins at the stage.
<yossarianuk>  hi - I am looking for a way to be able to sync 'parts' of various config files in multiple linux servers - they are different distros, I also am looking for a way to update all servers on amss - should I be looking at something like puppet ?
<yossarianuk>  or can anyone suggest a simple alternative ? I do not really care about deployment (yet) - just syncing 'parts' of config files and updating multiple servers
<yossarianuk> i.e does landscape have the tools to sync parts of config files or is that a tool to update multiple servers ?
<ikonia> yossarianuk: ERB
<lordievader> yossarianuk: Puppet is great for that ;)
<yossarianuk> lordievader: cheers that is what I thought....
<yossarianuk> ikonia: what does ERB mean ?
<ikonia> ruby templates
<yossarianuk> ikonia: ah - thanks
<lordievader> Puppet is written in Ruby, and can use templates.
<ikonia> puppet could be a huge overkill though for a few config files
<ikonia> it really depends on what's needed
<lordievader> True, true.
<yossarianuk> lordievader: ikonia: that was a fear....
<yossarianuk> i.e overkill...
<yossarianuk> if you have any suggestions of lighter alternatives .....
<ikonia> you can use ERB templates without puppet
<yossarianuk> and that can also update servers of different os types ?
<ikonia> totrally
<ikonia> totally
<yossarianuk> cool
<ikonia> it's just a cross-platform template
<ikonia> (it's used with puppet hence the cross platform)
<ikonia> the only think you need to work out is the distribution method but that can be as easy as a shell script
<yossarianuk> well cheers !  (going for a meeting now - back in several hrs.)
<yossarianuk> ERB sounds like a good solution to be fair...
<ikonia> setting it up outside of puppet will require a little thought, but once you've worked it out, you'll fly
<ikonia> eg: heira is a common use for populating the data, you won't be using that, so you'll need to do something different, but it won't be too hard
<klander> hey guys. I'm having a bit of a dependency issue while trying to install php5-memcached. I was hoping I could get some advice on what to do next? Here's the bash output: http://pastebin.com/nZcn1YTx
<lordievader> klander: gconf2 fails to setup, and everything seems to depend on that. What happens when you manually run dpkg on that package?
<klander> lordievader: I haven't tried..
<klander> dpkg -i gconf2 ?
<opstack> Hi guys, does any one have experience with Ubuntu Landscape ?
<lordievader> klander: Using the full path to the package, should be somewhere in /var/cache/apt/archives
<klander> ok i have gconf2-common_2.28.1-0ubuntu1_all.deb , gconf2_2.28.1-0ubuntu1_amd64.deb, libgconf2-4_2.28.1-0ubuntu1_amd64.deb
<lordievader> klander: Try gconf2_2.28.1-0ubuntu1_amd64.deb
<klander> https://gist.github.com/anonymous/9fc2c90355ba15c47ff8
<lordievader> Pff that is informative.. sudo apt-get autoclean&&sudo apt-get update&&sudo apt-get install gconf2
<klander> https://gist.github.com/anonymous/0f165f657de5695761b7
<klander> (after autoclean and update)
<lordievader> klander: sudo apt-get purge gconf2&&sudo apt-get install gconf2
<klander> https://gist.github.com/anonymous/248fc2618d89d6532019
<lordievader> klander: Does "dpkg -l|grep gconf" show it as installed?
<klander> https://gist.github.com/anonymous/bd756c995e76e5f2fdfe
<klander> I guess not ^
<lordievader> klander: sudo apt-get install gconf2
<klander> https://gist.github.com/anonymous/3b66871ca41988c67c97
<klander> :/
<klander> shared-mime-info, libgtk2-perl and libgnome2-canvas-perl
<lordievader> klander: Well gconf2 seems to be installed correctly: sudo apt-get install -f
<klander> same output
<lordievader> klander: "sudo dpkg --configure shared-mime-info" Errors I suppose?
<klander> https://gist.github.com/anonymous/1671f16cbb349310bf84
<klander> Segmentation fault?
<lordievader> It ain't supposed to do that...
<lordievader> klander: What you could try, might be risky, is removing the package temporarely cleaning the cache and reinstalling it.
<klander> okay..
<lordievader> klander: shared-mime-info likely has dependencies to remove it without removing the dependencies see http://ubuntuforums.org/showthread.php?t=1513821
<anomaly> I have been getting this email regularly now.  'panic action' script /usr/share/samba/panic-action.  nothing esoteric.  just local samba for file sharing with windows machines.  I am also getting no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory
<donaldduckk> My home server, mainly media and backups, has been turning off at some point in the night. I have to power it up in the morning. This has happened maybe 3 days in a row. Things ran fine for months. Is there a log i can look at? I looked at dmesg but didn't see anything there.
<patdk-wk_> look at whatever log your ups software logs to
<donaldduckk> ok, didn't know there was an ups log. Thanks.
<hallyn> smb: hi, are you around?
<smb> hallyn, I feel tempted to say no, but yes.
<hallyn> smb: caribou is having an issue with backported libvirt pkgs due to apparmor complications.  I think that a version of your upstream patch to tweak the apprmor rules might be the best fix
<smb> hallyn, Yeah... Should I fwd him my latest patches for upstream?
<smb> Probably still have to be tweaked a bit since I only test compiled the upstream variant. Not integrated into Debian packaging
<hallyn> smb: yeah, it's probably better to do it in debian/rules based on the deb target arch
<smb> hallyn, btw, something else. is the irc meeting planned to take place or was it cancelled since many would be away
<hallyn> it is cancelled
<smb> Ah ok.
<smb> In theory it should work after things are expanded. I am just not sure which steps are used to get there. Maybe repackage after ./bootstrap
<tgm4883> Can I set UFW to allow SSH from all local networks? We've got quite a few 10.x.x.x VLANs at work, and I'd like to lock SSH down to the local VLANs without having to add each one independently
<tgm4883> maybe just allow from 10.0.0.0/8?
<sarnold> tgm4883: try ufw allow in ssh from 10.0.0.0/8  or similar?
<tgm4883> sarnold: yes that seems to have worked. Thanks
<sarnold> tgm4883: nice
<bilde2910> Hi there! I used smartctl --test=short to scan my server's hard drive for errors. I'm not totally sure how to interpret the results, however. Is there some easy way I can check whether my disk ought to be replaced soon? Anything to look out for in the future? https://puu.sh/cDdv3.png
<bilde2910> I'm guessing the answer to this is actually a bit too simple.. but I just can't seem to figure itout
<fixxxermet> Which syntax would I use to to bond an interface and then bridge it, while using DHCP?
<sarnold> bilde2910: that hardware ecc recovered and raw read error rate seem staggeringly high; to the point that I even wonder if they're outright wrong..
<bilde2910> So... something's up? Should I replace the drive?
<sarnold> bilde2910: I'd run the test again tomrrow or something and see if those counts have increase. if they have, plan its replacement soon. if they haven't, you might not have an -immediate- problem but .. it's scary, right? :)
<bilde2910> Well yeah, I should probably do more frequent backups then
<sarnold> never a wrong answer :)
<bilde2910> Will run the test again tomorrow, then. Thanks for help
<sarnold> good luck :)
<bilde2910> Thanks :)
<dasjoe> bilde2910: see the line about SMART Self-test log stuff
<dasjoe> Num #1 "Completed without error"
<bilde2910> Well that at least looks promising, at least in its current state.
<bilde2910> Oh, and another question. Is it possible to be alerted somehow (by email, for instance) when something bad happens or is about to happne?
<dasjoe> bilde2910: also, ignore the Hardware_ECC_recovered line, usually only the vendor knows what it means
<bilde2910> Ok, thanks for the tip, dasjoe
<dasjoe> bilde2910: If you can erase the drive you should run a destructive test using badblocks, it overwrites the disk multiple times with patterns and checks them for correctness
<sarnold> dasjoe: oh, thanks
<bilde2910> dasjoe, not sure if that is currently an option; not sure how that would impact uptime on the web server I'm running there. I'd like to use it as much as possible and avoid any downtime I can
<dasjoe> bilde2910: also, see "man 5 smartd.conf" for info on how to receive mails from smartd. If you're using mdadm you should check out "man 5 mdadm.conf", too
<bilde2910> Thanks
<dasjoe> Sure
<dasjoe> sarnold: imho the only interesting lines are the ones where the vendor configured a threshold, where I usually compare VALUE to THRESH and (mostly) ignore the raw value
<bilde2910> One last question - how long could I hope my disk would last if I read/write about one file per second? I'm not sure if there are any good estimates on this, but if there is, it would be good to know
<sarnold> dasjoe: ah, the middle columns that I've mostly ignored; those look scary too :)
<anomaly> I have been getting this email regularly now.  'panic action' script /usr/share/samba/panic-action.  nothing esoteric.  just local samba for file sharing with windows machines.  I am also getting no talloc stackframe at ../source3/param/loadparm.c:4864, leaking memory
<qman__> bilde2910: nobody can say, disk life is a guessing game at best; I replace when errors show up in the log, sometimes that's two months in, and sometimes it never happens
<qman__> 10 years down the line
<bilde2910> Ok, thanks!
<qman__> SMART errors give you reasonable warning prior to a failure about 98% of the time in my experience, and they're evidence enough for an RMA, so that's what I use
<dasjoe> bilde2910: your disk has "used" 6% of its target hard power-cycles (being switched off and on) and 11% of its load cycles (its head getting parked). So you can probably use it for about 9x as long as you've used it for now
<bilde2910> Interesting
<dasjoe> Just keep in mind SMART is not perfect, a large study (iirc done by Google) found SMART didn't give any warnings for 50% of failed disks
<qman__> Must have been some crap disks
<qman__> Failures without smart errors are pretty rare IME and normally that only happens with a drop dead failure situation
<dasjoe> Yeah, because that's what Google would be using. They're known for taking the worst possible hardware ;)
<dasjoe> "Figure 14 shows that even when we add all remaining SMART parameters (except temperature) we still find that over 36% of all failed drives had zero counts on all variables."
<qman__> I don't check the parameters, just the error log
<dasjoe> http://static.googleusercontent.com/media/research.google.com/en//archive/disk_failures.pdf
<qman__> The parameters are largely useless
<qman__> Most failures don't happen all at once, so there's a window of opportunity to replace it
<dasjoe> Right. I ignore the error log, but check the parameters, I also trust my senses of smell, hearing and temperature ;)
<qman__> I've never had any success with tools that monitor the parameters to predict failure, but I have had great success by monitoring the error count
<qman__> Soon as that error pops up, prepare to replace
<kevindf_> I've set up a OpenVPN server (just with the regular tun interface, not tap) and everything connects smoothly with firewall disabled, but once I turn on my firewall again I can connect perfectly but it seems to refuse the routing with as result I have no internet access. I'(ve tried adding rules to iptables such as "-A POSTROUTING -o eth0 -j MASQUERADE" & "-t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE"  but with 
<kevindf_> I have iptables-persistent installed also
<kevindf_> Anyone has any idea what's going wrong with the iptables I added?
<lordievader> kevindf_: Let iptables log the dropped packets and look at what it is dropping.
<kevindf_> How can I log that exactly? As i'm not that familiar yet with iptables
<lordievader> kevindf_: http://www.thegeekstuff.com/2012/08/iptables-log-packets/
<kevindf_> I'll take a look at that, and come back with the results in a few minutes
<kevindf_> thank you
<kevindf_> lordievader I logged the data, I think this is the output http://pastebin.com/i0WU96GD
<lordievader> kevindf_: Lots of DNS is being dropped. Can you ping your vpn network with the firewall on?
<kevindf_> will try to ping on my laptop with the vpn connection, as I tested the vpn quick trough my phone for the log
<kevindf_> hang on
<LinStatSDR> Got my server running under 40c finally
<LinStatSDR> at 100% load <3
<kevindf_> lordievader I can ping 10.8.0.1 perfectly when firewall is enabled and when connected to the vpn
<kevindf_> but no internet access ofcourse
<lordievader> kevindf_: I think you'll find you have internet access but your DNS is broken.
<LinStatSDR> ^
<lordievader> LinStatSDR: Whoo neat. Is it an airplane now?
<LinStatSDR> Nope, just ram air. Not too too loud but... servers are loud anyway.
<kevindf_> I will try comment out  push "dhcp-option DNS 8.8.8.8" push "dhcp-option DNS 4.4.4.4"
<kevindf_> in my openvpn server.conf file
<kevindf_> and then try again
<kevindf_> lordievader I've tried commenting out the DNS in my server conf so it doesn't push the client the dns servers but that didn't work out either unfortantly
<lordievader> kevindf_: That's not what I meant with 'your DNS is broken', look at the iptables log paste you posted.
<lordievader> kevindf_: What is it mainly dropping? What destination port?
<kevindf_> It's set on port 1194 UDP
<kevindf_> maybe i should try use port 443 or something?
<lordievader> kevindf_: Try to answer my questions...
<lordievader> kevindf_: Look at the paste you gave me, what destination port is being dropped?
<kevindf_> 54010?
<lordievader> kevindf_: That is likely a source port.., no traffic with destination port (DPT) 53 is being dropped.
<lordievader> kevindf_: What uses UDP port 53?
<kevindf_> dns?
<LinStatSDR> I know I know
<LinStatSDR> aww he beat me to it
<genii> Yes, DNS
<kevindf_> i'm still pretty new to networking but trying to learn as much as i can everyday
<lordievader> kevindf_: Exactly, in other words: any host lookup you do from your vpn client is not able to resolve it to an ip address.
<lordievader> kevindf_: Allow outgoing udp connections to 8.8.8:53 and 4.4.4.4:53 (wasn't it 8.8.4.4?) and you are good to go.
<sarnold> allow tcp too
<lordievader> (Unless there are other ports your firewall blocks ;)
<kevindf_> Ok, thank you. I will try adding those rules to my firewall and see how it turns out
<kevindf_> Sorry for some stupid answers, but everyone starts somewhere :)
<LinStatSDR> No worries. We don't mean to come off as being rude. Just text has no emotions or tones.
<lordievader> kevindf_: Exactly, that is why I tried to teach you something rather than just provide answers ;)
<kevindf_> no problem :) and yes lordie i appreciate that alot, helps me understanding things more easily
<bilde2910> dasjoe, just curious, where did you see those cycle use percentages you mentioned
<kevindf_> I allowed the outgoing UDP connections to 8.8.8.8:53 and 8.8.4.4:53 tcp & udp, the log is gving me UFW blocks now for proto 80 TCP & proto 443 TCP
<LinStatSDR> so http
<kevindf_> LinStatSDR If i'm correct I should allow 80 & 443 now also but for 10.8.0.0/24?
<kevindf_> TCP
<LinStatSDR> Sounds good to me.
<lordievader> kevindf_: I'd allow those in general. Whitelisting of web servers is a drag.
<kevindf_> lordievader I just checked and these are both configured for IPV4 aswell as IPV6 to allow from anywhere
<kevindf_> I don't see why UFW is blocking the packets on those ports now as they are both allowed
<LinStatSDR> lordievader: I agree, whitelisting is very time consuming.
<dasjoe> bilde2910: check the table, ID 9 Power_On_Hours and ID 193 Load_Cycle_Count
<dasjoe> POH's VALUE is "094", which is in %. So it was on for 6% of the time it was designed for
<kevindf_> lordievader: Finally got it working, took me some time but added some new iptables rules and it works fine now
<kevindf_> lordievader: Thanks for helping me out and teaching some new stuff :)
<lordievader> kevindf_: Sure, no problem. Glad to hear it is working now :)
<kevindf_> :)
<tafa2> could not find module name cc_ubuntu_init_switch
<tafa2> anyone seen this?
<tafa2> server failing to boot
#ubuntu-server 2014-11-05
<MrPPS> Anyone here have any details about the recently released repo updates to dovecot-core on ubuntu 12.04?
<MrPPS> Can't find anything on the website that's newer than the april updates
<sarnold> MrPPS: I believe it was to allow turning off sslv3
<MrPPS> ah ok, so no major things that might break?
<MrPPS> at the moment, I'm cloning the server to apply updates there, just for testing
<sarnold> MrPPS: click on the little triangle next to "1:2.0.19-0ubuntu2.2" here, https://launchpad.net/ubuntu/+source/dovecot
<MrPPS> ah, cheers :) thanks sarnold!
<sarnold> MrPPS: there's no reports of any problems yet, and at least one user found that it worked :)
<MrPPS> :D
<hariom> Hi, my server is behind NAT and has static ip 192.168.150.151. The firewall is getting another private connection and traffic is forwarded to this server's IP. The IP address of this private line is 10.0.65.66 . How can I add static route from server to this private line. Private line gw is 10.0.65.67 and domain is 10.0.65.2
<hariom> I tried "route add -net 10.0.65.2 gw 10.0.65.67" but I am getting this msg: "SIOCADDRT: No such process"
<igoryonya_> hello, I've set a physical nic to 0.0.0.0 promisc and a tap0 to 0.0.0.0, connected them to a bridge, but the virtual machine still doesn't see the net, visible from that physical nic. when I configure the virtual machine's address with an address of the same subnet, that the physical card is connected to.
<cmdd> it would have to be routed on the firewall, not the server
<cmdd> that is if the firewall is what is seperating the two networks
<lordievader> Good morning.
<soren> smoser: Hi! Do you have a minute?
<Voyage> my skype calling to a U.S number does not works via my ISP, I have a vps, I plan to make ssh tunnel and do all by that. Is it possible? and will it be of help?
<Kartagis> Voyage: why doesn't it work? blocked port?
<Voyage> dont know..
<Voyage> skype works but no calls
<Kartagis> Voyage: have you got credits?
<Voyage> Kartagis,  yes
<Voyage> it works by other isps
<Kartagis> Voyage: try ssh tunneling then
<Kartagis> if not, vpn
<Voyage> Kartagis,  ok, How can I ssh tunnel?
<Kartagis> man ssh
<Kartagis> look for -L parameter
<Voyage> so ssh -D 39101     wont work for skype?
<Kartagis> Voyage: I have once used ssh tunneling, years ago; and used -L
<hallyn> stgraber: remind me, re lxc.vs.apparmor packaging.  lxc does not have a conflicts for older apparmor, it updates the apparmor profiles in debian/rules based on the targer arch.  So what would force someone on an older systrem who updates lxc, to get the newer apparmor that doesn't balk on the new rules?
<hallyn> I'm trying to figure out how to handle it best in libvirt, in lue of the cloud archives (trusty-on-precise which currently is causing apparmor to be uninstalled)
<hallyn> i suppose thta since utopic is now released it can't relaly be an issue
<eto> hello
<eto> i would like to ask question about server variant is this right channel?
<lordievader> eto: Yes, see /topic
<eto> okay i have trouble figuring out which server version will have working systemd
<eto> i am especially interested in upcoming LTS release
<hallyn> eto: it's meant to be enabled in the next (15.04) release by default, but that's not absolutely certain.  16.04 is definately meant to use it
<hallyn> stgraber: ah, i see, dh_gencontrol section does the depends in lxc.  very good
<eto> hallyn: how far 16.04 is?
<hallyn> April 2016
<hallyn> stgraber: (though i'm not sure how to do a dh_gencontrol override in the libvirt packaging :)
<eto> hallyn: okay and according to my info next one is 14.something
<caribou> hallyn: I'm reading an article on the topic by Raphael Hertzog (in french); he's talking about using DEB_DH_GENCONTROL_ARGS_ALL
<caribou> hallyn: http://goo.gl/viozTZ (if you read french)
<hallyn> certainly no technical french :)  i'm going to try it in a build/libvirt-bin:: section
<eto> so can i at least swith to systemd on Ubuntu Server 14.04.1 LTS ?
<eto> or where to ask question like that?
<Kaltiz> I am trying to install nis but it gets stuck at Setting up nis (3.17-32ubuntu6)  I am running Ubuntu Server 14.10 any ideas?
<refj> Netinstall hangs 20 minutes after fetching Packages.gz when installing 14.04 with preseed via iPXE. Been scouring google for a week to look solution. Found several bugs from 12.04 and earlier, where this is related to net-retriever. Anyone here experience the same issue?
<hallyn> eto: no.  you can experimentally try systemd on 14.10 (at least some ppl have tested it), not 14.04.  #ubuntu-devel may be the better place to ask
<caribou> hallyn: I'm just testing conditional gencontrol atm
<hallyn> hm, so that post shows it differently...  my way didn't work so i'll try that now ;)
<refj> Ok, how do I generate a post installation report to use as a base for a bug report regarding the possible net-retriever issue?
<caribou> hallyn: I'm trying a mix of the lxc tests & the post syntax.
<Kaltiz> managed to get the NIS package to install but now it does not seem to have an init.d script
<hallyn> caribou: hah, there is an english version? http://raphaelhertzog.com/2010/09/27/different-dependencies-between-debian-and-ubuntu-but-common-source-package/
<michele> hi there
<caribou> hallyn: didn't know abou it
<michele> I need to change the ethernet (p2p1) address from dhcp to static (and I'm using NetworkManager) on an ubuntu server. The server is remote. I have ssh and root access. Any ideas?
<alreece45> ... NetworkManager on a server?
<teward> yeah i was about to say
<teward> that's kind of unusual to have network manager on a server
<michele> that's right
<michele> I can remove it though
<pmatulis> hallyn: re https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1081786 , if i have this in the host's /etc/default/lxc the container should be using it?  i have squid-deb-proxy set up
<uvirtbot> Launchpad bug 1081786 in lxc "lxc-create doesn't take advantage of the apt proxy" [Wishlist,Fix released]
<pmatulis> MIRROR="http://10.0.3.1:8000"
<pmatulis> hallyn: it doesn't
<hallyn> pmatulis: depends how you created the container I think.  Did you use the ubuntu template?
<pmatulis> hallyn: lemme check
<pmatulis> hallyn: used ' -t ubuntu '
<hallyn> pmatulis: by any chance doe sjust adding '/ubuntu' at end of the MIRROR help?
<pmatulis> hallyn: lemme check
<pmatulis> hallyn: but i should be able to check if the container has *any* proxy configuration right?
<hallyn> yeah the template definately should be using what you give it both for debootstrap and to cat into the /etc/apt/sources.list in the container (just checked the script)
<hallyn> pmatulis: cat /etc/apt/sources.list in the container
<pmatulis> hallyn: nothing added
<hallyn> which release is this in?  (not that it's changed in a long time)
<pmatulis> hallyn: my host is trusty
<hallyn> pmatulis: so the other thing you're supposed to be able to do is set APT_PROXY which will then be put into the container's /etc/apt/apt.conf.d/70proxy...  but MIRROR is supposed to work
<pmatulis> hallyn: where/how do i set APT_PROXY again?
<hallyn> /etc/default/lxc should work
<eto> ty hallyn
<hallyn> pmatulis: oh, you might try "lxc-create -t ubuntu ... -- ... --mirror=http://10.0.3.1:8000"
<hallyn> but again i can't explain why it's not working
<pmatulis> hallyn: will try
<pmatulis> hallyn: dunno, i don't see any difference using --mirror
<hallyn> pmatulis: ok.  lemme spin up a host i can reproduce on.
<pmatulis> hallyn: this is what i used:
<pmatulis> sudo lxc-create -t ubuntu -n $NAME -P $DISK_DIR -- -S $SSH_KEY -r $RELEASE --mirror=http://10.0.3.1:8000
<hallyn> pmatulis: oh,
<hallyn> pmatulis: i bet you had pre-generated a cache image.
<hallyn> can you try adding -F?
<pmatulis> hallyn: ah, i would need to re-generate
<hallyn> i've got a test running, but lemme know if sudo lxc-create -t ubuntu -n $NAME -P $DISK_DIR -- -S $SSH_KEY -r $RELEASE --mirror=http://10.0.3.1:8000 -F works
<pmatulis> hallyn: it's taking the mirror option now but evidently i need to hack at its value in order to build a valid URL
<hallyn> pmatulis: ok, cool.  (my test failed, but due to some proxy badness, sigh)
<monokrome> Does anyone know if this version of SSL is vulnerable to heartbleed? It's the version in our Ubuntu server.
<monokrome> OpenSSL 1.0.1 14 Mar 2012
<monokrome> built on: Thu Aug 7 13:42:02 UTC 2014
<qman__> Heartbleed was in April so probably not, but we need the package version to tell for sure
<monokrome> Another machine has 1.0.1f which I think is also vulnerable?
<monokrome> Oh, how can I get the package version?
<ogra_> all supported releases had security updates long ago ... as long as you run something supported and kept it up to date with security fixes you will be fine
<qman__> dpkg -l | grep openssl
<monokrome> Thanks, I'll try that
<monokrome> 1.0.1-4ubuntu5.17
<qman__> Then compare against the security announcement
<ogra_> note that major versions dont get bumped for security patches
<monokrome> Yeah, but the version should be 1.0.1g if it is fixed (unless someone moved a patch into an older version) right?
<ogra_> 1.0.1-4ubuntu5.17 = upstream 1.0.1 ... debian patchset 4 ... ubuntu patchset 5 ... ubuntu--security patchset 17
<qman__> USN-2165-1
<monokrome> ogra_: Could you help me understand how you found that?
<ogra_> if you have the patch it will be one of the 17 security fixes ... the major version will not be touched
<qman__> That's what the version number means
<monokrome> Okay
<ogra_> so no matter if it is e or f, what counts is the 17 an dteh relation to the matching USN
<qman__> http://www.ubuntu.com/usn/usn-2165-1/
<ogra_> so it was fixed in 5.12 ... you are on 5.17 ... and should be safe
<monokrome> Oh, okay. I'll bookmark that security notices site
<monokrome> Thanks for the help :)
<ogra_> :)
<pmatulis> hallyn: on your trusty host can you create a lucid container?  it never works for me
<rostam> hi I am using ubuntu 14.04. When I type the command, domainname it returns empty. How could I fix that? thanks
<sarnold> rostam: do you really want to use NIS??
<rostam> sarnold, We use dns in our system setup, I thought domainname should return dns server IP address???
<sarnold> rostam: nope, domainname is for NIS
<rostam> sarnold, thanks
<rostam> Question how could I retrieved the dns server Ip address on my system?
<genii> cat /etc/resolv.conf
<rostam> genii, thanks
<genii> np
<genii> quikole: Please stop spamming in private message
<FilthyMacNasty> any of you server people familiar with clonezilla server?
<hallyn> pmatulis: a lucid container?  heh, i haven't tried tha tin a long time
<pmatulis> hallyn: yeah, me too but i needed one today
 * hallyn chekcs whehter download template supports that
<hallyn> pmatulis: the download template supports it
<pmatulis> hallyn: the telltale symptom is
<pmatulis> 'Can not write log, openpty() failed (/dev/pts not mounted?)'
<hallyn> pmatulis: that's with 'lxc-create -t ubuntu -n container -- -r lucid' ?
<hallyn> pmatulis: or does that also happen with the download template?
<hallyn> in either case, please file a bug.  but if the download templat eworks that would be a workaround for you
<pmatulis> hallyn: same command i gave before.  also tried with -F
<pmatulis> i'm not sure what the download template is
 * pmatulis needs to eat
<stgraber> pmatulis: lxc-create -t download -n container -- -d ubuntu -r lucid -a amd64
<hallyn> pmatulis: ^ yeah what stgraber said.  Like I say in either case please file a bug, it sounds to me like actually a debootstrap bug, but since we support lucid through 2015 on server it shoudl still be owrking
<Joe_knock> Hi.
<Joe_knock> How do I use the sed command on this line of text: @require(dirname(__FILE__).'/php/login.php'); ?? I want to remove this line of text from about 5 files.
<pmatulis> hallyn: oh, yes, i am using a template (-t).  like my command showed (?)
<pmatulis> sudo lxc-create -t ubuntu -n $NAME -P $DISK_DIR -- -S $SSH_KEY -r $RELEASE
<Joe_knock> pmatulis: I'm not sure I understand you.
<pmatulis> Joe_knock: i was talking to hallyn
<Joe_knock> okay. no problem
<FilthyMacNasty> pmatulis: I'm certain I dunnot understand you
<hallyn> pmatulis: the download templat eis also just another template, but it downloads pre-built tarballs from linuxcontainers.org.  i suspect that 'lxc-create -t download -n l1 -- -d ubuntu -r lucid -a amd64' will work
<hallyn> as a workaround
 * hallyn out, bbl
<hallyn> (that is, a full night's sleep later :)
<pmatulis> hallyn: ohhhh
<Joe_knock> aah I solved my own issue. yikes
#ubuntu-server 2014-11-06
<FilthyMacNasty> any of you server peoples know how to pxe boot a multiple image server?
<FilthyMacNasty> because I'm lost
<sarnold> "multiple image server"?
<FilthyMacNasty> dell d620 dell d630 dell 830 all windows 7 pro
<FilthyMacNasty> I have a full on installed machine in each flavor, would like to create an image for each and then pxe boot the other 40 or so mixed machines I have
<FilthyMacNasty> and I dont want to fiddle with the winders aik
<sarnold> FilthyMacNasty: hmm. I've used maas to pxeboot a handful of virtual machines before but really don't know how well it would handle windows images, sorry
<LinStatSDR> you can
<LinStatSDR> deployment services if hes using windows
<LinStatSDR> It has a setup wizard that's not bad
<LinStatSDR> But you would probably have a better time doing multicast if you're worried about bandwidth doing it all at once
<FilthyMacNasty> I'm currently using clonezilla live cd to image them but I would think I could pxe boot to something
<LinStatSDR> Doing this on what server os?
<Joe_knock> sarnold: Is there a way I can specify using tail over a period of time? I'd like to check changes that occurred in a directory over the past 10 hours.
<Joe_knock> I helped someone else recently to install a PXE server. Can I share the install stuff with you? FilthyMacNasty
<Joe_knock> fascinating username, btw.
<sarnold> Joe_knock: you can use find's -mmin predicate to try to find files modified more recently than a certain number of minutes ago; there's no way to find out what part of the file might be newer or older
<Joe_knock> sarnold: Thanks. found a solution here: http://stackoverflow.com/questions/5242501/how-to-find-the-files-that-are-created-in-the-last-hour-in-unix
<FilthyMacNasty> sorry for the delay, my previous mirc computer bought the farm
<FilthyMacNasty> ubuntu servers stuck in a windows world
<FilthyMacNasty> bleh
<WilliamDotAT> i like windows for some things
<WilliamDotAT> i also see a place for OSX
<WilliamDotAT> im not radical enough for this channel
<sarnold> enjoy :)  http://www.windows93.net/
<WilliamDotAT> haha
<WilliamDotAT> including ILOVEYOU trojan txt in root
<WilliamDotAT> funny thing
<Joe_knock> windows for gaming, yes.
<WilliamDotAT> i saw that the enw Nvidia drivers are now on-par with Windows
<Joe_knock> and I think the hardcore channel you're looking for is #ubuntu-radicals
<WilliamDotAT> they're binary of course
<WilliamDotAT> but still
<WilliamDotAT> + Steam + Source Engine/Unreal = not bad
<WilliamDotAT> Portal 2 works far better on my Linux than on my Mac system
<Joe_knock> I cant wait to get a new system. I can do PC gaming once again thereafter.
<WilliamDotAT> mine is still ok for gaming
<WilliamDotAT> i will just buy a new GPU for GTA V
<WilliamDotAT> R290X or so
<Joe_knock> laptop or desktop?
<WilliamDotAT> haha
<WilliamDotAT> desktop
<lordievader> Good morning.
<dirk__> hi
<dirk__> I need help in networking with ubuntu 14.04
<dirk__> could someone help?
<dirk__> hey, someone here?
<pmatulis> morning
<dine909> ive created a ubuntu installation using debootstrap - got it booting, and workiing - however my network adaptors dont up automatically, although work fine when i manually up them
<dine909> what is the glue ubuntu uses to do this?
<dine909> (its a trusty dist)
<dine909> (that i created)
<dine909> root
<dine909> eek
<xperia> hi all. small question. is there a reason why mysql5.6 is not the default database in ubuntu 14.10 ? from what i have read it should be about 3 times faster than the mysql5.5 version shipped and installed with ubuntu by default?
<rbasak> xperia: there were issues with the transition, so we decided to delay it until this cycle.
<rbasak> xperia: eg. http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/2014-September/007015.html
<xperia> rbasak: ahh yeah understand it full. i tryed yesterday to install mariadb10.1 on my ubuntu 14.04 to get much more functionality like master master replication and it did not worked out. had several dependecies problem with access apparmour restriction. had to go back to mysql 5.5. lucky all went good. thanks for the link. reading it right now.
<fixmypc956> I am trying to follow this instructable http://www.instructables.com/id/How-to-Host-Your-Own-Cloud-v20/?ALLSTEPS to start my own cloud...cant get it to work. please help
<xperia> fixmypc956: it looks like a very simple apache file server. did you followed all the steps described?
<fixmypc956> well im stuck where i need to make a directory
<fixmypc956> i already have my directories made where i want my files
<LinStatSDR> Morning
<fixmypc956> morning
<xperia> fixmypc956: in the configuration file there is the path where you need to have this directorys. usali it is in /var/www there you need to make simple sudo mkdir /var/www/yourdirectorys and should be fine.
<xperia> actually should find there allready also the html file that is showed when you call the apache server over a webbrowser like http://localipadressofyourserver/
<xperia> something like "it works" should appear
<xperia> ahh sorry you changed the port so the url would be need to be  http://localipadressofyourserver:8080/
<fixmypc956> ok let me check this
<LinStatSDR> Anyone familiar with running Maven on ubuntu 14.04
<cyphermox> smoser: hallyn: rbasak: I've been preparing an update to isc-dhcp -- merge with Debian and some apparmor profile additions for dhclient, I don't currently have very much of a server setup here ready, so I was wondering if you'd be willing to help test dhcpd before I go upload it
<smoser> cyphermox, well, the most i could do really is put it into some cloud instances
<cyphermox> ok
<rbasak> cyphermox: I don't have any specific paces to put it through either, sorry.
<cyphermox> ack
<hallyn> cyphermox: where is the proposed package?
<hallyn> (it's just about EOD here but i can aim to build+test it in a container or two)
<cyphermox> I've tested the server bits quickly by breaking my own network, I think it will be alright ;)
<cyphermox> so, thanks, but you don't need to stay around after all
<hallyn> cyphermox: great, good night :)
<cyphermox> good night!
<john___> I've got a weird problem, On my Ubuntu server when i try to ping my Printer that's connected on my LAN network i'm getting "ping: sendmsg: Operation not permitted", when I disable UFW pinging the printer works perfectly. I also tried an arp-scan on localhost and the printer does not get listed there at all.
<john___> Any idea what might be the problem here?
<patdk-wk_> your firewall :)
<john___> Seems like arp-a finds my printer while doing arp-a instead of arp-scan, I just wonder what's causing the pinging problem tho
<john___> That's pretty obvious :) but i'm unfamiliar to configure a UFW firewall rule to allow the pinging to the device :)
<patdk-wk_> heh?
<patdk-wk_> you just allow ping
<patdk-wk_> oviously arp works, likely cause you didn't block it
<patdk-wk_> but you blocked ping
<john___> Pinging works succesfully on other devices on the network
<patdk-wk_> most people never block arp
<john___> it's just the printer
<patdk-wk_> so?
<patdk-wk_> not sure what that has to do with it
<patdk-wk_> when you get, operation not permitted
<patdk-wk_> that means your computer says it's not allowed
<patdk-wk_> that normally means one of two things
<patdk-wk_> no route to it, or firewall
<john___> must be firewall then cause arp-a lists "(192.168.0.59) at (mac) [ether] on eth0"
<john___> (printer)
<john___> patdk-wk would adding certain rules in my firewall to allow icmp ping solve this?
<patdk-wk_> sure, if done in the correct order
<john___> ok, thank you
<jarno> anyone know abit about subnetting here?
<jarno> for 2 subnets Network Class C 211.16.17.0/24 & 211.16.17.0/25 Subnetmask 255.255.255.0 & 255.255.255.128 what would be the network adres?
<jarno> both 211.16.17.0?
<sarnold> ugh I don't know what you're trying to do but overlapping networks like that with different netmask lengths sounds like a recipe to endless frustration and hatred
<guntbert> sarnold: +1
<Joe_knock> sarnold: How would I check a facebook link that may contain malware without using the browser (or safely) ?
<Joe_knock> Does anybody know how to analyze a tcpdump output?
<jhobbs> open it with wireshark
<igoryonya> tcpdump shows the line: packets dropped by interface, how can I see which packets were dropped?
<jhobbs> you can't, they were dropped
<igoryonya> jhobbs, so, how do I tackle the problem then, my pings don't get replied from some subnets and I need to determine, what makes them drop.
<jhobbs> igoryonya, your interfaces shouldn't be dropping traffic unless they are very busy - is that the case?
<igoryonya> jhobbs, no, I wouldn't say so, it's a newly installed server. Packets are being dropped on a virtual machine it's interface is being configured to connect to the ISP with the IP address behind a NAT (the ISP gives NATted addresses from the 172.16.0.0/16 network) all the addresses from that net ping, and dns resolves, but the internet addresses don't get replies to the vm, although, when I monitored with tcpdump on the tap0 interface from the host mach
<igoryonya> ine, the pings to the internet addresses return with a reply packet.
<Joe_knock> Does this tcpdump: 14:56:27.742567 IP 174.143.140.137.80 > 192.168.2.21.45704: Flags [S.], seq 3555324792, ack 2292208597, win 5792, options [mss 1452,sackOK,TS val 593134436 ecr 91197600,nop,wscale 6], length 0
<Joe_knock> Mean this:
<Joe_knock> a packet of length 0 was received from the sender
<Joe_knock> It looks like the sender and receiver acknowledged each other though
<WhiteIntel> hello, does the command "ip route add" persist the static routes also after a reboot?
<sarnold> Joe_knock: it's hard to check a possibly-malicious link safely; if you grab the contents with curl or wget that'll sometimes be sufficient; when I'm confident something is evil, I'll stick a very tight apparmor profile on wget for the download to prevent an exploit from easily working
<sarnold> WhiteIntel: no, it only modifies the current routing table; if you want it persistent you have to take other steps
<WhiteIntel> sarnold: ok, and what steps if have to take
<tafa2> does anyone backup their servers to S3? If so does anyone have a particular strategy in place? Like a write only user with no delete rights incase the server is ever compromised an attacker wouldn't be able to delete your backup as well?
<Joe_knock> sarnold: It is an example I am trying to work through. I'm trying to understand what tcpdump is for and what the output means (based on the example). [what it means = what is it telling me in laymans terms]
<sarnold> WhiteIntel: depends on what you're doing; modifying /etc/network/interfaces isn't a bad starting place though
<sarnold> Joe_knock: oh, nice, tcpdump is an awesome tool.
<WhiteIntel> sarnold: you mean the config directive "up route add -net"?
<jhobbs> Joe_knock: wireshark can be a lot easier to understand if you're getting started
<Joe_knock> okay I see you were answering a previous question sarnold
<jhobbs> Joe_knock: it interprets packets a lot more for you, and can do stuff like follow a particular connection
<jhobbs> tshark also if gui is hard
<Joe_knock> jhobbs: I am installing that software. It is open source and not in binary, right?
<jhobbs> igoryonya: watching for ping replies along all the interfaces back to the VM is the right thing to do; you don't see the responses at all in the VM i guess?
<jhobbs> Joe_knock: yes it's open source
<sarnold> WhiteIntel: yeah, if what you're doing fits there, anyway
<igoryonya> jhobbs, I see the responces in vm to 172.16.0.0/16 subnet, but not to the global internet addresses, although, tcpdump shows that replies from global addresses get all the way up to tap0 of the virtual machine connected to. So they traverse through the real nic -> bridge -> tap, but only 172.16.... get to the actual vm.
<Joe_knock> jhobbs: I see that this tool is for network admins. Gonna be fun using it.
<jhobbs> Joe_knock: or for developers - it's an essential for anyone doing anything interesting with networking
<jhobbs> igoryonya: do you have iptables rules set that may be interfering?
<jhobbs> i have to run, good luck
<WhiteIntel> sarnold: is there a wiki page for the exact syntax? I have to set some routes that donÂ´t have a gw only an other address => via an other net
<Joe_knock> Thanks. take care jhobbs
<sarnold> WhiteIntel: none that I know of; the resolvconf manpage and interfaces manpages describe the interfaces format, and the ip-route manpage describes the ip route interface..
<sarnold> WhiteIntel: there's a huge pile of interesting stuff here: http://lartc.org/ -- but I suspect it's suffered bitrot, and it was never very good at distro-specific details
<WhiteIntel> sanrold: ok I will have a look at this, thank you very much!: )
<igoryonya> jhobbs, no packets were being able to pass to the vm, then I temporarily made an iptables rule to accept all the forward packets, and started getting replies to the 172 subnet, but didn't get any replies to global with that rule. then i added rules to iptables that pass all the packets from and to the phisical nic, connected to the isp, bridge and the tap, so, unless, I've missed something, none of the traffic on this route is blocked. iptables on the
<igoryonya>  vm show no rules attached to it at all.
<igoryonya> jhobbs, can I show you my iptables config, maybe you can see something that I've missed?
#ubuntu-server 2014-11-07
<igoryonya> jhobbs, http://paste.ubuntu.com/8859114/
<lordievader> Good morning.
<ayr-ton> Some knows if is possible to text LXD without nova-compute-flex, like without install all the openstack?
<_ruben> argh ... bitten by the no root over ssh by default again .. now i gotta walk down to the server room again .. hooray for pxe booting new servers :p
<lordievader> _ruben: Hehe, I allways have that problem with debootstrapping. Forgetting to set a password for root or making new users that actually have a password...
<_ruben> lordievader: my preseed file sets a root pw, which worked fine upto 12.04, just doesn't cut it anymore on 14.04 ;)
<_ruben> Time to upgrade our install process I guess (automate the post-install tasks further)
<RoyK> anyone that knows a magic trick on how to get performance statistics per database with mysql?
 * RoyK is really trying to think of something good about mysql
<MacroMan> RoyK, If you had a unique user for each db, then you could run a performance script to check just one but only using those credentials
<MacroMan> I use http://mysqltuner.com/ which seems to work quite well.
<RoyK> MacroMan: ah - what sort of script would that be?
<MacroMan> It's a perl script that you run and it gives some useful info. It's not the be all and end all, but it's certainly a good indication of performance
<RoyK> MacroMan: thanks - lemme take a look
<RoyK> http://karlsbakk.net/fun/USA/american_people_2014.jpg :P
<RoyK> MacroMan: the solution to this is really s/MySQL/PostgreSQL/g
<RoyK> MacroMan: thanks for the advice, but really, this doesn't show very useful performance counters :P
 * RoyK forces developers to move to postgresql :P
<MacroMan> exit
<blkperl> anyone know how to get past Hash Sum mismatch errors on apt-get update when rm'ing /var/lib/apt/lists/* doesn't work?
<sarnold> blkperl: check dmesg to make sure you don't have dying hardware
<blkperl> sarnold: its a fresh vagrant image
<sarnold> blkperl: aha :)
<blkperl> I've added a Third party mirror and am getting the hash mismatch errors
<blkperl> is their a way to verify if the third party repo is actually broken?
<sarnold> blkperl: it gets difficult; download the files by hand, verify the hashes by hand. it's not fun.
<blkperl> ugh after apt-get upgrade, apt-get update works...
<sarnold> that can happen too, if the mirror was in the middle of a sync...
<blkperl> I don't think thats the issue, I think some combination of apt-get upgrade or adding the gpg key first and then apt-get update, "fixes" the hash mismatch error for this particular case
<blkperl> maybe TravisCI is needs to upgrade their precise image
<blkperl> since their apt is out of date
<hallyn> jdstrand: hey, are you around to sanity check a libvirt-apparmor debdiff?
<hallyn> jdstrand: http://paste.ubuntu.com/8872448/  (i'm goig to test a bit more and then probably push to v and sru to u and t)
 * jdstrand looks
<jdstrand> hallyn: I think you also want something for 'network netlink,' for 14.10 only
<jdstrand> other than that, without actually running it, it looks good
<jdstrand> hallyn: also, even though libvirt-qemu and libvirt-lxc don't have unix rules, it is probably good to run the sed on them too to future proof us in case we add something there
<jdstrand> (that goes for the netlink rule too)
<hallyn> jdstrand: gah.  so I should pull 'network netlink' out for anything earlier than 14.10?  but keep it in for 14.10 and 15.04?
<hallyn> (so same as the unix rules?)
<jdstrand> hallyn: exactly
<hallyn> jdstrand: cool, thanks
<jdstrand> hallyn: so, I would phrase that as '14.10 and later' :)
<jdstrand> since I seem to have my pedantic hat on
<hallyn> jdstrand: but the rules are stripping it out for 14.04 and earlier
<hallyn> theyr'e doing nothing for 14.10 and later
<hallyn> hopefully i've got this (*$&%$ right :)
<hallyn> took me days to get something that seems to work
<jdstrand> hallyn: I just mean you said '14.10 and 15.04', but that should be '14.10 and later'
<hallyn> oh, right :)
<jdstrand> hallyn: the code is doing that. I was just adding confusion to the conversation
<hallyn> ok updated debdiff i'm going to build real quick - http://paste.ubuntu.com/8872671/
<jdstrand> hallyn: what you came up with seems very clean
<hallyn> excellent, thx.  hopefully it all builds fine and i'll push to v tonight.  (dunno about the SRUs - i'm out quite a bit next week)
<hallyn> anyway - gnight
<jdstrand> hallyn: certainly you have people for that :)
<jdstrand> hallyn: g'night
<hallyn> jdstrand: gah.  so 9 days ago libvirt built+tested ok.  today, libvirt fails the qemuxml2argvtest testcase.  i'm not quite sure whether i should just push it to vivid and see if the buildds do a better job, or if this is more likely to be due to a recent package change
<hallyn> jdstrand: d'oh, wasn't there a libxml security update.  wonder whether that did it
<sarnold> hallyn: http://www.ubuntu.com/usn/usn-2389-1/
<sarnold> hallyn: there were also kvm changes in kernel security updates: http://www.ubuntu.com/usn/usn-2395-1/
<hallyn> sarnold: yeah but i don't *think* qemu-* is involved
<sarnold> ahh
<hallyn> more like "AAAAAARGH"
<hallyn> as i recall the error was something like it expected '//V' but got 'V'
<hallyn> sarnold: sigh.  i wanted to go t osleep, but i guess i'll try a build iwth the old libxml
<sarnold> hallyn: go to sleep :)
<hallyn> well if libxml is broken i wont *fix* it now :)  i'll just push the libvirt and post a bug
<sarnold> hallyn: well, okay, if knowing if libxml is to blame will help you get some sleep .. :)
<hallyn> when you say it out loud it doesn't sound likely does it
<sarnold> I think I've heard complaints about libxml updates breaking other package builds before, apparently people come to rely upon the bugs :)
<hallyn> sarnold: feh.  confirmed.  after a dpkg -i libxml2_2.9.1+dfsg1-3ubuntu4.4_amd64.deb  libvirt builds
<sarnold> hallyn: sigh
<hallyn> sarnold: i don' tknow why i'm telling you this, as i don't hold you responsible :)  but i opened bug 1390637
<uvirtbot> Launchpad bug 1390637 in libxml2 "newest libxml2 update in vivid breaks libvirt build" [Undecided,New] https://launchpad.net/bugs/1390637
<hallyn> i'll be working 2 or 3 days next week, can take a look if noone else has then (T or W)
 * hallyn out
<sarnold> hallyn: have a good weekend :)
#ubuntu-server 2014-11-08
<grendal_prime> hey guys i upgraded my 1204 smb filer to 1404.  None of my shares are accessable now.
<grendal_prime> they are there...i just can access them.
<sarnold> grendal_prime: do you have any errors in syslog or dmesg or samba logs?
<grendal_prime> im trying to find that now.
<grendal_prime>   failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
<grendal_prime> that is the start of it
<grendal_prime> from dmesg im getting.  [ 1625.488505] init: samba-ad-dc main process (3850) terminated with status 1
<grendal_prime> ouch..this is version 4 of samba
<grendal_prime> ya i dont think the tool i have been using is going to work with that.
<grendal_prime> crap.
<grendal_prime> ya that is going to make things much more difficult.
<grendal_prime> grrr..no error files that are helpfull on this
<grendal_prime> this is the worst experience i have ever had with ubuntu.
<grendal_prime> samba 4.1.6  what a joke.
<Sachiru> Why?
<Sachiru> What's wrong with Samba 4.1.6?
<grendal_prime> i cannot get it to do what i need
<grendal_prime> its making me crazy..
<grendal_prime> i just need to create some shares and then limit wich users have access to those shares
<grendal_prime> ive spent the last hour just trying to set up a pdc and it is not working.
<grendal_prime> is there just a simple setup for shares..i can test ...im gonna loos my mind with this.
<grendal_prime> i messed up one step on the provisioning and now im getting nothing but errors
<grendal_prime> its ridicules
<grendal_prime> im building another vm at ground zero
<grendal_prime> has anyone used swat2 on this?
<lordievader> Good morning.
<grendal_prime> alright i got this to do what i need.
<grendal_prime> i think
<grendal_prime> the one question i have is this..
<grendal_prime> is this    unix password sync = yes  going to sync my unix pasword with my samba password when i change my unix password..or the other way around?
<johncarper> If Ubuntu server didn't exist, and you would have to choose for a different server distribution with debian excluded. Wich one would you choose?
<temasso> Which ubuntu release is now best for production server?
<lordievader> Trusty (14.04) I'd say.
<temasso> hm, sb is criticising 14.04 : https://tim.siosm.fr/blog/2014/04/25/why-not-ubuntu-14.04-lts/
<temasso> i.e kernel (3.13) is not LTS
<lordievader> Well I'd never go with a non-LTS release for a production server, so that leaves 10.04, 12.04 and 14.04. 10.04 is almost EOL, if it ain't already. 12.04 is already a couple of years old, so unless you want old software go with 14.04.
<temasso> ok, thx for your opinion
<Amir1> How to remaster Ubuntu Server withiut GUI?
<lordievader> Amir1: Remaster?
<Amir1> lordievader : yes, i have an installed ubntu server 14 with my personal packages and configs
<Amir1> i want to creat installe able ISO of taht
<Guest18602> hello, i have a strange thing going on on my server. i am not able to install linux-image-3.13.0-39-generic_3.13.0-39.66_i386.deb. i get the following error: E: Sub-process /usr/bin/dpkg returned an error code (1)  (i don't know if its related, but i installed typo3 before...)
<lordievader> Amir1: I supose this would help: https://help.ubuntu.com/community/InstallCDCustomization
<lordievader> Guest18602: If you manually install the package with dpkg, does it tell you more?
<Amir1> i have some configuration and customize on my server.
<Guest18602> lordievader: thaks for your reply. if i type: dpkg linux-image-3.13.0-39-generic_3.13.0-39.66_i386.deb - i get dpkg: error: need an action option
<lordievader> Guest18602: So what do you do now?
<Guest18602> lordievader: i think i need an action option but i don't know which one...
<lordievader> Guest18602: Correct, how do you find out what options dpkg provides?
<Guest18602> lordievader: with dpkg --help?
<lordievader> Guest18602: That is one way, so what option do you need ;)
<lordievader> I do hope you realize that I'm trying to teach you something.
<Guest18602> lordievader: i get it... thank you for that. i think it must be : -i
<lordievader> Guest18602: Precisely, what errors do you get when you install it with dpkg?
<lordievader> !paste | Guest18602
<ubottu> Guest18602: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<Guest18602> thanks!!!
<Guest18602> lordievader ubottu: i get this : http://paste.ubuntu.com/8883693/
<lordievader> "debconf: DbDriver "config": /var/cache/debconf/config.dat is locked by another process: Resource temporarily unavailable"
<lordievader> Guest18602: Is there a debconf process running?
<Guest18602> lordievader: how do i find it out?
<lordievader> Guest18602: Hehe, just beginning in the world of Linux? "ps aux|grep debconf"
<Guest18602> lordievader: yeah... i still need help with some things...
<Guest18602> lordievader: i get the following: http://paste.ubuntu.com/8883819/
<lordievader> Guest18602: Did your typo3 install complete correctly?
<Guest18602> lordievader: i think so, it's working...
<lordievader> Guest18602: "kill 9286&&dpkg-reconfigure typo3"
<Guest18602> lordievader: i get this <fter that: http://paste.ubuntu.com/8883942/
<lordievader> Guest18602: apt-get install -f
<Guest18602> lordievader: it seems to work now... i have to go... thank you very much for your help!!!
<lordievader> Guest18602: No problem.
<fixxxermet> I need some help with bridging a bonded interface.  I have that specific aspect working - the issue is that the containers (LXC) on my host which are bound to the bridge interface aren't able to route traffic
 * iNooB clear
<GrantK> For ubuntu server 12LTS, and 'alternate install' CD was available (http://releases.ubuntu.com/12.04.5/)  that specifically supported "LVM and/or RAID partitioning".  For ubu14LTS, (http://releases.ubuntu.com/trusty/), I neither see a similar 'alt' iso, nor any mention of RAID/LVM support.
<GrantK> Is that RAID/LVM *in* the Ubu14LTS install? Or is there a different source, now, for that support?
<lordievader> GrantK: There aint a alternate iso, but the mini iso is capable of doing at least lvm.
<GrantK> lordievader: Hi.  thx.  Is the 'full' iso a superset of the mini?  i.e., do we know that lvm support is there?
<lordievader> Err no, they are quite different. But I've used the mini iso for a LUKS + LVM setup.
<GrantK> k.  There must be some mention somewhere -- instead of DL'ing the full just to determine it.  I'll poke around some more.  thx.
<jarno_> If your installing a server, What would be the difference between the regular iso and the minimal iso?
<ikonia> jarno_: the components installed by default
<ikonia> I suggest you do some basic research
<jarno_> ok
#ubuntu-server 2014-11-09
<ruben23> hi guys any help how to uninstall perl or cpan but im getting error with this ---> http://pastebin.com/u9qgH63f
<ruben23> any one can help please
<rahuldroy> ruben23: try doing a clean
<rahuldroy> sudo apt-get autoclean
<ruben23> nothing happens
<ruben23> Reading state information... Done
<ruben23> no activity at all
<ruben23> rahuldroy: still there.?
<rahuldroy> ruben23: how did this come about?
<rahuldroy> can you try doing an apt-get update just to make sure all your cache is upto date
<ruben23> all done - complete..up to date
<rahuldroy> now try doing the remove
<rahuldroy> do you also have all the updates installed as well>
<rahuldroy> ?*
<ruben23> yes
<Amir1> What`s the best way to Remaster an installed Ubuntu Server?
<ruben23> stil the same
<ruben23> http://pastebin.com/u9qgH63f
<Amir1> What`s the best way to Remaster an installed Ubuntu Server  without GUI ?
<Amir1> What`s the best way to Remaster an installed Ubuntu Server  without GUI ?
<Amir1> What`s the best way to Remaster an installed Ubuntu Server  without GUI ?
<mardraum> maybe you should rephrase your question instead of simply repeating it
<lordievader> Good afternoon.
<Jinxed-> why does ubuntu server take like 4 hrs to install
<Jinxed-> and ubuntu desktop like 10 min
<pmatulis> Jinxed-: 4 hrs, exaggeration?
<pmatulis> Jinxed-: but server uses ubuntu-installer that actually installs packages (dpkg) whereas the desktop uses ubiquity that copies files (cp)
<Jinxed-> well I wasted like 4 hours
<Jinxed-> it failed on installing grub
<Jinxed-> tried lilo
<Jinxed-> warned me about something, so I decided to "Go Back"
<Jinxed-> instead it continued
<Jinxed-> rebooted
<Jinxed-> and just displays 99999999
<Jinxed-> so now I'm downloading centos
<rbasak> With cloud images, installation is really fast. MAAS for bare metal, but that's more focused on scale, not for individual users.
<rbasak> If you need 500 nodes though, cloud images are the way to go.
<mnngfltg2> Does anyone have a hint how I can find out what service is causing 5GB of traffic every hour on my server?
<mnngfltg2> In particular in `ntop` I see many GiB of UDP traffic (much more than TCP). Any idea how I can find out where it comes from?
<RoyK> mnngfltg2: wireshark?
<mnngfltg2> royk, let me try tcpdump first
<RoyK> mnngfltg2: wireshark can do that too - see tshark
<mnngfltg2> royk, hmm I see the traffic in `tshark`
<mnngfltg2> can I find out which process is sending those datagrams?
<RoyK> mnngfltg2: make a 30sec dump and analyse the traffic first - see what it contains
<RoyK> mnngfltg2: tshark -w something.pcap
<mnngfltg2> ok
<RoyK> tshark -a duration:60 -w something.pcap
<RoyK> iirc
<mnngfltg2> I'll try that. Looks like it is a bit of work.
<mnngfltg2> thanks for your help, I'll capture the traffic the next time I get a traffic surge
<RoyK> did you find out which udp port this was?
<mnngfltg2> well it looks like one of the users of the server is using "teamspeak" as a server
<mnngfltg2> which causes lots of udp traffic
<mnngfltg2> but I'm not 100% sure that that's all there is to it
<Gregor3000> unatended-updates: Unattended-Upgrade::Mail "root"; how to add more emails? within " " as in "root example@example.com" etc?
<dine909> i have 3 usb dongles that each in essence add a network interface, the problem is they all have the same MAC address, so linux is having a tough time mounting all the devices, has anyone any ideas on what i can do?
<pmatulis> -
<pmatulis> -+
<dasjoe> dine909: complain to your vendor, they should not have the same MAC address
<dine909> huawei
<dine909> i will - but i have 11 hours to do the task at hand
<dine909> i may have got around it, but just been slapped in the face with a netns issue
<dine909> well not net ns. but device naming
<dine909> if you move a sequentially id'd connection ie wwan0 into a netns, the next adaptor acquires wwan0 again :s
<streulma> hello
<streulma> I'm migrating mail from sendmail to postfix
<streulma> I have a few questions
<streulma> how can I use user%domain ?
<bremden> I'm trying to set up a personal web server with ubuntu server 14.04, system powers up, but after selecting the boot disk, it goes to a blank screen with a flashing cursor, and becomes unresponsive to input. Any ideas why?
#ubuntu-server 2015-11-02
<not_roasted> hello friends
<not_roasted> I'm repurposing an old laptop to use as a server. When I close the lid, it does nothing, which sounds great (no suspend) but the screen stays lit. How can I control the timeout so the screen goes entirely black?
<TJ-> not_roasted: sounds like the backlight is staying on. DPMS is usually the way to control that, but it may require working with the platform ACPI driver too
<jak2000> TJ- ! thanks
<TJ-> I know there used to be a CLI command to directly control DPMS but can't find it now
<jak2000> some problems but solved... 1) i am ejecuted crontab with sudo... :)
<lordievader> Good morning.
<gulzar> what is a good partiton schema for ubuntu14.04 server edition on a 1TB HDD?
<Seveas> gulzar: tiny boot and the rest an lvm pv. Create a small-ish volume (50GB) for the root filesystem and separate volumes for each application you put on it and its data
<lordievader> ^ that
<Seveas> most importantly, don't allocate all diskspace right away. It's easy to grow an LV, and rather difficult to shrink one.
<gulzar> Seveas: it will have only one app for testing , whcih willl be reinstalled every week
<Seveas> gulzar: all the more reason to go for this. Deleting the app is as simple as dropping and recreating the LV :)
<Seveas> you can even minimize downtime by doing the reinstall in a different lv and swapping it in place :)
<ikonia> win 4
<gulzar> Seveas: the only fear I have is, the users here are pure MS people and they all use root account , and many times someone do execute 'rm /' and chmod which destroy the system
<Seveas> don't give them root access them
<Seveas> then*
<Seveas> just enough sudo access to do their job.
<ikonia> create non-privileged user accounts, or auth against AD
<gulzar> Seveas: can't help , the idiots made the app to work on root account. I will change this but will need few months
<hjjg> Hi! I use Ubuntu Server 14.04. with Kernel 3.13.0 and ubuntu-zfs on a nfs server.
<gulzar> Seveas: so regular snapshots/backups of system other than the current system storage is necessary
<lordievader> gulzar: That is simply bad design...
<ikonia> Seveas: interesting in your wording around 1 lv per app
<ikonia> do you actually mean "per app" or per app file system ?
<gulzar> lordievader: yes, and since those MS people think that admin on windows and root on linux is same, my power is low
<lordievader> gulzar: Ouch
<gulzar> lordievader: :(
<gulzar> lordievader: so backups on other server of / is a must
<omen> maybe you should do moral choise and make them know that they can't decide about what they don't know about
<Seveas> ikonia: I mean /srv/www on a different lv than /var/lib/mysql
<omen> dunno if that is good idea, if they are too emotional about it
<Seveas> and if you add redis, stick its datadir on an lv
<ikonia> Seveas: ok, what I'd expect then
<lordievader> gulzar: You could also use snapshots of the root lv
<ikonia> Seveas: thought you where suggesting some new "docker style" approach
<Seveas> gulzar: lvm also lets you make snapshots, yet another reason to go for this scheme
<gulzar> omen: they are like main developers and all think in same way. I handle linux and tools part
<Seveas> ikonia: no, I don't do such madness :)
<gulzar> Seveas: ok, any doc for this snapshot thing?
<ikonia> Seveas: didn't think so, hence the interest
<Seveas> gulzar: man lvcreate :)
<lordievader> gulzar: https://wiki.gentoo.org/wiki/LVM
<gulzar> Seveas: :P
<gulzar> lordievader: ok
<gulzar> so finally what size for these lvm ?
<Seveas> gulzar: if you really want to mess with them, add an aufs overlay on top of /, then anything can be rolled back by rebooting :)
<hjjg> hjjg: after 370 days of solid and stress free uptime, we installed updates and rebooted the machine. Now we are experiencing serious problems.
<gulzar> and /boot
<gulzar> Seveas: that aufs went above the head
<Seveas> gulzar: /boot 250mb, / 50GB, /data/yourapp whatever you need
<Seveas> gulzar: it was more of a joke than an actual suggestion, so don't worry
<omen> gulzar: if the app is light, maybe you should try virtualization
<gulzar> Seveas: that /data needs to be /home
<Seveas> gulzar: /home/yourapp then, not all of /home
<hjjg> every 2 to 4 days the server needs to be rebooted. the ZFS datasets are inaccessible (ls on /pool/dataset hangs) and the nfsd-kernel processes are consuming 100% cpu time (sys)
<gulzar> omen: no, its bad , super memory hog app, I think even 128GB ram wil be less
<hjjg> is it possible to downgrade the kernel and zfs/spl to a specific version?
<gulzar> Seveas: how its possible to have tow /homes ?
<ikonia> hjjg: if you have access to the repos that hold the older packages sure, other things may depend on the later version
<ikonia> as I recall the zfs kernel repo is 3rd party maintained
<hjjg> is there someone else who has problems with ZoL and NFS?
<Seveas> gulzar: same way as you can have / and /home on a different volume, any subdir can be on a different volume
<gulzar> Seveas: one for /home/app and other for /home/user ?
<gulzar> Seveas: oh
<Seveas> or one for /home and one for /home/app
<gulzar> Seveas: ok, got it
<ikonia> hjjg: select the older kernel from your grub menu, see if the problem remains
<hjjg> ikonia: I am well aware of the fact that this is a third-party repository. I also bug-reported this issue on github.
<ikonia> other than that you're going to have to interact with the kernel maintainer team for the ZFS packages
<hjjg> ikonia: the problem is that spl-dkms and zfs-dkms are rebuilding all of the installed kernel modules.
<ikonia> hjjg: the older kernel should still maintain it's tree
<gulzar> Seveas: I just got good news, that /home/app can be anywhere not just inside /home , it just needs max free space and that space is on external drive. No need to use internal HDD
<gulzar> Seveas: that external is mounted in /media
<gulzar> Seveas: so the only problem is protection of permision and 'rm /'
<hjjg> ikonia: dkms does odd things. 3.13.0-36, 3.13.0-57, 3.13.0-65 and 3.13.0-66 are installed but the zfs module has only been built for -65 and -66
<hjjg> yes, the corresponding linux-headers package is installed.
<gulzar> Seveas: there?
<gulzar> !ping
<ubottu> pong!
<gulzar> Seveas: Thank You
<jose> jgrimm: ping
<jgrimm> jose, pong
<jose> jgrimm: hey! just wondering why the python2 to python3 session was declined
<jgrimm> jose, decision was to wrap that into the python3 session already scheduled.
<jose> jgrimm: gotcha. thanks! :)
<jgrimm> jose, http://summit.ubuntu.com/uos-1511/meeting/22568/python3-only-on-the-images/
<jgrimm> jose, no problem!
<teward> rbasak: ping, if you're around, just need an opinion on something
<teward> no rush if you're busy
<fuzzywuzzy> Hi I want to change all the file permissions in /var/www to 644.  Does this work? find /var/www/ -type f -exec chmod 644 {} \;
<Seveas> fuzzywuzzy: chmod -R /var/www og+r,u+rw
<Seveas> yes, that changes permissions on dirs to, but only to things you need anyway :)
<sarnold> fuzzywuzzy: should work fine
<Seveas> sarnold: it'll be slow as hell though, and it's missing quotes
<fuzzywuzzy> I'm trying to chmod the FILES to 644
<sarnold> Seveas: yeah, xargs or the + thingy would go faster. what quotes is it missing?
<fuzzywuzzy> Accidently set to 755
<fuzzywuzzy> Am I doing this wrong?
<fuzzywuzzy> So says - http://wiki.apache.org/httpd/FileSystemPermissions
<Seveas> no, you're doing it right
<fuzzywuzzy> trying to match permissions on default Wordpress install on Ubuntu server
<fuzzywuzzy> gracias amigos!
<fuzzywuzzy> =)
<fuzzywuzzy> Can anyone recommend an up to date book on Ubuntu server security?
<sarnold> fuzzywuzzy: this guide seemed sane https://www.gov.uk/government/publications/end-user-devices-security-guidance-ubuntu-1404-lts
<JanC> sarnold: interesting the UK government is publishing guides like that (even if some of what they write is nitpickable :) )
<hotmedal> If I make a pptp vpn server, can multiple clients connect to it at the same time? I tried with Windows (the built in thing it has) and it only allowed one client at a time.
<sarnold> JanC: yeah, I was impressed. It's not perfect but so many of those guides are ridiculous.
<JanC> there is indeed a lot of good stuff in it, it seems
<quantic> JanC: The US DoD does the same. We call them STIGs.
<RoyK> hotmedal: yes, but pptp is an insecure protocol, don't use it
<quantic> hotmedal: PLEASE don't use PPTP. When we say insecure, we mean "@#$%ing broken."
<teward> ^ that
<lordievader> hotmedal: Better go with ipsec. Works really well :)
<quantic> Or openvpn if you're going through NAT.
<lordievader> Ipsec can go through NAT (ESP at least)
<quantic> lordievader: but even then it's a pain.
<quantic> openvpn is a lot LESS of a pain. :P
<lordievader> That is NAT's fault :P
<quantic> True, but until we can get rid of IPv4, NAT's kind of a thing.
<teward> lordievader: IPSec can go through nat, but OpenVPN behaves better on it, I think
<teward> granted, my firewall appliance handles my network's VPN, but meh
<teward> :P
<jpds> strongswan handles IPsec just fine on Ubuntu and has Windows support
<jpds> It's only painful when one doesn't know how it works
<lordievader> Indeed and the documentation for Strongswan is nice.
<sarnold> <3 strongswan docs :)
<hotmedal> i basically  need to create a vpn on a windows machine and with its built-in pptp I succeeded but for only one client at a time
<hotmedal> can I do something about that?
<lordievader> Windows supports ipsec out of the box too.
<hotmedal> (I know openVPN is good but my clients would rather use the built in vpn connection)
<hotmedal> lordievader: how
<teward> lordievader: Win8+ yes
<teward> (win7 it likes to complain, from what I've done in testing)
<hotmedal> yes I have 8.1
<lordievader> hotmedal: https://wiki.strongswan.org/projects/strongswan/wiki/Windows7
<lordievader> teward: I use it on my Win7. Bit tricky to get the cert just right but after that, click and go.
<teward> lordievader: link please :)
<lordievader> teward: See above.
<teward> or a guide.  'cause it doesn't work on my Win7
<teward> thanks
<teward> (works GREAT in Win10 though xD)
<lordievader> teward: Windows 7 is very picky about it's certs it needs a couple of flags set else it will give Nat related errors or some wierd stuff like that.
<teward> mmm
<hotmedal> I don't want to generate certificates and get the clints to use them
<hotmedal> just username and password
<lordievader> I have no experience with psk.
<teward> lordievader: psk is difficult in windows i think in win7 - psk not supported perhaps.
<teward> but that's offtopic :)
<lordievader> From the page I linked to "or Username/Password using EAP-MSCHAP v2 (case C)." seems psk is supported.
 * teward shrugs
<lordievader> But I have no idea if that is actually using the ipsec psk.
<herrkin> hello, I have an issue setting up a service, it does work when I do sudo service xxx start|restart|stop but it wont start up with the system.
<herrkin> may anybody help me set it up?
<herrkin> it is pm2 I hope some of you is working with it.
<sarnold> upstart conf? sysv-init script? systemd service?
<EmilienM> zul_, coreycb, jamespage: which repo should I use to setup liberty ? trusty/proposed/liberty or trusty/updates/liberty ?
<coreycb> EmilienM, you'll want to run with updates unless you need to test something that's in proposed
<EmilienM> coreycb: what is supposed to be stable?
<coreycb> EmilienM, -updates is stable
<coreycb> EmilienM, so this is stable: add-apt-repository cloud-archive:liberty
<EmilienM> cool
<ponyofdeath> anyone know why ip route add 10.248.5.0/24 dev bond0.250 src 10.248.5.154 table vlan_250 would give  "RTNETLINK answers: Operation not permitted" what do i need compiled in the kernel for that?
<ponyofdeath> what is funny is that the command ip route add default via 10.248.5.1 dev bond0.250 table vlan_250 wroks fine
<TJ-> ponyofdeath: is 10.248.5.154 assigned to bond0.250 ?
<ponyofdeath> TJ-: yup
<ponyofdeath> this was working until i compiled kernel 4.3
<ponyofdeath> so i think i might be missing a kernel option
<TJ-> ponyofdeath: Ahhhh!
<TJ-> anything in dmesg/kern.log gives a better clue?
<ponyofdeath> nothing
<ponyofdeath> that i fixed
<ponyofdeath> sorry
<ponyofdeath> that i can tell
<ponyofdeath> i have everything under policy routing comiled in
<TJ-> might be worth enabling some dynamic_debug tracing
<ponyofdeath> gonna roll back kernel to see if that was it as i also upgrade with the latest packages for 14.04
<ponyofdeath> is ipv6 needed for iproute
<sarnold> no, I used iproute2 utilities well before ipv6 was around..
#ubuntu-server 2015-11-03
<ponyofdeath> I think ubuntu iproute2 might be too old for 4.3
<a1fa> anyone running autossh, if so where did you put your startup script?
<a1fa> cron, if-up.d, init.d ;} choices choices choices
<jak2000> hi all
<jak2000> anyone can guide me for install a ubuntu server
<jak2000> i want try with lvm partitions
<tonyyarusso> jak2000: What do you need guiding on?
<jak2000> i am created a lvm disk 18gb
<jak2000> have 3 more
<jak2000> how to add it to any partition
<jak2000> wich is wrong: http://pastie.org/10525809   not start the eth0 i need type this command for have network: sudo ifconfig eth0 192.168.0.200/24 up
<jak2000> why not take automatically the configuration?
<jak2000> adun153 hi
<jak2000> wich is wrong: http://pastie.org/10525809   not start the eth0 i need type this command for have network: sudo ifconfig eth0 192.168.0.200/24 up    why not take automatically the configuration?
<adun153> jak2000: Think of ifconfig as "manual" manipulation of the interface
<adun153> what you want is "ifup eth0"
<jak2000> but how do the changes permanently?
<jak2000> why i need type ifup eth0?
<adun153> Whatever is in /etc/network/interfaces is "permanent", when your computer boots up again, the settings will take effect
<jak2000> yes
<jak2000> its ok: http://pastie.org/10525809     ?
<adun153> but it's just a text file. If you made the changes just now, you need the interface's running config to change.
<jak2000> i restarted the server
<jak2000> and not bring  up the network card
<adun153> I see that there is a "safe" in there
<adun153> I'm not familiar with that config option
<jak2000> remove
<adun153> Did it work?
<jak2000> yesss
<jak2000> thx
<adun153> no prob. :)
<alkisg> Hi, I want to see if this idea makes sense... I'd like to have a server in the link-local ipv6 address of fe80::1 so that the clients can reach it more easily (no control over the dhcp etc). Can the server have 2 link-local addresses? If not, is it a problem if I use only the fe80::1 one?
<theptr> i have an ubuntu server 14.04 i worked with iptables what is nice . Now i want to start with ufw . is it possible to import the rules in ufw ?
<mdeslaur> rbasak: I'm working on sponsoring the mariadb security update. Any plans to merge it from debian into xenial?
<rbasak> mdeslaur: otto looks after that. I think I hold the lock on the merge probably though. I need to catch up with status but no plans this week.
<dannf> hallyn: fyi, just e-mailed you another patch for qemu that'd help in backporting
<hallyn> dannf: ok, thx.  will be looking in the evening
<mdeslaur> rbasak: ok, thanks, i'll upload the same change to xenial than, and someone can re-merge the debian differences at a later time
<EmilienM> coreycb, zul, jamespage: have you tested openstack gnocchi & aodh in trusty/liberty ? gnocchi looks absent and aodh broken
<jamespage> EmilienM, nope they where autosyncs from Debian
<jamespage> EmilienM, and indeed gnocchi is missing still for liberty
<EmilienM> jamespage: so aodh should be good now? (if debian fixed it)
<jamespage> EmilienM, generally my team will only have tested stuff in Ubuntu main - anything else ymmv
<jamespage> EmilienM, there was a  fix on release day to aodh that I synced over from Debian
<EmilienM> jamespage: ok, trying again. Thanks
<jamespage> anything since then - we don't have in liberty at least
<herrkin> TJ-, hello, are you arround?
<herrkin> I have a problem with a program that has to execute like a service but as soon as I log out it exits
<herrkin> I need it to remain active, even at startup
<sarnold> why not write an upstart or systemd or whatever startup file for it?
<patdk-wk> sounds like work
<herrkin> sarnold, I am using pm2
<herrkin> I am not sure it is using the correct parameters
<herrkin> it created 2 files for the startup.
<herrkin> I can share it here
<herrkin> it created a file in /etc/initd called pm2-init.sh
<herrkin> so I can do sudo service pm2-init.sh start and it works
<herrkin> the thing is it wont start up with the system
<sarnold> aha, great, then you've got the thing to start from :)
<sarnold> what error messages do you get?
<herrkin> I cant see errors, there are no error logs
<herrkin> then if I log with my user and do pm2 start it starts like it wasnt online (it wasnt) if I log out from ssh the app stops
<herrkin> if I log back again I have to do a start again..
<herrkin> crazy
<sarnold> use 'service pm2 start' instead
<herrkin> its the same
<herrkin> I just tried
<herrkin> it behaves the same
<herrkin> the pm2-init.sh file has a variable called user which I populate the name of my user.
<sarnold> aha; do you get any messages logged to syslog?
<sarnold> can you pastebin the pm2-init.sh?
<herrkin> how do I see the syslog? sorry for the ignorance
<herrkin> please remind me of the termbin expresion, its easier that way
<sarnold> re: syslog, that's "less /var/log/syslog"
<sarnold> herrkin: pastebin refers to sites like http://paste.ubuntu.com/
<sarnold> herrkin: you can use the "pastebinit" program from the "pastebinit" package to easily submit files and terminal output to pastebin sites
<herrkin> ok hold on a sec
<herrkin> this is my syslog
<herrkin> http://termbin.com/s3w9
<herrkin> there seem to be nothing from pm2
<sarnold> how about grep -r pm2 /var/log --- does that show where it is logging?
<herrkin> this is my pm2-init.sh file
<herrkin> http://termbin.com/kx3v
<herrkin> I have a log file in my home folder
<herrkin> ~/.pm2/pm2.log
<herrkin> it doesnt show any errors, nothing
<herrkin> like it didnt execute
<herrkin> I think I am seeing the error.
<herrkin> it says permission denied to my home directory
<herrkin> this command you gave me last shows some errors in /var/log/boot.log
<herrkin> error: connect EACCESS /home/saecosoft/.pm2/rpc.sock
<sarnold> herrkin: try ls -l /home/saecosoft/.pm2 /home/saecosoft/.pm2/rpc.sock
<herrkin> what does it do?
<herrkin> I am also seeing that even when I say in pm2-init to use saecosoft user it uses root anyway
<herrkin> so that may be the problem
<herrkin> I probably need to reinstall pm2
<herrkin> delete all the .pm2 folders including /root/.pm2 just in case
<herrkin> sarnold, look
<herrkin> http://termbin.com/cmcf
<sarnold> nice
<herrkin> it didnt
<herrkin> it says starting but it wont start
<herrkin> no errors
<sarnold> but i'd expect to see an entry for starting the service just after the reboot command :/
<herrkin> yes it doesnt show anything else
<herrkin> I have to make it start manually
<herrkin> its crazy
<herrkin> lol its driving me crazy
<herrkin> it stops as soon as I log out, it doesnt matter if I am root or sudo or normal user
<sarnold> herrkin: what happens with 'update-rc.d pm2 enable' ?
<herrkin> or if I use service comand or pm2 directly
<herrkin> is that a command_
<herrkin> ??
<sarnold> yes
<herrkin> it says /etc/init.d/pm2 file doesnt exist
<herrkin> it should look for pm2-init.sh
<sarnold> okay, how about update-rc.d pm2-init enable /
<herrkin> I think
<sarnold> ?
<sarnold> yeah, I just wondered since the name field in the insserv headers said it provided pm2..
<herrkin> it is pm2-init.sh
<herrkin> it says removing startup liks
<herrkin> then it added them again
<sarnold> try another reboot, lets see if it tries to start the service at boot now
<herrkin> ok
<herrkin> no it didnt
<sarnold> :/
<herrkin> wait it keeps saying
<herrkin> EACCESS /home/saecosoft/.pm2/rpc.sock
<herrkin> ok I am going to try something different
<herrkin> hang on a sec
<herrkin> I reinstalled pm2 as root and it worked but the list was errored
<herrkin> weird
<herrkin> it didnt look for /home/user/.pm2
<herrkin> instead /root/.pm2
<herrkin> then it started but the list had an error
<applepi> Hi all.  Is there any reason that an ubuntu server 14.04.02 installation with a relatively default setup to be ARPing the subnet it's on?
<i-make-robots> hello, all.  I have a live site on one domain and a test site on another.  When my test site sends emails they get caught by dmarc spam filtering (the test server says "from me@livesite.com" but the server is testsite.com).  How would you fix this so that I could see the emails being sent?
<i-make-robots> i really don't want to mess with the tested configs.  Can I change the mail server somehow?
<applepi> I have an Ubuntu VM running on a windows PC; the IP of the PC ARP'd the subnet it was on last night in the middle of the night, but I can't work out what might have happened
<applepi> Trying to rule out anything malicious.
<i-make-robots> ARP'd?
<applepi> Making ARP requests for every IP on the subnet from 0-255
<i-make-robots> oops
<i-make-robots> no idea
<sarnold> applepi: iirc windows does some duplicate address detection; I don't know how it chooses to implement it though
<applepi> Hmm
<herrkin> sarnold, using it with the user root seems to work but there seems to be an internal error
<herrkin> the boot says to show more type show id
<sarnold> herrkin: oh, hooray, progress. I hope it's alright to run the thing as root..
<herrkin> for now it is
<herrkin> but there is another problem
<herrkin> the child app doesnt start
<herrkin> it says errored
<herrkin> if I restart the process manually via pm2 restart all it starts
<heysomeone> hello
<heysomeone> total beginner here
<heysomeone> I installed an ubuntu-server on a virtual machine
<heysomeone> and I can login with it via ssh totally fine
<heysomeone> but when I try to open it on the browser, it refuses the connection
<sarnold> did you install a web server on the machine? is it configured to listen to the ip address you used? if you used a cloud provider like amazon, did you configure the security groups to allow port 80 traffic too?
<heysomeone> um, don't know. I did install a LAMP server
<heysomeone> but I didn't configure anything with port80
<sarnold> alright, check sudo netstat -nltp and look for programs listening to port 80
<heysomeone> in my vm?
<heysomeone> http://pastebin.com/DtpdGbMx
<sarnold> alright, looks like there's no running webserver; do you prefer apache or nginx or something else?
<heysomeone> wait, I want a lamp
<heysomeone> apache mysql and phph
<heysomeone> alright
<heysomeone> okay
<heysomeone> That's all
<sarnold> okay, apt-get install apache2 -- then decide if you want libapache2-mod-php5 or php5-fpm or something else to execute your php -- then install the mysql-server-5.5 or mysql-server-5.6 for whatever version is uspported on your distro
<heysomeone> sudo apt-get install lamp-server^ did the work
<sarnold> hooray
<heysomeone> thanks a lot for your help!
<sarnold> have fun :)
<heysomeone> oh well
<heysomeone> now I downloaded moodle to check if it runs
<heysomeone> how do I get to the install.php?
<heysomeone> or how do I install it?
<sarnold> heysomeone: check /usr/share/doc/moodle/README.Debian, it gives some overview
<heysomeone> thanks!
<boze> I'm using siege to test a server and I get a buffer overflow. In one of the issue que's it says to make sure your server's thread pool can accommodate the number of users I scheduled. How can I check my servers thread pool?
<smartass> hi, what is the recommended way to set up cgroups in 14.04.3? cgroup-bin seems to be in some kind of limbo state...
<i-make-robots> When my test site sends emails they get caught by dmarc spam filtering (the test server says "from me@livesite.com" but the server is testsite.com).  How would you fix this so that I could see the emails being sent?
<i-make-robots> i *think* I can call livesite from testsite and say "please send my mail for me", but I don't know how to do that.
<patdk-wk> heh?
<patdk-wk> dmarc is a self imposed *issue*
<patdk-wk> dmarc is not activated unless you ASK for it
<patdk-wk> dmarc is not spam filtering
<acro458> Hello, Linux newbie. I am trying to use curl to get the text from a device's webpage. I get a 503 service unavailable error. Where do I begin?
<dannf> hallyn: thx for the upload!
<hallyn> yw :)
<urthmover> what would keep the ip addresses of my interfaces from showing up on the ssh banner?
<sarnold> it's probably a bad idea to show the ip address in the banner; thanks to port forwarding, NAT, proxies, the IP address that receives the connection may not be the IP address that the client addressed; and it might not be polite (or be useful) to print the IP address in the banner
<urthmover> sarnold: maybe I misued the term banner.  When I ssh into a fresh ubuntu server I'm faced with the Welcome screen....some servers show the ip address for each interface...other servers do not show ip addresses at all
<sarnold> ah :)
<sarnold> motd
<patdk-wk> or whatever that auto update motd package is called
<sarnold> urthmover: look into the update-motd manpage
<sarnold> aha, in the update-motd package, convenient enough
<urthmover> sarnold: ok I'll look there thank you
<DalekSec> sarnold: You won't like my solution (nor do I, been considering it past couple months), but ended up just installing a newer libssl on trusty to fix the incompatibility.  It's not a new SONAME, so shouldn't (and hasn't) caused any issues at least.
<sarnold> DalekSec: ooof. indeed, that's not ideal. :)
<DalekSec> In no means, but Xenial should be out soon enough and I can track libssl easily enough for a couple months.  I did notice Debian uploaded a new one, with a new SONAME too.
#ubuntu-server 2015-11-04
<teward> is it usual for a postfix server that basically acts as a 'forwarder relay' (i.e. address1@domain.net is emailed, postfix forwards it to myaddress@otherdomain.net) to get its messages flagged as 'spam' or 'Suspicious' by Google?  (mail server is mailserver.yetanotherdomain.xyz, if it matters)
<Logos01> Howdy, folks. I've a bit of a mixed environment here; I'm trying to set up centralized authentication using sssd/krb against my company's AD servers.
<Logos01> My configuration works perfectly on rhel/centos but on the ubuntu 14.04 box I'm working on, I can't seem to successfully authenticate as any domain users.
<Logos01> The accounts get created; I can su - ${domain_user} -c "kinit" all day long.
<Logos01> But what I *can't* do is sudo -l w/ password enabled or ssh into the user account; those sorts of things.  What am I missing?
<maddawg2> logos do you have it set to allow AD users to login
<maddawg2> i cant remember exactly where that is but there's a setting the allow them to login locally
<maddawg2> let me see if my work machine is on
<Logos01> maddawg2: I do have it set to allow AD users to login.
<Logos01> maddawg2: It's the same configuration I'm using on CentOS/RHEL and it works perfectly there.
<Logos01> Here, I cannot successfully perform any transactions which require the passwords from the domain users.
<maddawg2> kinit testuser@DOMAIN.COM
<Logos01> Works perfeclty.
<maddawg2> hmmm
<maddawg2> strange
<Logos01> It's only when I do password transactions through PAM that it's failing.
<Logos01> I've turned up sss_debuglevel to see if something stands out...
<Logos01> I've noticed "[get_and_save_tgt] (0x0100): TGT validation is disabled." which seems suspicious
<maddawg2> have you checed the DC logs?
<maddawg2> to see if anything is erroring there
<maddawg2> or if it'll log invalid attempts of sorts
<Logos01> maddawg2: Oh, I know, but I don't have access to those.
<maddawg2> oh
<maddawg2> well those might be more helpful
<Logos01> ... now this is interesting, considering I have caching disabled:
<Logos01> [sss_krb5_check_ccache_princ] (0x0020): krb5_cc_get_principal failed.
<Logos01> Reporting in with success: The problem was the sssd binary version.
<Logos01> Ubuntu 14.04 ships with 1.11.x; el7 has 1.12.x
<Logos01> Thankfully there is a PPA ( https://launchpad.net/~sssd/+archive/ubuntu/updates ) -- associated fairly decently with reputable sources.
<Logos01> Correction: I can authenticate as one user. The user that joined the server to the domain.
<Logos01> Huh. I managed to somehow only upgrade one part of the sssd suite.
<jonah> hi can anyone please help. I've been tryiing to configure my server for a week or so and in the end got a bit fed up and ordered a static ip from my ISP. The server is working well and it was working before I got the static IP - but I wanted to add virtual hosts and use my own nameservers so I could have other domains resolve to it. Could any body please help me to put my new static IP in there correctly? I have webmin installed too
<jonah> my router gives my server the ip 192.168.0.100
<jonah> I have NOIP.com working so my main domain loads up a page from my server
<jonah> but I can't get any other domains to work which is why I thought I'd best order a static IP
<adun153> I dont have a lot of time, but MIGHT be able to give you some tips. What exactly do you need?
<adun153> How to configure static IPs?
<adun153> jonah
<jonah> adun153: thanks - well i have the static ip but it's just getting my server to use it correclty and set up nameservers...
<adun153> jonah: What type of router do you have?
<jonah> adun153: i don't want to put the static in the wrong place and overwrite the current local network settings as my router gives my server it's local ip - but i want to use my isp static ip for the outside and for nameservers
<jonah> adun153: i have an asus ac68u
<jonah> adun153: but that is already working well and i can access my server on 198.168.0.100 and internet works etc
<adun153> also, #networking might be able to help as well, as this is mostly a networking issue.
<jonah> adun153: but if you look at my domain dns check http://intodns.com/hostingyorkshire.com
<adun153> Ah, a home/office router.
<jonah> adun153: it says my nameserves aren't set right - yeah office router
<adun153> You need to configure your router's WAN interface to use the static IP.
<jonah> adun153: even though it gets it ok dynamically at the moment?
<adun153> Yes.
<jonah> adun153: ok thanks
<adun153> I'm assuming that the static IP and the current DHCP'ed IP are in the same network?
<adun153> Should be
<jonah> adun153: yes
<adun153> So yep, what I said, you need to do that.
<adun153> Of course, your nameserver(s) are behind the router, configure the router to port forward incoming port 53 TCP and UDP to your nameservers on your internal network.
<jonah> adun153: ok so i'm in the router admin and can change it from automatic to static ip but then there are three boxes to fill in. ip address, subnet mask and default gateway!
<adun153> You dont' need ns2.hostingyorkshire.com. as well, since you only have one IP address and nameserver anyway.
<adun153> Just obtain the subnet mask and default gateway values from the DHCP'ed address.
<jonah> adun153: i just added the second one due to my domain registrar requiring two nameservers
<adun153> I see. No need to, then
<jonah> adun153: is there a linux command to grab those subnet mask and default gateway values? and then I guess i just put the first option of IP address as my static one? or is that the router default gateway?
<adun153> Yes, the IP address is the static address
<adun153> you can't see the subnet mask and gateway from the router's web interface? That should be viewable
<adun153> And no, there is no command you can run from your server/desktop/laptop to check, as the NATting is transparent to your computer
<adun153> only the router can really "see" the outside network.
<jonah> adun153: it won't let me set the default gateway... it says i can't use the IP - not sure how to find my default gateway...
<adun153> jonah: Is there really no "screen" where you can see what IP address and network settings your router uses when it uses DHCP?
<jonah> adun153: the front router screen gives me the default gateway as the same as my static ip but when i put that in on connection settings it says they can't be the same... are you sure i need to set this up manually as the router is grabbing the static ip etc ok, i just need it to work on the server?
<adun153> The default gateway and the static IP CANNOT be the same address.
<adun153> The default gateway is a router managed by your ISP.
<adun153> The static IP should be your router's address. That address should be on the same network as the default gateway.
<adun153> If when your router uses DHCP, and uses your "static IP address" as the default gateway, then clearly, your ISP gave you a wrong address to use for your static IP.
<jonah> adun153: hi sorry i totally lost my internet and had to go back to automatic ip setting on the router!
<adun153> jonah: I see
<adun153> You should probably contact your ISP
<adun153> Tell them that the Static IP they gave you is your network's gateway.
<jonah> adun153: thanks will do
<Danny2> Hey guys, question: I have a server and I have just added a new IP to it (was provided it from my host), it is binded to eth0:0, and I have a git server on my other IP, now the new ip goes to my git server for some reason, so I was wondering how would I go about setting making apache listen to that IP
<Danny2> ^ the server I use runs Ubuntu 14.04
<Danny2> ?
<hateball> Danny2: you configure that in the settings for the website in question
<Danny2> hateball: what do you mean?
<hateball> Danny2: the virtualhost section
<hateball> Danny2: see https://httpd.apache.org/docs/2.2/vhosts/examples.html
<Danny2> but my git server is nginx, and I want to then have apache running my website?
<hateball> you were the one talking about apache
<Danny2> yeah I am, I have nginx running the git server on the main IP, and I want the apache server running on the new IP?
<hateball> I am not sure if you are asking if you want to, or if you're asking how to
<Danny2> I am asking how to
<hateball> Yes, so you edit the config for your websites, under /etc/apache/, as per your liking
<hateball> replace *:80 with your.ip.here:80 or whatever you like
<Danny2> hateball: see this is not in my apache2.conf file? I can't find it at all
<hateball> Danny2: No, the config for your website. Is this just a default install of apache?
<Danny2> hateball: errr yeah it is? I just installed it and then I have a www folder to but stuff in?
<Danny2> put stuff*
<hateball> Danny2: Well the config for the website is in /etc/apache/sites-available/ or sites-enabled
<hateball> most likely called 000-default or some such
<Danny2> hateball: I have 2? 000-default.conf and default-ssl.conf
<hateball> So... you edit that, and reload apache, and it should bind to the desired interface
<hateball> Danny2: Yes, are you using SSL?
<hateball> Then you will need to edit them both
<Danny2> Maybe? I am not sure, it was a while ago I added apache2
<Danny2> but I shall edit both
<hateball> Well, you're unlikely to have setup SSL with a fair bit of crying so it would have left scars that you'd remember
<hateball> Without, that is
<Danny2> hateball: I just remember having to mess with it a lot, but I get this error:  * Restarting web server apache2                                                (98)Address already in use: AH00072: make_sock: could not bind to address [::]:80 (98)Address already in use: AH00072: make_sock: could not bind to address 0.0.0.0:80 no listening sockets available, shutting down
<hateball> Danny2: yes, most likely because nginx is already binding to *:80 as well
<Danny2> Oh, so err, how do I do that?
<hateball> Well you'd need to tell nginx to use a dedicated interface, and apache another
<hateball> I don't remember nginx config offhand, I am afraid
<Danny2> hateball: I.. err.. how do I do that?
<Danny2> Oh hmm
<Danny2> tbh when I installed git, it was a pain getting it to work...
<Danny2> Okay so my next question, is anyone good with setting up virtual hosts using nginx?
<Michael_p> hi
<locodir-user> when I execute "service xinetd restart", there was no message
<locodir-user> I want see message "OK" or "FAIL" something like that
<locodir-user> How to resolve it ?
<Dulcin> Hi, I'm wondering, if I run 'hostname -f' it returns 'localhost' instead of the FQDN
<Dulcin> Where did I go wrong?
<asac> any idea where i can find the package manifests for:
<asac> * vanilla Ubuntu server as installed with D-I or other installers * Ubuntu images on the cloud (its not "Ubuntu Cloud" its just "Ubuntu
<asac> Server") * LXD images * Ubuntu installed by MAAS
<asac> ?
<asac> smoser: ?
<ogra_> asac, the first one is in the seeds branch
<ogra_> asac, bzr branch lp:~ubuntu-core-dev/ubuntu-seeds/ubuntu.xenial/
<ogra_> no idea about the latter two though
<asac> ogra_: do you highlight my nick :) ... or do you read all channels you join all the time? :)
<asac> ogra_: the manifest is in the seeds branch? thought would guess the seed does not include all the implicit dependencies
<ogra_> i skim over the channels with activity while waiting for tasks to finish (launchpad in this case) ;)
<ogra_> asac, the seed is indeed the input and doesnt show all deps, for that you can use the cdimage manifest file
<ogra_> or run germinate manually to generate a table with deps
<asac> right. looking for the real exploded manifests
<asac> so i can diff them :)
<ogra_> asac, so beyond cdimage there is http://people.canonical.com/~ubuntu-archive/germinate-output/ubuntu.xenial/
<ogra_> http://people.canonical.com/~ubuntu-archive/germinate-output/ubuntu.xenial/server is the base
<ogra_> http://cdimage.ubuntu.com/ubuntu-server/daily/current/ has the image manifests
<ogra_> the .manifest file has the actual rootfs contents for a basic server, the .list files show whats in the archive pool on the CD for additional tasks you can install
<asac> ogra_: ack... so the manifest is exactly what you get when you dont select more tasks?
<ogra_> asac, right
<placeed> Hi all, I have a keystone problem in openstack on my ubuntu server. Someone can help me ?
<placeed> Sometime, it stay blocked on /auth/tokens?
<placeed> no result
<smoser> ogra_, i'm pretty sure that manifest is not what you get "by default"
<smoser> but ratherw what is on the cd.
<smoser> asac, ^
<ogra_> smoser, manifest is what the squashfs contains, the squashfs content becomes your rootfs during install
<smoser> the cloud images have manifests next to them.
<ogra_> if you dont select anything in tasksel that is all you get
<ogra_> if you use tasksel to pick additional tasks the archive pool on the CD is used to install it
<smoser> ogra_, thats clearly not 100% true
<smoser> theres no 'linux-image' in that list
<ogra_> i'm pretty sure it is
<smoser> or grub
<ogra_> no, thats d-i's job
<smoser> well, thats what asac is after.
<smoser> what gets installed
<ogra_> bootloader and kernel are not part of the rootfs
<ogra_> as i understand from the mail discussion he referred to above he is after plain rootfs content
<smoser> i dont knwo.
<smoser> i didnt see  mailing list discussion.
<ogra_> on snappy-devel
<smoser> asac, for maas images, we dont have a manifest, but we could for sure provide one of what is in the -root.gz image.
<smoser> https://docs.google.com/document/d/1w5EeGNXKhSrnJJ5JvXD3axiv5sGLBhEC_v1KVyba3Rg/edit#
<smoser> has information on what is different. maas images are cloud image + a hardware kernel installed.
<smoser> but similar to the iso manifest if you actually do an install, other hpackages might be added (like lvm or things of that nature)
<ogra_> yeah, that wont help with snappy :)
<smoser> you have link ?
<smoser> to the discussion?
<ogra_> https://lists.ubuntu.com/archives/snappy-devel/2015-November/001193.html
<ogra_> smoser, mark wants full unification between all images it seems
<ogra_> so first we need to find all the differences in a default install :) thats what asac does atm i guess
<smoser> ogra_, yeah.  i've seen this before.
<smoser> very much, differences amoungst them all (server iso install, "maas image", cloud image) all can be considered "hardware enablement".
<smoser> the changes are few. i've had problems showing that clearly in the past.
<ogra_> well, i'm not sure i want a server install to drive my drone
<ogra_> what i'm 100% sure about is that i dont want 2minute long boots with 50sec cloud-init doing nothing on an embedded device
<asac> smoser: ogra_: right. i am afer the list of things that end up being installed
<asac> i guess
<asac> well, also interesting to see the list of what is int he downloadable image
<asac> because at best we would like to have ONE and only ONE
<asac> across all headless/smallish variants
<asac> smoser: you hasd problems showing the differences in the past?
<ogra_> asac, yeah, that wont happen
<ogra_> we can probably get down to a "most common denominator" that all of us use as base
<asac> so what i think would be lovely is if we could consolidate everything to start off with a single unified image
<asac> then idf there is need to add stuff for the various variants, that could be done in a clearllyh defined second step
<ogra_> which tehoretically was always supposed to be "ubuntu-minimal"
<smoser> asac, i've had problems describing differences.
<smoser> running 'dpkg-query --show' and comparing output from amd64+uefi+lvm to amd64+mbr to arm64+uboot to lxd just is not useful.
<urthmover> I have created 4 servers using 14.04.  Each server has two nic's statically assigned (one nic for public and the other for private). 3 of the 4 can ping eachother and one cannot ping the other three.  The other nic on each server is pingable to/from all 4 servers.  Will someone take a moment to help me triage this.  route -n on each server is identical.  The static ip assignments on the problematic server looks accurate
<urthmover> http://hastebin.com/usotarajob.hs
<teward> urthmover: suggestion: stick to one channel, and have patience, don't crosspost.
<urthmover> teward: do you think that my issue is better suited for server or vanilla ubuntu?
<urthmover> teward: Do you think there is a udev issue?  udev seems strange in 14.04
<teward> why would you assume it's a udev issue?  I don't see anything here that suggests udev is at fault.  I believe that this is better suited for *this* channel
<teward> since you're working with server installations and such
<teward> have patience for someone who can help out to come along :)
<urthmover> teward: I'm trying not to assume anything.  In the past I had strange network issues when udev was involved...that's why I brought it up
 * urthmover kicking back
<TJ-> urthmover: shame hastebin require google Javascript to show the content
<urthmover> teward: do you think I provided enough information at this point?
<teward> urthmover: I think you should first consider using our pastebin instead.  paste.ubuntu.com
<urthmover> TJ-: hmm which past service do you like to use?  I'll gladly use something else
<teward> and then have patience, TJ- might be able to help though
 * teward goes back to kicking nginx code
<urthmover> TJ-: http://pastebin.com/LSwMAaxV
<TJ-> urthmover: I dunno! I just get sick of a simple text paste requiring javascript to display anything, especially when there's also obvious activity tracking as a side-effect. http:/paste.ubuntu.com is well-behaved I think :)
<TJ-> urthmover: The first thing I'd do is on the server you're pinging, run "tcpdump -ni eth1 icmp" and check if it receives the pings, and if it sends replies. Then I'd look at the firewall rules on both.
<urthmover> TJ-: good suggestion...trying that now...in the meantime I've included an updated pastebin with another server that can ping istack2 http://pastebin.com/4JDzny6p
<urthmover> I'm having trouble pinging 10.43.201.0/24 out of istack1.  So I believe that I should be running "tcpdump -ni eth0 icmp" ?
<TJ-> urthmover: are these servers all connected to the same switch/VLAN ?
<urthmover> TJ-: yes
<TJ-> urthmover: there is no such address as 10.43.201.0/24
<urthmover> TJ-: that is true.  I am pinging 10.43.201.12
<TJ-> urthmover: can istack1 "ping -nc 5 4.4.4.4" ?
<urthmover> I get no output using 'sudo tcpdump -ni eth0 icmp' on istack1
<TJ-> urthmover: no, you'd run it on the *target* server, and set the '-i eth0' to be the LAN interface
<TJ-> urthmover: and 4.4.4.4 is dud! use 8.8.8.8
<urthmover> TJ-: ah ok...tcpdump is a capture tool...thanks for the suggestion...trying tcpdump on istack2 and then pinging from istack1 again
<urthmover> TJ-: yeah I got nothing on 4.4.4.4 (I haven't tried that ip is quite a while :))
<TJ-> urthmover: more importantly, can istack1 "ping -nc 5 8.8.8.8" ?
<urthmover> istack1 CAN ping 8.8.8.8  so it's public nic is working....I'm also ssh'ing into it
<urthmover> TJ-: trying the tcpdump
<TJ-> urthmover: OK, so not got the ports mixed up :)
<RoyK> 8.8.8.8 and 8.8.4.4 work well
<TJ-> urthmover: if istack2 sees no packets: check istack1 with iptables. if sees ICMP but doesn't reply: check istack2 route/iptables. if istack2 replies check istack1 iptables
<urthmover> TJ-: tcpdump on istack2 is not picking up any icmp packets arriving from istack1 when I ping it from istack1.  istack2 DOES capture icmp when I ping istack2 from istack3 though...so I know tcpdump is working
<urthmover> TJ-: ok I'll start tcpdump on istack1 and ping it from istack2
<TJ-> urthmover: right, so iptables on istack1. And also check the NIC itself is active/alive
<urthmover> istack1 shows no captured packets when I ping it from istack2
<urthmover> TJ-: so packets do not appear to be arriving either way between istack1 and istack2
<TJ-> urthmover: any firewall rules/policy set on istack1 ?
<urthmover> TJ-: packets do arrive between istack2 and istack3  so this points to an issue solely on istack1  possibly
<TJ-> urthmover: yes, I concur. istack1 is/has the problem.
<urthmover> TJ-: when I disable ufw on istack1 , I am not capturing any incoming icmp packets from istack2
<urthmover> TJ-: I just double checked that I AM on the same portgroup vlan as istack2
<urthmover> TJ-: although I am not opposed to rebuilding istack1 from a default 14.04 install, I just did yesterday wanting to start with a fresh build today
<TJ-> urthmover: ignore UFW! use "sudo iptables -nvL" and check the default table policies even if there are no specific rules
<urthmover> TJ-: pm
<urthmover> TJ-: trying sudo iptables -nvL
<TJ-> urthmover: I have PMs disabled :)
<urthmover> TJ-: heh ok...well I was hoping to send to login creds
<teward> urthmover: Security 101: Don't give people you don't personally know or trust logon credentials
<teward> ever
<urthmover> teward: this is an isolated environment on a server network that I'm willing to burn down
<urthmover> teward: usually I would agree but this is a special case
<TJ-> urthmover: as istack2 wasn't seeing anything inbound, you'd have to assume any istack1 netfilters rule would be on the OUTPUT table
<urthmover> TJ-: http://pastebin.com/KATMe7Am
<TJ-> urthmover: nothing there; but the packet counters are indicating some traffic
<urthmover> TJ-: http://pastebin.com/bEiQbcPU
<urthmover> TJ-: wtf now I can ping istack1 from istack2
<TJ-> which system were those 2 pastes from?
<urthmover> TJ-: oddly only in one direction are packets flowing istack2 -> istack1
<urthmover> TJ-: same system...first paste was with ufw disabled second paste was with ufw enabled
<urthmover> TJ-: whoops I'm wrong.  so sorry
<urthmover> TJ-: I was pinging itself because I moved my panes around
<urthmover> no ping either way istack1 <-> istack 2
<TJ-> urthmover: I suspect the hardware
<urthmover> TJ-: I have begun continuous pings from istack1 -> istack2 and tcpdump  on each eserver pointing at eachother
<TJ-> urthmover: can you port-mirror istack1 LAN port on the switch to another system and check if istack1 is sending anything?
<urthmover> TJ-: ok I think you are right...but I wanted to exhaust everything possible.  The strange part is that I have 2 otherdev servers using the exact same vlans, same os, similar static networks...
<urthmover> TJ-: unfortunately I don't have any visibility on the switching layer.  This is a partially hosted environment.  All I get to do is specify the vlan that each nic uses :(
<TJ-> urthmover: find out what the NIC chipset is; maybe use ethtool to check it isn't in a power-save state
<urthmover> TJ-: I'm using the paravirtualized driver for all the servers called vmxnet3  when I compare ethtool between the istack2,3,4 and istack1 they are the same
<TJ-> urthmover: OH! these are all VM guests?
<urthmover> TJ-: yes....do you have any others thoughts about things I can check?
<urthmover> TJ-: esx 5.5
<TJ-> urthmover: For some reason I thought you said / indicated they were bare-metal. In which case check the hypervisor network config!
<TJ-> urthmover: I bet the LAN interface hasn't been connected to the LAN/VLAN bridge
<urthmover> TJ-: I have limited access to that ....it's a bastardized power user into vcenter.  the hypervisor shows link up on that vlan.
<urthmover> TJ-: I like your thinking with that....I have confirmed that it is link UP on that vlan
<TJ-> urthmover: well there doesn't seem much else you can do without control of the 'physical' layer
<teward> urthmover: diagnosing is going to be tricky if you don't have 'root' on the Vmware ESXi hypervisor - I'd check with the sysadmin that does have access to that to check the network stuff
<urthmover> TJ-: holy sh*t......so I built another server istack5  and it CAN ping 10.43.201.11 but cannot ping 10.43.201.12,13,14  do you think there is some strange switching problems going on behind the scenes?
<TJ-> ^^hardware a.k.a hypervisor
<urthmover> TJ-: ok thank you I'll reach out to the network team in charge of that environment.  Thanks for all your help
<urthmover> network issues are so frusterating when you are blind
<teward> TJ-: blah, i forgot hardware and hypervisor aren't equated to each other :)
 * teward beats his head against the dictionary of tech jargon
<TJ-> urthmover: makes me think someone changed the port association.  I wouldn't be surprised if you could ping istack1's LAN port from istack2's WAN port - with suitable changes to istack2's route table
<urthmover> TJ-: trying that now
<urthmover> TJ-: what would the route add statement look like?  route add 10.43.201.0/24 eth0 ?
<urthmover> TJ-: googling syntax  don't bother yourself please
<TJ-> urthmover: something like "ip route add 10.43.201.12/32 dev eth0" - use istack1's LAN IP and the correct (WAN) interface name,
<sarnold> iproute2 packages finally have documentation these days, check out the ip-route manpage
<urthmover> TJ-: I CAN ping 10.43.201.11 from istack2 when I added this route on istack 2 'ip route add 10.43.201.0/255.255.255.0 dev eth0'
 * urthmover shakes head
<urthmover> TJ-: so do you mind explaining more what you think is going on here so that I can relay this more specifically to the network team?
<TJ-> urthmover: OK, and .11 is istack1 is it?
<urthmover> yes 10.43.201.11 = istack1
<TJ-> urthmover: like I said earlier; the port is connected to the wrong bridge, it's on the WAN bridge, not the LAN
<urthmover> TJ-: ok thank you I'll explain our findings to them
<bmullan_> @sarnold - I've found this iproute2 cheat sheet really useful... http://baturin.org/docs/iproute2/
<TJ-> you're now routing from the WAN side of istack2 to the LAN side of istack2
<TJ-> you're now routing from the WAN side of istack2 to the LAN side of istack1
<urthmover> TJ-: right
<urthmover> out eth0 (public) on istack2 into eth1 (private) on istack1
<TJ-> urthmover: which imples istack1 LAN and WAN are on the same bridge; I assume that new instance you spun up is likewise, which was why it could ping istack1
<urthmover> TJ-: ok
<TJ-> urthmover: "arp -n" on them all might make it a bit clearer
<urthmover> TJ-:  good suggestion I'll do that and include my findings
<sarnold> bmullan_: looks great, thanks :)
<wehde> has any here migrated m$ AD to openldap or apacheds?
<hallyn> jdstrand: jjohansen: 'network ipv6' is a valid apparmor rule all the way back to trusty?
<hallyn> (is there a table somewhere that shows what is valid where?)
<sarnold> hallyn: "network inet6," -- and it does work in trusty
<sarnold> hallyn: it should be the case that all AF_.... works with the AF_ stripped off and lower-cased
<hallyn> sarnold: ok, thx.
<urthmover> is there a way to clear the whole arp cache in one command?
<urthmover> arp -d * ?
<PryMar56> I have a vivid server (no X11). Any suggestions for a font list which is good enough to run kvm/qemu?
<PryMar56> or geany editor?
<PryMar56> I have only 1 freetype font now
<sarnold> how do fonts figure into things?
<sarnold> fwiw I quite like the terminus font
<PryMar56> sarnold, I still forward X, so some fonts are needed.. I know it seems strange
<sarnold> oh!
<sarnold> and you forward .. the qemu display or omsething? rathre than ssh to that guest?
<PryMar56> sarnold, yes
<Lord255> hello.
<Lord255> i have followed this tutorial: https://www.howtoforge.com/virtual-users-and-domains-with-postfix-courier-mysql-and-squirrelmail-ubuntu-14.04-lts
<PryMar56> I have ubuntu desktop to mine a font list from, or I would do that
<PryMar56> ^^ no desktop
<Lord255> but when i try to login to squirellmail i got an imap error and in the mail.log i can see that it says no such file or directory
<Lord255> i saw many comments about this on the net but i dont know how to fix :\
<kriskropd_> Does anyone here use rssh? I set up a user with -s /usr/bin/rssh and they are blocked from logging in to a shell,b tu when I try to sftp I receive exit code 1 and when I try to scp a single file from /tmp I receive the "This account is restricted by rssh." response
<kriskropd_> s/b tu/but/
<jonah> Hi in the end I just got fed up with trying to get the dynamic IP working with webmin/virtualmin on my Ubuntu Server 14.04.3 - so I've now managed to get a static IP from my ISP. I just wondered if anyone knows what I need to change in webmin/virtual min to get this working? My domain currently isn't resolving with the nameservers I've tried to create: http://intodns.com/hostingyorkshire.com
<jonah> the domain did work with the dynamic IP before, but I was using NOIP.com nameservers and their dynamic dns service. Since trying to add my own nameservers myself I can't get it to work!
<jonah> any help really appreciated. Thanks
<kriskropd_> to my issue with rssh - never mind - it was easily remidied by modifying the rssh.conf
<TJ-> jonah: it looks like the authoritative name servers for the domain aren't registered
<jonah> TJ-: thanks TJ, I don't suppose you'd know how I get them setup or you could check my settings sound ok for me?
<jonah> TJ-: i spoke to you last week I think and you helped me back then as my printer wasn't working on the server - at that point the domain was resolving on the dynamic IP but it seems there is always something wrong with my settings!!
<TJ-> jonah: check with your domain registrar. your domain lists {ns1,ns2}.hostingyorkshire.com as the name servers, but those won't resolve because the registrar doesn't have their IP addresses configured.
<jonah> TJ-: ah I see thank you I will ask them!
<TJ-> jonah: when the same domain hosts its own authoritative nameservers, you/the registrar has to ensure the IP addresses of those hosts are independently entered in the TLD operators' DNS
<TJ-> jonah: usually those are hosted on a different domain/server especially if you only have a single server instance for the domain
<jonah> TJ-: thanks - is there a way I can update them or do you have to be a registrar to have access to that?
<TJ-> jonah: most registrars have a facility in their domain management tools to do it
<jonah> TJ-: thanks I can't find a tool in their control panel but I've submitted a support ticket so hopefully they'll get it sorted for me soon. really appreciate you helping me out. thanks
<acro458> i have :  grep -o -P '(?<=5490val">).*(?=<span)' output.txt            This gives me:   100</span>              NOW HOW TO GET RID OF </span>
<TJ-> acro458: please stop spamming multiple channels with the same question. Stick to ##linux
<sarnold> can you use a real html or sgml parser instead? parsing html with regex is a pain that's bound to lean to more pain.
<acro458> can you recommend one?
<sarnold> acro458: off this list https://en.wikipedia.org/wiki/Comparison_of_HTML_parsers  i
<sarnold> acro458: i've heard good things about beautiful soup, html::parser, and nokogiri
<sarnold> acro458: libxml2 seems to get a lot of use for xml, but i don't hear about it doing html often. it might still be good..
<kriskropd_> acro458: I don't personally know of any good xml parsers - nearly all of them ar epicky about headers and will ignore any html parsing you give it - if you only need to parse html in batch only one time and are comfortable with regex, I suggest using awk - it's still terrible to use regex to parse html in the long run, but for quick, one-time jobs that's what I would do - after that I choose to use
<kriskropd_> python
<TJ-> In Python https://docs.python.org/2/library/xml.dom.minidom.html
<Semiarty> hello, so I am root on my server, but I get permission denied when trying to get into for example /etc/login.defs, what could I be doing wrong?
<sarnold> what does it mean to "get into" a file?
<Semiarty> well
<Semiarty> I guess not into a file then
<Semiarty> im trying to access that particular
<Semiarty> "section"
<Pici> Semiarty: how are you trying to access it?
<jonah> TJ-: hi sorry to bother you but support replied and said I've got port 53 closed which is why my nameservers aren't working... I've tried to port forward it on my router but it still doesn't work. Do I have to do something else for bind to pick it up?
<sarnold> be sure to forward both tcp and udp for port 53 if that's what you're doing
<jonah> sarnold: yes forwarded them on my router as BOTH
<jonah> sarnold: but I think I need BIND server to also listen on the port somehow?
<sarnold> bind does need to listen to whatever ports you forwarded to
<jonah> sarnold: trying to Google it but my named.conf file seems different due to using webmin, do you know how I can get it to listen to the port?
<TJ-> jonah: are you trying to host the domain at home, behind a NATing router?
<jonah> TJ-: yes that's right
<jonah> TJ-: tech support at my registrar just said to get port 53 unblocked as when they try ping it they can see that port it blocked...
<jonah> TJ-: now i've forwarded the port on my router but it still doesn't seem to be working
<jonah> TJ-: but i think i also need ot do something with BIND...
<jonah> I've just got to take the dog for a walk so hope to be back in a bit if you have any ideas. Thanks TJ! and Sarnold!
<TJ-> jonah: Yes, you'll need a named with a zone file that is SOA for the domain
<sarnold> yay happy dog walk time :)
<jonah> TJ-: well I have a master zone file
<sarnold> fwiw i'd be hesitant to host dns behind a NAT.. can you get a few cheap cloud instances somewhere?
<jonah> haha love to walk the dog!
<patdk-wk> what is *router*?
<patdk-wk> is it one of these home things?
<patdk-wk> a lot of those can't handle udp packets correctly
<tarpman> don't most registrars provide a nameserver or two? i'm surprised at needing to host a nameserver at home...
<patdk-wk> you did forward udp and tcp both right?
<jonah> patdk-wk: well it is a decent one. AC68U asus
<jonah> tarpman: it's just so I can pick up various domains with different providers and have them resolve back to my server on virtual hosts for different sites and cms stuff like owncloud etc
<jonah> ok dog is barking so i'm off for now thanks
<sarnold> teward: hey, we've been talking at our sprint about http2, we're not feeling like it's time to turn on http2 support just yet
<sarnold> teward: I know you were looking forward to turning it on for your next upload, but we'd really like it kept off for xenial. we can always sru it back to xenial after a few more releases has knocked out the worst of its issues
<jonah> ok back from the dog walk, was a good one!
<jonah> TJ-: any ideas how I can get this master zone listening on port 53?
<TJ-> jonah: just a regular bind config: configure zone files, test config, enable named service, start it
<jonah> TJ-: haha is that all
<jonah> TJ-: i have named.conf.default-zones named.conf.options and named.conf.local in my /etc/bind folder...
<TJ-> jonah: have you started the service? is it currently running?
<jonah> TJ-: when i do netstat -an | grep "LISTEN " i can see some port 53 stuff going on with LISTEN in red...
<TJ-> jonah: "sudo netstat -ulnp | grep 53"
<jonah> TJ-: 127.0.0.1:53   0.0.0.0:* LISTEN for example
<jonah> TJ-: http://pastebin.com/iduwEbVS
<TJ-> jonah: Haha! you've only got the daemon listening on localhost - it needs to listen on ALL interfaces to be accessible from the network
<jonah> TJ-: oh dear
<jonah> TJ-: how can i fix it?
<sarnold> find the listen or bind or whatever line in the configs and tell it to listen to 0.0.0.0 or whatever spceific address it should listen on
<TJ-> jonah: "sudo grep listen-on /etc/bind/*" might help
<jonah> sarnold: well I have various named.conf files I can edit in bind on webmin but just not sure which one I should add to and what I'm adding!
<sarnold> grep is your friend, it'll show the one that's currently configured :)
<jonah> sarnold: http://pastebin.com/iduwEbVS
<jonah> TJ-: http://pastebin.com/QGC49puf
<TJ-> OH! it IS listening on the other interfaces, named individually
<jonah> sarnold: sorry i meant the last paste i just sent TJ
<sarnold> eww, how is named and dnsmasq both listening on 192.168.122.1:53?? something's gonna hate that :)
<TJ-> how the heck are both dnsmasq and named on the same socket?
<jonah> TJ-: but there is no mention of my static IP that my nameserver uses which is  87.81.172.179
<jonah> sarnold: is that bad?
<sarnold> jonah: yeah; it's very nearly catastrophic for a dns server :)
<sarnold> dns servers probably shouldn't have dnsmasq anywhere nearby, nor avahi.
<TJ-> jonah: I really don't think you're equipped with the knowledge or skills to run your own DNS/servers; you're headed for disaster, possible compromise, at this rate
<sarnold> jonah: because you're port-forwarding, your NAT firewall will re-write the packets to actually be destined to whatever IP you configured in the forwarding..
<jonah> TJ-: that's bad! just trying to learn and thought webmin would be good as I'm used to cpanel
<sarnold> jonah: .. so you'd need to make sure that IP address is configured in bind
<sarnold> jonah: you'd do yourself a favor to stop using webmin and cpanel and the like
<TJ-> jonah: nothing to do with webmin; you are opening your PC up to public access and you don't have the knowledge to protect yourself right now
<sarnold> jonah: after brute-forced ssh passwords, cpanel and webmin and the like are the most likely source of being hacked. those things tend to be terrible.
<TJ-> Only if publicly exposed; which in this case it isn't (would need a port-forward rule)
<jonah> TJ-: gotta go for now but will check back tomorrow if i can. thanks!
<jonah> ok sorry guys just gotta go now. will be back!
<jonah> thanks
<TJ-> jonah: if you're running a local server with a web-server on, that's an expoit target
<Logos01> Is there any chance that anyone here has set up ejabberd w/ PAM authentication? I've got a curious case -- my PAM auth fails for local accounts but *NOT* for accounts provided by SSSD.
<TJ-> Logos01: what does auth.log report?
 * Logos01 is grabbing and anonymizing a relevant log snippet
<TJ-> Are you seeing "check pass; user unknown"
<Logos01> unix_chkpwd[XXXXX]: check pass; user unknown
<Logos01> Yes.
<TJ-> SNAP!
<TJ-> OK, check /etc/passwd to ensure the user existings, and is in /etc/shadow too.
<TJ-> Assuming the user IS there, check /etc/passwd to see if there is a duplicate entry using the same UID of that user
<Logos01> It is definitely the correct user, there is definitely no duplicate entry.
<Logos01> I even created a unique user specifically to rule that out.
<TJ-> OK, well, we've had a few reports of this recently, and I was hit by it today too - could log-in the GUI but the screenlock-greeter would report Access Denied, and it led to that in auth.log
<TJ-> In my case, it was a duplicate UID (I have 2 users with the same UID) and the /sbin/unix_chkpwd" tool was looking up the (first) username in /etc/passwd that matched the UID, THEN comparing that username with the one the greeter passed, and they didn't match
<sarnold> interesting
<TJ-> I solved it by moving the entries around :)
<Logos01> http://fpaste.org/287032/44667717/
<Logos01> Definitely no duplicate UIDs.
<TJ-> The other reports seem to start after a recent libpam update
<sarnold> time was you'd stick a 'toor' account in your passwd/shadow with a statically linked recovery shell...
<TJ-> Logos01: 'logos' is UID 114? I'm wondering if that being < 1000 could be an issue; there's some strange stuff in the patches we're carrying to support this
<Logos01> So yeah -- definitely in /etc/shadow. Definitely no duplicate entries. Definitely able to log in as the accounts (since I'm talking to you from one of them right now)
<Logos01> TJ-: No, 'logos' is uid 1000
<TJ-> Logos01: is ejabberd 114 then?
<Logos01> uid 114 gid 122
<TJ-> Ahhh, that makes more sense, although it doesn't help. Unfortunately there's no additional debug logging available for this
<Logos01> Yeah...
<TJ-> In my case it was:
<TJ-> pam_unix(kde:auth): authentication failure; logname= uid=1000 euid=1000 tty=:0 ruser= rhost=  user=t
<TJ-> j
<TJ-> it's coming from that dratted "debian/patches-applied/extrausers.patch" again, too
<TJ-> Logos01: this is the code: http://paste.ubuntu.com/13107573/
<TJ-> Logos01: this is better; the first one lost context http://paste.ubuntu.com/13107593/
<Logos01> I suppose this isn't really a big deal since as long as I've got my AD users (via SSSD) I'm content.
<TJ-> Logos01: which has called into: http://paste.ubuntu.com/13107637/
<TJ-> that seems to suggest either the hash or salt are null on return from get_pwd_hash()
<TJ-> sorry, *password* or salt
<coreycb> beisner, jamespage: testing is complete for UCA kilo-proposed and should be ready to promote to kilo-updates tomorrow (just waiting on vivid-proposed to land in vivid-updates)
<dannf> hallyn: is there an existing pattern for teach libvirt that qemu has a backported capability? here's what i'm trying http://paste.ubuntu.com/13107961/
<dannf> that works, but wanted to follow existing convention if there is one
<hallyn> dannf: urg, no.  you've only backported one capability so we can' tjus tbump the version # right?
<hallyn> that's fugly, but i think we have to do what you're doing
<sarnold> dannf: "Package" vs "package" ?
<dannf> sarnold: oh - yeah, i fixed that - hadn't hit quilt refresh yet
<dannf> hallyn: yeah - and it might be the only new cap so far - but 2.4.50 is dynamic, and that could change
#ubuntu-server 2015-11-05
<adv_> how can i add gui to ubuntu server and see it from a remote pc?
<coreycb> beisner, jamespage, 2015.1.2 in kilo-proposed is ready to be promoted to kilo-updates in the cloud archive
<jamespage> coreycb, all tested ok?
<coreycb> jamespage, yep
<jamespage> coreycb, ok promotiing
<coreycb> jamespage, thanks
<jamespage> bad spelling as well
<jamespage> coreycb, ok pkgs accepted
<coreycb> jamespage, great thx
<Tracker> I have some issues suddenly with ip rule show it loops at first line. after updating and restarting the server yesterday evening.. running Ubuntu 14.04.3 LTS, 2 servers running 15.10 wily are working ok after updates.. allready posted.. the problems is that the command ip rule show infite loops at first line 0:      from all lookup local... endless
<Tracker> and ip rule flush jams after pressing enter.. ip rules doesnt work correctly latest ubuntu LTS after updates last evening
<rbasak> Tracker: iproute2 hasn't been updated in 14.04 recently
<rbasak> Tracker: can you pin down which package caused a regression if any?
<rbasak> Tracker: /var/log/apt/history.log should be able to give you candidates.
<rbasak> Tracker: and you can test by downgrading.
<rbasak> Tracker: maybe kernel? You could try booting the previous kernel.
<Tracker> rbasak, updates according to history.log Install: linux-image-3.16.0-52-generic:amd64 (3.16.0-52.71~14.04.1, automatic), linux-headers-3.16.0-52:amd64 (3.16.0-52.71~14.04.1, automatic), linux-headers-3.16.0-52-generic:amd64 (3.16.0-52.71~14.04.1, automatic), linux-image-extra-3.16.0-52-generic:amd64 (3.16.0-52.71~14.04.1, automatic) Upgrade: linux-image-generic-lts-utopic:amd64 (3.16.0.51.42, 3.16.0.52.43), linux-generic-lts-utopic:amd64 (3.1
<rbasak> Tracker: that gets cut off. Please use a pastebin.
<rbasak> Tracker: if your kernel got updated that sounds like a good candidate. Try booting the system with the old kernel and see if the problem reproduces. If it does not, then that's a kernel regression and so please report it.
<Tracker> I changed the /etc/default/grub grub_default=from 0 to 1 and update-grub and reboot not working...
<Tracker> rbasak, http://pastebin.com/NMYcncFY
<samba35> i am not able to boot with my ubuntu server after just swapping the harddisk
<samba35> no grub  even
<samba35> how do i fix this ,this is kvm server with 2 guests
<Tracker> rbasak, confirmed that is a bug in kernel 3.16.0-52-generic #71~14.04.1-Ubuntu
<Palm_premium> samba35, that disk would not happen to contain the root partition?
<samba35> yes it has root partition intact i was able to boot with ubuntu cd with rescue mode and able to see content but fail to understand what kind partition type it was oringally when it was booting fine
<Palm_premium> samba35, if your root parition is still present you might just be missing your grub/mbr. I would suggest running the live cd again and check with gparted if there is an active partition if not, try reinstalling grub2 to the mbr of your harddisk.
<samba35> do i require live cd for ? is it possible to repair with resuce disk ? /installtion disk
<Palm_premium> samba35, rescue disk is also possible, when you get to a terminal run fdisk on your disks an print the partition table, this should list a partition marked as active.
<samba35> ok thanks
<samba35> what i should run if i see partition ,grub-install or grub-update ? or up2date-grub  ?
<Palm_premium> samba35, Since you don't get a Grub console I expect that atleast your mbr is missing, you can recreate it with grub-install.
<samba35> ok thanks
<samba35> ie grub-install /dev/sda2 or x ?
<samba35> or /sda only
<samba35> if boot partition is on /dev/sda2
<Palm_premium> samba35, /dev/sda, the mbr is the first record on disk.
<samba35> ok
<Palm_premium> samba35, I will be leaving in a few minutes. After the grub-install you should get a grub console once more, it might even boot in Ubuntu, however should you get a promp about a disk or operating system not found you should run a grub-update.
<samba35> ok
<samba35> brb ,will change hardisk and get back
<samba35> brb
<Palm_premium> Ok
<Palm_premium> samba35, I am leaving for home, good luck.
<decwrl> Does anyone know which package in Ubuntu 14.04 installs the Perl Net::Interface module?
<tarpman> decwrl: there's libnet-interface-perl, but it's new in wily
<decwrl> Ah.  It may be what I want.  Too bad it's in a later release.
<tarpman> there's a backportpackage script in the ubuntu-dev-tools package, or you can file a backport request on launchpad
<tarpman> (if you do the latter, you'll want to build and test the backport locally first anyway)
<decwrl> Ok.  I'll take a look at that.  I'm surprised Net::Interface isn't already included.  It's a fairly useful module.
<tarpman> not all of cpan is packaged. AIUI, new modules are packaged mainly if some application being packaged depends on them
<decwrl> Ok.  Thanks.  I'll check out the backport plan.  I ran an apt-file search and didn't find anything of use, so backporting seems to be the way to go.
<sturmflut> Does anybody on this channel happen to visit the Supercomputing conference in Austin, Texas next week? If so ping me in private, maybe we can hang out :)
<PryMar56> sturmflut, will the last Computer Programmer, Scientist to leave please bring the flag.. they are luddites in Tx
#ubuntu-server 2015-11-06
<Murdoch5> I setup remote logging from about 20 servers back to 1 point in my network.  Now I have the problem of having to sort and deal with the data.  What do you guys recommend for log management?
<TJ-> Anyone familiar with PXE booting a GRUB core.pxe image?
<Logos01> TJ-: I know I myself am not. How does it differ from 'normal' pxe-booting?
<Logos01> Murdoch5: ELK is popular for that.
<Logos01> Murdoch5: That is, Elasticsearch + Logstash + Kibana
<Logos01> You might get away with just using Greylog though
<TJ-> Logos01: differ? it doesn't, but the GRUB core I am building is causing the client to reboot instantly :) Wondering if anyone has had it properly boot the system
<lordievader> Good morning.
<Palm_premium> lordievader, Morning
<lordievader> Hey Palm_premium
<arcsky> hello, if u have installed ubuntu server 15. and want Gnome on it. how is the best way to install it ?
<arcsky> i have no X right now
<Palm_premium> arcsky, Hello, can't you install one of those desktop-* packages?
<lordievader> arcsky: Why not use ssh to administer the server? X is, in most cases, a waste of resources.
<hateball> arcsky: Suggestions aside, the answer to your original question is "sudo apt-get install gnome". But using SSH is an option you should consider.
<Sonu_> hi
<Sonu_> i am getting " CONNECT ERROR: PHP Extensions "zlib" must be loaded."
<Palm_premium> Hi sonu, are you using apache with php5? Did you install and enable the extension?
<davidic654> Hi are we to expect Linux kernel vulnerabilities and reboots nearly every day now?
<arcsky> hey guys, i just bought a KVM VPS. but now when i try to install i cant get it to work with encrypted hdd. isnt that possible with KVM ?
<TJ-> arcsky: Insuffient data. What is the configuration of the KVM Guest ? what file-system are you trying to encrypt?
<arcsky> TJ-: i dont know the conf for the KVM. i install via VNC. and i try to install it with LVM
<andol> arcsky: Normally that wouldn't be a problem with a KVM setup, but I guess it depends on whatever the KVM VPS maintains it's own kernel+initrd, or if that is provided by the host system.
<TJ-> install via VNC? doesn't make sense, you'll need to provide more detail
<arcsky> http://ring0.se/g/d47697821766d47c.png
<andol> TJ-: I'd imagine the VNC is a VNC accessed virtual console provided by the hosting provider.
<TJ-> arcsky: usually the VPS provider has a system for installing default base images.
<arcsky> i have my own image of ubuntu 15 there
<TJ-> arcsky: where's the encryption there? that just says it failed to create an ext4 in partition #1
<andol> arcsky: Anyway, there's the possibiilty for there being all kind of provider specific details, so you are much better of talking to your provider's support.
<TJ-> arcsky: 'image' of the ubuntu-server installer ISO you mean?
<arcsky> http://ring0.se/g/f46782a499621c84.png
<arcsky> TJ-: yes
<arcsky> did try with EXT4 and LVM
<TJ-> arcsky: OK, well encryption hasn't entered into the equation at the point of the error. The report seems to show there's a problem with partitioning vda
<TJ-> arcsky: are you trying to create an encrypted root file-system?
<arcsky> TJ-: yes root filesystem encryption
<TJ-> arcsky: so you'll be configured the KVM hypervisor to boot from a raw image, not use a preconfigured vmlinuz+initrd.img ?
<arcsky> TJ-:  sorry i bought a VPS with KVM. i have other VPS with XEN-HMV and there its easy to fix under the ubuntu installation
<arcsky> maybe KVM doesnt support this
<arcsky> i have no access to the the kvm config
<TJ-> arcsky: that first error suggests that the installer is expecting to use partition #1 for the encrpyted device, but it has been set to be formatted as ext4, which conflicts. Maybe you just need to alter the settings you're giving the partitioner so partition #1 has no file-system type set
<arcsky> i have tested with ext4 and lvm
<TJ-> arcsky: the KVM configuration is usually controlled by the guest profile you create in the provider's web management interface
<arcsky> ok
<arcsky> TJ-: http://ring0.se/g/39076c9e410201ee.png this looks better?
<TJ-> arcsky: Yes, although I don't see a need to make an extended partition with a logical for crypto. That should just be a primary partition, so there's no extended at all. I'd also use GPT rather than MBR if I wanted to reserve the option of additional partitions later.
<theptr_> hi i have i problem with an ubuntu server 12.04 the disk is full so i added in hyper-v 40gb of disk . How do i easly add this diskspace to dev/sda1 ?
<theptr_> i tryd sudo resize2fs /dev/sda1
<theptr_> but that doesnt work
<lordievader> theptr_: An ext filesystem can't be spanned over multiple block devices.
<phre4k> can I upgrade 14.04 to 15.10 over SSH?
<TJ-> theptr_: easiest way is to be already using LVM so you can just add another PV to the VG
<lordievader> ^ that :D LVM \o/
<theptr_> TJ-, problem is that my boss made the machine and not used to LVM
<theptr_> TJ-, so its not LVM enabled
<TJ-> theptr_: alternative way is to convert the system to be a MD RAID-0 stripe so its made up of sda and sdb
<lordievader> theptr_: Then you need to get creative with mounts. Put something big on the 40gb disk.
<khildin> bosses should stay away from hardware... :P
<theptr_> khildin, for sure
<TJ-> theptr_: that does require being careful in creating the MD device to *NOT* write any metadata at the start of the device (which involves choosing the appropriate metadata version)
<theptr_> TJ-, So its not possible to grow the disk ?
<theptr_> TJ-, or not in an easy way
<lordievader> theptr_: Doesn't hyper v support that? Enlarging a disk?
<TJ-> theptr_: the other option is to keep it as a separate disk (maybe 1 partition on it with LVM), and the move something like /var/ to a file-system on the /dev/sdb and add a mountpoint entry to fstab of the form "/dev/VG/LV /var ext4 defaults 0 2"
<khildin> isn't it possible to create a PT and mount that?
<theptr_> lordievader, Yes i did that but it was like 75gb zo after i expanded it it stays 75gb
<TJ-> theptr_: the disk remains 75GB, or the partition ?
<lordievader> theptr_: The filesystem or the disk? What does parted say abouit the disk?
<theptr_> TJ-, partition
<lordievader> theptr_: Ah, enlarge the partition ;)
<TJ-> theptr_: if the disk is now larger, you will need to enlarge the (last) partition too
<lordievader> And the filesystem.
<TJ-> theptr_: *then* "resize2fs /dev/sda1" will work
<theptr_> TJ-, that command doesnt work i already tryed it
<theptr_> and im not used to hyper-v im more vmware guy but boss hates it because it costs money ...
<lordievader> theptr_: It doesn't work if the partition ain't enlarged.
<lordievader> theptr_: resize2fs resizes a filesystem to the partition size. If the partition size hasn't changed resize2fs won't do anything.
<theptr_> TJ-, lordievader i used this guide but nothing works http://askubuntu.com/questions/390769/how-do-i-resize-partitions-using-command-line-without-using-a-gui-on-a-server
<TJ-> theptr_: how large is the disk? Is it using MBR or GPT?
<theptr_> TJ-, lordievader so now the disk is larger but the partition is the same .
<lordievader> theptr_: Could you pastebin the output of 'sudo parted /dev/sda print'?
<TJ-> theptr_: "pastebinit <( sudo parted /dev/sda unit s print )"
<theptr_> hyper -v i cant copy anything so im going to ssh into it second
<TJ-> theptr_: the command I gave you will pastebin the details for you
<theptr_> a okay
<TJ-> theptr_: you may need to "sudo apt-get install pastebinit" first
<theptr_> TJ-, when i do that command it says unable to correct problems bla bla
<TJ-> theptr_: sounds like the system has packaging faults you should fix, too!
<TJ-> theptr_: see what this has to say: "sudo apt-get -f install"
<theptr_> TJ-, not getting payt to fix haha
<TJ-> Nor are we!
<lordievader> Well, if the disk is full...
<TJ-> lordievader: indeed; chicken and egg!
<lordievader> My apt was broken too this morning because of a full disk.
<TJ-> theptr_: you may gain a little space with "sudo apt-get clean && sudo apt-get autoremove"
<lordievader> theptr_: Is copying through ssh still an option?
<TJ-> lordievader: really? root-fs, boot, or something else?
<lordievader> TJ-: Root-fs, nfsen was a bit happy writing data. What I found more disturbing was the fact that Zabbix didn't bug me about it.
<theptr_> TJ-, http://paste.ubuntu.com/13125016/
<TJ-> lordievader: do you keep a separate /var/ ?
<theptr_> lordievader, yes copy true ssh is possible
<theptr_> lordievader, problem is that sql wont start
<lordievader> TJ-: On that vm /var/www is seperate. (Nfsen writes to /data, that is now seperate too)
<TJ-> theptr_: OK, you won't be able to easily extend /dev/sda1 since there are additional partitions after i
<TJ-> t
<lordievader> Bummer
<theptr_> lordievader, TJ- im like working over for 4 hours now so if its not an easy fix i leave it so until tommorow
<TJ-> lordievader: right. I always have a separate LV for /var/  and another for /var/cache/
<lordievader> If swap ain't used you could teoretically remove it temporarily.
<TJ-> theptr_: ^^^ as lordievader says
<theptr_> TJ-, lordievader always problems with machines that i not install myself
<lordievader> TJ-: Haven't found the need for that on that vm yet. Usually it well behaves.
<lordievader> theptr_: We all have problems with machines we don't install ourselves :P
<TJ-> theptr_: "pastebinit /proc/swaps"
<theptr_> lordievader, lol
<TJ-> And some of us have problems with machines we install ourselves, too :P
<TJ-> And some of us have problems even GETTING to the installed stage :D
<theptr_> TJ-, lol
<theptr_> TJ-, http://paste.ubuntu.com/13125048/
<lordievader> That too...
<lordievader> What a drag it is.
<theptr_> TJ-, lordievader so im not the only one :)
<theptr_> TJ-, lordievader thanks for the help but would it not be easyer to just do as you say before make an extra mount and extra partition
<TJ-> I've got a mobo here won't boot from USB; doesn't like the images no matter what I do. It can't do PXE (only does Novell Netware remote boot) so I plugged an Intel dual PCI NIC in which has PXE, but the PXE boot is now having problems. The IDE DOM module which was supposed to receive the installation has burnt out a trace on its PCB and killed its voltate regulator! Doing really well on this one :)
<TJ-> theptr_: that last pastebin was the same as the first :)
<TJ-> theptr_: "pastebinit /proc/swaps"
<jcastro> hey rbasak
<jcastro> what was the tldr on ntp by default?
<rbasak> jcastro: not needed because systemd timesyncd
<rbasak> jcastro: it's on by default if ntp isn't installed, and syncs time.
<marcoceppi_> rbasak: and that's in vivid onwards?
<ack__> Hello ... is MYSQLI_ASYNC a constant I should expect to be available in 14.04? Getting Use of undefined constant MYSQLI_ASYNC - assumed 'MYSQLI_ASYNC' in a PHP script
<ack__> phpinfo shows mysqlnd is loaded
<repozitor> is there exist another professional tool for server adminstration, except webadmin?
<sarnold> if you use one of those web control panel things please make sure you've firewalled the machine and only allow access from only allowed IPs
<sarnold> those control panels are universally terrible
<patdk-wk> I always use ssh, been working great for years
<sarnold> yes
<repozitor> patdk-wk, no, sometimes web app is better
<patdk-wk> heh?
<patdk-wk> there is never a case where webapp is better, more useful maybe, but never better :)
<patdk-wk> or meets a very specific usecase need
<repozitor> patdk-wk, when you on mobile, so what do you think?
<repozitor> which on is better?
<patdk-wk> I believe webmin is the *only* one that is even alittle supported for debian/ubuntu
<repozitor> :P
<patdk-wk> heh?
<patdk-wk> I am ALWAYS mobile, ssh was made for mobile use
<patdk-wk> yes, I have ssh client on my phone
<sarnold> repozitor: try mosh for poor connections, it's great
<patdk-wk> but personally, I normally use my laptop that I ALWAYS take with me
<patdk-wk> sometimes I must admin a windows machine, and that is always fun
<repozitor> patdk-wk, even on plane or train or road?
<repozitor> :D
<patdk-wk> hmm, yes? what else is *mobile*?
<patdk-wk> I often sit in the back seat of the car, and work on my laptop
<patdk-wk> sometimes in the plane, but not often
<patdk-wk> never on a train, cause I never take trains
<repozitor> http://paste.ubuntu.com/13126248/
<repozitor> there is no webmin on my system
<repozitor> what is wrong with apt-get?
<sarnold> have you run apt-get update recently?
<repozitor> yeah
<sarnold> then for each of those try apt-get install libnet-ssleay-perl  ; apt-get install libauthen-pam-perl ; apt-get install libio-pty-perl ; apt-get install apt-show-versions
<repozitor> with -f option?
<repozitor> needing to force?
<sarnold> avoid it if you can
<repozitor> sarnold, so that error printed to me
<repozitor> can't avoid it, any idea?
<sarnold> what happened with the other four apt-get install lines?
<repozitor> something like previous
<repozitor> http://paste.ubuntu.com/13126332/
<repozitor> take a look
<sarnold> yeah, try apt-get install -f
<repozitor> so you will reponsible for that :P
<sarnold> heh, your system is pretty unhappy, I haven't seen apt that upset in a dozen years..
<patdk-wk> looks like a simple thing though
<repozitor> that's awfull
<repozitor> http://paste.ubuntu.com/13126371/
<patdk-wk> someone did a inproper upgrade
<patdk-wk> or added some php ppa that isn't maintained anymore
<sarnold> repozitor: just a plain "apt-get -f install", no parameters..
<repozitor> -f meaning âfix-missing?
<sarnold> just copy and paste what the error says :) heh
<patdk-wk> generally it will finish installing half-installed packages
<patdk-wk> where a package died, apt was killed, or something happened
<repozitor> so it is fix missing
<patdk-wk> sorry, having a hard time concentrating, https://twitter.com/reubenbond/status/662061791497744384
<rbasak> marcoceppi_: yes
<rbasak> jcastro, marcoceppi_: I'm not sure I like it but that's how it is for now anyway. I don't know of any changes to change it in Xenial.
<hehnope> what do you guys do for ddos mitigation?
<patdk-wk> there is nothing you can do, except as much as possible
<patdk-wk> easy solutions are dns and ip blackholes
<patdk-wk> harder solutions is actually making things still work
<patdk-wk> the *best* you can hope for, is a ddos that you can mitigate
<patdk-wk> as in, it uses a single dns entry, ip, or depends on tcp connections
<patdk-wk> and you can just stop responding to what looks like the attack, and continue processing the others
<patdk-wk> if they flood your incoming pipe, then your just screwed, ip blackhole can help you there some
<JanC> best is if you can avoid it  :)
<jcastro> rbasak: yeah we just ran into an ntp issue on a host and were just thinking outloud "did we fix time yet?"
<jcastro> tldr some jenkins slaves clocks were off, aws and joyent cared, other clouds didn't, took a while to figure out why
<caribou> smoser: I'm looking at the haproxy LP: #1477198 bug
<ubottu> Launchpad bug 1477198 in Ubuntu Cloud Archive liberty "Stop doesn't works on Trusty" [High,Confirmed] https://launchpad.net/bugs/1477198
<caribou> smoser: I have an in flight SRU for this in trusty
<smoser> wait, what ?
<smoser> its been sru'd to trusty
<smoser> via niedbalski
<smoser> right ?
<caribou> smoser: LP: #1481737
<ubottu> Launchpad bug 1481737 in haproxy (Ubuntu Trusty) "HAProxy init script does not work correctly with nbproc configuration option" [Medium,In progress] https://launchpad.net/bugs/1481737
<smoser> :)
<smoser> funny.
<smoser> yeah, that was the thing i was just realizing
<caribou> smoser: I'll try to get someone to do the SRU
<smoser> it seems like we should fix this in xenial / wily too
<caribou> smoser: then the remaining is to either fix 1.5 in trusty-backport LP: #1494141
<ubottu> Launchpad bug 1494141 in trusty-backports "HAProxy 1.5 init script does not terminate processes" [Medium,In progress] https://launchpad.net/bugs/1494141
<smoser> to just dtrt if there is no --pid option to start-stop-daemon
<caribou> smoser: they're fine since dpkg has the --pid option that causes the bug
<smoser> "they" ?
<smoser> backports ?
<caribou> sorry they = wily & xenial
<smoser> right. but then it causes cloud archive bugs
<smoser> because you dont fix it to work with older start-stop-daemon
<caribou> smoser: cloud archive uses 1.5 ?
<smoser> clodu-archive kilo == what-is-in-vivid
<caribou> smoser: the fix in 1.4 awaiting SRU does, then I was planning to fix 1.5
<smoser> cloud-archive liberty == what-is-in-wily
<caribou> smoser: I was told to fix -updates first and then care about 1.5 (in trusty-backport)
<caribou> that's a bug that rbasak handed to me a while ago
<caribou> anyway, I can fix it anywhere you want once it is SRUed
<caribou> smoser: it is friday so the SRU will only go to -proposed but I can get the trusty-backport patch ready
<caribou> smoser: and vivid as well
<smoser> the other thing to do would be to get the start-stop-daemon fix back to trusty
<caribou> smoser: working on it
<smoser> from dpkg ?
<caribou> smoser: no, haproxy on vivid
<caribou> smoser: I'll look at it
<caribou> smoser: dpkg
<smoser> right. one other way to fix this is to make trusty's start-stop-daemon able to accept --pidfile
<smoser> caribou, http://paste.ubuntu.com/13128831/
<smoser> that seems like it should work
<caribou> smoser: why go to the extent to check for --pid existence if just looping on each pid in the pidfile sufficient ,
<caribou> ?
<smoser> no good reason. other than keeping it more in line with what is in debian.
<caribou> ah, ok
<smoser> but that is a good point. its really the same and easier to just use --pid
<kyle____> Is anyone here running apt-cacher-ng on a network that gets hit by security scanners constantly (nessus, qualys, etc)?
<Pici> kyle____: Whats the actual question?
<smoser> caribou, definitely shorter: http://paste.ubuntu.com/13128940/
<kyle____> Pici: If your cacher is getting kocked over constantly by the security scans.
<kyle____> And if there was a way of fixing it.
<smoser> and all in all the same. even one *less* fork. not sure why i'd want to use --pid
<smoser> what was the change you proposed into trusty ?
<sarnold> kyle____: do your acls allow the whole world to use your proxy? is that what you want?
<Pici> (or don't want?)
<smoser> caribou, ^
<caribou> smoser: pretty much what you just proposed but with a trap() to cleanup proposed by rbasak
<kyle____> sarnold: No, the proxy is only available on our internal network, but our security folks consntatly run scanners, and when they see it responds to http, it slams them with known vulns for various different web servers, and application servers.
<smoser> ah.  yeah, ok. sure. just didnt bother with the trap.
<caribou> smoser: http://paste.ubuntu.com/13128969/
<sarnold> kyle____: ahhhhhhh
<decipher> hi guys - i have a ubuntu 14.04 server running on AWS. I keep getting the "[access_compat:error] [pid 9802] [client 127.0.0.1:39164] AH01797: client denied by server configuration" error message on my logs. i have php 2.4 and i made sure that the require all granted directive is on my vhost. however, this doesn't fix the problem.
<sarnold> decipher: check for the trailing '/' on directory or path names in your configs. try fiddling with those.
<kyle____> sarnold: Yeah.  And either the security guy doesn't know how to tell the scanner not to bother with wordpress (for example) exploits against the cacher, or the scanner isn't configurable enough to not do that sort of thing.
<smoser> trap in functions is hard since its basically a global.
<smoser> if you've not uploaded, i'd sugest quoting the 'tmp' everywhere.
<smoser> and you actually really *should* set 'tmp' before 'rm -f' it.
<sarnold> kyle____: the smartass in me wonders about tarpitting the scanner to give him encouragement to figure out how to whitelist your server :)
<smoser> as you'll kill someones file that they had somehow into their environment $tmp
<decipher> sarnold - do you mean i should include a trailing slash on my directory?
<caribou> hmm, I thought I did
<sarnold> decipher: I think remove it. I just remember that apache's error message is nearly useless.
<kyle____> sarnold: I *cough* __may__ have done something like that with iptables magic, and was told not to, because it defeated the purpouse of the security policy.
<sarnold> kyle____: heheh
<smoser> in that patch there, this would cause problems: sudo tmpf=/etc/passwd service haproxy start
<kyle____> I like having the security guy, and having im scan consantly, and making sure we have no gaping holes.....but killing thigns constantly is really bugging me.
<decipher> sarnold - this is on my apache2.conf file
<decipher> <Directory />
<decipher> 	Options FollowSymLinks
<decipher> 	AllowOverride None
<decipher> 	Require all denied
<decipher> </Directory>
<decipher> should i comment this out?
<RoyK> !pastebin | decipher
<ubottu> decipher: For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<sarnold> decipher: oh. I thoght it'd be more involved than that
<decipher> ooops. my bad!
<sarnold> decipher: just keep in mind when you start doing <directory /foo/bar> vs <directory /foo/bar/> and get confusing error messages, the last / might be it :)
<sarnold> decipher: note that 2.4 changed drastically from 2.2 http://httpd.apache.org/docs/2.4/howto/auth.html
<decipher> sarnold: i hear you. i'm using ispconfig to manage my site. it automatically generates the vhost for me
<decipher> sarnold: the vhost for my site does not have any trailing / on it
<wehde> does anyone here know how to get ansible to only run against failed hosts?
<RoyK> wehde: huh?
<RoyK> wehde: failed hosts aren't usually available over the network...
<lordievader> It does sound like you need magic to pull that off.
<wehde> RoyK, hosts can fail in ansible for even ssh prompting to accept the host key
<wehde> RoyK, or if the workstation was powered down and will be back online monday i'd like to be able to run the same playbook agianst just the failed hosts
<PermaNulled> Can someone help me out with some udev issues? http://pastie.org/pastes/10534977/text?key=kj8jl10lekbo24r2ekzfa
<PermaNulled> Whenever I run apt-get upgrade it's removing execute from systemd-udevd and fails to restart
<sarnold> PermaNulled: is there anything else in any logs? journals?
<PermaNulled> http://pastie.org/pastes/10534983/text?key=hyvoj4jbyebb4mfxlnjjg
<PermaNulled> There's ouput from journalctl -xe
<PermaNulled> Any ideas?
<wiuempe> hello
<wiuempe> anyone know why postfix logs into /var/log/mail.log and /var/log/syslog on ubuntu 14.04?
<TJ-> wiuempe: the config in /mnt/target/usr/share/rsyslog/50-default.conf
<wiuempe> TJ-: i add to this file line: "& ~" and works good
<wiuempe> TJ-: maybe do you know if i can in 14.04 configure service to respawn after kill?
<TJ-> wiuempe: That's be an Upstart job configuration in /etc/init/<service>.conf
<wiuempe> TJ-: oughhh... spamassassin has only init.d script
<TJ-> wiuempe: in which case I think those are started via Upstart's /etc/init/rc-sysinit.conf
<wiuempe> TJ-: yes, you are right, but how to respaw spamassassin?
<TJ-> wiuempe: I do not know; if it is dieing I'd rather want to fix that :)
#ubuntu-server 2015-11-07
<wiuempe> TJ-: yes, but i dont know how to debug this... ok, thanks for all
<wiuempe> good night or day ;)
<cynixx3> I think I have an .htaccess issue. mod_rewrite is loaded but does not look like its phrasing the information in .htaccess
<cynixx3> Is there a way to test .htaccess
<lordievader> Good morning.
<ponyofdeath> hi, anyone here can help me with a problem when I am using inline shell config option in vagrant, I see my script behave differently then when running from within the vm
<TJ-> ponyofdeath: probably a different set of environment variables, and shell options.
<ponyofdeath> yeah trying to track this down
<ponyofdeath> and am looking at the env vars but they seem the same
<ponyofdeath> i dump env with the script
<ponyofdeath> and when i actually do the login > scipt execution
<ponyofdeath> seems that maby maven is having a problem when being called from inline vagrant call vs shell
<jonah> hi does anyone know a simple and easy way to do a nightly backup of my ubuntu server to a NAS on my local network and have the backups compressed to save space? I've read about rsync, and bacula and all sorts but it all seems a lot of work?
<cynixx3> Rsync is not too bad
<Sling> jonah: what would you want to back up? what scenarios are you thinking of?
<jonah> cynixx3: so i set up rsync with a cron? but would i also need to tar all the files up, then rsync the tar? I thought there might just be a linux command tool i could use that would simply let you backup "/"  as source and output it as a bzip or tar etc to the nas with incemental filenames but only ever keep two backups etc
<cynixx3> if your watching it I like rsync -a --progress /source/dir /destination/dir, then toss your command into cron (preferably by script.sh then cron) . automated backups done.
<Sling> complete system restore or just specific locations
<jonah> Sling: I just wanted to back the whole server, maybe a full backup each week and a nightly with incremental. i suppose i've been spoilt being used to cpanel and whm before which does this for you
<jonah> Sling: I maybe wanted to just leave out some of the dirs that aren't really needed like tmp etc
<cynixx3> jonah, you probably want to isolate your configs and home directory for backup. Your entire server will not backup well like that.
<jonah> Sling: i have a raid array set up for redundancy but it's not great without a backup going on too...
<Sling> yeah raid is definitely not backup
<Sling> delete a file, and your raid makes sure its deleted everywhere :)
<jonah> cynixx3: well my thought was if my raid fails, i could rebuild it and just restore the whole thing rather than having to reinstall ubuntu etc and try copy home back and then restore configs and stuff
<Sling> raid protects you against some hardware failures
<jonah> Sling: yeah!
<Sling> I'd backup your /etc /home /root and maybe some custom locations, so you can restore from a bare ubuntu setup
<jonah> Sling: isn't there anything already designed to just do a weekly and nightly backup out there to make things easy?
<Sling> maybe some additional information such as a dkpg -l
<Sling> jonah: not terribly plenty if you don't want to pay
<Sling> bacula is one of them
<cynixx3> jonah, making a backup system is really a good way to learn linux
<jonah> Sling: i did look at bacula but didn't really get it. do you have to install bacula on the NAS too??
<Sling> jonah: bacula is not trivial to set up
<Sling> its comprised of several daemons and mainly built around the concepts of backup tapes
<jonah> cynixx3: I know and it's not that I lack a want to learn or dislike going to a lot of effort, but I just thought something simple and convenient might be out there. The less complex it is then hopefully the less likely I am to do it wrong!
<Sling> i personally have a script that compresses certain filesystem locations (full once per week, incremental daily), encrypts it, and the throws it to some cloud service like mega.nz
<Sling> built around a cli-wrapper for said cloud service
<cynixx3> I do something similar with local and remote system with just a bash script.
<Sling> but if you want to back up more than a few gb you will probably not be able to do that for free
<cynixx3> Sling, while your here are you able to help with a mod_rewrite issue I am working on?
<Sling> sure
<cynixx3> I need aaa/bbb/ccc/ to show that but be phrased as aaa/index.php?/bbb/ccc Right now all I get is /aaa/bbb/ccc http://pastebin.com/iiD8E9zG
<cynixx3> jonah, if you are up for it I will help you get the backup script working today.
<Sling> cynixx3: why not use FallbackResource to make all requests to non-existing locations be sent to your index.php?
<Sling> you can then use the original uri to route the request in your php script
<jonah> cynixx3: ok cool lets try it. though my server potentially will hold over 1tb of data if that matters?
<jonah> cynixx3: currently it is pretty new and empty though!
<cynixx3> Sling, I attempted that without luck. I am copying an old script from centos to ubuntu-server written by someone else and had it working on centos. I really rather not have to learn their code and fix it.
<cynixx3> brb baby cries.
<jonah> cynixx3: basically it is on ip 192.168.0.100 and  I have a nas using 192.160.0.2 - and my plan was to somehow just sftp or ssh the data over
<jonah> cynixx3: bottle time?
<bekks> jonah: And whats the issue with accessing your NAS?
<jonah> bekks: just trying to backup my server each night with maybe a full backup each week to the nas, just not sure the best way or how!
<bekks> !backup | jonah
<ubottu> jonah: There are many ways to back your system up. Here's a few: https://help.ubuntu.com/community/BackupYourSystem , https://help.ubuntu.com/community/DuplicityBackupHowto , https://wiki.ubuntu.com/HomeUserBackup , https://help.ubuntu.com/community/MondoMindi - See also !sbackup and !cloning
<cynixx3> jonah, were those resources helpful to you?
<jonah> cynixx3: yes but i think i've looked over some of that stuff already...
<cynixx3> okay, start by making a backup directory and a shell script to run your backups.
<jonah> cynixx3: well i've already made a backup directory on the nas simply called backup
<cynixx3> okay, where are you storing the tars before transferring them to nas?
<jonah> cynixx3: so do i have to tar the files before i can copy them to nas? as what happens when the server is say 3/4 full and then it has to try tar everything in the last 1/4?
<cynixx3> jonah, I am just going off of what you said. You said you wanted to copy and tar before transferring. IF the server is 3/4 full and you try to back it up then the backup will fail.
<jonah> cynixx3: ah ok. no i only ask just because i wondered if there is a way to backup straight to a tar?
<cynixx3> It would depend on if and how the NAS is mounted.
<bekks> jonah: did you read the links given yet?
<jonah> cynixx3: ok so it can just be compressed straight over some how?
<jonah> bekks: yes had a quick flick through but still unsure what the best way to go is
<bekks> jonah: There are totally different methods of crating a backup. tar is just one of them. And not necessarily the best method for your use case.
<JanC> there are about 50 rsync-based backup solutions  :)
<JanC> or maybe 500
<bekks> And about some twenty other backup solutions :)
<jonah> ok thanks i'll go do more reading!
<cynixx3> bekks, I need help with a mod_rewrite rule if you know anything. I need aaa/bbb/ccc/ to show that but be phrased as aaa/index.php?/bbb/ccc Right now all I get is /aaa/bbb/ccc http://pastebin.com/iiD8E9zG
<cynixx3> If I try the fallbackresource then all I get is the homepage and can not do anything on the site. and I really dont want to recode this platform.
<jak2000> why: jak@swManzana:~/ftp$ ping 8.8.8.8  i get an answer PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.   wich is bad? gateway? or? thanks
<JanC> jak2000: you mean that line is the only thing you get, or?
<jak2000> forget paste: From 172.16.11.1 icmp_seq=1 Destination Net Unreachable
<JanC> that's a private network IP address?
<JanC> you can try to ping the gateway
<Seveas> the device on 172.16.11.1 doesn't have a route to 8.8.8.8. Try fixing that :)
<jak2000> JanC escuse, me yes i can ping to gw
#ubuntu-server 2015-11-08
<cambazz> hello, i just apt-get upgraded a remote server, and it is asking me about configuring grub-pc - and this is a server in hetzner - it is asking which harddrive to install
<cambazz> i got /dev/sdb and /dev/sdc into a /dev/md1 and /dev/md2
<cambazz> so i dont know where to install
<cambazz> well it worked, i found the correct disk
<hackemate> hi, what "update" in apt-get really does? does a query in a certain database to detect which new packages are available?
<bekks> It queries the update servers for new package lists.
<hackemate> but it compares that new list to the installed packages?
<hackemate> i wonder if apt-get manages a database with used packages or check which packages are installed all the time
<bekks> It does not compare packages.
<bekks> update downloads new package lists, if available.
<bekks> dist-upgrade compares the installed packages against the package lists and installs updated packages.
<hackemate> ok
<lordievader> Good morning.
<cynixx3> I am having a very difficult time getting php to write an error log. The settings I change are showing up in phpinfo() I tried the webroot direcory and /var/log/apache2 but nethier writ to the file. Permissions are 640 and i have tried many owners. What am I missing or doing wrong?
<ikonia> cynixx3: what is the user that is trying to write the log file ?
<cynixx3> ikonia, I am not sure. I have tried the apache user and the web user as well as the log group adm when it was in var/log/apache2 like the rest of the files in those directories.
<ikonia> cynixx3: why do you think it's related to permissions ?
<cynixx3> ikonia, I am really not sure what the problem is. permissions are just a guess.
<ikonia> so how have you gone about debugging this ?
<ikonia> what sort of logging/log file are you expecting ?
<cynixx3> I am trying to get php errors, depricated functions, and script coding errors. I have taken the steps in my initial question. changed php.ini, created the file, updated owner and perms to what it looked like it needed, and reloaded apache2.
<captine> hi all.  Am not a big tech.  Am an accountant, but love linux etc and am messing around.  Am wanting to know what is better for a production single server to run multiple applications etc?  Juju, or straight docker?
<captine> very opinionated, but struggling to get an idea of which to play with first
<captine> suggestions welcome
<cynixx3> ikonia, when it didnt work in /var/log/apache2/phperror.log I moved it to my webroot directory and changed the owner and permissions to match the rest of the files, restarted apache and the log is still 0b after viewing some php pages with issues.
<ikonia> cynixx3: that sounds like php is not setup correctly to log
<ikonia> if the file is getting generated (you don't need to change the owner) that means the web service is creating it
<cynixx3> I created the file
<cynixx3> and phpinfo is showing that logging is on and it shows the directory I set when I change it.
<ikonia> you may not have the error level/redirect setup properly
<PryMar56> can someone paste: tree /boot/efi or ls -al /boot/efi/EFI/ubuntu
<PryMar56> I tried to script a Vivid install under EFI in a VM and it works, but I never see a grub menu
<PryMar56> tree sometimes is garbled without unicode support
<PryMar56> grub-install seems to do all the right things including a boot entry in EFI menu
<PryMar56> to add EFI entry: efibootmgr -c -L ubuntu -l \\EFI\\ubuntu\\grubx64.efi --disk /dev/xvda --part 1
#ubuntu-server 2016-11-07
<coreycb> beisner, good morning, when you get a chance can you promote python-glance-store and mistral from newton-staging -> newton-proposed?
<coreycb> beisner, also could use a flush of mitaka-staging -> mitaka-proposed for openstack-trove, mistral, and python-django.
<zul> coreycb/ddelav: just updating deps this morning
<coreycb> zul, cool thanks
<coreycb> zul, ddellav, i'm working on the remaining red pkgs in ocata ci.  also bumping python-tenacity to 3.3.0 for vmware-nsx.
<zul> coreycb: ok
<ddellav> coreycb any chance the pbr issue with keystone is resolved?
<coreycb> ddellav, i can fix that while i'm in there
<ddellav> coreycb i've updated keystone already, just need that PBR fix to build binaries properly
<coreycb> ddellav, ok should be fixed now, try pulling again
<ddellav> do you it up somewhere in a PPA so i can add it to my sbuild env? if not i can upload it to mine
<cpaelzer> rbasak: nacc: hey I had the fun that debian just released a new version while I was workign on a merge
<cpaelzer> rbasak: nacc: eventually that doesn't affect reconstruct/deconstruct/logial at all
<cpaelzer> rbasak: nacc: all I'd like is maybe a reimport, then fetch from the importer repo
<cpaelzer> rbasak: nacc: eventually I want a "newer" new/debian to re-rebase onto
<cpaelzer> rbasak: nacc: does anything come to your mind that might make this task harder than it seems?
<cpaelzer> rbasak: nacc: if not could one please re-run the importer on strongswan?
<Braven> Hello
<cpaelzer> Hi Braven
<Braven> cpaelzer:  Hello, cpaelzer
<rbasak> cpaelzer: so I think you're asking that we just import the latest strongswan, right?
<cpaelzer> rbasak: yes importing is the main request
<cpaelzer> rbasak: thinking it through what might break when doing so is the secondary
<rbasak> cpaelzer: OK. Workflow-wise I think it should work whether it updates or not.
<cpaelzer> rbasak: that is what I hope, and I can save and restore to an older copy anyway if I need
<rbasak> Nothing should break - it's just about what your local new/debian tag points to. You can update it if you want, or not.
 * rbasak runs the importer
<cpaelzer> rbasak: I think I have to move the new debian my own after fetching, but that should be it
<Braven> I am new to Ubuntu Server so this question might be easy. How do I make Primary DNS server Changes take effect without rebooting the server?
<cpaelzer> rbasak: need to check if "usd-merge tag" would do some other magic I need to redo as well
<rbasak> That's true.
<cpaelzer> Braven: https://help.ubuntu.com/lts/serverguide/dns-configuration.html
<cpaelzer> Braven: https://help.ubuntu.com/community/BIND9ServerHowto
<rbasak> cpaelzer: strongswan imported
<cpaelzer> rbasak: thanks I'll take a look if I run into anything working with it
<Braven> I am sorry. The question was type wrong.  I need to know how to changes what dns server my ubuntu server are pointing too.
<Braven> with out rebooting the system
<cpaelzer> Braven: https://help.ubuntu.com/16.04/serverguide/network-configuration.html#name-resolution
<cpaelzer> Braven: most resolv conf updates are instant but the doc I linked inlcuding the links from thereshould lead you
<cpaelzer> nacc: rbasak: FYI - the git fetch pulled in the new revision from debian
<cpaelzer> nacc: rbasak: but usd-merge tag (with -f) did not move the new/debian forward
<cpaelzer> nacc: not sure - is that a bug?
<cpaelzer> I mived it on my own for now
<cpaelzer> or rather moved
<cpaelzer> rbasak: nacc: other than that it seems to have worked just fine
<cpaelzer> rbasak: nacc: and in general this merge is a perfect example why we need that process - even with all splits I still had 51 patches in deconstruct
<cpaelzer> rbasak: nacc: squashed a lot into logical and then worked further and further on that after dropping some things that are now in Debian
<cpaelzer> rbasak: nacc: now down to 29 patches and IMHO much more readable and logically contained
<rbasak> \o/
<cpaelzer> rbasak: nacc: I wouldn't see how you could reasonably merge that thing without this or a similar process
<stoned> What happens to a distro after 5 years of LTS?
<stoned> No more support, I imagine, but upgrading tends to become an issue.
<cpaelzer> stoned: you mean https://www.ubuntu.com/info/release-end-of-life ?
<cpaelzer> stoned: you mean upgrading from an end-of-life release becomes an issue?
<stoned> yeah, after like 7-8 years.
<stoned> :)
<cpaelzer> stoned: LTS upgrade path is to the next LTS I wouldn't see an issue there today to go from e.g. 12.04 to 14.04
<stoned> I see
<stoned> I'm on 14 right now
<stoned> I  have until '19
<stoned> Thanks for the infor link
<cpaelzer> stoned: things are around longer than being supported, you just won't get maintenance updates and so slowly but surely become security exposed
<stoned> I see
<cpaelzer> stoned: yeah you have quite some time left with 14.04
<moonpup>  
<caribou> jgrimm: FYI,I have just uploaded your X &Y multipath-tools SRU
<jgrimm> caribou, thank you kindly!
<caribou> jgrimm: sorry it took longer than expected,was on PTO part of last week
<jgrimm> no worries, i was sprinting, so i didn't have time to verify them
<nacc> cpaelzer: need to reboot, will brb
<coreycb> ddellav, which ocata packages did you say you're working on. just want to not conflict.
<ddellav> coreycb keystone and designate
<coreycb> ddellav, ok
<coreycb> ddellav, zul, i'll get ceilometer and vmware-nsx
<zul> coreycb: ceilometer should be fixed
<coreycb> zul, ok thanks
<coreycb> zul, gnocchi_resources.yaml?
<zul> coreycb: erm...thats new
<coreycb> zul, ok I'll get that
<zul> coreycb: why is it installing it in /usr/etc?
<coreycb> zul, because it used to exist upstream in etc/ceilometer
<zul> ah ok
<coreycb> zul, ok pushed that and rebuilding
<zul> coreycb: ack
<zul> ddellav/coreycb: fyi designate is kind of blocked on this https://mail.google.com/mail/u/1/#inbox/1583a29d923f5219
<sarnold> hrm that url just loads my corporate gmail account, with no email in it..
<coreycb> zul, got another link?
<zul> coreycb: shit yet
<zul> https://review.openstack.org/#/c/393839/
<coreycb> zul, ok thanks.  did you start on monasca-statsd?
<coreycb> zul, I think I remember you saying that but not sure
<zul> yeah....im just waiting for a newer version
<coreycb> zul, ok
<logan-> having some issues getting a dual stack v4/v6 dhcp config working on a xenial interface. it seems like adding "iface ens3 inet6 dhcp" tries to start up a dhclient which conflicts with the v4 dhclient and fails to start.
<logan-> so if anyone has had experience getting dhcp6 working on a xenial dual stacked interface i'd be interested to hear how the config looked
<sarnold> logan-: curious. that seems worth a bug report
<sarnold> logan-: I can't quickly find any example configs with both ipv4 and ipv6 dhcp on one interface
<sarnold> logan-: I wonder if you could use the old 'network interface aliases' thing, e.g. ens3:0, ens3:1, etc.. with multiple stanzas, one for ipv4 and one for ipv6?
<logan-> I will give it a shot and see
<HexicPyth> I just set up a headless Ubuntu serve(16.04) and installed Virtualbox. I'm trying to install the NVIDIA drivers for my GPU so I can run my VM's with 3D hardware acceleration.  I tried installing the regular NVIDIA drivers from the repository and that wasn't enough. I know my issue isn't with virtualbox because on Ubuntu Desktop, 3D acceleration worked fine. Any ideas?
<HexicPyth> *server
<sarnold> HexicPyth: have you checked all the logs? dmesg and virtualbox logs on the host? dmesg and X11 or whatever on the guests?
<HexicPyth> sarnold: I have not yet looked at the logs. All I know is that virtualbox isn't detecting 3D acceleration support. Checking the logs now...
<curiousx> Hi! there
<curiousx> So, i gotta execute this script and the 'start' parameter at boot time: '/opt/spunky/startscript.sh start'  i added it  into '/etc/rc.local' but no luck, any help ?
<sarnold> curiousx: is it executable? is the /opt filesystem mounted at boot time? did you get any error messages logged anywhere?
<curiousx> sarnold: Well, i have no idea non of those questions :D
<curiousx> It's a VPS, that i just sshing :p
<sarnold> curiousx: alright then, first things first, ls -l /etc/rc.local /opt/spunky/startscript.sh
#ubuntu-server 2016-11-08
<curiousx> -rwxr-xr-x 1 root root  434 Nov  7 23:41 /etc/rc.local
<curiousx> -rwxrw-r-- 1 urt  urt  2185 Nov  7 23:14 /opt/spunky/debian-startscript.sh
<sarnold> aha, try chmod 775 /opt/spunky/debian-startscript.sh -- or chown root:root /opt/spunky/debian-startscript.sh -- depending upon which you would prefer
<curiousx> the script gotta be run as root cuz opens up a pid file in /var/run/
<curiousx> ok mate lemme try
<curiousx> ok chmoding didn't worked, will try chowning
<curiousx> I thought maybe rc.local doesn't support parameters, does it ?
<sarnold> it should, it's just posix shell
<curiousx> nope, no luck neither =(
<curiousx> Is it any other way i coul run that script maybe at loggin time, maybe addin' a line in .bashrc ?
<curiousx> using systemd maybe ?
<sarnold> the cron service allows you to use @reboot specifiers; you could add a line like "@reboot root /opt/spunky/debian-startscript.sh start" to /etc/cron.d/spunky
<curiousx> Oh! thanks will try that
<sarnold> systemd service and unit files could also work. I found them a bit of a pain in the ass to get working, but once they work they work :)
<sarnold> https://www.freedesktop.org/software/systemd/man/systemd.unit.html
<sarnold> https://www.freedesktop.org/software/systemd/man/systemd.service.html#
<sarnold> https://www.freedesktop.org/software/systemd/man/systemd.exec.html#
<curiousx> it wasn't added, should i 'crontab -e' ?
<curiousx> i mean, when i: 'contab -l'  can't see the job there -.-
<sarnold> the cronjobs in /etc/ aren't managed via the 'user' cronjobs; crontab -e and crontab -l work with the user-cronjobs instead
<sarnold> user root does have the standard user cronjobs too, but when it's system services, it feels like they ought to live in /etc instead
<curiousx> Hm!
<curiousx> thanks bruh! now i'll reboot to see if works :)
<curiousx> Oh! gosh, it didn't worked =(
<sarnold> dang
<curiousx> Maybe i'll try systemd
<sarnold> okay, next steps: ls -ld /opt/ /opt/spunky/   -- and head -2 /opt/spunky/debian-startscript.sh
<curiousx> wait a second, i just removed spunky's pid file in /var/run/ will reboot again, maybe that was the issue
<tarpman> curiousx: is your debian-startscript the same as https://github.com/SpunkyBot/spunkybot/blob/master/debian-startscript ? that one looks like it's designed to be used as an init.d script ...
<curiousx> tarpman: lemme see
<tarpman> in which case, the way to have it start on boot would be using update-rc.d(8)
<curiousx> tarpman: yeah, the same one
<sarnold> tarpman++
<tarpman> curiousx: it's documented right there in the script how to install it
<curiousx> tarpman: update-rc ? lemme check
<tarpman> curiousx: read the comments in the script, all of that is covered, even the update-rc.d part
<curiousx> rly ?
<curiousx> ok
<tarpman> https://github.com/SpunkyBot/spunkybot/blob/master/debian-startscript#L13-L17
<tarpman> much better than nasty crontab hacks :)
<curiousx> Oh! my... wth, sry, so dumb of me :D
<curiousx> I mean, well, i'm not a sofisticated guy no more :p but i used tobe :p
<curiousx> No can't do =(
<curiousx> idk why tho
<curiousx> To execute a scrip in 'bashrc' should i prefix a dot ? like: . /etc/init.d/spunkybot start  )
<curiousx> ?*
<xnox> do we still need juju-mongodb3.2 if src:mongodb is at the same version number?
<rbasak> Juju would need to know which package to use, AFAIK. Also, what happens when Juju's mongodb needs get bumped? As it does get updated in stable releases.
<rbasak> To be clear, I'm not objecting, just thinking of potential areas that need consideration.
<xnox> rbasak, i have no idea how juju-mongodb* is different from mongodb* packages =)
 * xnox simply has to fix boost 1.62 FTBFS twice at the moment, in both mongos
<rbasak> xnox: it drops in binaries only, in a special path (IIRC). Then when Juju deployds, it sets up a system service specifically for itself using those binaries.
<rbasak> IIRC, this was a requirement for promoting Juju to main, since the security team didn't want mongodb-at-large to be in main (due to the colossal Javascript engine maintenance burden, etc)
<rbasak> And at least at that time, Juju's mongodb was built without a bunch of that stuff.
<hypermist> what can cause kernel panic VFS ?
<cpaelzer> hypermist: are you referring to a panic due to being unable to mount root on boot?
<hypermist> yea cpaelzer
<cpaelzer> hypermist: (IMHO) mostly broken bootloader configs, followed by broken lvm or rootfs setup, followed by more rare and special cases
<hypermist> cpaelzer, its just that it was a fresh install so i was like whaat how can that be
<hypermist> xD
<cpaelzer> hypermist: I'd even think that this is the most likely place - on install either manual config was done wrong or the system/HW has a certain setup that leads the automations done on install into a trap creating a broken install
<hypermist> i'll try re-install and see if it works this time
<hypermist> :)
<hypermist> ill change some stuff in the bios and such
<cpaelzer> hypermist: ah ok, otherwise I'd assume it would just reproduce
<cpaelzer> hypermist: if running into it again I tihnk that covers the most basic solution worth for maybe 75% of the cases http://askubuntu.com/questions/532835/kernel-panic-not-syncing-vfs-unable-to-mount-root-fs-on-unknown-block0-2
<cpaelzer> hypermist: otherwise the recovery mode you reach from there might still be the best way to start understanding what is wrong
<hypermist> alright  thanks cpaelzer :)
<ronator> Hi. Does anyone know if and when canonical is going release the patch for memcached (CVE-2016-8704 and two others)?
<cpaelzer> ronator: I tihnk that is done already
<ronator> did not find any updates neitehr in 14 or 16 repos
<cpaelzer> ronator: not sure, but are these links externally reachable http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-8704.html
<cpaelzer> ronator: https://www.ubuntu.com/usn/usn-3120-1/
<ronator> thank you gyus. btw this is what I see in Ubuntu 16: Version: memcached 1.4.25-2ubuntu1.2
<cpaelzer> ronator: which is the latest update and has the CVE listed in the changelog
<cpaelzer> ronator: https://launchpad.net/ubuntu/+source/memcached/1.4.25-2ubuntu1.2
<cpaelzer> ronator: glad I could help
<ronator> ah i see .25 is the patched version
<cpaelzer> ronator: as it is a released version the fix will go in as SRU, so it will stay 1.4.25-2 in your case but got a .2 at the end for this update
<ronator> okay, i was confused because i read version > 1.4.31 is patched but I tend to forget that canonicals folows a different numbering scheme ;-) thx again
<ronator> cpaelzer: yes, I see that now
<cpaelzer> ronator: see here if you want to learn more https://wiki.ubuntu.com/StableReleaseUpdates
<ronator> cpaelzer: thx - will do (have to) :)
<hypermist> error'd out when it was installing the kernel cpaelzer so maybe thats got something to do with it ?
<cpaelzer> hypermist: yeah that should be almost 100% related
<hypermist> fresh iso download too haha
<hypermist> :(
<hypermist> my life today has been so far a fail
<hypermist> should i just redownload ?
<cpaelzer> hypermist: the chance that this is a broken iso by the download is almost 0%, in any case just check the checksum
<cpaelzer> hypermist: more likely some sort of incompatibility/issue with your HW
<hypermist> its an amd apu
<ronator> cpaelzer: "Regarding Dirty Cow": From the nice website you sent, I can find this info for fixed version: Ubuntu 16.04 LTS (Xenial Xerus): released (4.4.0-45.66) - but the newest kernel I have on ubuntu (16) server is Version: 4.4.0.45.48 - does that mean they are vulnerable?
<ronator> (afk/brb/coffee)
<maxb> pet peeve: there is no such thing as Ubuntu 16
<maxb> there is 16.04 and 16.10 but these are no more closely related than consecutive versions that don't share a calendar year
<maxb> To answer the actual question, I can tell from the pattern of dots and dashes that you are comparing a linux-meta version with a linux version. They are different packages and the version numbers are not directly comparable
<ronator> i will read SRU now :D
<maxb> https://www.ubuntu.com/usn/usn-3106-1/the package names you should be looking at are the ones in the USN : https://www.ubuntu.com/usn/usn-3106-1/
<maxb> ugh, weird paste, but you get the idea
<hypermist> tried 16.04 also no kernel install error just wont install packages cpaelzer ;(
<ronator> what does "DNE" mean in context of security cve patches?
<cpaelzer> ronator: 4.4.0-45.66 is latest and available to my machine - maybe just an apt update away?
<hypermist> So what can i do about that haha :(
<cpaelzer> hypermist: from the given info it is hard to recommend more
<hypermist> yea it's sort of like why does freebsd based OS's install fine xD
<cpaelzer> hypermist: on install issues it can be hard to share screen and logs, but often you can use the console fallback for that
<hypermist> i just have no idea why its failing. considering any other os i've installed has never done that haha :D
<ronator> cpaelzer: I did a dist-ugrade right before, that's why I went to check with the cve page ...
<ronator> cpaelzer: what could be the reason for our difference in kernel versions?
<cpaelzer> ronator: are you behind an apt mirror that isn't updated?
<ronator> (basic ubuntu 16 installation from iso, no repos removed) - no I use the usual repos, e.g. I see this OK:2 http://security.ubuntu.com/ubuntu xenial-security InRelease
<ronator> and the german archive repos
<cpaelzer> ronator: https://launchpad.net/ubuntu/+source/linux/4.4.0-45.66 here you see it was published on 20th October
<ronator> I do believe you
<cpaelzer> let me check this more in detail for you
<ronator> cpaelzer: I am sorry, I am really confused, so I really do appreciate your help. If I do "aptitude show linux-image-generic" it show me "Version: 4.4.0.45.48". The server is located is Germany.
<cpaelzer> ronator: be careful with the various linux-* package names - I often run into that as well
<cpaelzer> ronator: what does apt-cache policy linux-image-4.4.0-45-generic tell you?
<ronator> oh :)
<ronator> cpaelzer: you are the man: Installed: 4.4.0-45.66
<cpaelzer> so I it should be
<ronator> bad aptitude :)
<ronator> cpaelzer: I guess I learned sth. - thx
<cpaelzer> ronator: and for even more security please check out http://blog.dustinkirkland.com/2016/10/canonical-livepatch.html
<ronator> yeah, I read sth that ubuntu also wants to offer kernel-live patching. thx, will read.
<SipriusPT_> hello guys
<cpaelzer> hi SipriusPT_
<SipriusPT_> I am in a big trouble trying do config my mail server to receive mails
<SipriusPT_> i have wasted a lot of time trying to set this up but still no success
<SipriusPT_> https://ubuntuforums.org/showthread.php?t=2342513
<SipriusPT_> dont know if you can help me =/
<SipriusPT_> i have created a tread in ubuntuforuns
<SipriusPT_> with all the data, if you could help me and need more info i can provide without problem
<SipriusPT_> P.S. is my first time trying to set a mail server
<cpaelzer> SipriusPT_: from reading tzhat a bit this is more on port forwarding and such than mail
<cpaelzer> SipriusPT_: right?
<cpaelzer> SipriusPT_: as your issue still is that you can't connect at all, not that any part of the mail setup fails
<cpaelzer> SipriusPT_: if I read that correctly you have no smtp port bound right?
<cpaelzer> SipriusPT_: e.g. no 25
<cpaelzer> SipriusPT_: I can't parse and validate all of your config, but you should focus on getting something bound to a port serving smtp
<cpaelzer> SipriusPT_: all the forwarding and such comes later
<cpaelzer> as long as your check for e.g. port 25 or equiv shows nothing something is missing
<cpaelzer> SipriusPT_: check this for testing (as you did) but also log files https://help.ubuntu.com/lts/serverguide/postfix.html#postfix-testing
<SipriusPT_> but i have my server in DMZ
<SipriusPT_> i already made a ping to SMTP and IMAP ports from a outside web site
<SipriusPT_> and those are all open
<cpaelzer> SipriusPT_: you reported this as empty netstat -tnlp tcp | grep '\.25 '
<cpaelzer> so nothing can connect to ..:25
<SipriusPT_> ah yes that is from the service
<SipriusPT_> ah yes
<SipriusPT_> you are right i used the wrong dns name when was doing ping
<SipriusPT_> with the right one i got all of them closed
<SipriusPT_> just the 80 is open as expected i have a web service there
<cpaelzer> SipriusPT_: so you can reiterate locally with your mail server setup until you can LOCALLY connect to :25
<cpaelzer> SipriusPT_: then and only then you enter the domain of all the forwarding, maybe MX dns entries and such stuff
<SipriusPT_> cpaelzer i will come back in a hour, thanks in advance for the help!
<cpaelzer> bzr is a memory hog :-/
<rbasak> cpaelzer: thank you for the review!
<rbasak> cpaelzer: I am setting self.running = False on close.
<cpaelzer> rbasak: maybe it was not part of the same commit where I thought it was missing
 * cpaelzer is checkking full diff
<cpaelzer> rbasak: yeah I see
<cpaelzer> rbasak: the good part is that my assumption was right, the bad part that I missed to read that you have already done it
<rbasak> cpaelzer: good to know you're reviewing properly. Thanks :)
<rbasak> (rather than saying +1 without checking for things like that!)
<rbasak> Hmm. I didn't provide a changelog entry in my MP.
 * rbasak adds a commit for that
<rbasak> cpaelzer: I added strongswan FTBFS in Xenial (bug 1592706) to our backlog. Rationale is that it blocks any SRUs or security updates, so we should prioritise fixing it.
<ubottu> bug 1592706 in strongswan (Ubuntu) "strongswan fails to build in xenial on amd64 (test timeouts)" [High,Confirmed] https://launchpad.net/bugs/1592706
<cpaelzer> rbasak: yeah that is correct
<cpaelzer> rbasak: I already added a backtrace as I think I was able to hit it on a local build
<cpaelzer> rbasak: but it is in no way a blocker
<cpaelzer> rbasak: it is an unwelcome but transient error
<cpaelzer> rbasak: did you pick that up triaging yesterdays updates?
<rbasak> Ah, only transient? That's not so bad.
<rbasak> Yes, I'm triaging yesterday's bug updates today.
<cpaelzer> rbasak:  I can't speak on the "transitivity" of the LP builders, but for me it was one of about nine builds
<SipriusPT_> cpaelzer are you there?
<cpaelzer> SipriusPT_: busy as always but here
<cpaelzer> SipriusPT_: and I'm not the #1 postfix expert, so you don't need me in particular :-)
<SipriusPT_> but i really dont know where the problem is because i can send and receive mail internally
<SipriusPT_> with local accounts
<SipriusPT_> at least with mail clients through local host
<cpaelzer> SipriusPT_: well they might not really use smtp
<cpaelzer> SipriusPT_: does your host now bind one of the smtp ports?
<SipriusPT_> i have config those users to connect through smtp port
<SipriusPT_> i will show you
<SipriusPT_> internally with a mail client
<SipriusPT_> http://prntscr.com/d4n6yj
<SipriusPT_> my web mail service is also connected through IMAP and SMTP
<SipriusPT_> both clients are connected the same way
<SipriusPT_> but till now i am just testing this in localhost
<SipriusPT_> i have not tried to use mail app on other pc in this network
<SipriusPT_> but i am able to login in my web mail service everywhere and send mails to inside or outside email domains
<cpaelzer> SipriusPT_: I don't mind the other tests as they could use whatever connection I don't know about
<cpaelzer> SipriusPT_: but since you fail to connect to port 25 from the outside as your initial issue
<cpaelzer> SipriusPT_: does netstat other than before now report any of the smtp ports as open?
<zul> coreycb: heylo....python-tempest is broken im looking at it right now
<SipriusPT_> cpaelzer: nop, nothing at 25, 2525, 465
<SipriusPT_> with netstat
<SipriusPT_> when i do telnet to the DNS name pointed to my external IP
<cpaelzer> SipriusPT_: the I think your setup is still not complete
<SipriusPT_> i got connection refuse
<cpaelzer> SipriusPT_: sorry my lack of mail server expertise prevents me from suggesting more - but if your test is to connect to port 25 there has to be something binding that port
<SipriusPT_> it is possible
<SipriusPT_> all that i could do in my ISP, who is pointing a MX record to this server
<SipriusPT_> and if i have not receive anything it could be something missing in postfix
<SipriusPT_> but i have search a lot and all that i can find seems very simple and i already did that =/ it is more easier to receive then send
<SipriusPT_> from what i have saw of configs
<SipriusPT_> but thank you very much cpaelzer, at least you try!
<teward> I've gotta ask - is your mail server at your home (residential) network on a non-static IP?
<cpaelzer> SipriusPT_: yeah, sorry - I hope you find one with more postfixiness
<teward> SipriusPT_: I've gotta ask - is your mail server at your home (residential) network on a non-static IP?
<SipriusPT_> those guys dont help easelly
<SipriusPT_> it is in an office, and right now just for test i have used a dynamic IP (that looks almost static 2 weeks in a row without change), associated with a DNS name with reverse DNS
<rbasak> teward: o/
<SipriusPT_> i will have to add a static IP soon
<rbasak> teward: so we have a renewed effort to triage bugs on the Canonical server team. We have a schedule and have been able to look at all server bugs touched since August 8th so far.
<rbasak> teward: what should we do with nginx bugs? For example, bug 1639814. I realised that your schedule probably means that you won't have had a chance to look yet, which is fine.
<ubottu> bug 1639814 in nginx (Ubuntu) "nginx package upgrade on ubuntu 14.04 rewrites ssl config" [Undecided,New] https://launchpad.net/bugs/1639814
<teward> rbasak: that ones' tricky
<rbasak> teward: the trouble is that with our process, we have one opportunity to see it, and if I ignore it now we won't see it again unless it gets touched again.
<teward> rbasak: because that's apt weirdness - ideally apt isn't going to overwrite configs
<teward> but it is doing that
<rbasak> teward: so in the general case, should I leave all nginx bugs to you unless you flag them up?
<teward> rbasak: yeah, unless it's Security related in which case also ping the SEcurity team
<teward> which is standard process
<rbasak> OK
<teward> rbasak: i get all the nginx bug notices as they come in
<teward> to two emails
<rbasak> For this bug, apt surely isn't touching those files - it can only happen through postinsts.
<teward> rbasak: yeah the trouble is i've tried shoring up the postinsts in the past...
<teward> and gotten NACKs
<teward> (for the "code loss" bugs)
<rbasak> Handling files in /etc is pretty messy due to the policy of "don't mess with users' local changes".
<rbasak> That makes it hard.
<rbasak> Making modifications is permitted (seddery) but can lead to conffile prompts, which is also bad.
<teward> rbasak: so i'm stuck between the two evils: (1) don't radically change the structure of the postinst, and (2) add changes that only fix the specific issue
<teward> rbasak: the *other* problem:
<teward> i haven't been able to reproduce
<teward> not even with automated Landscape isntallations of the package code
<teward> it's on my radar to look at
<teward> the merge from Debian is higher on my radar though if only because that needs to land before OpenSSL 1.1.0 ever doews
<rbasak> Does Debian's packaging have this bug too?
<teward> rbasak: if it does, I haven't seen it reported, but they're also at 1.6.x which is at least a year newer than Trusty
<rbasak> OK
<rbasak> Let me know if you need any help when you get to it.
<rbasak> Thank you for working on these!
<teward> rbasak: my pleasure!  Note that i'm also still handling the evils of the recent security fix
<teward> (I'll blurb on it during the server team meeting, provided i'm not dragged through oblivion today)
<rbasak> Noted. I appreciate not having to worry about it :)
<teward> rbasak: it may not get rapid-fixes for complex issues, but you can see how some bugs have been filed and rapidly closed by me as not a bug.
<teward> so i do see them.
<teward> response time is dependent on my work and study schedules
<teward> and complexity
<rbasak> Sure. I have no problem with your response time. Also happy to back you up as needed. Just need to make sure our processes don't clash.
<ronator> "Canonical is providing the Canonical Livepatch Service to community users of Ubuntu, at no charge for up to 3 machines." That's ridiculous - but typical. (Just my comment, no offense.)
<teward> rbasak: Security issues get forwarded up to the SEcurity team, though i've ended up being the point-of-contact at times to relay
<teward> almost same-day
<teward> though as we all know the SEcurity team is amazing at those thigns
<teward> rbasak: no clash on the processes, though it doesn't hurt to prod me if you're unsure
<teward> email is faster than IRC though, teward AT ubuntu
<rbasak> OK
<teward> rbasak: wrt that bug, are we 100% certain apt isn't touching? the 'default' config file is in the .install file not the postinst...
<rbasak> Have you been able to reproduce, or do we just have one reporter claiming it?
<rbasak> It wouldn't be apt, it'd be dpkg.
<rbasak> And if using a modern dpkg-source (IIRC, or is it debhelper?), then anything from a .install file to go into /etc will be automatically marked a conffile, and result in a conffile prompt over overriding a user's changes.
<teward> rbasak: i've only seen the one person report
<teward> otherwise i'd have dupe-reported
<rbasak> Then it might be Invalid.
<teward> s/reported/linked/
<rbasak> I'm only speculating of course based on what's common. I haven't actually looked.
<teward> rbasak: i'm in the process of repairing one of my testing servers, happy to nuke/rebuild/nuke/rebuild to try and reproduce
<rbasak> Thanks
<teward> but i'd need a copy of their configs they had to try and 'test' with
<rbasak> Also you can do it in a container pretty easily.
<rbasak> lxc launch ubuntu:trusty foo
<rbasak> lxc exec foo bash
<teward> rbasak: fun fact: you're right, but I already have a Trusty VM I use for full testing
<rbasak> OK :)
<teward> rbasak: also, Trusty != Xenial, it doesn't like me with lxc on this system
<teward> rbasak: also, when doing QA testing, the VM allow for full install tests - another reasons I'm in the "VMs > LXC Containers for Testing" niche :)
<teward> oop that reminds me, I need to renew my Landscape licenses...
<rbasak> IMHO, containers are good enough for most packages. Except for some packages that it isn't.
<teward> rbasak: indeed.  But if i have the servers running as test servers to test different things (INCLUDING bad SSL config testing heh), why not use it :)
<rbasak> Containers tend to be a little quicker :)
<teward> :)
<teward> back in a moment, VPN tunnel construction in progress
<coreycb> zul, ok I uploaded a new version of tempest yesterday
<zul> coreycb: just uploaded a fixed version
<zul> <-- ninja
<coreycb> zul, cool
<rbasak> cpaelzer: the dovecot dep8 test is still failing :-(
<cpaelzer> rbasak: but it is failing much nicer now
<rbasak> Interesting though. Different failure.
<rbasak> Yeah
<rbasak> I wonder if that's because the Python 3 imap library produces better (more helpful) exceptions.
 * rbasak requests a retest to see if the results change
<coreycb> jamespage, when you get a chance can you promote python-glance-store and mistral from newton-staging -> newton-proposed?  also could use a flush of mitaka-staging -> mitaka-proposed for openstack-trove, mistral, and python-django.
<rbasak> cpaelzer: it passed on retry.
<coreycb> jamespage, also python-novaclient is ready to promote to mitaka-updates
<coreycb> jamespage, and one more, python-pylxd 2.0.5 is ready to promote to mitaka-updates
<jamespage> coreycb, looking now
<jamespage> coreycb, ok shoved the proposed updates for novaclient and pylxd to updates
<jamespage> flushing staging -> proposed now
<jamespage> coreycb, it would be good to get that lot tested and out of the door
<jamespage> there is some ceph stuff in that to
<coreycb> jamespage, thanks. I'll get testing going on those.
<zul> coreycb: monasca-statsd with proper license has been packaged i uploaded it to the archive and put it in the ppa for now
<coreycb> zul, awesome thanks
<coreycb> zul, can you push to lp:~ubuntu-server-dev?
<zul> coreycb: doing it now
<coreycb> zul, thanks
<sikun> anyone familiar with Ubuntu OpenStack?
<sikun> in a production environment
<SipriusPT_> any expert at postfix here?
<joelio> sikun: any specific question?
<sikun> joelio, I guess just a couple broad questions
<sikun> more so on possibly building an OpenStack cluster for a production environment
<SipriusPT_> well if anyone here have set a postfix server to receive mail from outside please check this tread:
<SipriusPT_> http://www.linuxforums.org/forum/servers/208607-not-receiving-mail-postfix-external-server-post983645.html?highlight=#post983645
<sikun> The Ubuntu O/S site says a requirement of 5 servers with two disks, two with 2x NICs, I'm guessing the two servers with the drives would just be iSCSI storage targets for the VMs?
<rbasak> SipriusPT_: I suggest that you summarise the question here. Many able and willing people won't bother to follow your link.
<sikun> and the other three along with those two would be compute nodes
<SipriusPT_> ok rbasak thanks i will post here
<coreycb> jamespage, pthon-pytest has some pypy dependencies, so I think i'll drop those via ca-patches vs backporting them if you are ok with that
<SipriusPT_> i am unable to receive mail with my postfix, i can only send to inside and outside domains, and cannot receive from outside or even from my ISP mail server
<SipriusPT_> I am trying to do a middle mail server between group of people and my ISP mail server
<SipriusPT_> till now i am only able to send from multi local users to multi external users created at my ISP mail server
<SipriusPT_> in my ISP mail server i have set a MX record to my public IP
<SipriusPT_> right now is a dynamic but its pretty stable for testing
<SipriusPT_> i have a DNS name pointed to that IP, with reverse DNS
<SipriusPT_> i was able to telnet port 25 locally and then notice that i was unable to telnet to that port externally
<joelio> sikun: it depends on what storage backend you chose. You could use local storage or shared storage. Obviously shared storage requires additional nodes, setup etc for the target type (iscsi, ceph etc) but provides true migration capabilities
<teward> SipriusPT_: i would keep in mind a lot of 'dynamic IPs' are in mail blacklists
<SipriusPT_> so i add it for port forwarding to an expecific external IP but i didnt receive any mail and no socket was open to that port as i have saw in netstat
<sikun> joelio, preferably I would like to go with local storage.
<sikun> Wondering if 5 nodes is truly necessary
<SipriusPT_> i know teward but i have check this on before i use it and was just blacklisted in one of a big list
<SipriusPT_> right now i have no idea on what is doing this
<joelio> sikun: no, if you're testing you can run a single node with the service on.. multinode I'd go for 3 at least
<joelio> but it depends on your requirements really..
<sikun> I suppose I could just install Ubuntu and the KVM packages and just run it w/o OpenStack but I guess I'm trying to "sell" it as a benefit if we did a full on OpenStack cluster
<SipriusPT_> it could be from my IP provider? that is blocking this kind of services?
<sikun> joelio, I need to condense three 12 year old servers running CentOS 5.? which are the current KVM hosts
<sikun> they are going to die soon I just know it, but... I don't want to setup new servers to migrate what's on the VMs as they are all so horribly outdated I just want to move the VMs themselves to a new host
<teward> SipriusPT_: most residential ISPs block mail server ports
<sikun> As I said in my meeting the other day... Who knows if a freaking butterfly in China is going to flap its wings and I loose 2 of the three KVM hosts due to hardware failure
<teward> SipriusPT_: if you're on a dynamic IP host, and it's not a business class connection and is residential class, it's likely being blocked at ingress by the ISP
<sikun> lol, just as long as I can keep them running for 2 more years tops... that is all I need.
<SipriusPT_> as i suspect
<SipriusPT_> i was just counting with the blacklist part of this dynamic IP
<teward> there's also port forwarding that has to be done as well at the NAT level at your connection, but SMTP is probably being blocked
<SipriusPT_> i am able to send mails from my local server to my ISP mail server and even do SMTP auth
<SipriusPT_> but receiving it is showing to be a pain in the a**
<teward> SipriusPT_: SMTP outbound is usually not filtered, it's inbound that's usually the problem
<teward> as I said before, ISPs of a residential grade usually don't allow SMTP mail servers on their network for receiving
<SipriusPT_> ok ok teward thanks a lot!
<teward> some might, but you'd have to check with that ISP
<SipriusPT_> this could be a noob problem but it is my first time doing it
<joelio> sikun: well you could just got native KVM, but you lose all the functionality that openstack provides, API's, Tennencies etc. It entirely depends on your requirements, if you don't need that stuff then maybe just vanilla KVM is fine. If you decide to do anything 'at scale' as it were, you may find openstack (or any other cloud orchestration) a better fit
<joelio> there can be quite a lot to take on board when first approaching openstack, I'd recommend looking at devstack first perhaps, get the feel for it (devstack is a cloud in a vagrant vm essentially).
<joelio> if it's too much and time pressing, then you know early on at least, in terms of workload required to bootstrap it all
<sikun> oh nice
<sikun> yeah, I just have to somehow convince 4 people that Ubuntu/Debian is a very reliable production worth OS...
<sikun> worthy**
<joelio> Well, we run ubuntu here for pretty much everything (not that that counts for much) - this may count more - http://www.zdnet.com/article/ubuntu-linux-continues-to-dominate-openstack-and-other-clouds/
<sikun> awesome, it's current too
<sikun> I've ran Debian/Ubuntu for years, in production, dev, personal.
<sikun> I'm now in a BSD environment
<sikun> where it is either OpenBSD or FreeBSD, and never is the OS that was chosen actually the proper choice of OS for the situation.
<joelio> Hey, got nothing wrong with BSD.. just tooling different (although bhybe etc is pretty awesome!)
<joelio> *bhyve
<station> dose nfs-kernel-server replace the kernel or is it a module?
<joelio> sikun: VMM on OpenBSD looks promising too, just they don't support any other OS guests yet
<sikun> I'd be more apt to use VMM on FreeBSD than OpenBSD
<sikun> OBSD is just lacking too much in driver support in my opinion
<rbasak> mysql-5.7 migrated \o/
<hallyn> cpaelzer: new qemu v2.7 hit debian :)
<jgrimm> hallyn, cool
<zul> coreycb: vmware-nsx needs vmware-nsxlib now :(
<coreycb> zul, yeah, saw that
<zul> coreycb: on it
<coreycb> zul, thanks. good news is we don't need to get it into main.
<jge> hey all, trying to install libcrypt-ssleay-perl on ubuntu 14.04 but it says is not available, bit reffered to by another package (this may mean that the package is missing, has been obsoleted, or..)
<sarnold> ssleay was renamed to openssl in 1998
<jge> woah
<jge> so why does it still show as ssleay here http://packages.ubuntu.com/trusty/libcrypt-ssleay-perl
<sarnold> wow, it's still packaged? o_O crazy
<sarnold> jge: maybe you don't have the 'universe' pocket of the repository enabled?
<jge> yeah that could be it, let me check
<jge> that was it, thx sarnold rbasak
<jge> ignore rbasak (keyboard lag) ;)
<kukuruzo> Hi friends. I'm new to linux servers and now choosing distribution for deployment. There is a choise between centos and ubuntu. I like ubuntu, centos seems to conservative for me. But lookin for documentation, i have a question - can you recomended some books or other literature about ubuntu server? Centos = RHEL, and red hat has a dozen manuals at docs.redhat.com. Oficial ubuntu server manual is very short, and don't answers
<nacc> kukuruzo: serverguide maybe?
<kukuruzo> is too easy and short
<Pici> kukuruzo: Whats missing?
<nacc> kukuruzo: are you sure you're not confusing the manual with serverguide? https://help.ubuntu.com/lts/serverguide/
<kukuruzo> For example it's don't answers question about apparmor in ubuntu. RH has a lot of docs about selinux. Seems ubuntu supports SElinux, but in server guide are few words about apparmor, and links to novell site.
<kukuruzo> nacc - yep i'm sure
<kukuruzo> for example - about app armor said "This section is plagued by a bug ( LP #1304134 7 ) and instructions will not work as advertised."
<ubottu> Launchpad bug 1378095 in apparmor (Ubuntu) "duplicate for #1304134 aa-complain traceback when marking multiple profiles" [High,Fix released] https://launchpad.net/bugs/1378095
<nacc> kukuruzo: and that bug is fixed
<kukuruzo> but when i read this bugreport - it's from 2014 - is it fixed?
<nacc> kukuruzo: it says "fix released"...
<kukuruzo> if yes - why there is annotation in manual to 16.04 server version from 2016?
<nacc> kukuruzo: also, if you follow the links from the serverguide, you eventually get to https://wiki.ubuntu.com/AppArmor
<nacc> kukuruzo: feel free to send a patch, if you test that it's fixed in 16.04
<sarnold> heh, an example profile from 9.04. Ouch.
<sarnold> so little time..
<nacc> kukuruzo: yeah, those sections probably need some love :)
<kukuruzo> nacc: yep - need some work =)
<kukuruzo> why ubuntu uses apparmor? seems a lot of people talking that selinux is more secure and more actual. apparmor is novell child, and suse linux is not in good shape now i think.
<nacc> kukuruzo: that's a fair amount of opinion
<kukuruzo> anyway not too much information about using services in ubuntu server - very few words about apache, links to "necro" books from oreilly (http://shop.oreilly.com/product/9780596001919.do - i think this is not best book about todau apache), nothing about nginx, very strange
<kukuruzo> it will be very good if ubuntu server sometime will get something like this - https://access.redhat.com/documentation/en/
<nacc> kukuruzo: it's open source, feel free to contribute...
<kukuruzo> before contribute i need to learn somewhere and something about using ubuntu-server
<kukuruzo> i think official documentation is way to go
<kukuruzo> but ubuntu docs are not complete and sometimes outdated
<kukuruzo> loiking on amazin gives a lot of "begginers guide", but i'm not absolutely beginner, but need a good docs to start
<kukuruzo> looking*
<kukuruzo> o found a very good video lessons from Sander van Vugt - but his ubuntu manual is very outdated, all new lessons are about red hat
<kukuruzo> is there somesing like Sander van Vugt lessons but about ubuntu?
<nacc> kukuruzo: what more do you specifically need to see about apache than what is at: https://help.ubuntu.com/lts/serverguide/httpd.html
<SimonKLB> hey, trying to run openstack on lxd using conjure-up but im getting: cannot start instance for machine "0": Missing parent 'conjureup0' for nic 'eth1'
<SimonKLB> is conjureup supposed to setup a network dev or cant it be specified by the user or something?
<SimonKLB> nvm, just had to run: systemctl start conjure-up
<metaf5_> I'm using AWS EC2 and I'm trying to switch my base AMI from Ubuntu's official 14.04 to 16.04.  However, when I use my identical provisioning scripts the user-data script doesn't run in 16.04.  Does anyone have a suggestion for things to check?
<metaf5_> I see the script in /var/lib/instance/cloud/user-data.txt, so it's definitely still getting onto the machine correctly.
<rharper> metaf5_: /var/log/cloud-init.log and /var/log/cloud-init-output.log should have some info;  ideally compare those from 14.04 to 16.04
<rharper> metaf5_: 16.04 uses systemd, so depending on what your script does, maybe it ran but didn't have the same effect w.r.t services and such;
<metaf5_> rharper: I already looked at these, but I didn't see anything about "user data" in cloud-init-output.log (nor the output from my very simple script).
<metaf5_> Interestingly though, in cloud-init.log I see it say something about looking at /var/lib/cloud/seed/nocloud/user-data, which doesn't exist.
<metaf5_> Is there some bad configuration that has it looking there instead of /var/lib/cloud/instance ?
<metaf5_> I also see "Failed to get raw userdata in module rightscale_userdata" at one point.
<rharper> metaf5_: -output captures stderr/stdout from things run via user-data hooks like run_cmd or bootcmd
<rharper> nocloud is searched for seeds built into the image (there are no such dirs in the cloud image by default) so that's just noise
<rharper> I suspect your provising script is included in your user-data as a runcmd or bootcmd?  if so, if it produces any stdout or stderr, that would be captured in the -output.log file
<rharper> metaf5_: are you using rightscale config module in your user-data ?
<metaf5_> I don't know what that is, I was just dumbly looking for things that said "user" in them :)
<metaf5_> My user data script is just a "#!/bin/bash ..." base64 encoded.
<metaf5_> I can see from the user-data.txt file that it's decoded successfully.
<rharper> you can try to run that by hand
<rharper> to debug
<rharper> what config keys are in your user-data ? writefiles and runcmd ?
<metaf5_> Works fine running user-data.txt manually.
<metaf5_> And like I said, it's just a shebang'd bash script which the documentation claims should work.
<metaf5_> And I can confirm that -output.log doesn't have output from my script.
<metaf5_> Just in case I'm really stupid - is there an extra systemd unit I have to enable to get user-data scripts to run?
<rharper> no
<rharper> metaf5_: like this? http://cloudinit.readthedocs.io/en/latest/topics/format.html#user-data-script
<metaf5_> Precisely.  And to re-iterate, it worked just fine on 14.04 and it doesn't seem to be an issue with the script's contents.
<rharper> k, testing here too
<rharper> that's worth fileing a bug; if you can easily, test with the example script in the docs
<rharper> that writes out to a file which should confirm that it's getting executed properly
<metaf5_> So do you suspect that the "base64+shebang'd script" is the problem?
<rharper> I dunno
<rharper> the plain-text script is working for me
<rharper> in latest xenial image (openstack cloud not ec2, but I the cloud-init code is the same level)
<rharper> I'll try base-64'ing it
<metaf5_> I'll try plaintexting my same script via the EC2 console and see if that works...
<rharper> metaf5_: it appears that b64'ed script fails in 16.04; testing in trusty now
<rharper> I just base64  < user-data-script > uds.b64 and passed that instead
<metaf5_> Hrm.  The sample script from the doc also fails on AWS EC2 if I paste it into their user-data textbox.
<metaf5_> But I am suspcious that their console's text-box is actually B64ing it
<metaf5_> Because in the "review intance before launching" page it's displayed as b64....
<rharper> it fails in trusty too, it needs to be a multi-part mime message with type x/shell-script
<rharper> trusty warns with: 2016-11-08 22:04:39,059 - __init__.py[WARNING]: Unhandled non-multipart (text/x-not-multipart) userdata: 'IyEvYmluL3NoCmVjaG8gIkhl...'
<rharper> hrm
<rharper> there's a  raw version of the user-data
<rharper> that'd be useful to see what it came over as (confirm they're sending it as multipart mime and using Content-Type: text/x-shellscrip
<metaf5_> I was doing everything the same way (b64+#!/bin/bash) in trusty and it was working fine for me.
<metaf5_> Only stopped working when I tried using xenial
<rharper>  sudo cat user-data.txt.i
<rharper> should show it as a multi-part message
<metaf5_> On the one where I pasted the example script into the console?
<metaf5_> I'll check
<rharper> yeah, and if we can see that the .i file is the same
<rharper> then we can blame cloud-init (I think)
<metaf5_> That .i file begins "Content-Type:multipart/mixed;"
<rharper> and what about the parts?
<rharper> is one of them x-shellscript ?
<metaf5_> http://pastebin.com/h5MrNsKk (tl;dr "yes")
<rharper> and does that show up in scripts/  at all ?
<metaf5_> Yep, part-001  But no /root/output.txt so I'm pretty sure it didn't run.
<rharper> interesting, and when we don;'t have it b64'ed, it runs
<rharper> at least it has for me, not sure how to make it not be b64'ed in ec2 via the console tool
<metaf5_> Oh is multipart/mixed what comes out out b64?
<rharper> metaf5_: do you have the /var/log/cloud-init.log for that example script run ?
<metaf5_> http://pastebin.com/h1zwBQtj
<metaf5_> I notice it mentions writing to user-data.txt{,.i} but doesn't seem to say anything about running it.
<rharper> metaf5_: so theres scripts/part-001 and it's executable?
<metaf5_> It's 0700
<metaf5_> Do user data scripts run as root?
<rharper> yes
<rharper> exec'ed by cloud-init running as root
<rharper> so my b64'ed script into the instance as user-data didn't translate, I suspect the console you have does it write if you have a file that 0700 and readable (and runnable)
<rharper> I'd be super surprised if the file is written out and marked executable but not run
<rharper> but the example test you did didn't write out /root/output.txt ? and cloud-init-output.log didn't have the "Hello World" line ?
<metaf5_> What do you mean didn't translate?  Didn't translate from b64->"multipart/mixed", or didn't translate from "multipart/mixed -> executable script"?
<metaf5_> And I can confirm that /var/lib/cloud/instances/scripts/part-001 is definitely 0700, contains the example script, and that there's no "Hello World" in -output.log, nor is there /root/output.txt
<rharper> metaf5_: ideally, the part-007 should look exactly like your input script
<metaf5_> it does
<metaf5_> Does it need a newline at the end?
<rharper> shouldn't
<rharper> metaf5_: I've got to drop for a bit; it smells like a bug, but I'm not quite sure why it would get written out correctly but not called
<rharper> so please do file a bug with your steps (against cloud-init) and we'll see if we can get it sorted out
<metaf5_> rharper: Will do, thanks for the help.  I'd have just assumed I was an idiot and never filed otherwise, haha.
<metaf5_> rharper: no rush to get back to me, but I believe we've jumped to false conclusions here.  I accidentally used *my* AMI (ubuntu with some provisioning already done).  When tested with stock (ami-40d28157) it seems to work from the AWS EC2 console.
<metaf5_> I'm investigating further right now, and have marked my bug report incomplete in the meantime in case it's erroneous.
#ubuntu-server 2016-11-09
<rharper> metaf5_: ok, cool
<metaf5_> Confirming that I'm actually an idiot.  Apparently cloud-init in 14.04 didn't care that I was capturing an AMI from a once-booted machine, and would happily run the user-data script, but I think in 16.04 the record of the previous boot persisted and makes it not run the once-only cloud-init user-data-script.
<metaf5_> Personally, I solved *my* problem by just adding "#cloud-boothook" to my script.
<metaf5_> It would be lovely if the documentation hinted at this fact though, as I imagine it's a common usecase to boot machines, provision them, capture AMIs, and then provide user-data when booting those AMIs for later configuration.
<metaf5_> I assume this is all expected behavior though.
<FarhaadN> hi ,i need create user for ssh ,i want this user access all linux except one directory
<FarhaadN> hi ,i need create user for ssh ,i want this user access all linux except one directory
<hateball> !acl
<hateball> bah
<FarhaadN> hi ,i need create user for ssh ,i want this user access all linux except one directory
<rbasak> cpaelzer: do you know about "git notes"?
<rbasak> They might be quite useful for your proposal.
<sat_> Hi! Does anyone here have experience with performance evaluation and tweaking of dm-cache?
<sat_> â  ~ sudo dmsetup message vg_cache-origin_device 0 sequential_threshold 128
<sat_> device-mapper: message ioctl on vg_cache-origin_device failed: Invalid argument
<sat_> Command failed
<sat_> I'm getting this so I can't make any changes to the default policy
<cpaelzer> rbasak: I don't but it sounds just right
 * cpaelzer reading
<sat_> cpaelzer: you mean the error message I'm getting sounds just right (ie., I'm requesting it wrong)? Or that my command sounds just right and it's strange I got the error message?
<cpaelzer> sat_: no I only referred to what rbasak said before
<sat_> cpaelzer: oh, sorry, right
<cpaelzer> sat_: but actually yours is interesting, reding that as well
<cpaelzer> rbasak: I like git notes, less explicit "merge-notes" than I thought but structured by design and with tool support
<cpaelzer> rbasak: thanks for pointing that out
<rbasak> cpaelzer: you can configure git to carry notes through rebases, and git log (and cgit) displays them. But they are tied to commits, rather than being an extra blank commit. We could attach a note to the commit that is tagged with the upload tag, however.
<rbasak> That way we can write up "upload notes".
<cpaelzer> rbasak: yeah
<rbasak> Or, we could use annotated upload tags, and put them in the annotation.
<rbasak> notes are "less attached" in the sense that they can be changed and removed at any time.
<rbasak> Tag annotations are more permanent.
<rbasak> So there are a few options.
<cpaelzer> rbasak: I'm updated my proposal, if you could add on "can configure git to carry notes through rebases" that would be great
<cpaelzer> rbasak: I'd also like the annotated upload tag
<cpaelzer> rbasak: actually I'm open to whatever carries that message as long as we have a defined way to store it
<cpaelzer> rbasak: bonus for any hardening to not get easily lost on rebases, merges and so on
<cpaelzer> sat_: I could only think of vg_cache-origin_device not being the right target
<cpaelzer> sat_: is that what you created with dmsetup create <hereisthisname> ... ?
<cpaelzer> sat_: but in general the tuning of dm_cache as nice as it is is also its weakness
<sat_> [69089.568011] device-mapper: cache: bad config value for random_threshold: 128
<sat_> this is what dmesg gives me
<cpaelzer> sat_: maybe value too small?
<cpaelzer> I need to check
<sat_> I created with lvcreate and lvconvert, that's the way I found on some web pages
<sat_> I just checked the source code - there's no sanity checking
<sat_> the only thing I can think of now is that the setup isn't as it should be
<cpaelzer> sat_: can you set values closer to the default like 512 or 1024 that way ?
<sat_> cpaelzer: same message - [69388.271654] device-mapper: cache: bad config value for sequential_threshold: 1024
<cpaelzer> sat_: hrm :-/
<cpaelzer> sat_: I must admit that the tunability of dm-cache is its power and its pain - I mostly seen people more happy with bcache
<sat_> so dm knows it's cache, it seems to be almost there... but it's not working
<sat_> bcache performance sux - I spent a week evaluating it in writeback mode
<cpaelzer> surely depends on the case, if it is not working for you ok
<sat_> just tried Intel CAS, it works beautifully, performance is great in writeback mode, but costs
<sat_> so wanted to see dm-cache
<sat_> bcache could be great as a read cache
<sat_> needs more work to be great as a write(back) cache
<cpaelzer> sat_: just checked but none of my HW around atm qualifies to try reproducing your case :-/
<sat_> (we're not so interested in the read-cache side)
<sat_> cpaelzer: meaning you don't have dm-cache setups?
<cpaelzer> sat_: not atm
<sat_> ok, I hope some good soul will join the discussion
<sat_> I'm not an IRC users normally - should I try to get attention from some other users here?
<sat_> IRC users -> IRC user
<sat_> cpaelzer, could you recommend someone?
<cpaelzer> sat_: if you happen to know people related you would highlight them - but I don't know who to recommend atm
<sat_> ok, great, thanks cpaelzer!
<cpaelzer> sat_: another way is to describe your case on askubunut - IMHO the community cares more there
<cpaelzer> sat_: while devs are more here
<cpaelzer> sat_: but that is only my personal view of things
<cpaelzer> sat_: if you could link a particular howto you found to be best to follow to set it up that would be nice if I or anybody else find some time to look at it
 * cpaelzer is loving performance stuff
<rbasak> nacc: how about s/Publish parent/Pocket parent/? More clear to those not familiar with the Launchpad API maybe?
 * rbasak isn't sure.
<rbasak> Though pockets don't have a meaning in Debian. Perhaps "Series"?
<rbasak> "Series parent"
<rbasak> Also, if following git convention, something like "Importer-Series-Parent: ..."?
<rbasak> And "Importer-Changelog-Parent:"
<rbasak> Or in fact, non-capitalised "Importer-series-parent: ..." etc.
<rbasak> Whatever makes sense in the git world :)
<rbasak> Finally, if doing that, how about "LP: #XXX" if bugs were fixed, parsed from the changelog?
<rbasak> (must use the standard parser of course, etc)
<cpaelzer> rbasak: is the LP: XXX idea to spread tags accordingly on import?
<rbasak> cpaelzer: I'm not sure what you mean by "spread tags". I just mean to put the references in the commit messages if we know about them. That's a standard format we're using in MPs for buglinks, too.
<cpaelzer> rbasak: ah in the commit message, ok
<cpaelzer> rbasak: with "spread" I meant to add a tag like release-lp-#### on a commit fixing a bug
<rbasak> Oh, I see.
<rbasak> No, I wasn't suggesting that.
<cpaelzer> ok
<cpaelzer> I'm good reading the changelog and picking the right import
<sat_> cpaelzer: Here's the easiest dm-cache setup guide I found: https://videos.cdn.redhat.com/summit2015/presentations/17856_getting-the-most-out-of-your-nvme-ssd.pdf
<rbasak> I don't have a good use case for the LP: #XXX suggestion. I just thought it'd be nice to be consistent with what Launchpad reads later.
<rbasak> As the metadata is there. Though only sort of - it can be inferred from debian/changelog, but really it's in the changes file which I'm not sure we have.
<cpaelzer> sat_: thanks - I hope to find some time later one
<cpaelzer> -e
<macskay_> hi guys, i got a postfix server running on my ubuntu server. now whenever a new mail arrives in a mailbox i want a notification in my terminal the next time i enter a command, how can I achieve that?
<macskay_> the "you have new mail" message is not triggering even if i have new mail
<macskay_> only when relogging the "you have new mail" appears
<TJ-> macskay_: you'd need to add a dynamic command into the bash PS1 prompt I think
<jophish> hi all
<TJ-> Note: user in #ubuntu jophish has discovered 16.10 server amd64 installer is misisng the iwlmvm kernel module
<jophish> The iwlmvm module doesn't seem to be on the disk for server-16.10-x86_64
<TJ-> snap :)
<jophish> :)
<jophish> Is there something I can do to workaround this for the time being?
<TJ-> jophish: you could copy the module over from a USB device from the desktop install, as a workaround, if it is needed right now
<jophish> into /lib/modules/4...generic?
<TJ-> jophish: yes, then do "depmod" to refresh the dependency list before using modprobe again
<zul> coreycb: i dont know if you knew about this https://wiki.debian.org/Python/LibraryStyleGuide
<jophish> TJ-: will I have to run depmod after booting the live disk?
<coreycb> zul, i think i've seen it but could always use a refresher, thanks
<TJ-> jophish: I've been assuming you currently have a root shell on the server installer. in which case you can copy it from a (mounted) USB device - even from the ISO image - and do it all without any rebooting
<zul> coreycb: i got new releases
<coreycb> zul, new dependencies?
<jophish> TJ-: I've only got one usb drive with me at the moment
<jophish> so I'm going to copy it on from another machine
<TJ-> jophish: ahhh, I see. OK, well you know what you need so shout me if you need further suggestions
<jophish> Thanks a lot for all the help TJ-, I'll let you know how it goes
<zul> coreycb: newer sarahaclient
<coreycb> zul, ok thanks
<jophish> TJ-: loading iwlmvm leads to a who bunch of unknown symbols, ieee80211...
<jophish> I've noticed that kernel/drivers/net/wireless is absent entirely
<jophish> I guess it's not often that people install ubuntu server on a wireless only machine
<TJ-> jophish: missing symbols mean you have the module from a different version of the kernel
<TJ-> jophish: you need to ensure they're exactly the same. tell me what "uname -r" reports on the server installer and I'll find you a link to the file you need
<jophish> TJ-: 4.8.0.22-generic
<jophish> I copied them from the 4.8.0.22-generic directory on the ubuntu desktop 16.10 iso
<jophish> it*
<TJ-> jophish: in which case the symbols would match :s
<jophish> TJ-: I tried again but this time I copied the whole wireless directory
<jophish> only two missing symbols now: ieee80211_channel_to_frequency and ieee80211_hdrlen
<Odd_Bloke> TJ-: jophish: Wouldn't it make more sense to install the package that contains the wifi drivers?
<TJ-> the files would be from/put in "/lib/modules/$(uname -r)/kernel/drivers/net/wireless/intel/iwlwifi/" including the ./mvm/ sub-dir
<TJ-> Odd_Bloke: it's the 16.10 server installer itself, so limited environment and no network right now
<Odd_Bloke> TJ-: Sure, but you're getting files on there somehow.
<TJ-> Odd_Bloke: installer kernel is missing the iwlmvm.ko module
<jophish> Odd_Bloke: there isn't dpkg there
<Odd_Bloke> Oh, well, that's a good argument then. :)
<TJ-> Odd_Bloke:  :~)
<TJ-> jophish: the donor is the same arch (amd64), yes?
<jophish> yup
<jophish> TJ-: to be clear, I got lots of unknown symbols when I had just copied the iwlmvm.ko driver, but many fewer unknown symbols when copying the whole 'wireless' directry
<jophish> could I just need to copy some more?
<TJ-> jophish: unknown symbols really does mean the kernel versions are different. REMEMBER the *installers* kernel version isn't necessarily the same one as is being installed (at least I recall being caught out like that once!)
<TJ-> jophish: so ensure it is correct in a root shell of the installer with "uname -r"
<TJ-> jophish: sometimes the installer has an older point release than the one being installed (due to updated ISOs)
<jophish> TJ-: that must have been it
<jophish> perhaps it's by design that there are no wireless drivers on the server iso
<TJ-> jophish: no, they are there, you had iwlwifi loaded, but its' sub-module iwlmvm was missed off
<TJ-> that's a bug
<jophish> TJ-: I've just been given a usb disk large enough for ubuntu-desktop to fit on, so I might try installing that
<TJ-> jophish: tell me what the installer's "uanme -r" reports I'll find you the iwlmvm.ko for that
<jophish> ok, one sec
<TJ-> "uname -r" grr typo
<jophish> TJ-: 4.8.0.22-generic
<TJ-> jophish: that is from the root shell of the installer?
<jophish> TJ-: yeah
<TJ-> jophish: have you (re)copied the iwlmvm.ko over there yet?
<jophish> TJ-: yeah, It's in /lib/modules/$(uname -r)/kernel/drivers/net
<TJ-> jophish: what exact version info does "modinfo iwlmvm" report?
<TJ-> jophish: look at "srcversion" and "vermagic" and compare them to "modinfo iwlwifi" to ensure both modules match
<jophish> TJ-: srcversion differs
<TJ-> jophish: yes, that's expected. Hmm, not sure what you have going on there then and I'm not in a position to test that here right now
<jophish> I need to get on installing desktop now
<jophish> thanks for the help though, TJ-
<TJ-> jophish: good luck with it
<jophish> thanks :)
<cpaelzer> sat_: I only followed that guid to 50% for now, but I already think that the "cache" in your output is from the vgname (if you set up similar to that example you linked)
<cpaelzer> sat_: that could mean you might have to tune the other (caching) device instead of origin
<cpaelzer> sat_: I'll continue and let you know what I find
<sat_> cpaelzer: thanks
<sat_> cpaelzer: the key guide is at slide 22
<cpaelzer> sat_: yeah already at step 7 or so there
<cpaelzer> sat_: found an nvme
<coreycb> zul, jamespage: ocata backports should be fixed up now
<zul> coreycb: k what did you do?
<cpaelzer> sat_: ok, I now understand it
<cpaelzer> sat_: it is actually written in the doc
<cpaelzer> sat_: see https://www.kernel.org/doc/Documentation/device-mapper/cache-policies.txt
<cpaelzer> sat_: TL;DR - the tunable you wanted to change is deprecated and war part of the "mq" policy which no more exists
<cpaelzer> sat_: It ended with "The following tunables are accepted, but have no effect:"
<cpaelzer> sat_: Stochastic multiqueue (smq) is the successor
<cpaelzer> sat_: and as one of the benefits to quote "smq also does not have any cumbersome tuning knobs."
<sat_> cpaelzer: yes, I've seen that
<cpaelzer> sat_: so it is correct - there just are no tunables anmore with smq
<cpaelzer> sat_: you'd get the same message if you tried to set arbitrary key names
<sat_> cpaelzer: that was my impression as well. I made the volumes with dmsetup directly and provided the arguments during construction, and still saw no performance difference
<cpaelzer> sat_: now that I have set it up I think I'm gonna do a basic perf eval and make an askubuntu post about it
<cpaelzer> I already have an equiv uncached refernce dev around and I'm used to fio
<sat_> cpaelzer: take a look at this: https://www.redhat.com/archives/dm-devel/2016-April/msg00047.html
<cpaelzer> to help the next one wondering make something searchable by google then
 * cpaelzer is looking
<cpaelzer> sat_: yeah I'm at kernel 4.8, so as I assumed mq = smq alias
<sat_> cpaelzer: I was also getting smq by default on 4.4
<cpaelzer> sat_: yeah default was changed longer in the past, but sicne 4.6 mq is only an alias for smq
<cpaelzer> sat_: and mq was dropped completely
<sat_> cpaelzer: that essentially means that performance is as is - no changes are possible with messages or constructor arguments
<sat_> that's also useful info
<coreycb> zul, mostly fixed things in ca-patches for the backports
<SipriusPT_> hello guys, i am not receiving mail at my local server, right now i am using a dynamic IP with a DNS name with reverse DNS. I have also check if this IP was not blacklisted and it is in one from a big list. It is possible that my ISP IP provider is blocking any SMTP connection from my external server to my local server?
<SipriusPT_> I already did telnet to my external IP to port 25 and it was connecting
<dr4c4n> hi all, does anyone know how to deal with long ethernet device names and vlans?
<Mohamadbawab> Hello, I'm trying to install OpenStack using Conjoure-UP under a VMWare VM and the installation is failing, is the installation supported under a VM or should it be on bare metal?
<TJ-> dr4c4n: You want to change them?
<ThiagoCMC> hey guys, can someone help me with qemu tracing log backend?
<cpaelzer> Sorry ThiagoCMC I haven't touched it more than reading about it - so I'm only as smart as a search engine n this would be
<cpaelzer> ThiagoCMC: do you have a particular issue - might get more response if your share this
<ThiagoCMC> I have a VM that is doing a lot of vmexit, even if the guest is 99% idle, so, I need to figure out exactly what's happening here...
<cpaelzer> ThiagoCMC: which architecture?
<ThiagoCMC> amd64
<cpaelzer> ThiagoCMC: perf kvm should be for that these days
<ThiagoCMC> Right! I'll try that...
<ThiagoCMC> gotta reboot, brb... thanks man!
<cpaelzer> not sure if all in the archive is enabled for it
<cpaelzer> but it shoudl be as it is aroudn for quite a while
<ThiagoCMC> sure, no problem...
<cpaelzer> ThiagoCMC: start here https://lwn.net/Articles/513317/
<cpaelzer> but check for newer doc
<cpaelzer> ThiagoCMC: ./perf kvm stat report --event=vmexit
<ThiagoCMC> wow!
<ThiagoCMC> that's looks juice!
<cpaelzer> and that is 4 years ago
<ThiagoCMC> lol
<ThiagoCMC> nice
<ThiagoCMC> :-D
<ThiagoCMC> brb
<hallyn> hm, anyone know offhand how ansible interacts with /etc/modules?  is there a "proper way" to ask ansible to setup a kernel module to be autoloaded on reboot?
<dr4c4n> TJ: sorry just got your message. I'm trying to add a vlan to an extremely long ethernet device name, but it says name too long as the error message when I try to add the vlan number tag to the end of the device name for ifconfig
<zul> coreycb:im going to hold off on uploading a newer brick
<coreycb> zul, ok np.  as long as CI is successful we can try to batch up dependency updates.
<mbawab> Hello all, I'm trying to install OpenStack using Conjoure-up on a VMWare VM but the installation is continously failing, is the installation supported on a VM or I should install on a baremetal server?
<guampa> I'm struggling to get a fresh install to boot on an IBM System x3100 M4. Has someone achieved this?
<tomreyn> guampa: i never tried, but according to https://lenovopress.com/tips0811-system-x3100-m4#supported-operating-systems it works with RHEL 7, so I guess it should work with at least Ubuntu 12.04 or 14.04 as well.
<tomreyn> at which point do you get stuck?
<guampa> I'm sorry, seems I got the channel wrong. It was for the Proxmox channel (which uses Debian anyway)
<guampa> the system appears to boot or not boot after installed in a random fashion, or at the least I haven't been able to determine what BIOS setting is affecting the correct legacy boot
<ghostmech007> is anyone else having major slowdowns on ubuntu's repo lists?
<ghostmech007> i'm getting on average 25bps
<ghostmech007> Bps
<OerHeks> change mirror perhaps?
<ghostmech007> any suggestions?
<ghostmech007> to a different mirror i mean
<sarnold> ghostmech007: which IP is slow for you? there may be something wrong with it..
<sarnold> ghostmech007: mirrors.kernel.org has gobs of bandwidth, it usually works well for me
<ghostmech007> sarnold: i'm running the standard archive.ubuntu.com
<sarnold> ghostmech007: that's served by several machines; if you can spot which IP specifically is slow (via ss or netstat or lsof or fuser) that might be helpful
<ghostmech007> sarnold: i'll figure it out in a minute and get back to you
<ghostmech007> sarnold: from what I'm seeing it's the 91.189.88.162 machine
<jcastro_> iirc broken/slow mirrors can be reported here: https://launchpad.net/ubuntu
<terabyte> I have this snippet https://gist.github.com/danielburrell/9a793380d2d7a4a9814f7febff859e93 i'm trying to migrate from upstart to systemd. I'm unsure about how I can migrate those pre-start directory creations, and more importantly the main exec command which does some fancy start-stop-daemon thing before executing the actual startscript... Anybody advise?
<sarnold> terabyte: this is a very handy cheat-sheet for converting https://wiki.ubuntu.com/SystemdForUpstartUsers
<sarnold> terabyte: you'll probably also need to spend an hour doing nothing but reading systemd docs, e.g. https://www.freedesktop.org/software/systemd/man/systemd.exec.html#
<ThiagoCMC> cpaelzer, hey man, that "perf trace" isn't detailed enough, for example: https://paste.ubuntu.com/23451853/
<ThiagoCMC> It doesn't show, for example, which "kvm_msr: msr_write" register it is triggeting, is it 80b? No clue...
#ubuntu-server 2016-11-10
<cpaelzer> ThiagoCMC: your system seems rather idle or super locked up with so many HLT exits
<cpaelzer> ThiagoCMC: anyway if that stat isn't enough and none of the tools is (I don't know) then you can still tap on all these on your own
<cpaelzer> ThiagoCMC: check http://www-05.ibm.com/de/events/linux-on-system-z/downloads/Tools-MK2-V7-Web.pdf page 163 ff
<cpaelzer> ThiagoCMC: you can just tap on the kvm tracpoints if you like and likely get the extra info on the msr write
<cpaelzer> ThiagoCMC: locks and too much idle together with much exits I have seen often on oversized guests
<cpaelzer> ThiagoCMC: so depending on your case just reduce the amount of vcpus for a quick test
<breezy_> hey guys, i installed ubuntu server, and i was using it.... but everytime i load up i get this one liner on a black screen "dev/sda1: clean 65938/44744704 files, 325515/178977536 blocks"
<breezy_> last time i had the same black screen and it started working after maybe 10 minutes.... does it usually take 10minutes in order for me to get a command prompt?
<breezy_> i tried !sysreq
<breezy_> and alt+printscreen REISUB
<breezy_> but i dont know if that is the reason it started last time or not... but right now i just have one line and its not starting...
<breezy_> anyone here?
<cpaelzer> breezy_: could that be a file system check?
<cpaelzer> nacc: current usd repo is not supposed to work right?
<breezy_> i have no idea what it is
<breezy_> im completely new to ubuntu serer
<breezy_> i was using it earlier today (and i got the same error earlier) i just have no idea how i bypassed it before
<cpaelzer> breezy_: http://askubuntu.com/questions/383114/my-ubuntu-is-running-fsck-on-every-bootup
<cpaelzer> breezy_: and http://askubuntu.com/questions/761653/startup-problem-in-16-04-lts
<breezy_> cpaelzer: i can't run ANY code
<breezy_> the screen is simply black
<breezy_> with that one line
<cpaelzer> breezy_: while it is doing the fs check
<cpaelzer> breezy_: that is blocking on boot to ensure fs integrity is ok
<breezy_> how long should the fs check take
<breezy_> i waited 15mins
<cpaelzer> breezy_: the solution is to find why it is doing that on every boot on your system
<breezy_> but how
<cpaelzer> breezy_: depends on the amount and size and speed of the disk
<breezy_> if i cant run any code
<breezy_> im using a 750gb ssd
<cpaelzer> breezy_: for the how I'd start on the two links I sent
<breezy_> cpaelzer: im new to ubuntu server i dont rly understand any of it
<cpaelzer> breezy_: if it is like "never" stopping - lets say an hour to be on the safe side you might run a CD/USB into recovery mode
<breezy_> i bought a udemy tutorial and was trying to follow through
<cpaelzer> breezy_: to make it clear this is not the default behaviour - something lets your system assume it could be broken and it should check its filesystems
<breezy_> last time i got into it but it shouldnt take more than 15mins for me to get into the command line?
<breezy_> are u suggesting next time i wait longer
<cpaelzer> breezy_: wait longer and then debug why it is doing every boot following the links I sent
<breezy_> ok
<cpaelzer> breezy_: if it never stops fall back to the recovery consoles you get out of the CD/USB media
<cpaelzer> and then analyze
<breezy_> fwiw, i dont have it on a separate partition i have it all on the hard drive wiped
<breezy_> its weird i shouldnt have this bug after a clean install though right
<breezy_> is it something to do with system compatibility?
<cpaelzer> breezy_: ack
<breezy_> (using a laptop)
<breezy_> cpaelzer i wiped all the partitions clean so there's no other OS on the harddrive
<cpaelzer> breezy_: depends on the case, I'd assume more of a misconfiguration or an aborted (or silentyl failing) install
<breezy_> what about software install
<breezy_> could that be the problem
<cpaelzer> breezy_: less likely imho
<breezy_> ok
<cpaelzer> breezy_: more config in fstab/disk drivers/partitioning
<cpaelzer> breezy_: if you wipe it anyway just say yes to all the installer asks
<cpaelzer> breezy_: do not try to force it on one partition or so
<cpaelzer> breezy_: the default (according to its definition) is the most tested and thereby most stable
<cpaelzer> nacc: http://paste.ubuntu.com/23455067/
<breezy_> so just use all defaults basically?
<breezy_> ok makes sense
<cpaelzer> breezy_: yes
<breezy_> i'll prob try another install
<breezy_> thx cp
<cpaelzer> nacc: since the docu on the wiki is on the new one I thought to fetch new from git
<cpaelzer> nacc: for now I just assumed what is pushed is not intended to be complete
<cpaelzer> nacc: let me know if that is not true and I'll start help hacking fixes
<cpaelzer> nacc: but it seems more like a push of a 3/4 complete redesidn to the single usd tool
<cpaelzer> nacc: so I wait for your reply
<rbasak> nacc: using the latest importer seems to want it to start squid3 from the beginning again. Going back to b66306b works.
<cpaelzer> rbasak: I also had some issues with the latest one reported to nacc this morning
<SipriusPT_> hello guys, i am getting this error per mail, when i am using getmail to reroute for postfix
<SipriusPT_> Delivery error (command sendmail 27293 error (127, exec of command sendmail failed (refuse to invoke external commands as root or GID 0 by default)))
<SipriusPT_> i am using sendmail to send locally to postfix
<SipriusPT_> here is the getmailrc
<SipriusPT_> http://pastebin.com/nwL6mwvA
<SipriusPT_> anyone knows how to solve this?
<patdk-lap> not without logs, no
<SipriusPT_> that is the error that i am getting at getmail log
<patdk-lap> but a guess is
<patdk-lap> your running as root
<SipriusPT_> yes
<patdk-lap> why?
<SipriusPT_> because i have email passwords in getmail config
<patdk-lap> what does that have to do with anything?
<patdk-lap> you should not run programs as root
<patdk-lap> "refuse to invoke external commands as root"
<SipriusPT_> it could be for some kind of protection?!
<coreycb> jamespage, beisner, hello, python-glance-store and mistral are ready to promote from newton-staging->newton-proposed
<jamespage> coreycb, done
<coreycb> jamespage, thanks
<yakim> Hello! Somebody know soft for centralized management luks crypto containers?
<coreycb> jamespage, nova neutron and neutron-lbaas are ready to promote to mitaka-updates
<zul> coreycb: fu...https://objectstorage.prodstack4-5.canonical.com/v1/AUTH_77e2ada1e7a84929a74ba3b87153c0ac/autopkgtest-zesty/zesty/amd64/h/heat/20161109_213238_ca694@/log.gz
<coreycb> zul, you're all over that right ? :)
<zul> coreycb: yeah
<coreycb> zul, thanks
 * zul enters ninja mode
<danpawlik> Hello, Is it possible to move all of  Openstack watcher service packages from zesty repo to xenial repo?
<falco> hello everybody!! Are there some postfix admin?
<nacc> rbasak: cpaelzer: will check those out now
<nacc> cpaelzer: i think i just pushed the fix now
<nacc> cpaelzer: sorry, you might have missed the messages last night -- the rewrite is 'complete', but it was a huge set of changes, so please do send me patches or point out issues here
<nacc> rbasak: and i see what is wrong with the import, will fix shortly
<cpaelzer> nacc: ok so I'll refetch next time and see if all is ok then
<cpaelzer> nacc: I'm done with the merge (except review) that caused this and not picking another this evening
<nacc> cpaelzer: sure, sorry about htat
<rbasak> cpaelzer: reflog FTW. I just wound back this morning :-)
<Braven> Does anyone know how to exit a ipmitool session
<rharper> control-d ?
<rharper> or if like telnet control-]
<rharper> been a while
<quantums> Braven: try ~.
<rharper> some of them also do it like ssh ; enter ~.
<Braven> just hold that down
<Braven> I am having a hard time getting a console log.. I can see everything until the server boot to the maas commissioning image
<RoyK> a netconsole can help
<Braven> Royk: Thanks I will look at that
<nacc> rbasak: should be fixed now
<nacc> rbasak: i apologize, just a nuance of how pygit2 handles remotes
<rbasak> np!
<caribou> nacc: rbasak: do we still need to request git imports for merges by email or it is now done automagically ?
<rbasak> caribou: still need to request by email, sorry.
<caribou> rbasak: no need to be sorry, was just checking
<nacc> caribou: yeah, we're very close to having it 'just work', but still manual for now
<jamespage> coreycb, release those mitaka updates (plus a few others for sec stuff)
<coreycb> jamespage, thanks
<jamespage> coreycb, and sweep staging -> proposed once that was done
<jamespage> qemu, neutron python-os-brick
<zul> coreycb: hey just looking through the cloud archvie oslo.config needs python-rfc8439 so im waiting for the backport-pacakge job to run
<coreycb> zul, ok
<bananapie> I have a new software raid array ( mirror 1 ). resync=DELAYED. Because it hasn't resynced. Given that I just wrote a brand new filesystem, is there any way to make it sync fasteR?
<station> ld i use virtual machine on my server to have nextclou, i'm new to server, selfhosting
<station> the vm is only ment for testing or can it alsow be deployt
<sarnold> station: most of the modern internet runs entirely on VMs -- see AWS, GCE, etc. :)
<station> so if i share netwark to the vm dose it alsow have to deal with the firewall of the hostOS
<ddellav> coreycb: i pulled down pbr and added it to my ppa but I'm still getting the same version suffix error with keystone. Any ideas?
<coreycb> ddellav, from monday: http://paste.ubuntu.com/23457935/
<ddellav> coreycb yes, as i just said i pulled as you suggested but it still isn't working
<ddellav> did it work for you?
<coreycb> ddellav, you pulled keystone?
<ddellav> coreycb oh you meant pull down keystone, no i didn't pull it i had changes. I will do that
<ddellav> coreycb excellent, i was able to update it finally. Please review and push lp:~ddellav/ubuntu/+source/keystone
<bananapie> top is showing a slow increase of memory ( every 30 minutes, another gigabyte is taken ). ps aux --sort --rss shows that none of my processes are changing significantly in their memory consumption.  slabtop says the kernel is using 99.2% of it's 578 mb of ram. So I have at least two gigabytes of memory that is unaccounted for
<bananapie> how do I find who is using the memory?
<tarpman> bananapie: cache? buffers? a tmpfs?
<bananapie> I unmounted all the tmpfs other than /run, which says 1.1M out of 1.2G
<bananapie> 26644 buffers
<bananapie> 12292428 total,  6530716 used,  5761712 free \n  5410544 cached Mem
<bananapie> ok
<bananapie> looks like it's the cached Mem
<bananapie> I have had 9 OOM conditions on this machine today, which has caused data loss in MySQL server. So I thought it was happening again
<bananapie> thanks :d
<bananapie> I ran free && sync && echo 3 > /proc/sys/vm/drop_caches && free
<bananapie> and it cleared up 5 gigs
<tarpman> cached memory isn't a bad thing - it will be dropped instantly if anything actually needs it
<tarpman> you want to look at the second line in free - the -/+ buffers/cache line
<bananapie> I know it's a good thing. I just didn't realize it counted in used memory
<tarpman> http://www.linuxatemyram.com/ :)
<coreycb> ddellav, does that fix the 2 test failures?
<ddellav> coreycb i saw no test failures. Let me look again
<ddellav> coreycb builds without issue in zesty. Cannot build in xenial, missing coverage and pyldap deps
<ddellav> and i did use the sbuild-ocata helper
<bananapi> is there a way to build a new linux software array that doesn't require 'resync' ?
#ubuntu-server 2016-11-11
<arooni> hey folks; i need wordpress to be able to send emails upon order completion; i have the site on a VPS; any point in trying to install something locally; or should i use something like sendgrid/mailgun/sparkpost etc?  i want to make sure emails get inboxed...
<tarpman> arooni: if you aren't totally sure what you're doing, use a service like the ones you mentioned
<tarpman> arooni: local email is doable but takes work - and sometimes it's simply out of your control, e.g. if your host or neighbours have a bad reputation in spam lists
<tarpman> arooni: (the above is just my opinion, not objective facts)
<arooni> gotcha
<arooni> next question
<arooni> what do i need to do if i want to set up a few email aliases at mydomain.com to forward to my gmail account?  for instance; abuse@domain.com ; support@domain.com; arooni@domain.com ;  do i need to go a hosted email provider like zoho?  or is there something i can do in the vps itself?
<tarpman> you could install a mail server in the VPS, and have mail delivered there (set the MX DNS record for the domain to point at the VPS); that's reasonably straightforward, but then you're responsible for all your own spam filtering etc
<tarpman> or you can use a provider; I like google apps, but they aren't free any more
<tarpman> I gave up on filtering my own spam years ago, google is just too good
<tarpman> if all you want is everything forwarded, mail server right on the VPS isn't difficult. postfix and exim can both be configured to do that pretty easily
<tarpman> and you probably want something running anyway so that daemons (e.g. cron) can send you mail
<Sircle> whats the best way to sniff http and https traffic and block it by predefined rules (e.g OS user, url, get/post data length etc)
<andol> Sircle: The common approach is to have firewall rules in place, only allowing http(s) traffic through a proxy server, and have the proxy server do the filtering. Whatever that is the best way or not kind of depend on your scenario.
<denbeiren> hi, my bootpartition is full,.. apt-get autoremove does not work
<denbeiren> output of ls /boot/ is the following http://prntscr.com/d5uo3y
<denbeiren> i'm running 4.4.0-42-generic atm
<denbeiren> can i simply rm all that is not -42 ?
<jelly> denbeiren: dpkg -S /boot/vmlinuz*, and instead of rm, uninstall the packages you think you don't need
<Sircle> andol:  can proxy server do filtering on POST?GET data that is to be uploaded, multipart, url and OS user?
<jelly> denbeiren: you probably want to keep the latest and boot into that one instead of -42- as soon as convenient
<denbeiren> sudo apt-get purge /boot/linux.... ?
<jelly> you purge the package names, not the file paths.
<jelly> dod you look at the output of "dpkg -S /boot/vmlinuz*" ?
<jelly> it tells you which packages those file paths belong to
<jelly> so copy those package names on the left side of the output, without the last colon character, and purge _those_
<denbeiren> http://prntscr.com/d5url8
<denbeiren> http://prntscr.com/d5urq4
<andol> Sircle: While that obviously depends on the implemetantion, doing that kind of filtering appear a lot more doable on an http level than on a network level.
<jelly> denbeiren: apt complains because its main goal is to keep dependencies satisfied.  Add those linux-image-extra-4.4.0-34-generic to the purge command.
<jelly> and perhaps use dpkg to purge instead of apt
<jelly> denbeiren: put all the unneeded packages into a single command, both apt-get and dpkg allow multiple package names there
<Sircle> andol:  so what choices do I have?
<andol> Sircle: No idea, never setup such filtering myself.
<denbeiren> sadly i can't use tab key to complete commands :s
<denbeiren> nm, i wasn't in /boot
<denbeiren> http://prntscr.com/d5uw8y    still not ok i'm afraid
<denbeiren> fixed it
<denbeiren> thx for the help
<DK2> is there a method for convient patch managment on 50+ servers?
<rbasak> DK2: unattended-upgrades? Landscape?
<DK2> mostly ubuntu
<DK2> rbasak: does not need to be unattended-upgrades
<geertn> Apparently poewrsvave should be the default according to this bug: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1579278 . However for me it is set to performance. Can anyone else check the default CPU governor for ubuntu server xenial?
<ubottu> Launchpad bug 1579278 in sysvinit (Ubuntu Xenial) "Keep powersave CPU frequency scaling governor for CPUs that support intel_pstate" [Medium,Triaged]
<Sircle>  is it possible to mitm via squid and filter POST from even https?
<rbasak> Sircle: I think it can but I'm not sure. You'd need to create a CA and add it to the browser, etc. Also there's Charles Proxy.
<Sircle> rbasak:  CA would do on brwoser end but need config on squid end.
<rbasak> Sircle: http://wiki.squid-cache.org/Features/SslBump maybe?
<jamespage> smb, morning - wonder if you can help me with something
<jamespage> smb, is there a way I can tell with VT-d is enabled from within Ubuntu?
<jamespage> I can see the vmx cpuflag - but is there a specific one for VT-d as well?
<ronator> hi. I have different ubuntu-servers in different countries. I also use different ppa. For Germany I use de.archive.ubuntu.com - for Italy or UK I use it.archive... / uk.archive. ... - Now I get a kernel update offered (4.4.0.47) in IT and UK but not in DE.
<ronator> Is that due to some lag on these "apt mirrors" and considered to be normal?
<ddellav> zul coreycb working on ocata neutron in ci
<NOVAtechies> all hail zuul!
<coreycb> ddellav, i pushed your keystone updates
<ddellav> coreycb ack
<NOVAtechies> hello all
<Welshman> hi guys, is freenode having problems?
<Welshman> just asked me to login as someone I do not know
<Welshman> anyway
<Welshman> accountservice update today
<Welshman> whats that about exactly
<Pici> Welshman: debian/patches/wtmp-fix-logout.patch: Backport 0.6.43 commit to fix logout records when a user shuts down or restarts their computer (LP: #1443052)
<ubottu> Launchpad bug 1443052 in Ubuntu GNOME "User accounts login history showing incorrect history - patch" [Low,Triaged] https://launchpad.net/bugs/1443052
<Welshman> ty
<Pici> <3 apt-listchanges
<Welshman> Pici:  in layman terms why is it a problem?
<Pici> Welshman: Looks like it might not directly affect server users.
<Welshman> yeah, my thought
<Welshman> not root thoughh
<Welshman> Pici:  not affrect root yeah
<Welshman> affect
<Welshman> root not affected yeah?
<Welshman> did we just get back doored?
<Pici> No?
<mybalzitch> probably!
<Welshman> quick there with the response
<Welshman> wtf
<Pici> Its a shared package between desktop and server installs, but the bugfix looks like its for desktop sessions.
<Welshman> pici you Ubuntu official?
<Pici> Welshman: I'm not a developer, but I've been doing Ubuntu stuff for 10 years or so.
<Welshman> I know
<Welshman> me to
<Welshman> odd upgrade
<Welshman> looking it up a abit
<Welshman> seems lioke a back door
<Welshman> like
<Welshman> any other thoughts on thos
<Welshman> this
<Welshman> mybalzitch: speak up dude
<Welshman> so who is officcial on this chat and can comment on the accountservice upgrade?
<Welshman> very odd upgrade and little explanation
<Welshman> reminds me ofmy divorce proceedings lol
<Welshman> wtf is Ubuntu up to?
<Welshman> are there any official Ubuntu guys here?
<rbasak> Welshman: Ubuntu Server devs hang out in this channel, but Canonical staff in the US have a public holiday today, so there are fewer of us than normal.
<Welshman> Guys, accountservice upgrade ....
<ogra_> also, this is rather a desktop fix ...
<ogra_> so why would you expect anyone in the server channel to know anything about it
<Welshman> rbasak:  I dont have time for holidays
<rbasak> Ah, I hadn't scrolled back far enough.
<Welshman> ogra_:  nice imput
<rbasak> Welshman: ah. I believe my employer accepts money if you need a better SLA than "best effort" :)
<Welshman> :)
<Welshman> no offence just curious what ever happens with my servers and never the sharpest in the box :)
<rbasak> You have accountservice on your servers?
<Welshman> apparently
<Welshman> basic installs
<zul> build deps dont need to be MIRed anymore correct?
<rbasak> zul: right - unless you end up with a runtime dependency (whether declared through Depends or not, eg. including a static link).
<Welshman> I just run basic installs for websites php
<zul> rbasak: cool thanks
<Welshman> one of the worst things in life is seeing things and not being able to explain and remedy.
<ogra_> ?
<Welshman> think about it
<ogra_> it is pretty clearly explained in the bug and in the changelog
<Welshman> really
<ogra_> yes, really
<ogra_> read it
<Welshman> Trump
<ogra_> it fixes a log entry for when users shut down the system from a graphical session
<Welshman> ogra_:  OK
<ogra_> (where before there was no log entry written in this case ... it used to only be written when shot down from the login manager instead)
<ogra_> it is pretty detailed described in the bug that is mentioned in the changelog
<ogra_> just read it ...
<Welshman> ogra_:  so its that inocent ?
<ogra_> ?
<ogra_> of what
<Welshman> perfect answer
<ogra_> of what do you expect this change to be guilty ?
<Welshman> nsa
<Welshman> backdoor
<ogra_> seriously ... just throwing word fragments at the channel wont relly get you much info ... people wont know what you mean
<Welshman> ok
<ogra_> (whole sentences and that grammar thing often work wonders .... )
<Welshman> I know
<Welshman> Hitler should have proved himself rather than obiterated.
<Welshman> Time got tired with the guy
<Welshman> Trump, well done USA?
<ogra_> dude ... this isnt "#ubuntu-politics" ...
<Welshman> I think change is good
<Welshman> wgats the off topic?
<Welshman> whats the off topic room here?
<Welshman> I only logged in because of your maybe recent backdoor
<Welshman> jesus christ who is my nigger here
<ogra_> merci :)=
<Pici> np
<mybalzitch> lol
<asyn> Hi all, Iâd like to get some advice. We are considering Ubuntu Server for our network. We have a hybrid environment of Windows, Mac, and Linux computers, but the environment is about 90% Apple. We currently use OpenDirectory running from a MacMini server. Is Open LDAP a viable replacement? What limitations do we need to consider?
<Sircle> rbasak:  thanks. So it spssible what I want?
<Sircle> rbasak:  is squid the most featureful proxy server?
<rbasak> It's pretty common as a proxy server.
<Sircle> rbasak:  whats the most powerful one?
<Sircle> rbasak:  featureful?
<rbasak> I can't comment on that.
<Sircle> rbasak:  your personal choices?
<rbasak> For general proxy caching? I'd use squid. It's in main on Ubuntu, so easy to deploy, manage and keep updated.
<Sircle> rbasak:  for more features?
<Sircle> rbasak:  any other you like?
<rbasak> varnish, nginx, apache and charles proxy are all alternatives I know about.
<rbasak> Though they generally all get used in different scenarios, often not client-side.
<rbasak> So some are probably completely unsuitable.
<Sircle> rbasak: does squid and others manage only http(s) traffic or other protocoles as well?
<rbasak> I don't know.
<amoralej> hi, i'm hitting https://bugs.launchpad.net/ubuntu/+source/magnum/+bug/1632743 , i'm not sure if this is the right channel, but any plan to push the fixed package to newton-updates repo?
<ubottu> Launchpad bug 1632743 in magnum (Ubuntu) "Missing files from python-magnum 3.1.1-0~cloud0" [Undecided,Fix released]
<Sircle> k
<nacc> Sircle: http, ftp, gopher, icy (per `apt-cache show`)
<nacc> Sircle: what protocols were you interested in?
<rbasak> amoralej: you're in the right place, but perhaps getting late for UK staff and the US have a holiday today. If you don't get an answer, try asking again on Monday?
<amoralej> ok, thanks rbasak
<Sircle> nacc:  I want to do mitm so I can analyze if requests are POST/multipart, (or data in them), block it if its POST or having a regex match. Its good to block other protocols like ssh or rsync etc on basis of OS user accounts
<Sircle> nacc:  a huge web cache will be good as well
<Sircle> nac don't know which tool to choose. Ease with features that I can use in future is good.
<asyn> Hi all, Iâd like to get some advice. We are considering Ubuntu Server for our network. We have a hybrid environment of Windows, Mac, and Linux computers, but the environment is about 90% Apple. We currently use OpenDirectory running from a MacMini server. Is Open LDAP a viable replacement? What limitations do we need to consider?
<nacc> Sircle: well, squid can probably do the web cache, but i don't think it can do most of the other stuff you suggest, like blocking ssh or anything
<Sircle> nacc:  what thing can do that then?
<nacc> Sircle: i'm not sure, I don't think one tool does that; I mean to block certain *protocols* based upon user accounts, e.g. -- you mean that a particular user isn't allowed to ssh in? That's controlled by the ssh daemon. The ssh protocol needs to be open for that work, though.
<asyn> anyone available to discuss the question I posted? :(
<nacc> asyn: just an fyi, it's a holiday for some in the US, so might be a bit quieter today
<nacc> asyn: http://blog.mlemoine.name/2012/09/07/migrate-mac-os-x-10.6-open-directory-to-unix-open-ldap-including-passwords.html ?
<nacc> asyn: i assume the easiest thing to do, if you go down that route, would be setup openldap in parallel and see if it works
<Sircle> nacc: can I install squid on a single machine and use it on that machine for cacheing/acl etc and maybe later for other machines?
<nacc> Sircle: i think so? not sure, depends on the usage
<arooni> background: i need to get email set up on my ubuntu vps.  i'm only going to be sending transactional emails when user makes a purchase/item is shipped etc.  so i'm planning on using a smtp provider like sendgrid to plugin to my wordpress/woocommerce setup.  i also need to be able to *receive* email say to support@domain.com; abuse@domain.com; but since it's me answering all those emails; i would think
<arooni> forwarding to my gmail account would be a valid approach. questions: 1) does this approach make sense? 2) if i got the forwarding set up to my gmail; could i reply from support@domain.com; within my gmail account ?  3) or do i need to stop thinking about email forwarding and use a hosted email provdier like zoho to handle the inbound emails (suppot@domain.com ; abuse@domain.com ) etc?  sorry for long
<arooni> question lol
<nacc> arooni: you can specify what address you reply from in gmail, that's not really an ubuntu question
<nacc> arooni: you just have to link the address to your account, iirc
<arooni> i guess it really wa s question of whether i should run an email serer or not
<arooni> and i think that answer is no
<nacc> arooni: running your own email server isn't worth the hassle for *most* people
<nacc> arooni: at least, IMO
<arooni> thank goodness i can still find hosted email for free; dont know how zoho does
<arooni> does it
<arooni> must be a driver to their subscription services
<ddellav> zul jamespage please review lp:~ddellav/ubuntu/+source/neutron ci update. Builds in zesty but missing python-coverage >= 4.0 using sbuild-ocata
<zul> ddellav: merged
<ddellav> zul ack
<asyn> nacc: thanks, just now saw your response. I guess my main questions are about how full featured OpenLDAP is, and whether it is stable enough for an enterprise environment.
<nacc> asyn: https://en.wikipedia.org/wiki/OpenLDAP, i mean it's a fairly common tool
<CodeMouse92> asyn: FWIW, my company uses LDAP
<CodeMouse92> *OpenLDAP
<cdorsal> I'm having trouble passing an incoming UDP packet from one system, through my ubuntu router, to another system. I can receive the UDP packet 172.16.101.1.59117 > 239.252.101.6.60106 because I have added 239.252.101.6 via "ip add maddr" but my system listening on the other end cannot see any of the udp traffic. Please help! This is tricky.
<cdorsal> My system is configured as follows: windows (172.16.101.1) <- eth0 -> ubuntu (172.16.3.1) <- wlan1 -> windows (172.16.4.101)
<phantoms2> i just instaled on a fresh UServer Webmin and some other admin pages the first reboots was all ok but now they all arent responding localy:10000   i remember that it usualy has to doo with bootorder but what and where â¦ i cant finder
<phantoms2> tested restarting apache â¦ but stil nothing changed
<bekks> !webmin | phantoms2
<ubottu> phantoms2: webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<NOVAtechies> phantoms2: did you get your webmin problem cleared up
<NOVAtechies> hello?
<Gr3mlin> hay guys
<Gr3mlin> i have a questions about Ubuntu server headless. i need assistance with it. DNS resolving issues. anyone able to assist?
<bekks> Gr3mlin: ask your question.
<Gr3mlin> how does one sucessfully configure the DNS setting? ive been trying for a while now since upgrading from 14.04 to 16.04
<Gr3mlin> i almost want to give up and just set resolv.conf and then make it readonly
<Gr3mlin> easy.. bah... just set the dns-nameservers in the interfaces file. well. that doesnt work.
<Gr3mlin> anyone able to help?
<maxb> Gr3mlin: Just setting /etc/resolv.conf manually is a valid way to configure things if static settings are all you need.
<maxb> In a classic server scenario, I don't think anything will be rewriting resolv.conf automatically
<maxb> By "classic server scenario" I'm assuming that network-manager nor other desktop environments' similar tools are installed
<maxb> If you want dns settings in the interfaces file to apply, I think that's dependent on the "resolvconf" package
<maxb> Which I very much do recommend installing if a static /etc/resolv.conf is not suitable for you
<Gr3mlin> i havent installed anything as of yet. well that i know about.
<phantoms2> ubottu: whats the alternative to webmin????
<ubottu> I am only a bot, please don't think I'm intelligent :)
<Gr3mlin> i have resolvconf installed. its not resolving my issue.
<Gr3mlin> should have just stuck with 14.04lts. would have saved myself flippin hours.
#ubuntu-server 2016-11-12
<squinty> exit
<pmatulis> webmin doesn't work well with ubuntu
<Seveas> s/ well.*//
<RoyK> !webmin
<ubottu> webmin is no longer supported in Debian and Ubuntu. It is not compatible with the way that Ubuntu packages handle configuration files, and is likely to cause unexpected issues with your system.
<RoyK> ubottu: webmin is also Learning to administer Ubuntu using the commandline isn't very hard, and that way you may even learn something.
<ArchaicLord> Hi all. First time on IRC a friend suggest to me..
<ArchaicLord> I was hoping to ask if anyone one could help me sorting out a problem I have in ubuntu server 16.04 please
<ArchaicLord> ok.. well maybe someone will reply...
<ArchaicLord> I installed 16.04 onto a usb.. I then manually made a raid5 disk array using madam..
<ArchaicLord> I can see the array is active.. it should have file system of ext4
<ArchaicLord> but i can't for the life of me cd to it.. teh array is md0 ... i can't cd /dev/md0
<ArchaicLord> any ideas what I need to do to be able to add files to it
<RoyK> ArchaicLord: md0 is a block device, it's not a directory ;)
<ArchaicLord> how do access the directory on it? I want to be able to create a samba share
<RoyK> ArchaicLord: on md0, you can either put a filesystem, or as I prefer it, first put an LVM volume group (VG) there and then create a logical volume (LV) on top and then a filesystem on the LV
<RoyK> !lvm
<ubottu> Tips and tricks for RAID and LVM can be found on https://help.ubuntu.com/community/Installation/SoftwareRAID and http://www.tldp.org/HOWTO/LVM-HOWTO - For software RAID, see https://help.ubuntu.com/community/FakeRaidHowto
<RoyK> ArchaicLord: I guess you're pretty new to linux - welcome - to the real life :D
<ArchaicLord> not new to linux.. but new as in doing raid
<ArchaicLord> and more serious things
<RoyK> md0 is just a block device like sda or sdb
<RoyK> so better put a pv on md0 (pvcreate /dev/md0), then a vg on that (vgcreate myraidvg-or-something /dev/md0)
<RoyK> and then an lv on that vg (lvcreate -n mytestdata -L 100G myraidvg-or-something) and then you can create a filesystem on that one (that is, in this case, /dev/myraidvg-or-something/mytestdata )
<RoyK> as in mkfs -t ext4 /dev/myraidvg-or-something/mytestdata
<RoyK> if it's something big (as in lots of terabytes), consider using xfs instead of ext4
<ArchaicLord> the pool is 1.8tb
<RoyK> can you pastebin /proc/mdstat, please?
<RoyK> !pastebin
<ubottu> For posting multi-line texts into the channel, please use http://paste.ubuntu.com | To post !screenshots use http://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<ArchaicLord>  thats a cat command?
<ArchaicLord> http://paste.ubuntu.com/23465125/
<RoyK> ok, good - btw how large are the disks?
<RoyK> ArchaicLord: also - where is  your rootfs?
<ArchaicLord> my root os is on usb
<RoyK> ok
<ArchaicLord> eash disk is 2tb
<ArchaicLord> i baliscy have a pc Â£25 from ebay with 4 sata ports ( i have no money) I use d 32gigi usb for server isntall
<ArchaicLord> i added 4x2tb drives and created the raid manually
<RoyK> right, so do as I said above - that'll give you a 6TB VG onto which you can place LVs onto which you can place filesystems
<ArchaicLord> I thought when i ran the comand ext4 it woudl creat all that
<ArchaicLord> ok will do
<ArchaicLord> the tutorials i found only tell u how to create teh raid not what to do after
<RoyK> and for 6TB, given it may grow to something bigger in a year or three, better use xfs
<ArchaicLord>  can i change to the other file system
<ArchaicLord>           xfs i
<ArchaicLord> RoyK i dont have any sata ports spare for it to grow..
<ArchaicLord> I am just using it for my own home media
<ArchaicLord>          i wanna run plex or something
<ArchaicLord> and also use to back up to my pc and wifes mac
<RoyK> ArchaicLord: but one day you'll get another controller and some more drives etc - I know how these things work :D
<RoyK> a friend of mine said the same as you did some years back, she just started off with 2x3TB. Now she's at 10x2TB and I doubt it's the end of it all
<ArchaicLord>   or just store it on the cloud
<RoyK> mass storage in the cloud is still either horribly slow or terribly expensive (or both, as a bonus)
<ArchaicLord> fair enough
<ArchaicLord> I starting to think getting a full rack server and putting it in my loft might not be a bad idea
<ArchaicLord> can i just run mkfs.xfs /dev/md0 as it is or do i need to stop the array first?
<RoyK> just make sure you have sufficient cooling
<RoyK> you can put xfs directly on top of md0, but again, for various reasons, I'd suggest using LVM on the md and then a filesystem on top of that instead
<ArchaicLord> ha yeah .. loft gets dam hot lol.. a very bad place to put it
<RoyK> if you stop md0 first, you obviously won't be able  to use it with anything, it'll be like unplugging a drive
<ArchaicLord> they are 2tb each
<ArchaicLord> they are wd green
<ArchaicLord> omg ingore that... i scrolled up and replied to an old post again
<ArchaicLord> I am reading hte LVM guide u sent
<ArchaicLord> so I have messed with ubuntu desktop on and off.. I like linux.. I just don't like that no one develops for it main stream... ie games and things.. (not ones I play anyway) I been learning web developemt...
<ArchaicLord> I ran a freenas box previously but it just kept falling over... I not long set up a websever in unutnu for the first time without a desktop environment
<ArchaicLord> that went ok.. and then i figured running it at home instead of Freenas might be better so here I am
<ArchaicLord> I am right in thinking Raid 5 will give me the best use of space, speed and redundancy for a small system?
<maxb> Possibly, depends how small is small
<maxb> For a home server, maybe. For any kind of business application, you need to take a hard look at whether you really want something as weak as RAID 5
<ArchaicLord> 8tb made up of 4*2tb drives.. I do have a web server I set up that is samller than this but sounds like i might need to back it up and change it
<ArchaicLord> but that 6tb is my home one
<maxb> ArchaicLord: For a 4 drive array, I've have to ask just how much you think you need 6TB capacity rather than the 4TB you'd get from RAID 10.... and if you need 6TB maybe you'd be better doing 6*2TB in RAID 10 instead
<maxb> Of course, if write performance isn't all that important, and you don't mind that any 2 simultaneous drive failures kill the array, RAID 5 is still an option
<ArchaicLord> No was trying to maximise the space.. as affording more drives is an issue
<maxb> But RAID 10 will get you better write performance, an ability to survive _some_ patterns of 2 drive failures, and rebuilds that only need to read back from 1 drive instead of all 3 others
<ArchaicLord> I want to back up my pc, my wifes mac and my mac..... and then I also want to run a media server to host films and music
<ArchaicLord> just between the 2 macs.. thats 1tb of data..
<ArchaicLord> and that wouldonly be 1 back up each..
<maxb> Seems like RAID 5 is reasonable under the constraints, but you should either keep a spare drive on hand or be prepared to order one next day delivery if one fails
<ArchaicLord> when i get a job I can prob justify it..
<RoyK> ArchaicLord: you can't convert from ext4 to xfs - you'll have to backup your data and recreate the filesystem
<RoyK> ArchaicLord: the only thing I know of that ext4 can do that xfs can't, is to be shrunk - xfs can only be grown
<ArchaicLord> thats not an issue there isn't any data on it.. the data i thought was on it is on the usb drive
<RoyK> ok, just create a new fs, then
<ArchaicLord> oh bother.. i need to destroy the curernt array completly and rebuild from scratch?
<RoyK> maxb: for async writes, the performance is likely to be better with raid5 than raid10, since you'll have more data drives
<RoyK> maxb: but don't use raid5 with a lot of drives, use raid6
<RoyK> ArchaicLord: no, listen.... you have disks or ssds that together make up a raidset, represented by a blockdevice, like /dev/md0. on top of this, you put lvm2, meaning you create a volume group with one physical volume, md0, and on the vg, you create a logical volume, lv, onto which you place a filesystem
<RoyK> ArchaicLord: it's all layered nicely, so if you change something on one layer, whatever's below won't care, that is, if you have lvm setup and recreate the fs, all lvm will see is a bunch of i/o
<RoyK> so will the raid
<ArchaicLord> ahhh ok so it matters not what file system my raid is currently
<ArchaicLord> that will make life happyier..I shall give it a go... so I gotta create volume groupd then create a logical volume then apply xfs to the lv.
<RoyK> ArchaicLord: they are separate enteties
<RoyK> ArchaicLord: yes, create a vg with the raid as a pv and then put an lv on top of that and then a filesystem on the lv
<RoyK> ArchaicLord: most things are like that in linux, the exceptions are btrfs and zfs, where the roles with raid/volume management/filesystems are mixed up, which gives some interesting opportunities
<ArchaicLord> Freenas was zfs
<ArchaicLord> ok for the vg do I create that as the entire size of my array?
<ArchaicLord> when creating the vg.. for a pool of 6tb would 128m be enough for the physical extent size?
<ArchaicLord> so I done 6,000,000 / 65,000 = 92.307.. I figure that rounded up would be 128
<ArchaicLord> ok now I am confused I ran this
<ArchaicLord> mount /dev/lvm-raid/lvm0 /mnt
<ArchaicLord> df -h /mnt
<ArchaicLord> which gives me
<ArchaicLord> Filesystem                 Size  Used Avail Use% Mounted on
<ArchaicLord> /dev/mapper/lvm_raid-lvm0  5.5T   34M  5.5T   1% /mnt
<ArchaicLord> so now would    mkdir test /mnt       create a file in the right place?
<jelly> "mkdir /mnt/test"
<binia> or just cd /mount
<binia> mkdir test :d
<ArchaicLord> yeah i got it.. was afriad /mnt/ was the os /mnt/ which is why i wanted to check
<xibalba> any idea how i can install postgrey w/out postfix as a dependency
<xibalba> other than compiling it
<TJ-> xibalba: "dpkg --unpack" then edit /var/lib/dpkg/status, finding the debian/control file entries for that package and edit the Depends: line :)
<TJ-> xibalba: in theory then you can dpkg --install with the modified dependency
<patdk-lap> tj, that seems really overkil
<patdk-lap> postfix isn't a dependency of postgrey
 * patdk-lap also wonders how you compile perl
<TJ-> patdk-lap: that's generally how I hack a binary package's dependencies quickly :)
<patdk-lap> but why hack it? if it doesn't even depend on it?
<TJ-> xibalba: it looks as if postfix is a recommends so you can just do "apt-get install --no-install-recommends postgrey"
<xibalba> patdk-lap , didn't know it was perl based hwne i started
<TJ-> patdk-lap: xibalba said it depended; I didn't double-check on that
<xibalba> oh thanks
<xibalba> i didn't find that option earlier i'll give that a go
<TJ-> I used to apply that dpkg status hack to allow side-by-side installation of PC/UEFI grub packages that declare Conflicts
<CodeMouse92> #apache
<CodeMouse92> Oops
<phantoms1> if im using docker do i stil have to runn ubuntu server?
<bekks> phantoms1: docker is an application running on a host OS.
<bekks> you still need a host OS.
<phantoms1> y but it can be alsow desctop version!? or would that stil be a security risk â¦.
<bekks> What are you talking about?
<bekks> There is no such thing as "docker without a host which runs docker".
<phantoms1> ubuntu desctop with docker
<bekks> Yes, you can run docker on Ubuntu Desktop.
<phantoms1> and how di i secure it?
<phantoms1> i dont have a domain just public ip
<bekks> A domain has nothing to do with it at all.
#ubuntu-server 2016-11-13
<hopeshare> hey community, I'm trying to use git with ubuntu server using ssh, I just installed git in my windows machine can someone help me in how to connect to my server using git and deploy my web just for testing purpose
<hopeshare>  I have already created a key and configure it and it's working fine
<hopeshare> I just need like a command in how to connect to the server using ssh key
<sweb> i put my preseed.cnf to root of iso and make iso but seems be it's not loaded ... how can i sure my preseed file is loaded ? ubuntu 16.04 mini.iso
<phantoms1> if im running nextcloud as an dockerimage is there a motive why I should stil whant to use as host OS server version (Ubuntu server) or can i use desctop
<phantoms1> for hosting private server on the internet
<thekrynn_> hello, was wondering if anyone might know why an NFS server I was running decided to stop working out of the blue (service nfs-kernel-server restart returns ok, but says nfsd not running)
<sikun> phantoms1, have you used owncloud? if so what is the difference between that and nextcloud
<sikun> ?
<phantoms1> nextcloud is mor open â¦ free the rely on customer support as income
<sikun> ah
<sikun> not like the enterprise as with owncloud
<sweb> help me on this if you interest https://github.com/mhf-ir/ubuntu-overssh-reinstallation
<ikonia> looks like a terrible idea and a very sloppy implementation
<sweb> ikonia: try hetzner and stupid image installation to see what's the sloppy ... many datacenters use ubuntu-server-via-(extra package like plesk) as primary ubuntu iso installation .. no custom iso ... limited kvm for installation (time or cost) and much more limitation ... it's simple and fast way to clear installation ... what do you prefer ?
<ikonia> I prefer not making bad install solutions like the one you're suggesting in the git repo
<sweb> ikonia: i dont see any solution in `bad install solution` word ... give me a way ... give me solution to partition overssh without datacenter cooperation  ...
<ikonia> don't do it
<ikonia> thats the way to do it
<sweb> ikonia: and explain me why
<ikonia> because it's a bad install routing trying to do in situ, and the scripts in that repo are poor
<ikonia> it also has uncceptable assumptions and dependencies
<sweb> if script has problem community can fix it ... loading netboot over the grub imageboot is not good thinkg ? explain uncceptable subjects
<ikonia> no
<ikonia> the whole concept is not good
<ikonia> talk to the DC to provide more realistic support options
<ikonia> you're trying to engineer around a problem that shouldn't exist
<ikonia> and if it does exist it's that element you need to fix, not an engineering solution
<sweb> of course this is stupid problem ... but it exist ... we must deal with it ...
<ikonia> no you shouldn't
<ikonia> remove the proble
<ikonia> problem
<Sircle> how to enforce internet through squid and not anything else. If any thing has to be done on http/s via browser, wget, curl etc, it must go through squid or not at all. How to do that on ubuntu?
<bekks> Sircle: Configure squid, and forbid direct connections to the internet using your firewall.
<Sircle> bekks:  are you pointing to make iptable rules?
<bekks> Sircle: Yes.
<Sircle> bekks:  liek redirect all requests on port 80,8080,443 to go through squid? like this http://serverfault.com/a/445402?
<bekks> Sircle: No.
<bekks> "...  and forbid direct connections to the internet using your firewall"
<bekks> Sircle: forbiding is not redirecting.
<Sircle> bekks:  hm
<Sircle> bekks:  so there is no way to automagically redirect 80,443 to squid (WITHOUT browser settings or any app settings). If so, this will cover wget and curl etc
<bekks> Sircle: You are mixing things up.
<bekks> If you want to REDIRECT, do it. If you want to FORBID, do it. But dont mix them up. :)
<bekks> you said you want your squid to be used or if it isnt used, you want to forbid access. Thats not redirecting.
<Sircle> ok, how to REDIRECT ALL 80,8080,443 port based calls to ssquid?
<bekks> Sircle: like this: https://help.ubuntu.com/community/IptablesHowTo
<Sircle> k
<Sircle> step #1 allow squid to use 80,443 #2 redirect all other users' requests of 80,443 to squid 3128  bekks ?
<bekks> No.
<bekks> Sircle: Forbid direct internet access, not squid usage.
<Sircle> bekks:  I do not want users to put proxy settings in browsers or apps everytime. Instead just redirect requests to squid. Its the same thing as blocking direct access
<bekks> Sircle: Then still do not forbid usage.
<bekks> And redirection is totally different from forbidding things.
<Sircle> yes. I think redirection is better
<Sircle> if suid is onn, it will take care. If its off, the request won't work either way
#ubuntu-server 2017-11-06
<cpaelzer> good morning
<jamespage> coreycb: hey  so I unwedged b-o-m - and re-did your upload of sphinx-contribwhatever with a ~cloud suffix
<jamespage> I've paused bom until we can get sphinx in and built - however its failing with a test error now
<MJCD> hey all
<MJCD> does anyone know a really control centric 'window manager'
<MJCD> I know screen and all that stuff
<MJCD> but I want like a mouse and stuff haha
<MJCD> so like semi-gui
<MJCD> basically all I really want is like 4 tiles gui terminals
<MJCD> that'd be aces
<MJCD> though if I can configure that on the fly that'd be dope
<coreycb> jamespage: great thank you
<Olanzapin> hello anyone using ubuntu/debian as server to csgo? I need ta ask a few questions.
<hateball> Olanzapin: Just ask the real question(s)
<Olanzapin> ahh but they are irellevant in main chat. I use gamesevermanagers script to setup csgo server. Everything is working well no errors. When i start the server i automaticly shutdown the server silently.
<Olanzapin> googled on same problem but did not find a solution
<hateball> Olanzapin: For something like this I would probably try asking in #gamingonlinux or #steamlug since those channels are for gamers
<hateball> More likely to have someone with the same setup I guess
<ikonia> Olanzapin: state the version of ubuntu and where the package came from
<Olanzapin> ok thx
<Olanzapin> ubuntu 16.04 and http://www.gamservermanagers.com
<Olanzapin> gameservermanagers.com
<ikonia> Olanzapin: so the software isn't from the official repos ?
<ikonia> Olanzapin: the best advice would be to verify the logs of what's happening, then work with the people who support that software to debug it
<mun24> installed virtualbox on ubuntu by using apt-get install virtualbox
<mun24> How to install VBoxWebSrv?
<hallyn> rharper: smoser: isthere a tool on ubuntu to create a .ova from a qemu disk image?  I mean it looks not too hard by hand (convert to .vmdk, write a .ovf and .mf, and tar it up), but a tool woudl be sweet.
<rharper> hallyn: not that I know of
<smoser> note you dont specifically have to have file format of vmdk
<smoser> to be "ovf".
<smoser> but to use it in vmware, you probably do ;)
<smoser> i think that virtualbox can export a ovf
<smoser> but other htan that i dont know of any tools.
<smoser> hallyn: https://askubuntu.com/questions/588426/how-to-export-and-import-virtualbox-vm-images
<hallyn> smoser: yeah, virtualbox isn't out of the question but I don't want gui and hate the vbox commandline :)
<hallyn> Ok thanks - just wanted to make sure there wasn't an obvious existing tool i should be using
<smoser> hallyn: well, yes. the command line does suck.
<smoser> but basically you're just creating a vmdk and substituting text.
<smoser> you're actually uinsg vmware ?
<hallyn> I'm not :)
<hallyn> Well, in some palces I am, through vsphere...  but i want to do this on any linux system, hence want to use qemu-img adn tar as far as possible
<jamespage> coreycb: thanks for sorting out the backport of sphinx - what was the issue/
<jamespage> ?
<coreycb> jamespage: hey np. the imagemagick package needs to be installed on xenial to get alternatives for /usr/bin/ commands configured.
<jamespage> I thought it might be something like that
<jge>       
<necrophcodr> I'm running a postfix server, and recently I've started getting "User unknown in virtual alias table" errors with emails sent to my adress. Is there any way to resolve this?
<necrophcodr> Oh..
<necrophcodr> Turns out that unsetting my "myorigin" fixed it somehow
#ubuntu-server 2017-11-07
<catalase> can someone point me to a bash script that will ping a given ip address (eg. google.com for instance) and IF it is unreachable, run another script?
<catalase> for instance: https://unix.stackexchange.com/questions/190513/shell-scripting-proper-way-to-check-for-internet-connectivity
<sarnold> ping -w1 -c1 www.google.com 2>&1 > /dev/null && echo hi
<catalase> what if it is unreachable though
<catalase> i only want it to echo hi if destination unreachable
<sarnold> if you care about the specific reason why the ping failed then you may have to write your own tool
<sarnold> if you just care that it did fail, then replace the && with ||
<catalase> ping -w1 -c1 www.google.com 2>&1 > /dev/null ||sudp sudo ./home/catalase/mysupercoolscripts/testscript.sh
<catalase> could i do something like that
<catalase> ping -w1 -c1 www.google.com 2>&1 > /dev/null || sudo ./home/catalase/mysupercoolscripts/testscript.sh
<catalase> rather
<sarnold> programmatic use of 'sudo' is often a sign of trouble..
<catalase> what should i use instead
<sarnold> what starts this process?
<catalase> i do
<sarnold> aha, then I'd suggest running the script with sudo manually
<catalase> lol
<SmokinGrunts> what'd be the best thing to attempt to have a server securely send me near realtime updates of any changes to /var/log/auth.log?
<pwnguin> like, rsyslog?
<drab> SmokinGrunts: rsyslog + tls
<SmokinGrunts> aye something happened to my fail2ban on one of the work servers... I'm being bruteforced atm, brb
<pwnguin> turn off pw auth, problem solved
<SmokinGrunts> I am still very much learning
 * drab never understood the point of fail2ban
<drab> anyway, bbl
<SmokinGrunts> bah
<ReedK2> when you get an app that doesn't come from the package manager, how do you know where to install it?
<SmokinGrunts> okay, if fail2ban is up, and the server has been restarted, and I'm still getting log-updates from a 'tail'ed /var/log/auth.log of connection attempts, then what is going on??
<SmokinGrunts> I can block the offender from the firewall, but I'd rather have them block automatically from the server itself
<SmokinGrunts> blocked*
<SmokinGrunts> oh, so fail2ban will ban me, when I test it
<SmokinGrunts> :(
<qman__> fail2ban will allow a certain number of attempts, which are logged, before blocking the address, and his happens per address attempting to connect, so if you're being attacked from many IPs, there will be many attempts in the log
<qman__> it also clears out the list of banned IPs when fail2ban is restarted
<SmokinGrunts> there be one ip, but it's not thru ssh I guess?
<SmokinGrunts> oh lol I had added telnet earlier. removed, no more probs.
<SmokinGrunts> xinetd and telnetd
<SmokinGrunts> lol my noob is showing
<SmokinGrunts> so TIL; don't have a telnet daemon available if you don't need it.
<SmokinGrunts> 2scary4me
<SmokinGrunts> damn. So TIL about the necessity of all things security for a public-facing server, no matter what it's for, or how big it is.
<SmokinGrunts> I had a telnet daemon up for 3 days
<SmokinGrunts> damn near a few dozen minutes after, I started getting root login attempts through it
<SmokinGrunts> all for a server that's only hosted very basic nodejs development shit
<SmokinGrunts> better late than never for learning
<cpaelzer> good morning
<ReedK2> to install kde in ubuntu, do you install kubuntu-desktop?
<ReedK2> according to help.ubuntu.com that is the case ( https://help.ubuntu.com/community/InstallingKDE )
<cpaelzer> ReedK2: kubuntu-desktop ?
<cpaelzer> yeah
<cpaelzer> that is what I have
<cpaelzer> although I installed from a kubuntu ISO back then, but I think that is the central package thatpulls everything else in
<cpaelzer> ReedK2: one might argue on a desktop UI on server, but it worked for me on my NAS when I refurbished it to a backup desktop
<ReedK2> i wonder if it matters because if you install the other DE, the old DE packages will be ignored
<cpaelzer> ReedK2: while a bit of package overload, you can install multiple DE and select on the login manager
<cpaelzer> which one to start on login
<ReedK2> cpaelzer, I think you need a desktop unless the server is remote.  but it's crazy to try to develop without a desktop, if only due to text-only web browser problems
<cpaelzer> ReedK2: I'm not trying to convince you not to do so :-)
<cpaelzer> as I mentioned above, my NAS has KDE as well
<ReedK2> cpaelzer, anyway I wonder if kde is botnet.
<hateball> ReedK2: kubuntu-desktop is the full Kubuntu experience, with associated programs. there's other meta-packages if you want only the DE itself
<ReedK2> yeah kubuntu-desktop is supposed to be the 'recommended lightweight installer'.  there's kde-plasma-desktop which is supposed to be core-only.
<ReedK2> I thought it would be nice to have some extra tools becasue they might help to customize it
<hateball> I dont see any reason not to use kubuntu-desktop unless you are low on storage space
<ReedK2> beacuse someoen told me to use kde
<ReedK2> oh you mean use the full version?
<ReedK2> this ws a bad idea
<lordievader> Good morning
<cpaelzer> hiho lordievader
<lordievader> Hey cpaelzer
<lordievader> How are you?
<cpaelzer> good, I hope you too
<lordievader> Jup, doing good here :)
<ReedK0> does anyone know where kaccounts-providers_4%3a15.12.3-0ubuntu1_amd64.debis supposed to reside?
<ReedK0> does anyone know how to stop recovery mode from timing out and freezing?
<lordievader> Why does it enter recovery mode?
<ReedK0> lordievader, i installed kubuntu-desktop on ubuntu 16.04, and it destroyed the computer
<ReedK0> the "work-arounds" didn't work.
<ReedK0> now recovery mode actually doesn't time out but rather just closes after about 2 minutes.
<lordievader> Kubuntu desktop on a server?
<lordievader> What work-arounds?
<cpaelzer> the way "it destroyed the computer" might be important as well
<ReedK0> https://askubuntu.com/questions/804968/apt-get-install-kubuntu-desktop-failed-trying-to-overwrite first answer and
<ReedK0> https://bugs.launchpad.net/ubuntu/+source/kaccounts-providers/+bug/1573787 comment #5
<ubottu> Launchpad bug 1565772 in gnome-control-center-signon (Ubuntu Xenial) "duplicate for #1573787 [SRU] Allow plugins to decide which username to set on new accounts" [Critical,Fix committed]
<lordievader> Hmm. Could you answer cpaelzer 's question?
<ReedK0> when prompted to install sddm or lightdm, I selected "sddm", and the installer closed.  it said: "Locked." and  "your system has errors".
<cpaelzer> because while these are issues, overwriting these files does not render your computer unusable
<ReedK0> I asked at #kde, and they said to restart and re-run the installer or to use apt to do --fix-installed
<lordievader> Installing sddm should not break anything.
<lordievader> Did you run 'apt-get install -f'?
<ReedK0> sddm did not successfully install
<cpaelzer> oh I see, you have an unrelated issue with these packages to install properly but you need to resolve that to continue the install
<ReedK0> yes, I did.  it gives the same error: "you should try apt-get install -f"
<cpaelzer> of sddm
<ReedK0> I also get that with apt remove, apt-get everything and apt --fix-packages
<lordievader> Could you pastebin the full output of that command?
<lordievader> !pastebin
<ubottu> For posting multi-line texts into the channel, please use https://paste.ubuntu.com | To post !screenshots use https://imgur.com/ !pastebinit to paste directly from command line | Make sure you give us the URL for your paste - see also the channel topic.
<ReedK0> it's a different computer
<ReedK0> it only has the 2-minute recovery mode
<lordievader> No shell access (tty, ssh, etc)?
<SmokinGrunts> why's the server getting a desktop?
<ReedK0> SmokinGrunts, we talked about that like an hour ago
<ReedK0> lordievader, only the 2-minute shell in recovery mode
<SmokinGrunts> I'm late to the ballgame
<lordievader> ReedK0: What happens after those two minutes?
<ReedK0> a bunch of [stuff here] appears, and then it returns to the recovery menu, but the PC is frozen.
<ReedK0> lordievader, i'd be happy to rip the desktop environment out if it meant i could boot to CLI.  But I can't boot t CLI, either.
<lordievader> ReedK0: Do you get more of a shell when you boot with the kernel parameter `systemd.unit=rescue.target`?
<ReedK0> i don't know how to do that
<ReedK0> lt me see
<ReedK0> probably grub
<lordievader> In grub you edit the kernel line, after the `splash` you add the above.
<SmokinGrunts> can someone get me up to speed?
<lordievader> ReedK0: https://wiki.ubuntu.com/Kernel/KernelBootParameters
<cpaelzer> ReedK0: I don't see how you got into a boot/rescue issue with that - some packages conflicted about some account pluging files, so what
<lordievader> SmokinGrunts: https://irclogs.ubuntu.com/2017/11/07/%23ubuntu-server.html
<cpaelzer> ReedK0: shouldn't the system just work as-is and you can resolve the issue via ssh or whatever you usually use
<ReedK0> that's not what #kde says
<lordievader> SmokinGrunts: He tried to install kubuntu-desktop and now it doesn't boot.
<ReedK0> they said 'it's a deeper issue'
<lordievader> If it goes into the rescue mode... it seems like it is a deeper issue.
<lordievader> Which is quite strange.
<ReedK0> I think sddm not installing properly, or kubuntu-desktop only partially installing (but thinking it's fully installed when you try to install over it)...
<SmokinGrunts> what is output of 'lsb_release -a'
<ReedK0> I went to rescue mode because normal mode does something else
<SmokinGrunts> on the server, that is
<ReedK0> normal mode says my graphics card isn't configured properl
<ReedK0> or it stops at [blocks] in CLI mode
<ReedK0> it gives me the option to choose between two video drivers, and neither of them work.
<lordievader> It stops in CLI mode? So, you do have a shell?
<ReedK0> lordievader, you want me to set systemd.unit=rescue.target still?
<ReedK0> In rescue mode, I can open the recovery shell.  yess
<lordievader> If that gives you a shell, yes.
<ReedK0> and then the PC freezes after 2 minutes after returning to the menu screen.
<ReedK0> I have a shell.  It's just a 2-minute shell.
<lordievader> How new is the install?
 * ReedK0 sigh
<ReedK0> a few weeks
<ReedK0> i just want to get my shell logs and
<ReedK0> maybe my browser history
<ReedK0> figure out how to partition it once again
<ReedK0> heartbreaking. like my dog died
<lordievader> You do your web browsing on a server O.o
<lordievader> Does adding the systemd.unit parameter give you a 'real' shell?
<ReedK0> very rarely.
<ReedK0> only when it's necessary
<ReedK0> or when it's a huge time saver.
<ReedK0> hold on that's not easy to do let me do it
<ReedK0> do i put it after splash or after $vt_handoff ?
<lordievader> after the splash
<ReedK0> system
<ReedK0> so I just add systemd.unit right after that?
<ReedK0> no systemd.unit=rescue.target
<lordievader> Yes, that last one.
<ReedK0> no
<ReedK0> it does not
<ReedK0> i get the 'low graphics mode' screen
<lordievader> That is fine
<lordievader> What happens further?
<ReedK0> try running with default graphics mode; reconfigure graphics; troubleshoot an error; exit to concsole login
<ReedK0> all of these result in nothing, either a restart or a [blocks] screen
<lordievader> Next to the systemd.target line add `nomodeset`.
<ReedK0> it's getting worse, honestly
<ReedK0> now i can't turn on the network
<ReedK0> seems kde is a fat virus
<lordievader> Did you get a shell or not?
<ReedK0> yes, i'm in one
<ReedK0> i'll persist to shell , even if it restarts after 2 minutes
<lordievader> Allright, good.
<lordievader> How did you setup your network?
<ReedK0> all default
<lordievader> Do you have a connection now?
<ReedK0> i'm probably gonna find my USB drive ;-<
 * Jenshae crawls in and collapses in a corner.
<Jenshae> Still got the time out problems after reaching Shutdown.
<ReedK0> is it true that there's a version of Linux that can be built from the ground up?
<Jenshae> Damn Small Linux is very raw. Debian can be installed with a gui I guess.
<Jenshae> Can maybe get an old copy of gnome or knoppix
<Jenshae> Why would you want to do it though, ReedK0 ?
<ReedK0> nah it's a specific release of linux....
<ReedK0> like there's gentoo, and it's not gentoo
<Jenshae> Do you mean Arch?
<ReedK0> it's literally something like 'build-linux'
<ReedK0> like it teaches you how to build an operating system
<ReedK0> while you install linux
<ReedK0> takes 2-3 days
<Jenshae> Arch is very raw, have to add everything you need onto it, apparently.
<lordievader> ReedK0: Are you refering to LFS (Linux From Scratch)?
<lordievader> Personally I'd go for Gentoo over LFS. A package manager is useful.
<ReedK0> yes i am
<ReedK0> but isn't it probably better to just install ubuntu rather than gentoo because gentoo is very complicated?
<lordievader> Ubuntu is less complicated than Gentoo, yes. But if you know what you are doing Gentoo can be blessing and Ubuntu a pain.
<lordievader> Each has its merits.
<Jenshae> What are you wanting to use your OS for ReedK0 and what hardware specs?
<ReedK0> Jenshae, learning C, C++, and some other languages.
<ReedK0> I want to do some mathcad type stuff.
<ReedK0> or screw around in some kind of 3d programming language
<lordievader> Unless you want to learn how Linux works, get Ubuntu.
<ReedK0> I want to learn how it works.  I don't know if I need to know how it works in-depth right now, though.  I think I should learn bash and C before I do that.
<ReedK0> but i'm not sure, honestly.  maybe it's better to learn how linux works before learning bash and C and C++
<Jenshae> Ubuntu + Unity3D is probably the easiest setup for C++ and 3D development
<ReedK0> I thought I could install ubuntu and then install a virtual box on my windows box and build gentoo there
<Jenshae> You can install Ubuntu and VM Gentoo and Windows. I play games via Win7 and VMware, not worth dual booting, very few games I can't run on Linux (mostly just DirectX 11 ones)
<ReedK0> i don't play games
<ReedK0> except a motorcycle game on my phone, but i spend like 10 minutes a day on that
<Jenshae> Games being the toughest thing to VM due to DirectX problems. Viva la vulkan
<Jenshae> Point being that you should be able to VM pretty much anything you want and if you use Lubuntu-Desktop on Ubuntu then you will have loads of hardware resources to pick what Virtual Machine you want to run on top of that.
<Jenshae> I prefer lubuntu desktop slapped onto Ubuntu rather than a direct Lubuntu install.
<ReedK0> the thing I've had the most trouble with is wechat.
<Jenshae> I am unfamiliar with that. What protocol does it use?
<Jenshae> There are native clients for IRC, Google chat, Yahoo chat, Slack chat, Discord, Team Speak, Mumble and Skype to run on Ubuntu.
<ReedK0> it's a windows program
<ReedK0> Anyway, I just need to wait for a release to be made for ubuntu
<ReedK0> okay i did the backups. i couldn't find my web browsing history for firefox, but I guess that's okay.
<Jenshae> Try Wine + PlayOnLinux, despite the name PoL, is really good at managing windows programs.
<Jenshae> Also see if your WeChat shows requirements, such as "ms fonts tahoma" or anything else like that.
<Jenshae> you might fine WeChat on winehq.org with a guide on running it.
<ReedK0> i'm goig to try those sometim
<ReedK0> so you can install unity3d from apt?  wow
<ReedK0> i remember 2008 when unity was getting started and bitcoins were cheap, and i didn't have any money.
<Jenshae> I got Unity3D from their website.
<Jenshae> PoL has a list of things you can install and you can do virtual drives in either 32 bit or 64 bit depending on what you want and as long as the host is 64 biy
<Jenshae> bit*
<ReedK0> these are the partiions i used
<ReedK0> I have /srv /home / and /windows (which is fat32)
<ReedK0> and swap
<ReedK0> someone told me /srv is not something i should have on a separate partition, and he is also very smart
<Jenshae> Personally, I just have /boot_grub or /EFI " / " /home and swap area.
<ReedK0> i'm confused
<ReedK0> are /boot_grub /EFI and / all the same thing?
<Jenshae> I do /efi, " / " and swap as primary partitions with /home as a logical one off the /
<Jenshae> In order from start of drive, I go /efi swap / and /home
<Jenshae> The /boot_grub is legacy and /efi is for uefi machines.
<ReedK0> what sizes should I make them?
<ReedK0> would I use /efi ?
<Jenshae> I generally run with a 1.5x swap unless I know it will double its RAM and suspend / hibernate will be used.
<ikonia> there is no such file system as /efi
<ikonia> efi hangs off /boot
<ReedK0> you're making my head hurt really bad haha
<ReedK0> so /efi isn't something
<Jenshae> Does your BIOS have UEFI?
<ikonia> and this channel is for ubuntu server discussion - please try to stick to that topic
<ReedK0> no idea what uefi is
<ReedK0> brb i will look
<Jenshae> The /efi is an option during Something Else installation . It also runs it as a change when you do the default wipe the whole drives and install.
<Jenshae> I will private mssage you ReedK0
<ikonia> fantastic, thanks Jenshae
<ReedK0> Yes, it uses uefi
<joelio> lol, just came out of a near-UEFI disaster post Dell BIOS upgrade.. decided to not revert back fwupdater and get stuck in a 'boot device not found' loop-
<joelio> had to readd the entry manually, pointing to the shim for secure boot to work
<joelio> so the stuff in /boot is used to shim /efi for sb afaiu
<joelio> you can add an entry directly to the grub efi *if* you're not using sb
<joelio> TIL... :)
<Jenshae> Now write the guide on that because ... I only have a very vague idea of what you are talking about. :P
<Jenshae> I have successfully rebuilt the RAID with a new drive, got Nvidia drivers working and a Lubuntu desktop going on this server (the server built out of spares)
<joelio> ah yeam recall
<Jenshae> I don't suppose there is a GUI config of Samba that tests things, like if it successfully joined the domain diagnosing as it sets up in stages? :P
 * joelio doesn't use samba (even then it was cli too)
<Jenshae> You have a pure Nix office? Mine is mostly Windohs. Trying to show the worth of nix by making this archive server (just a raw file server)
<joelio> yep, we do cloud stuff
<joelio> (our dept is pure linux anyway)
<joelio> bean counters etc are windows :)
<joelio> but no need for smb as we do the whole cloud crap
<drab> Jenshae: to some extent you can use smbclient to test things as you go, that's what I did, but for some things like joining AD it's a little trickier
<drab> Jenshae: it was too much for our needs, but something that may be worth considering if FreeIPA if you haven't looked at it
<joelio> if it's SMB, perhaps - https://help.ubuntu.com/lts/serverguide/zentyal.html
<drab> oh that too, yes
<Jenshae> Thank you
<joelio> has some shiny too http://www.zentyal.org/server/
<Jenshae> That is my homework. See you tomorrow / another day o7
<joelio> laters
<joelio> nearly hometime myself
<JanC> joelio: for safety reasons it's probably even more important to move bean counters to something more sane ASAP  ;)
<joelio> I'm no MS hater, not anymore
<joelio> plus realised it's better to chose battles wisely or you get to support them
<joelio> there's Chromebooks aplenty too, it's not that bad tbh
<dpb1> joelio: MS has a ton of cool ubuntu projects going on, fwiw.  the windows subsystem for linux thing is amazing
<joelio> yup, I know :)
<JanC> still, there probably is no reason why bean counters would need MS Windows nowadays
<joelio> just not something will personally use
<dpb1> joelio: I'm in the same boat, mostly just for games here
<dirtycajunrice> Anyone been in the mud with NFS and 10GBe ?
<maswan> no mud, but we do run it
<dirtycajunrice> throughput ?
<dirtycajunrice> I cant seem to get it to do more than 50ish MB/s
<dirtycajunrice> which linearly decline with more transfers
<maswan> http://www.acc.umu.se/technical/statistics/ftp/monitordata/backend
<maswan> that's all nfs traffic
<maswan> so peaks at roughly line rate
<dirtycajunrice> right but anything can fluke flux to line
<dirtycajunrice> my graphs have that as well. but its where yours is for average
<dirtycajunrice> which is <50
<maswan> yeah, but there isn't more demand than that most of the time
<dirtycajunrice> hm.
<dirtycajunrice> im moving 35TB of data
<maswan> we've seen that sustained for 5-10 minutes
<dirtycajunrice> so it would stay sustained for about 3 days if i could get it higher
<dirtycajunrice> but its crapping the bed.
<maswan> seems to be no weird stuff, ro,no_subtree_check in exports
<maswan> proc/mounts gives us: nfs4 ro,nosuid,nodev,noatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=194.71.11.138,local_lock=none,addr=194.71.11.160
<maswan> you have low latency networking without packet drops?
<dirtycajunrice> yeah. single L1 hop
<maswan> reasonably low, I mean. not tens of ms or higher RTT
<maswan> ack
<dirtycajunrice> so almost identical
<dirtycajunrice> 10.0.10.211:/tv4 on /mover/tv4 type nfs4 (rw,relatime,vers=4.0,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.0.10.100,local_lock=none,addr=10.0.10.211)
<maswan> are you reading or writing over nfs?
<dirtycajunrice> all writes.
<dirtycajunrice> since its a move job
<dirtycajunrice> HDD are all capable of about 120MB/s ea
<dirtycajunrice> so its not throttled there. and i can do an Rsync at HDD speed
<maswan> well, that's a bit different than ours, ours is most read
<maswan> but our updating node can at least to line rate gigE
<dirtycajunrice> Hm.
<dirtycajunrice> So frustrating. and NFS is faster than SMB
<JanC> no traffic shaping going on?
<dirtycajunrice> nope
<dirtycajunrice> s/smb/cifs
<dirtycajunrice> you know what i meant :P
<JanC> the target filesystem is not badly fragmented?
<dirtycajunrice> no. Fresh drives with fresh fs/partitions
<JanC> BTW: why not just use rsync if that works faster?  :)
<dirtycajunrice> JanC, I actually am using it for the bulk transfer currently
<dirtycajunrice> but this will not fix the issue after the files are moved as more than 50MB/s of files are moved/accessed at a time
<JanC> right
<dirtycajunrice> so i am temporarily working around it and during the next 3 days im trying to resolve the issue on the backend
<JanC> when moving them over NFS, were you using 'cp' or something else for that?
<dirtycajunrice> ive tried literally everything.
<dirtycajunrice> ive tested: cp, mv, rsync, dd
<dirtycajunrice> to see if its tool problems
<dirtycajunrice> its not.
<dirtycajunrice> its stupid stupid nfs.
<teward> dpb1: sent you a reply to your PM, sorry about the time delay.  Been busy dealing with FCC coordinators :P
<coreycb> jamespage: it looks like we'll be able to drop pandas from the queens UCA soon. gnocchi dropped use of it in recent commits.
<coreycb> jamespage: which is good, because it pulls in a lot of new dependencies
<coreycb> or, would have pulled
<jonfatino> Do they have livecd for ubuntu-server?
<jonfatino> without gui?
<teward> jonfatino: no.  there is no server livecd
<rharper> there, is
<rharper> http://cdimage.ubuntu.com/ubuntu-server/daily-live/current/
<teward> rharper: there's actually a *livecd* version of Server, not just a daily built installer image?
<teward> i've never seen "try ubuntu" on the Server ISOs
<rharper> teward: well, it's a liverootfs
<jonfatino> Ty rharper
<teward> rharper: is the ISO updated?
<rharper> it's live and it's the server image;  I'm not sure it includes a drop to shell directly at this time
<rharper> teward: in what way ?
<teward> rharper: between the final daily version there and the final release version what's the difference at the core
<teward> or is there none
<teward> because I forget how final freeze worked :P
<teward> (E: NOCOFFEE, NOMONEY)
<rharper> teward: it's got a 10/18 pub date;  so I don't think it's being updated; but as soon as bionic has an image, then that'll be fresher
<rharper> teward: I'm not sure about the frequency of the updates to cdimage for released stuff;  it's possible that those aren't generated until the dot releases except for the devel release images
<rharper> the other server image, has the same pub dates as the daily-live image
<coreycb> jamespage: we may also be able to drop python-docker from queens CA since xenial has 1.9.0 now.
<jamespage> coreycb: sounds like a plan
<jamespage> coreycb: yes agreed - pandas is large and awkward
<coreycb> jamespage: yes
<jamespage> coreycb: we need a good way of actually getting those removed from the UCA - reprepro does not automatically cleanup things we remove from the source PPA's
<jamespage> coreycb: I think its just some commands we can generate
<hehehe> short of rebooting
<hehehe> Cannot establish tunnel
<hehehe> 11:37 PM     com.jcraft.jsch.JSchException: SSH_MSG_DISCONNECT: 2 Too many authentication failures
<hehehe> 11:37 PM how to reset it?
<hehehe> how to reset it?
<hehehe> :D
<coreycb> jamespage: ok
<hehehe> I was trying to login to a sql via ssh tunnel, ssh tunnel part did work, sql nope
<hehehe> and now this error
<hehehe> :D
<hehehe> I will just reboot
<hehehe> it is quicker
<hehehe> oo same error again
<hehehe> wtf is this
<sdeziel> hehehe: do you have a customized sshd_config server-side?
<hehehe> no
<hehehe> any ideas how to check what is wrong
<drab> is there a recommended setup these days for ldirectord-like setup on ubuntu?
<ikonia> drab: in what respect ?
<drab> I'm trying to load balance a bunch of different services, mostly all tcp
<ikonia> (nice to see an unusual question)
<drab> altho the primary reason i'm wanting this is for maintenance, not standard load balancing
<drab> maintanance/fail over
<drab> I have two specific use cases i'm trying to work through: 1) a content filter 2) an asterisk server
<drab> in both cases I'm upgrading software and I'd like to be able to move clients to the new upgraded servers slowly
<drab> but in both cases to change ips or play with dns isn't possible/advisable
<ikonia> you won't be able to "drain" with a pbx
<ikonia> as you can't drain an in use call
<ikonia> you can drain against logged in users that are idle - it will just blip as it fails over
<drab> yeah, that's ok/the plan, move a bunch of phones overnight when they ar enot in use
<ikonia> the content filter should be fine as these are normally just a http service so just swap over between requests
<drab> but I don't have to have to reconfigure the phone because provisioning isn't very smooth
<drab> so basically I'd like to take the ips now assigned at the current machines and move them to some ldirectd sort of master
<drab> and there decide which clients go to which real server based on src ip for example
<ikonia> that shouldn't be fine - just setup polling or manual fail over
<sdeziel> drab: you could use keepalived to have a VIP moved between 2 asterisk instances
<ikonia> ahh you want to do source based routing
<ikonia> yeah, keepalived would be better for that sort of thing, it has rules
<drab> but there's only one ip, now? if I move it to the new machine all clients will move
<ikonia> one IP ?
<drab> s/now/no/
<drab> one VIP
<ikonia> where is there only 1 IP
<ikonia> you can setup however many vips you want
<ikonia> you could have one per service
<ikonia> one per geographic location
<ikonia> whatever you want
<hehehe> sdeziel: maybe disable strict mode?
<hehehe> what its for?
<ikonia> strict mode ?
<ikonia> what has strict mode /
<drab> I guess I don't get it... say current asterisk is 10.0.0.6 , if I make that into a VIP and share it between the old asterisk (which would move to a physical ip of say 10.0.0.2) and a new one on 10.0.0.3
<hehehe> sshd config
<drab> 10.0.0.6 VIP would be assigned to only one of tyhose machine at a time, no?
<hehehe> I need to access sql via ssh tunnel
<hehehe> yet to work
<drab> at which point any client configured to connect to 10.0.0.6 would go to the machine with that VIP
<ikonia> drab: no, it's assigned to the servive, you can tell the pass through to go where you want - depending on the routing rules
<drab> oh
<drab> I thought that was what ldirectd was
<drab> not keepalived, I thought that was just VRRP
<drab> anyway, if that's a standard/recommended way to implement it I'll just go read the docs
<ikonia> keepalived is dumber, but has rule based managemtn
<drab> I was mostly trying to figure out how ppl where normally implementing this sort of thing
<ikonia> ldirectd is more advanced, but less configuration
<ikonia> drab: front a service with a "distributor" of some sort, then put multiple services behind them
<hehehe> ikonia: any ideas what can it be?
<ikonia> it's that simple, the "distributor" is the thing that controls the rules
<sdeziel> hehehe: I was more thinking about MaxAuthTries that you can trip when offering multiple keys
<drab> ikonia: yeah I get the principle, I was looking for recommendations in terms of implementation. I will look at keepalived, thanks.
<drab> right
<drab> thank you
<ikonia> hehehe: I have no idea of your problem description as I've not been following, but I'm not keen to help you based on the abuse you've sent me in pm in the past
<ikonia> drab: there is another software one, something monkey that's a bit dated but actually very light and easy
<hehehe> sdeziel: yep me too! but there is not MaxAuth in the sshd config :D
<hehehe> ikonia: emmm :P
<sdeziel> hehehe: the default is 6
<hehehe> yep
<drab> ikonia: yeah, http://www.ultramonkey.org/3/lvs.html
<drab> Iw as looking at that too
<drab> there's actually a few more , some more "modern" too, but none of them seems really tested/having a large user base
<drab> hence coming to ask
<drab> to try and get a sense of what was going to be a well maintained/stable/support way to implement this
<sdeziel> drab: you can also use keepalived alone without LVS
<ikonia> drab: thats it !
<hehehe> sdeziel:  ubuntu 16.04 server no MaxAuth in the config file of sshd :D
<hehehe> or maybe there is a command to reset failed counter
<drab> sdeziel: yeah, I'm kind of confused about that, I haven't yet figured out how they all work together
<sdeziel> drab: with keepalived alone, you'd be simply moving the VIP
<drab> some howtoes seem to use them in combo, some don't, some use pacemaker, some recommend HA
<drab> sdeziel: right, that's what I thought, and not what I want
<ikonia> drab: I've used (in the past) ultramonkey with keepalived with good results
<ikonia> drab: so using combos together can give a good result, but it does make it more complex
<drab> I don't understand why I need keepalived with ldirectord/ultramonkey, those alone seem to do what I need
<drab> cavia of course the director going down
<sdeziel> drab: you have 2 different problems. The content filter is apparently simple to deal with a HTTP reverse proxy
<drab> maybe that's what keepalived is for, moving the VIP of the director
<sdeziel> drab: and the asterisk problem could be dealt with just keepalived if your use case is to just simplify maintenance
<hehehe> ok whatever
<sdeziel> I don't konw ldirectord/ultramonkey so I cannot comment on that, sorry
<drab> sdeziel: well the problem is rollout, I need to verify that asterisk 13 works well before moving everybody to it
<drab> so I was hoping to be able to tell a bunch of clients, go use this other server first
<drab> transparently
<drab> without having to reconfigure the phones
<ikonia> drab: you need routing rules
<ikonia> and pick a subnet at a time to migrate on
<sdeziel> drab: with keepalived, you'd use a check script that would tell you if a node is healthy enough to become primary (the VIP holder)
<sdeziel> drab: I'm proposing all at once failover while ikonia proposes staged rollout
<ikonia> just to be clear - I'm not proposing anything, I'm trying to meet your requirement, sdeziel's suggestion is just as valid
<sdeziel> so maybe ikonia's way would be less risky
<ikonia> sdeziel: but more complex
<ikonia> it's the trade off
<sdeziel> hehehe: maybe if you paste a "ssh -vvv" output we'd learn more about the problem?
<hehehe> I am connecting from a gui client
<hehehe> Dbeaver
<ikonia> based on what he's posted in ##linux the problem appears quite clear,
<hehehe> I think it is max tries
<ikonia> now that I've read the scroll back
<hehehe> have to see where to reset it
<hehehe> or maybe ciphers mismatch?
<hehehe> I don't think so :D
<sdeziel> hehehe: the maxauthtries is a per connection thing, nothing to reset AFAIK
<sdeziel> hehehe: cipher mismatch produces a different error
<hehehe> I can increase a value of it
<hehehe> it does work if I boot in a resue mode and then reboot
<hehehe> somehow this resets this lock
<hehehe> I can ssh in just fine but not from  DBeaver atm
<drab> sdeziel: ikonia: ok thanks, I think I get it at least... going forward I definitely need to be able to stage rollouts so I'll look into ldirectord/ultramonkey and see where that gets me
<ikonia> drab: for me, the key is policy based routing for your needs
<ikonia> but as sdeziel said, there are more black/white options, it's all a trade off
<sdeziel> ikonia: if I understand your approach, no ldirectory/ultramonkey would be needed, just policy routing, right?
<drab> ikonia: when you say policy based routing you don't mean iproute,do you? we're still talking about LB software
<drab> because I don't see how pb would work at all here
<drab> since clients expect to be served as they connnect to x.x.x.x
<drab> a response from a different ip would break the connection
<ikonia> sdeziel: correct
<drab> ok, mind elaborating? I don't understand how that would work
<ikonia> drab: no, I mean something like src=subneta dest=destA, src=sebnetb dest=stabledestination
<ikonia> so that you can pick which clients go to which destination to allow you to test your new stuff, or stage the roll out / roll back / fail over
<ikonia> policy could be anything, subnet, client identifier, first 100 connections whatever, but a policy of some sort
<drab> urm, I do pb on the gateway to balance 2 upstream connections and I don't see how I'm gonna be able to do it in this case
<drab> with pb the destination servers would be on diff ip
<drab> if the phone is configured to connect to asterisk 1.1.1.1 I can't route it to 2.2.2.2
<ikonia> drab: right, the destination IP is behind the load balancer
<ikonia> so all clients hit 1.1.1.1
<ikonia> then you could have first 100 to hit 1.1.1.1 gets forwarded to 1.1.1.2,
<ikonia> everyone else hitting 1.1.1.1 get forwarded to 1.1.1.3
<ikonia> (for example)
<ikonia> so everyone hits 1.1.1.1 - but the destination behind 1.1.1.1 is controlled by a policy
<ikonia> think of it as controlled reverse proxying, but proxying at a tcp level,
<sdeziel> wouldn't it need to operate on UDP for SIP/IAX?
<ikonia> sdeziel: I don't....know......I thought UDP was just the "advertisment" service
<ikonia> the comms was all tcp
<ikonia> I guess drab would have to verify that
<ikonia> still do able though,
<sdeziel> ikonia: is there a LB that you'd recommend?
<ikonia> sdeziel: not off the top of my head, I'm sure keepalived can do policy routing (as thats how it's floating vip works with ipvsadm)
<ikonia> sdeziel: you could do it with squid, haproxy, or even just iptables if you wanted, but thats a bit more than "load balancing" thats actual routing
<sdeziel> squid/haproxy is for TCP only but iptables might cut it though
<ikonia> there is one called "guardian" that I think works quite well, and there is an ubuntu package for it
<sdeziel> (haproxy is supposed to get UDP support in dev version IIRC)
<ikonia> sdeziel: I thought it already had it,
<drab> I was actually just looking at haproxy, I thought it used to be for web servers only like nginx
<drab> but it seems to be more general purpose
<ikonia> but I don't use it enough to be current
<ikonia> drab: no, it's much more
<sdeziel> I'd have to check/refresh my memory
<sdeziel> drab: nginx can proxy udp
<sdeziel> drab: a quick an dirty way would be to put 1.1.1.1 on a machine with iptables DNAT'ing traffic to the current master asterisk
<hehehe> sdeziel: so maybe it is  Dbeaver fault?
<sdeziel> drab: whenever you need to swap the master you'd update the DNAT target
<sdeziel> hehehe: could be anything, really
<drab> sdeziel: I don't think that'd work, answers would be coming from 2.2.2.2 or whatever the current master is, and connections would break
<drab> to make replies come from 1.1.1.1 you'd need full masquerade, at which point src ip is lost and stuff like auth wouldn't work
<hehehe> sdeziel: but I can't debug everything
<hehehe> how to narrow it down?
<drab> (not to mention that logging and accounting would be completely skewed)
<ikonia> drab: does the response actually matter, as in the source of the response, as long as it's a valid response
<ikonia> drab: don't nat then - forward
<drab> it does, that's the linux kernel
<sdeziel> drab: with a DNAT, the response would get to the client with src set to 1.1.1.1
<drab> there's a sysctl to allow for responses from diff src ips, but then I'd have to apply that to all clients, which I can't
<sdeziel> drab: this rewrite is stateful
<drab> sdeziel: why? pkt comes is, dst ip is changed, src ip stays the same , when it hits 2.2.2.2 responses are sent to the src ip, not 1.1.1.1
<drab> so the client will see a response from 2.2.2.2 even tho it sent its pkts to 1.1.1.1
<sdeziel> drab:this ^ is indeed not gonna work because of the asymmetry introduced
<sdeziel> drab: you need to have 2.2.2.2 route via the DNAT box when trying to reach the client
<drab> mmmh, unless I misunderstand something even that wouldn't work, routing wouldn't change the src ip of the response, which would still be 2.2.2.2 / different than the client contacted
<sdeziel> drab: if your mangling box does just a DNAT, indeed the client IP remains the same
<sdeziel> so the asterisk sees it unaltered and you need to make sure that when it replies it goes through the mangling box again
<sdeziel> otherwise you have asymmetric routing and that won't work
<ikonia> drab: thank you for an interesting question for a change
<drab> altho not mainteined for the last 2 yrs, I just googled this out which seems pretty simple and maybe worth a try: http://www.inlab.de/balance.html
<drab> it's shipped in ubuntu
<drab> may be good as a quick solution during transition or at least for some of the container stuff I'm trying
<ikonia> always good to try something new
<sdeziel> drab: I don't feel I had the chance to explain/address your questions properly, maybe tomorrow
<ikonia> (even if it's old)
<drab> sdeziel: don't worry man, appreciate the conversation
<sdeziel> ttl
<drab> tbh irc has its limits when it gets to a certain point, diagramming on a whiteboard helps a lot to work through an example
<ikonia> I've found it useful/interesting too
<drab> sdeziel: ttyl
<sarnold> drab: balance looks neat, thanks
<drab> I like the, at least apparent, simplicity and command line orientation, I can see how you could quickly put it in some kind of hook script for testing stuff at the very least
<drab> lxd is proving to be more and more handy and while the proxy stuff is done it's gonna be even more fun
<drab> https://github.com/lxc/lxd/issues/2504
<drab> even tho that's not gonna work across LXD hosts, will still need some external director of sort
<drab> but it'll open a whole bunch of possibilities to secure things while exposing them from the host in transparent way
<drab> and this is pretty much the entire solution implemented with nginx: https://www.nginx.com/blog/ip-transparency-direct-server-return-nginx-plus-transparent-proxy/
<drab> preserving src ip etc
<sarnold> is that nginx "plus" or nginx?
<drab> well, at the top ti says "The information in this post apply to both the open source NGINX software and NGINX Plus. For the sake of brevity, weÃ¢ÂÂll refer only to NGINX Plus."
<sarnold> aha :)
<drab> I've been holding off from figuring out nginx as it's, at least for me, more complex then straight apache
<drab> but most tutorials for web stuff these days seem to point to nginx + wsgi, especially for python apps, which I do use quite a bit
<drab> with flask for apis and stuff
<drab> so I may just have to invest the time to learn it, especially if it can also take care of all this "directing" thing for phased rollouts
<drab> altho right now I've yet to see how to assign specific clients to an upstream, but i'm guessing it's possible
<sarnold> nothing wrong with using tools you already know how to use.. I always found nginx easier to configure than apache though :)
<drab> haproxy does that with acls apparently
<drab> https://serverfault.com/questions/502487/haproxy-load-balancing-based-on-source-ip-ip-subnet
<drab> which is nice and clean
<drab> sarnold: well I'm old :), when I used to do this stuff nginx was just the new kid on the block and I never quite got to use it
<sarnold> drab: yeah, back in the early days nginx code quality sounded iffy
<hehehe> you just a friendly coder friend
<hehehe> who can teach you
<hehehe> it is a rare thing of freenode but can happen
<hehehe> nginx is easy
<hehehe> btw I did fix the issue
<hehehe> fuck all those read the manual people
<hehehe> if I see some of them hit by a car and asking something - my reply may be read a manual
<hehehe> LOL
<bradm> is there a wiki page or something with details on the official way to upgrade between Openstack releases using the cloud archive?  so far all I've seen is 'update the packages', which while strictly true, I'd appreciate more detail..
<Epx998> is there a WAR for the d-i netboot installer not being able to auto select offboard nics?
#ubuntu-server 2017-11-08
<jamespage> coreycb: hey - noted a few bumps to debhelper compat level 10 from debian - that's going to be awkward to backport without a backport of debhelper >= 10 first
<jamespage> there is on in backports - we might be able to use that
<jamespage> bradm: are you charm deployed? or just using the packages?
<bradm> jamespage: charm deployed
<jamespage> bradm: ok so two options on each service
<jamespage> bradm: you can set "openstack-origin" to the new UCA pocket, this will perform a parallel upgrade on all units of the service
<jamespage> or you can toggle action-managed-upgrade to True via config; after that setting the config also needs an execution of the openstack-upgrade action on each unit
<jamespage> intent is that you can do things unit by unit
<bradm> jamespage: that could be fun with things that require a db schema change, doing it unit by unit
<jamespage> bradm: the lead unit will take care of the db migration so you should do that one first
<bradm> jamespage: are there any recommendations about service orders to do the upgrades in?
<bradm> I guess keystone first, similar to how the charm upgrades are done
<jamespage> yep
<bradm> ok, and this is liberty -> mitaka, so it seems I need to upgrade ceph to jewel first too
<bradm> jamespage: there's no rollback is there?  not expecting to need it, but have to ask the question
<jamespage> bradm: no
<bradm> jamespage: excellent, good to know.
<jamespage> bradm: actually ceph does things in a different way - if you change the source, it will perform a managed upgrade across the units
<bradm> jamespage: is any of this documented anywhere?  all the cloud archive page says about it is to 'upgrade the packags'
<bradm> packages.
<ReedK0> is anyone here good at repairing grub?
<jamespage> bradm: in the charm readme's; there is a  pending task to write a 'how to upgrade' section for the charm deployment guide
<jamespage> bradm: https://docs.openstack.org/charm-deployment-guide/latest/
<bradm> jamespage: aha, cool.
<drab> Epx998: a war?
<Epx998> work around
<Epx998> drab: ubuntu doesnt like to an interface not followed with a 0 during network installs
<drab> I see
<drab> anyway, I had that problem on some supermicro servers with intel quad nics
<Epx998> yeah
<Epx998> exactly what we are seeing, onboard nics 1gb, plus offboard intel x550 10gb
<drab> war for me was to disable the [un]predictable interaface naming so that stuff was once again called eth0 etc, then it worked just fine passing the interface name to select via preseed/kernel param
<Epx998> we want to use 10gb out the gate, but d-i netboot does not like
<Epx998> i suggested that to the guys trying to provision, they said it was too much work.  so i creasted a new tftp entry where i specified eth4, the installer sees it, then tries eth0 regardless and falls on its face
<drab> how is one kernel parameter too much work? all you need is biosdevsomethingiforgot=0
<drab> anyway
<drab> that's all I've got
<drab> altho if you already have eth0 and 4 that doesn't sound like your problem
<drab> sarnold: fwiw someone suggested a good way to do it with nginx using "geo"
<drab> http://nginx.org/en/docs/http/ngx_http_geo_module.html
<drab> so I can use geo to create a "rolling" variable and if the ip matches whichever sets of clients I wanna rollout I just catch them there and then use map to use a different pool
<drab> http://prabu-lk.blogspot.com/2017/03/select-different-backend-pools-based-on.html
<sarnold> drab: heh, neither one -quite- describes what's going on..
<sarnold> drab: still it looks like it can do the job
<drab> I guess I just have to get over this idea that nginx is mostly a web server thingie... and tbh most of the verbiage on the site talks about http
<drab> which makes me somewhat uneasy about using it for generic tcp protocols
<drab> also this nginx plus thing isn't helping... half of the times I'm confused if it's payware feature or not...
<jamespage> coreycb: I think we're going to need to bump lescina to xenial
<jamespage> coreycb: the lack of support for conditional deps is created patching requirements which are unrelated to the uca
<lordievader> Good morning
<SmokinGrunts> morn' lordievader
<lordievader> Hey SmokinGrunts
<lordievader> How are you doing?
<SmokinGrunts> pretty good. I got vibes from fielding a successful ##networking issue, and so I feel good
 * SmokinGrunts toots the ole ego horn
<SmokinGrunts> and you?
<lordievader> Doing good here.
<lordievader> Is ##networking an interesting channel?
<adac> Hi there! Where does iptables-persistent save it's rules? How can I clean them up?
<lordievader> adac: According to [1] in `/etc/iptables/rules.v{4,6}`. [1] http://www.microhowto.info/howto/make_the_configuration_of_iptables_persistent_on_debian.html#idp21024
<adac> lordievader, ok thanks! So then I can simply delete it's content to reset it? I currently do run this script to clean now all up (reset the iptables firewall) https://gist.github.com/anonymous/cc01da7ccd09e292fb44e468e656163e when I run "iptables -L" then I have no more output. But when I print iptables-save -c  I still get this output:
<adac> https://gist.github.com/anonymous/fe479f70643d0578a40c9f7d1adb8194
<adac> I'm wondering if my iptables now is really cleaned fully or not? :)
<lordievader> No you don't want to blindly delete the content.
<lordievader> The commands you posted do flush the entire iptables.
<lordievader> It seems you (or some program) made CATTLE_* chains.
<lordievader> `sudo iptables -vnL` should show these.
<adac> lordievader, yes that was my intention to completely flush it. This CATTLE_* Chains come from rancher docker container who creates them. I was wondering why these are not deleted with my script I posted before?
<adac> Maybe they are immediately re-generated
<adac> by rancher
<adac> I try to shut down rancher and the flush all again
<adac> iptables -vnL does also not show them. No clue why actually
<lordievader> `iptables -X` probably does not remove them if there are still rules in them.
<lordievader> Hmm, if `iptables -vnL` does not show them `iptables-save` should not either.
<adac> lordievader, exactly what i also tought it should no be shown anymore after I executed this script. I now stopped the docker process (so no container runs anymore and therefore no iptables rules can be created by them) and then just re-run my flush script
<adac> and with iptables-save -c they are still shown :D
<adac> how's tat possible?
<lordievader> What happens when you explicitly delete the chains?
<lordievader> Also, could you pastebin the output of  `iptables -vnL`?
<adac> http://lubos.rendek.org/remove-all-iptables-prerouting-nat-rules/
<adac> this is iptables -vnL after stopping docker and re-run the flush script: https://gist.github.com/anonymous/44cde2821e55d9fd2379ca71d270e3e7
<adac> and this at the same time is the output of iptables-save -c
<adac> https://gist.github.com/anonymous/9f11adf6d862e3e926e0b5dd03846b96
<lordievader> Interesting
<lordievader> Oh well, you can always just edit the rules.
<lordievader> The saved file I mean.
<adac> lordievader,  https://serverfault.com/a/200642 I think this finally flushed it :D
<lordievader> Yeah, that does the same but then through awk ;)
<adac> hehehe
<adac> great I finally have a reset and can now try again to set this up properly!
<adac> Thanks for your support!
<lordievader> No problem.
<Jenshae> Hi all. joelio you know how you like ZFS just a little bit, right?
<joelio> hey
<joelio> a little yes :)
<Jenshae> I did a Ubuntu Server FakeRaid on my assistant's machine to get them familiar with the OS but I am not satisfied with the boot time. I have found a little 20GB SSD in one of the machines here and reclaimed it by re-installing their main drive. However, it being so small, I want to know how to safely store applications on a ZFS pool.
<Jenshae> Which would mean moving /usr /var and /etc I am guessing?
<joelio> You can use it as a cache drive
<joelio> (if you've done ZFS)
<Jenshae> Does one of those hold the bulk and the rest are just links or a executables?
<joelio> I wouldn't use fakeraid btw, mdadm
<joelio> mdadm all the way if you're doing raid
<Jenshae> Sec
<Jenshae> So, the SSD is being installed as a lone drive.
<joelio> are you using ZFS for boot?
<Jenshae> Then I am going to ZFS attach the other three drives that were previously used in the FakeRaid
<Jenshae> ZFS for boot? Me? :D
<joelio> right, so ZFS is irrelevant here
<Jenshae> SSD = / (boot) and ZFS drives = /home + (/etc /var /usr ???)
<joelio> I'd ditch the fakeraid, use an alternate iso (server) to reinstall... use software raid
<Jenshae> The FakeRaid is ditched.
<joelio> you could potentially use the ssd, but if it dies you've lost /boot and it's not redundant
<joelio> what I'd do is...
<joelio> use mdadm to make a boot and small root on the drives (so it's raided)
<Jenshae> It is just a desktop for their learning purposes.
<joelio> and then use the remaining space on the drives to create zvols which you can use in a raidz
<joelio> then use the ssd drive to act as a cache layer for zfs pools
<Jenshae> You can RAID a 20GB SSD with 3x 160GB? I am hoping to make the desktop I slap on snappier and faster to load.
<joelio> it sounds messy, but without doing full root ZFS that's the easiest route and will give you redundancy
<joelio> no, don't use ssd in the raid
<joelio> they're asymetrical in size and performance
<joelio> *asymmetrical
<joelio> you can use ssd as a cache layer in ZFS (or btrfs)
<joelio> or if you don't want to use ZFS, bcache or EnhanceIO etc
<joelio> that's what I'd do anyway :)
 * Jenshae looks around the maze dazed
<joelio> also bear in mind it's not just about being I/O bound, could be CPU or whatever too
<joelio> does that make sense?
<lordievader> If it is running systemd, `systemd-analyze blame` may help.
<Jenshae> Okay, let's start with step one. I plug in the 3x 160GB, fire up the USB with the ISO and then create a mdadm. Then I plug in the SSD and install the OS with just /boot going on the SSD?
<Jenshae> I think the machine's bios is auto pushing for UEFI.
<Jenshae> How does that fit in?
<Jenshae> The mdadm is 3x160GB or it is 3x20GB and the Zpool goes over 3x140GB?
<joelio> I'd not allocate the full 160GB to mdadm, but say 20G of it, leaving 140G on each disk for zvols
<Jenshae> Okay so second part.
<joelio> leave the ssd for a ZFS cache pool, add that after you've installed and created the ZFS pools
<Jenshae> How do I get the mdadm to write from RAM to the hard drives? Can the SSD be plugged in straight away with the 160GBs from the start?
<joelio> this is quite a bit of faff tbh, are you sure you want to go this route btw? :D
<joelio> just making sure you know first and I'm not sending you down a rabbit hole
<joelio> Jenshae: otherwise do a full disk mdadm raid setup
<Jenshae> The way I did it at home was, I installed everything onto one 500GB drive. Then I put /.steam onto a zpool made up of 3x500GB SSHDs and my games' loading time improved.
<joelio> and use the SSD cache with EnchanceIO or bcache on the md device perhaps?
<joelio> what do you mean about mdadm wiriting to ram?
<Jenshae> I want to give him the fastest desktop possible and then give him storage space in a pool after that.
<joelio> that doesn't make sense :)
<joelio> mdadm is the raid admin tool
<Jenshae> When the USB is running, it is storing temp data into RAM partitions, right?
<joelio> USB?
<Jenshae> Including how things are partitions when installing.
<Jenshae> The ISO / live USB.
<joelio> USB is just for install media, ignore that
<joelio> plus, don't use live - use the alternate iso
<joelio> the text based / ncurses one
<Jenshae> I need to use the USB to create the raid to then install into the raid, no?
<joelio> like I said, create a server/alternate install image, whether you boot from CD/DVD/USB etc is irrelevant :)
<Jenshae> Okay, I think I am starting to see the light.
<joelio> https://help.ubuntu.com/community/Installation/SoftwareRAID
<joelio> here you go :)
<Jenshae> ... now where is the desktop environment installed? Does it have a specific partition?
<joelio> it's all over the FS
<joelio>  /usr /var /etc
<ikonia>  /etc can't be a seperate file system
<joelio> I'm not sure that's what was being asked
<ikonia> thats fine, I'm just clarifying
<joelio> plus is is techncailly possible btw root=/blah etc=/blah :)
<joelio> well within reason
<joelio> not that you should mind :)
<ikonia> it's not possible
<Jenshae> Can specific folders within /var and /usr be mapped to the zpool?
<Jenshae> Like say GIMP is installed and is rather big, I want it to go into the zpool instead of the mdadm raid.
<joelio> When you've made the ZFS, rsync the contents and update fstab
<joelio> ikonia: https://power-of-linux.blogspot.co.uk/2010/03/booting-with-etc-in-separate-partition.html
<joelio> as mentioned, not advisable
<joelio> anything is techincally possible here, just how much effort you want to put in
<ikonia> joelio: thats a bit of a cheat though isn't it
<ikonia> it's not really possible - it's someone cheating
<joelio> except it completely is possible as... they did it
<joelio> it's not cheating, it's programming
<Jenshae> Missing a third party for the golden apple story.
<Jenshae> Thank you, This will be interesting and a bit surprising for them. :D
<cpaelzer> coreycb: jamespage: fyi bug 1682102 - no more need to drop seccomp when backporting for UCA-queens
<ubottu> bug 1682102 in libseccomp (Ubuntu Xenial) "libseccomp should support GA and HWE kernels" [High,Fix committed] https://launchpad.net/bugs/1682102
<Jenshae> ^.^ Nice one cpaelzer. Do you guys have a #social-room?
<cpaelzer> if "you guys" is server folks then I think you are here :-)
<cpaelzer> IMHO no reason to separate too much unless it overloads the channel
<Jenshae> Okay. You do all seem rather quiet, had all the conversations? Like joelio and ikonia having a difference of opinion there. I doubt everyone here shares "dank memes" or plays / makes a game together. It seems very disassociated from each other. Drop a bit of work on launchpad with a message, pick up another bit, etc.
<Jenshae> Not sure that comes across right. This channel seems like it is the "office", where is the "team building"?
<cpaelzer> oh I see - that "social" - I guess we are all work addicts :-/
<cpaelzer> there will be a chan for that but I don't know oO
 * Jenshae thinks I have stumbled upon a cave of abused dwarves and elves that need to be dragged out to have fun in the sun. :P
<cpaelzer> hehe
<cpaelzer> white skin will become the trend again
<joelio> got told this channel wasn't for fun a few years back :D
<Jenshae> What about a #ubuntu-server server on Discord or would Discord's spying be too invasive?
<joelio> oh sorry that was #ubuntu :)
<Jenshae> Discord is handy because you can make a channel where only certain people can post things, that means a smaller group can link in their favourite or video guides they have made to inform new users without having all the "dank meme" videos dropped in there. The same applies for images / diagrams and text or links, naturally.
<Jenshae> Then it does have voice also, for those who struggle to explain a new concept in text, whilst thinking aloud.
<Jenshae> It can all split down in a tree from the main "ubuntu-server"
<Jenshae> Finding X2GO very handy for RDPing into the archive server.
<joelio> perhaps, although personally prefer IRC.. Slack and Gittr and just not IRC (they have their own shiny features, but still not IRC.. although can interface with them)
<joelio> also used https://www.nomachine.com/ a bit (not open source though, but works well)
<joelio> (re RDP/VNC stuff)
<Jenshae> I like IRC because you can IRSSI into it, use it on an old mobile and the bandwidth / hardware usage is very small. I wonder if anyone is making a fancier client for it to display links the way Slack and Discord do?
<jonfatino> Ubuntu needs to add http boot for filesystem.squashfs in casper init script
<jonfatino> Debian already has this and no one these days wants to live boot from a stupid nfs server
<jonfatino> https://forum.kde.org/viewtopic.php?f=309&t=136596
<jonfatino> Here is a modified caster script that supports http - https://pastebin.com/raw/V6W39XJu
<drab> ikonia: sdeziel fwiw I'm settling for ldirectord + fwmark , at least as my first choice to test, have not gone through a setup yet
<drab> but after figuring out how you'd do it with haproxy and nginx it's all "too shiny" and new for my taste
<drab> and actually not as flexible once I learned about fwmark
<drab> fwmark + ipset seems a really kickass solution since I can basically re-route entire sets of clients on the fly no restarts required with just one simple command (ipset add xxx xxx)
<sdeziel> drab: good to hear that you found some possible solution
<ikonia> drab: well done for making a ca;;
<ikonia> call
<drab> i'll setup a test host today with a few containers, ldirectord on the host and we'll see what happens, but on a whiteboard it looks sane and simple
<drab> without fwmark probably haproxy or nginx would have won
<ikonia> well done you
<drab> yeah well, bouncing around ideas in chan was as usual very helpful
<drab> beats the rubber duck :)
<blackboxsw> Jenshae: just mention board games and you'll get a few of us chatting ;)
<blackboxsw> Even the more "dwarvy" of us
<Jenshae> blackboxsw: Go room on KGS server? :P (Go feels a bit hollow to me now that AI beat humans)
<Jenshae> Have a good evening o7
<drab> in other, maybe less fun news, anybody here happens to be familiar with SAS, expanders, backplanes and raid cards? even tho I get the gist, I'm having a bit of a problem working through the nomenclature and being clear about what's what.
<joelio> I've dealt with SES once or twice yea :)
<joelio> drab: ^
<sdeziel> jonfatino: this would be best put on Launchpad, maybe a merge proposal to the relevant package
<drab> joelio: for a starter, expanders, backplanes, raid cards and HBAs are all different things, correct? sometimes it seems that backplanes are also expanders, but that's the first thing i'm not clear about
<drab> also are SAS SFF-8087 always 4-lane connectors? meaning a backplane with 2 connectors would at most only accommodate 8 drives?
<drab> or if it accommodates more you'd have oversubscription?
<drab> or would that be a case where an expander would come into play? and still have oversubscription tho
<joelio> no idea about the specific SAS questions... but HBA's are hardware cards, which generally have a SAS connectior, which connects an enclosure to a given backplane
<joelio> that can feed a single backplane with reduced bandwidht, or the enclousre can (generally) be carved up so you can have multiple SAS connections, to increase throughput (but reduce number of attached disks)
<joelio> SES is generally the enclosure type
<joelio> some tools exist for doing drive id notifications etc
<joelio> ledctl etc
<drab> any reason you keep saying SES? first time I thought it was just a typo for SAS, but now I'm doubting that
<joelio> they're different things
<joelio> https://en.wikipedia.org/wiki/SCSI_Enclosure_Services
<joelio> SES ^^
<drab> oh, I see
<joelio> https://en.wikipedia.org/wiki/SES-2_Enclosure_Management more currently
<joelio> https://en.wikipedia.org/wiki/Serial_Attached_SCSI
<joelio> SAS ^^
<drab> not sure this applies here then, these are all internal drives, but ifrst time I hear about SES and only quickly glanced at that wikipedia page
<drab> thanks for sharing something new
<joelio> oh, you mentioned enclosure, so.. :)
<joelio> that's SES in my book
<joelio> or expander sorry
<drab> oh, I did? :)
<drab> right, expander, thought that was a diff thing
<drab> it seems to be a card you can add to multiplex sort of way more drives than the controller can natively drive
<drab> but again, still trying to figure that out
<drab> not sure that defintiion is correct
<drab> also it seems the case backplanes cam have built-in expanders
<joelio> HBA is the card that does the SAS connectivity (Like an LSI 9201 for example )
<joelio> https://www.scan.co.uk/products/16-port-lsi-sas-9201-16i-6gb-s-sasplussata-to-pci-express-host-bus-adapter-4x-internal-mini-sas-upto
<joelio> that's internally attached SAS
<joelio> but you can get external SAS that feed a SES
<joelio> and slice and dice depending on how much performance you want
<drab> see, on that card, how do you get 512 non raid devices? if it has 4 SF-8087 ports, which it does say, and each one can get 4 drives, that's 16, which it also mentiones
<drab> where's the 512 coming from?
<joelio> it's serially attached
<joelio> so one port may have 48+ dries
<joelio> *drives
<joelio> but you can chain etc
<joelio> operative word being serial ;)
<joelio> so 512 in this case will be a limitation in the spec
<joelio> I really doubt you'd address 512 drives from a single card like that
<joelio> you could... I guess.........
<joelio> there's not logical difference between an internal and external SAS port too, they're the same thing jjst in different places
<joelio> hopefully makes some sense (probably not explained the best!)
<drab> joelio: how would you physically serially attach even 48 drives?
<drab> everything I'm reading is basically saying "if you need more than 8 drives use an expander or multiple HBAs"
<drab> ok, I think I'm getting some place...
<drab> so it seems that:
<drab> 1) an HBA or raid car connects usually through PCI to the mobo and has one or more SF8087 ports on, each of which can drive up to 4 drives
<drab> 2) an expander can be connected to the HBA or raid controller, each port on the expander (again SF8087) can drive up to 4 drives. this allows you to address > 8 drives (unless somehow you get a pricey HBA with more than 2 ports, still it seems there aren't many with more than 8, so for 48 bays you still need an expander)
<drab> 3) some backplanes have built in expanders with one or more SF8087 ports on it (and chipsets) connecting to one or more ports on the HBA
<drab> depending on the speed of the expander, and the number of ports going to the HBA, you can end up with oversubscription
<drab> here's a decent picture I found: http://img.my.csdn.net/uploads/201203/5/0_13309440980Tj9.gif
<dirtycajunrice> thats not ture...
<drab> I think that's it and relatively clear unless I missed something
<dirtycajunrice> i just bought an H700
<drab> ok, great, what did I get wrong?
<dirtycajunrice> dell PERC H700 has 2 mini sas and can be daisy chained up to 255 drives
<dirtycajunrice> It cost me ~80USD on ebay
<dirtycajunrice> drab, the lingo for HBA/Raid Controllers sucks.
<drab> yeah that I figured :)
<dirtycajunrice> if i didnt work at a datacenter i wouldnt understand either.
<dirtycajunrice> But how many drives are you trying to control.
<drab> dirtycajunrice: how do you physically daisy chain drives to 2 mini sas?
<drab> isn't each SF8087 cable coming out with 4 sas cables?
<drab> ie 8 drives
<dirtycajunrice> so the way it works (normally) is that the 2 mini sas cables go to a backplane in the 2 IN ports . That backplane handles more connections and normally has OUT sas connections for daisy chaining
<dirtycajunrice> if you want an example look at a Dell R510 12 Bay. or a Dell R730XD
<drab> ok, right, see my 3), like I said it seems some backplanes have built in expanders
<drab> so you do have your HBA going to an expander, it's just built into the backplane
<qman__> yeah, your example isn't wrong, it just isn't commonly built that way
<qman__> usually the expander is built into the backplane
<drab> right
<dirtycajunrice> yes what qman__ said
<dirtycajunrice> almost ALWAYS
<dirtycajunrice> are you against buying a rackmount ?
<drab> that's ok, still, there is an expander in the mix, it's not straight HBA to disks
<drab> no I'm not, but I'm trying to get my terminology and design straight before I buy anything
<dirtycajunrice> drab, no thats not possible. the technology isnt designed that way
<drab> I dislike purchasing "black boxes"
<dirtycajunrice> if you are about to purchase, do you want a wonderful site?
<drab> ebay.com ? :P
<dirtycajunrice> trust me. i did white boxes.... IPMI is the way of the world
<dirtycajunrice> drab, https://labgopher.com/
<dirtycajunrice> it scrapes ebay, and gives you only helpful information
<qman__> I usually ebay dell or supermicro
<drab> qman__: yeah, I'm looking at a bunch of supermicros actually
<dirtycajunrice> qman__, me as well. Using this site i got 2 620s, a 510, and a 420 all for under 1200 bucks
<drab> x9s, the 10s seem still too expensive
<qman__> nice
<dirtycajunrice> dell = hp > supermicro
<dirtycajunrice> this is coming from an enterprise background.
<dirtycajunrice> nothing beats iLO/iDRAC
<qman__> the problem with iDRAC in particular is that it has to have the full license
<drab> I'll take that with a bag of salt if you don't mind... I've just about found any opinion and its opposite in a few days of googling... which isn't new, that's been about true for any tech I've ever looked at
<qman__> I'm not familiar with how HP's stuff works
<qman__> supermicro's stuff isn't sublicensed like that, so you get what you get
<drab> and of course all opinions coming from ppl with X years of experience :)
<dirtycajunrice> im personally a dell guy... but qman__ idrac express does not require a licence...
<dirtycajunrice> drab, that is true. "Mileage may vary" is the key phrase
<drab> righyt
<qman__> different license levels have different feature sets, and the cheapest license level's feature set is pretty lame
<qman__> at least with many models
<dirtycajunrice> all it needs is console and snmp
<qman__> i.e. no console
<dirtycajunrice> all the rest is just lagniappe
<qman__> supermicro IPMI, on the other hand, is just one product, they don't have different licesnes or feature sets
<dirtycajunrice> its the AMD to Intel :P
<dirtycajunrice> but that comes with the AMD bugs. a mileage may vary situation again
<qman__> iDRAC has plenty of bugs too
<drab> dirtycajunrice: labgopher is really neat, thanks for sharing
<dirtycajunrice> the only bug that affects me is the browser one. but IPMI has browser compatibility with literally every vendor i have tested
<dirtycajunrice> HP doesnt like firefox... Dell doesnt like chrome....
<dirtycajunrice> etc etc
<dirtycajunrice> oh and drab if you DO decide to go dell, most of the servers that are sold have idrac enterprise licence already added since they came from a working environment
<dirtycajunrice> (idrac licences cant be migrated. they are bound to the machine they are installed on)
<JanC> until someone decides you have to pay for a yearly license?  ;)
<drab> I'm sorry I started this :P
<drab> but thanks for clarifying/confirming, I think I get what's what now
<dirtycajunrice> haha its ok
<dirtycajunrice> thats the point of IRC
<dirtycajunrice> talk
<dirtycajunrice> argue
<dirtycajunrice> be pedantic
<dirtycajunrice> its fun :P
<coreycb> jamespage: is there a job that uploads cloud-archive-utils? we need a bionic version. https://launchpad.net/~ubuntu-cloud-archive/+archive/ubuntu/tools/+packages
<jonfatino> Anyone know why I can't echo something twice in bash but only once.
<jonfatino> DATE=date      echo $date   echo $date
<jonfatino> it only echos date once :-(
<TJ-> jonfatino: "DATE=date; echo $DATE $DATE" ? or do you mean "DATE=date; echo $($DATE)" ?
<jonfatino> weird bash bug
<jonfatino> PASSWORD=$(date +%s|sha256sum|base64|head -c 32)
<jonfatino> echo $PASSWORD
<jonfatino> echo $PASSWORD
<jonfatino> Fixed it
<nacc> jonfatino: there is a bash channel which is probably a better place to ask in the future
<drab> uhm , not sure what you're running but DATE=`date` ; echo $DATE ; echo $DATE worked just fine for me
<dirtycajunrice> drab,
<dirtycajunrice> dont you dare
<dirtycajunrice> backtick
<dirtycajunrice> ever again
<dirtycajunrice> XD
<drab> it's the end of the season, I've heard backticks are trendy again
<dirtycajunrice> rofl
<sdeziel> doing "VAR=value command" makes VAR available to that command only
<jamespage> coreycb: its part of the build recipe hooked up to the branch - you can add bionic and request a rebuild
<coreycb> jamespage: ok i'll look for that, thx
<drab> dirtycajunrice:
<dirtycajunrice> drab,
<drab> whups, I was gonna say, about that labgopher, there seem to be a ton of G6, I think you said you have exp with HPs... aren't G6s too old?
<drab> we can't afford latest, but afaik we're at G9s, so G6s is 3 gens ago
<dirtycajunrice> They are old. But old is relative to what you are doing
<drab> right
<dirtycajunrice> for example
<dirtycajunrice> my ESX 6.5 hosts are 620s for dell
<dirtycajunrice> its the oldest you can go for esxi
<dirtycajunrice> but my iSCSI server is a 510
<dirtycajunrice> because why not? cheaper and more bays
<dirtycajunrice> and has no requirement to be super new
<drab> I don't know HP, but in the case of SM for example, X8s are still kind of popular, but you can get X9s and they have a completely diff design mobo wise allowing much faster access to PCI-E (and therefore faster disk access with a PCI SAS HBA)
<dirtycajunrice> so let the server's job dictate the cost
<dirtycajunrice> drab, what is the goal of the server(s) you are looking to buy
<drab> so it's not really worth to buy X8s when you can get X9s for about the same price
<drab> NAS + VM host
<dirtycajunrice> so 2 servers?
<drab> 24bays, doing nfs for homedirs and samba
<dirtycajunrice> wait wait backup
<dirtycajunrice> how many servers
<drab> one if possible, 2 diff zfs pools, hoping to put something like a E5-25xx in it, 8 cores
<dirtycajunrice> ok
<dirtycajunrice> so 1 server
<dirtycajunrice> 24 2.5in bays?
<dirtycajunrice> because 3.5 in is in DAE territory
<drab> from what I can see, 3.5, 2.5 seems too expensive
<drab> what's DAE? direct attach something?
<drab> DAS?
<dirtycajunrice> Directly attached Expansion
<drab> ok, different than a DAS?
<dirtycajunrice> a DAE is a shelf you attach to expand a DAS
<drab> ah, ok
<dirtycajunrice> but you are multiusing your server so its foggy :P
<dirtycajunrice> lemme look
<dirtycajunrice> gimme 10
<drab> yeah, well, we don't have the money (it's a charity) to get multiple machines (unless it makes sense to get 2 cheaper ones, but it's often not the case)
<drab> besides, the older the more generally power hungry
<dirtycajunrice> i mean...
<drab> not to mention that if you wanna hold on a few spare parts, like PSUs, you need twice as much
<dirtycajunrice> to be honest
<dirtycajunrice> 24 bays is not cheap as 1 server
<dirtycajunrice> but can absolutely be affordable as 2
<dirtycajunrice> are you using enterprise drives or consumer drives
<drab> true, they could prolly do with 12. the thing is, I'm here, I may not be able to volunteer for them in the future so I'm trying to put in something that will last them 5-10 years, cavia adding some drives if their archives grow (they do a lot of media stuff for history projects)
<drab> dirtycajunrice: enterprisey I'm hoping, maybe WD reds
<dirtycajunrice> WD Reds are consumer drives
<dirtycajunrice> enterprise drives are literally HP or dell signed drives from the manufacturer
<drab> eeer, ok, fine, NAS drive then?
<dirtycajunrice> with special Firmware
<dirtycajunrice> it matters for if enterprise servers will read them
<dirtycajunrice> sec
<drab> I see
<drab> well then no, no enterprise drives
<dirtycajunrice> whats your budget?
<Epx998> finally being asked to migrate off ub12....
<dirtycajunrice> (i dont user enterprise drives either. i have 12 8TB toshiba x300s lol
<drab> dirtycajunrice: about 1K including disks and will need at least 128GB to run all VMs
<dirtycajunrice> drab, https://www.ebay.com/itm/DELL-POWEREDGE-R510-12-BAYS-2x-QUAD-CORE-L5520-2-26GHz-24GB-NO-HDD-NO-RAIL/132224991815?hash=item1ec9394247:g:nb0AAOSwJtdZ-g5g
<dirtycajunrice> thats the server
<dirtycajunrice> you can get caddys for like 30 bucks
<dirtycajunrice> ram is a mother right now tho
<dirtycajunrice> but thats even a problem in consumer
<dirtycajunrice> the market is artificially inflated
<drab> thanks
<drab> Epx998: I just finished that 2 weeks ago
<drab> now got a few 14 that I'm getting rid of and moving to containers
<drab> they actually had some ub11 too going around...
<drab> different question I guess I'm still confused about regarding HBAs
<Epx998> from before
<drab> LSI SAS 9211-4i PCI Express to 6Gb/s SAS HBA <-- this guy has one SF8087 port splitting to 4 lanes
<drab> I'm understanding that each port can do 6Gbs, ie that's not comulating for all the ports at once, but that's the first thing I have doubts about
<drab> "through four internal 6Gb/s ports" so it definitely seems it's 6Gps per port, however that SF cable is going at once to the backplane... does that mean it's the same as 24Gpbs to the backplane? which then the drives would share?
<drab> ok, I think the SAS configuration table explains that, full duplex SAS is 4.8GBps, so about 400MB/s per drive
<sarnold> drab: my home machine uses an sas expander; I think either sas port on the HBA can drive any of the drives
<sarnold> drab: so that's roughly eight sata-lanes of performance, and I've got nine drives plugged into the thing; the lights all seem to blink simultaneously though so it feels more than good enough at the job, haha
<sdeziel> 8 SAS drives hooked to a "home" machine surely is good enough ;)
<sarnold> sdeziel: I blame my friend who talked me into 3-way mirrors
<sdeziel> sarnold: I thought that friends only recommend mirror for ZFS :P
<sarnold> sdeziel: two-way mirrors? your friends must not care for your data much :)
<drab> eer, a 3-way mirror sounds like a logical impossiblity... how's a mirror 3 way? :)
<sarnold> drab: easy: zpool create pool mirror sda sdb sdc mirror sdd sde sdf mirror sdg sdh sdi
<sarnold> tada!
<sarnold> three 3-way mirrors! :)
<drab> oh, a mirror with 3 vdevs, I see, ok
<sarnold> vdev with 3 disks :)
<drab> eer, that one
 * drab runs 6 disks in raidz2
<drab> seems good enough with 2 disks possible failure and more available space, no?
<drab> on a 3disks vdev you get the same 2 drive failures, but the capacity of only one
<drab> unless I'm missing something again
<sarnold> yeah you've got a pretty good sweet spot there
<sarnold> but I'd expect roughly nine times 100MB/s for bulk reads from three 3-way mirrors, vs roughly 100MB/s bulk reads from 6-disk raidz2
<sdeziel> I've read somewhere that it was a pain to grow a RAIDZ(2) setup
<sarnold> (I don't think I can actually get my queue depths deep enough to get that kind of throughput though)
<sdeziel> trying to find the link to that
<drab> ah, that's new. would love to read that
<sarnold> sdeziel: it definitely is; the next logical step is to add another six disks in a new vdev, and of course then all the writes would go to the new vdev until they're about the same capacity...
<sdeziel> http://jrs-s.net/2015/02/06/zfs-you-should-use-mirror-vdevs-not-raidz/
<drab> that said, the plan was (given the 12 bays), to just add another vdev with the next batch of 6 hds
<sarnold> but I could easily add just another three disks to mine .. and suffer the same write-problem :)
<sdeziel> sarnold: yeah, that was my recollection from this article ^
<drab> ah, I learned something, I guess I misunderstood how vdevs where added together, I was still thinking raid10
<sarnold> drab: that's probably the right intuition
<drab> I'm unsure about the maintenance windows tho, once a vdev with a 2xdisks mirror has a failure you are one disk away from losing everything
<drab> so yeah, it seems to me if you're gonna be running mirrors then it has to be 3-disks per mirror
<drab> and that gets kind of expensive
<sarnold> yes it does
<sarnold> which is why a 6-disk raidz2 feels like a very nice sweet spot
<drab> speaking of ZFS, the other thing I had misunderstood (no wonder..) is how the ZIL is supposed to work
<drab> I thought writes would go to it, ie behave like a write cache
<drab> btu that's only for synchronous writes afaiu
<sarnold> there's several interacting concepts here
<drab> async writes end up in mem and never touch the ZIL/SLOG
<sarnold> all pools have ZIL, you can use a SLOG to put the ZIL on super-fast storage
<drab> right
<drab> basically before going with ZFS I had looked at... I now forget the name... for linux
<drab> where you basically end up with something like a SHDD
<sarnold> bcachefs?
<drab> putting a couple of SSDs in front of a bunch of disks
<drab> ah yes, that's the one
<drab> I thought ZFS with SLOG on a diff disk would work like that, but that's not the case
<drab> and it seems in a sense less performant than a setup with bcachefs
<drab> because in terms of returning to the app, with bcachefs you only have to wait for writes to be done in the SSD
<sarnold> indeed, writes to the main drives still get flushed within a few seconds as writes to the slog, but the application is allowed to cobntinue once the write to the slog is complete
<drab> mmmh, but that seems true only for synchronous writes
<sarnold> I found that far fewer operations go through the slog than I expected. My intution suggested that atomic operations like mkdir would go through slog but I _never_ saw the slog write counters increment no matter what workload I tried :)
<drab> https://github.com/zfsonlinux/zfs/issues/1012
<drab> https://www.ixsystems.com/blog/o-slog-not-slog-best-configure-zfs-intent-log/
<drab> Use case: If your use case involves synchronous writes, utilizing a SLOG for your ZIL will provide benefit. Database applications, NFS environments, particularly for virtualization, as well as backups are known use cases with heavy synchronous writes.
<drab> which goes to the point that for async writes the whole ZIL/SLOG seems unhelpful
<drab> from that second link forcing all writes to be sync seems to be a matter of security of not losing data, but to me seems to actually make a diff in terms of performance as control to the app will be returned as soon as data is written to the SLOG
<drab> I guess I'll hvae to test that
<sarnold> drab: fwiw i'm quite happy to leave the defaults at the defaults
<sarnold> drab: and even though I've got a partition of my nvme set aside for slog, one of these reboots I'm going to disable it and just use the whole nvme for l2arc instead
<drab> yeah, I gave a share pof the NVME to slog right now and the rest of l2arc, but I'm fundamentally bugged by this default behavior
<drab> I would basically except, like in the case of bcachefs, to basically see nvme-like speeds for all writes
<drab> with "long term" storage being a sort of deferred write, ie from nvme device to HDDs
<drab> so app -> mirror nvme -> raidz2 on 6 drives
<drab> basically use the NVME as a cheaper version of those super expensive battery backed ram, zeusram or whatever, forgot what it's called
<keithzg> Hmm has anyone ever had Windows users experiencing DNS cache corruption or such while connected to an OpenVPN server? Trying to debug some users' sporadic issues (the VPN server is running Ubuntu 16.04 of course) and it's narrowing down to a point that simultaneously very specific yet extremely mysterious.
#ubuntu-server 2017-11-09
<faekjarz> I'm upgrading my server from 16.04 LTS to 17.10, and i'm used to bring network interfaces up and down via ifup / ifdown. Now netplan seems to be the way to go - How do i bring IFs up and down with netplan?
<sarnold> faekjarz: this kind of looks like you're supposed to use ip link set IFNAME up  style commands https://wiki.archlinux.org/index.php/Network_configuration
<faekjarz> sarnold: oh, i see, thank you
<sarnold> faekjarz: heh, thanks for asking the question, I'd never found out how systemd-networkd is supposed to work before this :)
<CryptoManiac> I have openvpn server running on Ubuntu 14. The server has its main IP address on eth0 and an additional IP from the host provider which I have assigned as an alias to eth 0:0. I've tried a lot of things so far to get my vpn traffic to see originate from the alias IP instead of the main server IP but it doesn't work. I edited the ufw before rules with these lines but still nothing...
<CryptoManiac> https://pastebin.com/u5Z1XgPA
<sarnold> CryptoManiac: a few wild guesses: try telling openvpn to bind to the specific IP address you want; or try assigning the IP directly to the interface without using the old "ip aliases" from oldentimes
<drab> sarnold: after some conversations with zfs ppl, seems like the sync=always would have achieved the same as bcache
<sarnold> drab: _really_?
<drab> basically making the slog devices a cache in front of the platters
<sarnold> drab: that's fasincating. DHE half the time suggests to people to use sync=disable  :)
<drab> that seems the agreement, yes, because then all writes go to the slog/ssd like we were discussing
<drab> sarnold: well I ddin't say they recommended that :P
<sarnold> damned freenode
<drab> just that there was agreement the result would have been what I was wanting to achieve
<sarnold> seems I'm not in ##Zfsonlinux and missed the whole thing
<CryptoManiac> didn't anyone perhaps reply to my query? I was DC.
<sarnold> CryptoManiac: oh sorry, I missed the disconnect, I gave some wild-ass guess..
<sarnold> CryptoManiac: a few wild guesses: try telling openvpn to bind to the specific IP address you want; or try assigning the IP directly to the interface without using the old "ip aliases" from oldentimes
<CryptoManiac> ok
<CryptoManiac> oh
<drab> sarnold: after the convo I'm rethinking that indeed I wanna do that... to their point, if the writes are sync then it's already happening
<drab> if they are async, then the app isn't waiting anyway, so latency is low
<drab> basically it goes back to being a matter of losing data sort of, whihc wasn't what I was concerned with to begin with (at least for that <1sec sort of thing)
<CryptoManiac> sarnold: Isn't the correct way still to assign an extra ip address to eth0:0 ? (That's what i meant by alias)
<sarnold> CryptoManiac: just ip addr add ADDRESS dev eth0
<CryptoManiac> ok
<drab> my 2c go to that ip addrs + ovpn bound to it
<drab> that should do it
<CryptoManiac> thanks guys :-)
<drab> basically what sarnold said as usual ;)
<CryptoManiac> will give it a shot
<sarnold> drab: nice to know my WAG matches your 2c :)
<drab> trust in sarnold, listen to no one else
<drab> :P
<sarnold> that's pretty good odds, hehe
<sarnold> lol
<sarnold> there's so many things I've never done before.
<drab> it's ok, it's important to give ppl confidence :P
<drab> so anyway, I think I'm convinced enough to stop thinking about this bcache thing with zfs, at least for the standard servers
<drab> I think it still makes sense for some much older machines with little memory
<sarnold> drab: yeah, that sounds about right
<sarnold> drab: hrm, really? the flushes to disk are all tuned to happen when memory pressure or five seconds or when the application requests a sync write..
<sarnold> drab: fwiw I've heard arguments that it's worth restricting the size of l2arc on low-memory machines, since the kernel might have to keep a huge amount of l2arc metadata in RAM instead of the ARC ..
<CryptoManiac> lol
<drab> sarnold: will keep that in mind, thanks, right now I'm actually not even using l2arc as I'm doing mostly writes
<sarnold> drab: aha :) I'm doing mostly reads, so l2arc is insanely good stuff
<lordievader> Good morning
<Vamp898> Hi guys, i want to build a java package i can distribute in the company. I used the jdk1.8.0_152.tar.gz from Oracles homepage but make-jpkg keeps telling me "No matching packaging method was found for jdk1.8.0_152.tar.gz. Please make sure you are using a tar.gz or a self-extracting archive"
<Vamp898> I tried to unpack it --> works fine, everything is there and java works --> repack it with tar czf --> no difference
<chron0> how do I configure macsec with /etc/network means to come up at boot?
<chron0> or do I have to disable the config and use some rc.local script to set it up?
<chron0> or if no one ever used macsec, how do I put iproute2 commands into this config scheme?
<chron0> like "ip link add link eth0 macsec0 type macsec"
<daniman> Hey guys, i was installing ubuntu-server and the Ethernet doesn't work, no lights
<Vamp898> found it --> the package is not allowed to be named different than the original package
<Vamp898> so a simple "mv" fixed it
<drab> chron0: in what ubuntu version? for 1604 you can use /etc/network/interfaces if-up commands
<drab> chron0: https://askubuntu.com/questions/168033/how-to-set-static-routes-in-ubuntu-server
<drab> for example, see how they use the route command to add static routes
<drab> you can do the same with ip command if that makes sense
<drab> is there a standard facility one can use to monitor log files and run arbitrary commands on certain string matches?
<drab> that may be
<drab> "swatch"
 * lordievader wouldn't be surprised if logstash offers something along those lines
<dpb1> drab: logwatch is a good swiss-army knife that you should be familiar with.  When you move to multiple systems, it can quickly get overgrown, but it's a good sinlge-to-handful of systems tool.
<blizzow> I mounted a logical volume that I have formatted as ext4 on a server.  When I type "mount" at a command prompt, the mount is not listed.
<blizzow> When I do a df -h, the mount isn't listed there either.
<blizzow> It's also not listed in /etc/mtab.
<blizzow> I am apparently senile and never mounted the directory.
<blizzow> Never mind.
<sarnold> :)
<drab> dpb1: yeah, problem is, it doesn't seem to have a daemon mode
<drab> swatch does
<drab> I'm not actually looking for something to report on my logs, rather I need to make automatic a couple tasks and it so happens I can find the trigger in a log
<drab> in fact, just in case someone has a better idea...
<drab> I need to run some stuff against devices as they come online on the network
<drab> I don't hvae fancy switches and stuff like that, and I'm not too worried about static ip assignments
<drab> one way I thought I could do this was by tailing the dhcp server log and run a script when an was issued
<dnegreira> are those devices linux devices?
<drab> dnegreira: many, not all
<drab> but for now even just getting the linux ones, would be good
<dnegreira> 4why not run a service discovery daemon? or a simple connect to whatever service with the server announcing itself ?
<drab> I mean at some point they will generate traffic so I supposed I could do something on the gw with iptables, there's patches for userland stuff
<drab> dnegreira: not sure I get it, I cannot touch the clients, at least not right now
<drab> that's part of the reason I'm trying to do it somewhere on the network
<drab> ie, dhcp or gw
<drab> places I know those nodes will reach out to/go through so that I can find out about them
<dnegreira> then monitoring the lease files of the dhcp server would be a good start I guess
<drab> yeah, that's what I was planning on doing witch swatch
<drab> dnsmasq supports running a script on lease, but it also runs it when you restart it for all leases in the lease file, and that's not what I want
<drab> so monitoring the log seems the simplest compromise
<dnegreira> but what do you want to 'know' or 'do' when a device comes online ?
<drab> for one inventory them, ie run nmap with fingerprinting to find out what they are etc
<drab> and in some cases run ansible on them (they are desktop boxes built a long time ago before automation), after the run the problem goes away as ansible will install the update itself to be initiated from the host
<dnegreira> sounds nasty :)
<dnegreira> dont you have a way to run an inventory on those desktop boxes, for example to figure out their mac address and run the ansible stuff?
<dnegreira> instead of having to run a script, to fingerprint, to figure out what kind of action you need to do on that box
<drab> dnegreira: eventually they will all be in an inventory, yes, this is a temp manuver to rein the chaos in
<drab> agents is unlikely to ever happen, since several are personal computers and many mobile devices I can't put anything on
<drab> but, once I have an initial database I plan on going directly to ppl, can't just do that yet
<drab> btw lxc testlab on raid0 ssds with ansible and base snapshot is so damn sweet, it's a whole new chapter in being able to test things
<dnegreira> lxc/lxd rocks
<drab> one thing I need to figure out is how to automatically create containers and generate mac addresses and have dnsmasq reserve a range for automatic assignments
<drab> right now I'm still defining containers in ansible and autogen'ing stuff for them, which is not as fast as just going to the host and running lxc start xyz and having a container with self-assigned mac, ip and name started
<drab> maybe named after the shorthash from git or something
<sdeziel> drab: in /etc/default/lxd-bridge, add LXD_CONFILE="/etc/default/lxd-bridge-static-ips" and put the static IPs in that file (i.e: dhcp-host=foo,1.2.3.4)
<drab> sdeziel: I've ripped out most of the default stuff, including the local dnsmasq if that's what you were referring to
<sdeziel> drab: yeah, that trick was indeed relying on the dnsmasq as provided by lxd-bridge
<drab> because on average I don't want automagic, only magic I put in (appreciate that for ppl magical defaults are useful tho)
<chron0> drab yeah xenial
<chron0> but so far it looks like there are still issues with macsec
<drab> chron0: so /etc/network/interfaces with up/down statement like in the example should work
<chron0> so I'm one step back again getting this to work
<drab> chron0: I'd expect there to be, it's brand new
<chron0> it's 10y old
<drab> uhm, somehow I thought support from kernel 4.6
<drab> but mayube I dreamt that up
<chron0> nah, you're right about that
<chron0> still 10y old
<chron0> and 4.6 id also kinda old
<chron0> config wise it seems to work out
<chron0> but no traffic is flowing through
<drab> about a year old, not old enough for bugs to be ironed out, especially in stuff that's not exactly used in most setups
<chron0> only see the initial ARP broadcast
<drab> anyway
<chron0> ye, macsec has only very little in the field experience it seems :/
<drab> btw anybody here uses icinga or something that
<chron0> i personally I have no system with kernel <4.12 running
<drab> 's not nagios?
<chron0> but this is at work
<chron0> and I have to stick to ubuntu there
<drab> or even nagios for what I care tbh, all I can't find and are looking for is a simple lava-lamp like dashboard
<chron0> try grafana instead
<drab> well traffic light, green yellow or red, so that it's obvious if ppl shuold look at stuff or not
<drab> chron0: I don't see how that helps me, the problem is parsing the failed hosts/services and changing a background of a webpage or something to put on a screen ala kiosk
<drab> I'm not looking for a full dashboard
<chron0> i c
<drab> basically even the tactical interface is unusable from a distance, too much text/info
<drab> right now I have a script that fetches the failed hosts/services from the api and makes a web page bg red or white and accept filters so I can avoid reporting on non important tnodes
<drab> but it's clunky and if stuff fails more substantially or subtly, quite unhelpful
#ubuntu-server 2017-11-10
<cpaelzer> good morning
<lordievader> Good morning
<Slashman> hello, I think that I'm hitting a bug with the latest openjdk, I would like to rollback to the previous version, is there any way to do that ?
<joelio> Slashman: within a point release or new version
<joelio> but fundementally, yess
<Slashman> joelio: apt-cache policy only show me 8u151-b12-0ubuntu0.16.04.2 or 8u77-b03-3ubuntu3
<joelio> it may still be in your /var/cache/apt/archives dir
<joelio> in which case you can dpkg -i it
<joelio> I take it it's 8 series you need?
<Slashman> joelio: no trace of it in /var/cache/apt/archives
<Slashman> joelio: I used the oracle jdk instead, since any tar.gz can be downloaded from their website... it's a little sad that I have to switch to that to use a different version
<joelio> the oracle jdk is available as a package too
<joelio> https://launchpad.net/~webupd8team/+archive/ubuntu/java
<joelio> Slashman: also, you probably have lost that specific version do to a security update
<joelio> it's... java at the end of the day ;)
<Slashman> I prefer to have several different java version to test it, but it doesn't seem to come from the jvm in the end
<Slashman> I have "fork: retry: Resource temporarily unavailable" with 40GB free ram and plenty of none of limits that I know of breached
<Slashman> I have "fork: retry: Resource temporarily unavailable" with 40GB free ram and none of limits that I know of breached
<Slashman> the result is "java.lang.OutOfMemoryError: unable to create new native thread"
<Slashman> with 40GB ram free and 100GB unused swap, it should be some kind of limit... but I don't see which
<joelio> Slashman: you need to set in in the jvm options
<joelio> as the heap is a value you set, depending on the resource needed
<joelio> also be aware that the garbage collection mode changes when you set it about 4GB
<joelio> but that will probably be your issue
<joelio> Slashman: what's the application you're using in java (usually there is an /etc/default/{thing} that allows you to tune)
<joelio> or in things like Elasticsearch there is a jvm.options file nowadays
<faekjarz> Hi! [17.10 server / netplan] I want one of my NICs configured but booting into link DOWN. Where do i find the information / documentation to acheive this?
<tomreyn> faekjarz: try asking in #netplan if you can't get help here
<tomreyn> documentatio should be in 'man 5 netplan' and online at http://people.canonical.com/~mtrudel/netplan/
<tomreyn> ...according to https://wiki.ubuntu.com/Netplan
<faekjarz> tomreyn: aye, i did already, but my pesky impatience ;)
<tomreyn> this is the first time i heard of it, i assume it's fairly new
<faekjarz> yes, i've found ~mtrudel/netplan already but ctrl+f link doesn't highlight what i'm looking for. Wrong keyword?
<Slashman> joelio: that's not  a jvm issue, the error happens even if I try to run "java -version"
<Slashman> not sizing I meant, it's production software, that's not a new service or anything
<Slashman> joelio: you can see the error when trying to run "java -version" here: https://apaste.info/TIIb
<joelio> Slashman: have you tuned the heap, otherwise you'll be running on the default.
<joelio> err, ifd java -versoon is broken then I don't know, sounds like it's fubar
<Slashman> some system limit are reached, that's how I interpret it
<Slashman> but nproc, nfile, etc are far from their limit
<joelio> umm, you said you'd used oracle version?
<joelio> vm_info: OpenJDK 64-Bit Server VM (25.151-b12) for linux-amd64 JRE (1.8.0_151-8u151-b12-0ubuntu0.16.04.2-b12), built on Oct 27 2017 21:59:02 by "buildd" with gcc 5.4.0 20160609
<Slashman> I'm using openjdk atm
<Slashman> 1.8.0_151 build 1.8.0_151-8u151-b12-0ubuntu0.16.04.2-b12
<joelio> so what that output is literally from a java -version ?
<joelio> (in the pastebin)
<Slashman> https://apaste.info/mAn3
<joelio> eh, you said it was failing
<joelio> 13:35 < Slashman> joelio: that's not  a jvm issue, the error happens even if I try to run "java -version"
<joelio> have you checked your heap space?
<joelio> this is a fairly common thing to do
<joelio> i.e. increase heap allocated to a java application
<joelio> have to do it on stuff deployed here, as the 256Mb is pretty low
<Slashman> I'll save you some time, this is a corporate production server, the prod JVM are tuned, the server had no issue, we serve thousand of connections per JVM, I'm trying to understand why now we have an issue where we have JVM error and "java -version" doesn't work anymore, the problem happened this morning and we had to restart 3/7 JVM, after restarting just one, the problems goes away, for a time
<Slashman> so it works for a time and suddenly we see "java.lang.OutOfMemoryError: unable to create new native thread" in tomcat logs when there is available memory, both in the heap and on the os
<Slashman> only solution is to restart tomcat at this point
<Slashman> so, since this problem is "new", my guess is that we have reached some system limit, that is not the amount of available memory
<Slashman> it may have been a bug in the new java version but I just confirmed that we hav the issue on the previous one too, so that's not it
<joelio> Slashman: memtest?
<joelio> or this n multiple boxes?
<Slashman> not possible right now, but the server iDrac doesn't report any ECC issue, I'll have to try it
<Slashman> joelio: it happens on 2 servers, you're right, doesn't seem related to hardware
<Slashman> maybe it's ubuntu related, I have some debian servers without the issue with the same config, I'll compare the sysctl values...
<joelio> yea, also check process list output to see what it's been instantiated with, just to make sure those values are being set
<Slashman> what do you mean by that?
<joelio> the ps -ef / auxx output for the java process
<joelio> check how it's been intantiated
<joelio> maybe there is a subtle difference
<Slashman> oh, that's the exact same line exept pid number ofc
<drab> ikonia: sdeziel: fwiw, I got ldirectord working with 3 containers, 1 director, 2 real servers
<drab> couple things are broken in the default pkg so took me a while, but it otherwise works very well
<drab> systemd unit has a bad path and the pkg actually won't install at all
<drab> as there's a race condition with the config file
<sdeziel> drab: glad to hear that. I'd have to look into ldirectord as it's new to me
<drab> there's still something I don't understand as far as networking goes tho, several of the howtos seemed to say I had to set the director as the default gw for the real servers, but I didn't
<drab> I guess it seems more lightweight than haproxy/nginx for just pure tcp/udp connections
<drab> and *a lot* simpler, which is all I need
<sdeziel> drab: the default gw thing is related to the asymmetric routing we talked about the other day
<sdeziel> drab: could you share your ldirectord config?
<sdeziel> http://www.linuxvirtualserver.org/docs/ha/ultramonkey.html shows that is can "masq"uerade real servers so that could be why you got away without changing the default gw
<drab> well, you'd think, yeah, but actually when you look at how things re set up I don't get it
<drab> I don't do masq, I do "gate" which is direct routing
<drab> the cavia in most howtos, for the real server to respond , is that a non arping interface needs to get the VIP
<drab> so often lo:0 gets the VIP/32 , that's how I've seen in in most howtos, and it makes sense
<drab> box won't arp for that (you need to tweak sysctl), and it will still accept connections for that ip since it sees it as local
<drab> responses will also originate from that ip since it's the obvious selection given that the request was received for it
<drab> so it all seems to make sense and it works just fine, leaving me puzzled why I should be setting the gw to the director
<drab> which several howtos I found mention
<drab> altho they are all at least 5-7yrs old
<sdeziel> yeah, everything in that space seems pretty dated documentation-wise
<sdeziel> isn't ldirectord for http/https backends only though?
<drab> well ldirectord actually really only check that backends are alive, it doesn't even do any of the switching etc
<drab> that's done in kernel by ip_vs, which you have to modprobe
<drab> so technical you can just install ipvsadm and modprove ip_vs and you're done
<drab> as far as balancing goes
<sdeziel> OK so only the health checks, right
<drab> but that won't give you any monitoring of the backends. the monitoring part seems to be http in many examples, but maybe not
<sdeziel> so yeah, much lighter than a user space proxy like HAproxy/nginx
<drab> also ldirectord is just one perl script... which well, it's perl, but it's a single script
<drab> sdeziel: and it happens in kernel space
<drab> in theory this could simply be plugegd into nagios/icinga/whatever monitoring system
<sdeziel> yeah, got that :)
<drab> a nagios event_handler could run ipvsadm and remove the backend or something
<drab> it would be trivial to implement
<sdeziel> is your VIP actually movable between 2 or more boxes?
<drab> I haven't tried that part yet, it's next on the list, testing one component at a time
<drab> gonna give keepalived a shot
<sdeziel> keepalived integrates nicely with IPVS
<sdeziel> and keepalived can run whatever health you want it to
<sdeziel> no need to mess with nagios handlers
<drab> I'm actually pretty happy to have figured this one out, because even in the case of exposing containers and whatnot this is now really straightforward, no iptables or other stuff
<drab> seems I can just do straight ip_vs and fiddle with ipvsadm and I'm done
<drab> set that up on the baremetal maybe and redirect to whatever containers on it at will swapping things around in just a oneliner
<drab> sdeziel: keepalived will take care of the VIP, not the realservers, for those you still need something else like ldirectord or nagios
<drab> or whatever
<drab> my point was, ldirectord isn't technically needed to get the balancing part going, I thought it was
<sdeziel> http://manpages.ubuntu.com/manpages/xenial/man5/keepalived.conf.5.html see the LVS section
<drab> yeah, looks like I was wrong, so maybe ipvs + keepalived is all that's needed to both manage the VIP on the directors and manage the real servers.
<drab> that's great, one less compoennt, thanks
<sdeziel> ldirectord seems to be responsible of monitoring and tapping into ipvsadm whenever needed
<sdeziel> keepalived on the other hand provides a wrapper on top of ipvsadm and also handle monitoring
<drab> which keepalivedd seems to be capable o doing too, no? that's how I read that section
<drab> right
<sdeziel> yeah
<sdeziel> so if you setup with keepalived it should give you all the features you need
<sdeziel> and you won't have a SPOF anymore
<drab> yeah, that should be fine, what I'm most concerned about is the zfs snapshot part that comes after that
<drab> I've redone the lxd hosts so that /var/lib/lxd is on zfs itself, that way I can send snapshots over to a backup host and have all containers setup ina  single swoop
<drab> but in that case they are going to have the same ips, so they need to be stopped until it's time
<drab> now that I have lvs I'm wondering if instead I should have the containers on diff ips/not synced and just sync the data DS
<drab> haven't thought that through quite yet
<sdeziel> what do you mean same IPs? your 2 lxd hosts?
<drab> the containers
<drab> if I put them on zfs and send the snaps to the failover lxd server
<drab> then all configs will be the same including mac and ip
<drab> so if they come up I have a conflict
<sdeziel> I'm assuming you'll "lxc copy" them, right?
<sdeziel> but yeah, the same instance can/should be up only once
<drab> I wasn't planning on it, I was planning on setting up zfs-backup-snapshot or something like that
<drab> since all lxd is zfs backed up
<drab> that way I don't have to make a difference betwee lxd or other data stored on zfs
<sdeziel> unless you use the PPA/backports, I think there is no easy way to adopt a zfs
<sdeziel> hence the suggestion of lxc copy
<drab> how do you mean? adopt a zfs, that is
<sdeziel> say you zfs send/receive the container's FS, the receiving lxd host won't be able to start it as is
<drab> why not?
<drab> I create a DS which I mount on /var/lib/lxd and then the default storage pool for lxc is a LXD DS. so both containers data and lxd config gets moved over to the receiving host
<drab> by simply snapshotting everything and sending it
<drab> all names and whtnot are consistent, the only diff is the ip of the lxd host and its hostname, that's about it
<drab> am I missing something?
<sdeziel> I guess this would work if you flip everything at once
<sdeziel> but if you want to do it per container that's where you will need a different solution
<drab> this also means that ldirectord/keepalived wouldn't have to change since ips would be the same, it's basically almost cloning the whole system, which is quite neat, the only issue is the turn on/off
<drab> right
<drab> that's what I'm debating, if I will corner myself... but at the same time this keeps it pretty simple and this is a charity, not a tech company
<drab> I just want them to have a decent failover solution and data in a diff physical place
<sdeziel> zfs send/receive should cut it then
<drab> are you using sanoid/syncoid by any chance? seems one of the common solutions to deal with that stuff
<sdeziel> drab: sanoid+syncoid might assist you with that
<drab> :)
<sdeziel> if you want to venture into new territories, you can take a look at DRBD (~RAID1 over the network). Pretty nice
<drab> yeah there was a thread about that on the zfsonnix ML, zfs + drdb, I think it's more than they need
<drab> in fact simply telling them "if something happens turn off and keep off this machine" is possibly a very good place to be for them
<drab> sdeziel: did you look at http://www.znapzend.org/ by any chance?
<drab> or even the "official" https://github.com/zfsonlinux/zfs-auto-snapshot
<sdeziel> drab: no first time I hear about znap
<drab> I like there README quite a bit: https://github.com/mikalsande/znap
<drab> and it's all bash, not a perl guy
<drab> only cavia is , the author says he only uses fbsd so it's only really tested there
<hallyn> cpaelzer: why is https://launchpad.net/~ubuntu-virt/+archive/ubuntu/virt-daily-upstream disabled? :)
<Pinkamena_D> How to find what is causing 'Device or resource busy'? I am trying to move /home so that I can overwrite it with something else. However, I get "device or Resource busy" . I am su to root and there is nothing in lsof | grep home  . my cwd is in /
<drab> Pinkamena_D: is home on a diff drive?
<Pinkamena_D> no
<drab> an mv command is saying resource busy?
<Pinkamena_D> yes
<drab> whups, got disconnected
<drab> don't know if my msgs went through
<Pinkamena_D> no, did not get any >.>
<drab> Pinkamena_D: I was asking, did you log in with ur user and then su to root?
<Pinkamena_D> sorry about it
<drab> could you login directly with root and try again?
<Pinkamena_D> thats correct, root login is disabled
<drab> if your user's home is in /home then you can see the problem
<Pinkamena_D> there is no way to remove all handles so thats not an issue?
<drab> there's probably somewhere a ref too that that's giving you the error even tho your user is technically not opening any file
<drab> atltho that's just my guess, I don't think I've personally ran into that before
<drab> Pinkamena_D: what you could do is to change your homedir temporarily
<drab> so say mkdir /var/tmp/tempuser
<drab> change your homedir to that, logout, log back in, try again
#ubuntu-server 2017-11-11
<silencecm> Can anyone help me with an ssh issue?
<silencecm> I assume I have the rsa keys stored in the wrong place
<silencecm> When my server initially starts I'm unable to ssh (connection refused on port 22). I assume this is because my rsa keys / ssh config are stored in a user folder who has not yet been logged in.
<hallyn> rharper: man, qemu-img convert -O vmdk is so disappoint
<hallyn> wish I knew someone at vmware who I could get drunk enough to make them write a sed script to convert the .vmdk to one that loads into esx :)
<hallyn> <hic> sed dash <hic> i
<hallyn> I've got little doubt tht's all it would take
<drab> silencecm: not necessary
<drab> silencecm: in fact,  connection refused means nothing is listening
<drab> so you can pretty much trust I think that ssh isn't running
<drab> if it was an auth problem, say pass not permitted and only key, you would see a different error (public key denied), or something like that
<drab> silencecm: the sshd config is in /etc/ssh, nothing to do with the user or keys
<linoge> (linoge) Hi I'm on 16.04 and trying to set up LVM on DRBD with pacemaker for postgresql HA. I've come to a point where the LVM volume fails to start with error messages about duplicates (included underlying device /dev/xvdb on the lvm reject filter). If I issue vgscan --cache and the systemctl restart corosync then the node starts alright.
<gunix> lionel: why not use postgres streaming relpication?
<linoge> Well, it's actually for learning purposes :D
<linoge> And testing
<NetSplat> Hi, I'm having a network connectivity issue on a Hetzner server with an Intel 82540EM Gigabit Ethernet Controller
<NetSplat> Every day and a half or so the network connectivity will just disappear.
<NetSplat> I can't ping it, can't connect to it, can't do anything unless I hard reset it twice.
<NetSplat> Oddly, if I launch vKVM ahead of time I can connect to vKVM and control the system when the network doesn't work.  I'm not sure how vKVM works, it's a Hetzner tool.  When I connect with vKVM (as I am right now) I cannot ping out from the server either.
<NetSplat> I have no idea how I would go about troubleshooting this.
<NetSplat> I can't push output from the commandline to a pastebin with no network connectivity so here is a screenshot from vKVM of ifconfig's output: https://puu.sh/yjA5X/6b6c0e1f10.png
<NetSplat> And from ethtool https://puu.sh/yjA7v/ed54851250.png
<NetSplat> FWIW - I can ping 127.0.0.1
<daincredibleholg> Hi NetSplat. Did you ask Hetzner?
<daincredibleholg> Do you see any errors in dmesg or /var/log/syslog?
<NetSplat> daincredibleholg, not yet.  I wanted to see if there was troubleshooting I could do first.
<NetSplat> None in dmesg
<daincredibleholg> vKVM works over another connection, so no worries
<daincredibleholg> hmm, odd
<NetSplat> I'll post dmesg, just a sec
<NetSplat> https://puu.sh/yjApg/1443233d0f.png
<daincredibleholg> can you also provide the output of `sudo lsmod` please?
<NetSplat> That's all that's there.
<NetSplat> Yes
<daincredibleholg> ah, that is from within vKVM?
<daincredibleholg> sorry, need it from the system
<daincredibleholg> can you chroot into it?
<daincredibleholg> check here: https://wiki.hetzner.de/index.php/Hetzner_Rescue-System/en#Starting_the_Rescue_System and do the necessary steps
<NetSplat> vKVM lets me log in as if I were at the system.
<daincredibleholg> not quite
<daincredibleholg> it gives you a rescue system
<daincredibleholg> but this is not what you would normally run
<daincredibleholg> see the link I just pasted
<NetSplat> Sorry, that was a distracted typing.  vKVM shows me what would currently be on the screen.  I can launch the rescue system and vKVM into that, I've done that before as well.  Right now I am logged in as my normal user, in my normal root.
<daincredibleholg> Is this a virtual server?
<daincredibleholg> I mean your normal server?
<NetSplat> It is a dedicated server
<daincredibleholg> Ok, then vkvm gives you just a live system, it does not boot into your system:The Hetzner Rescue System is a Linux live environment that allows you to have administrative access to your server. The environment starts from the network (PXE boot) and runs in the memory of the server. This makes it possible to carry out repairs to the installed system, to check file systems or to install a new operating system.
<NetSplat> So, if you want to enable a rescue mode you can choose from these options: https://puu.sh/yjAG4/a516cdee5a.png
<NetSplat> Linux and FreeBSD are live environments.
<NetSplat> vKVM, though, just shows what is presently on the screen.  The normal OS, on the HDD, is what runs if you select that.
<gunix> what is vkvm?
<daincredibleholg> hmm, ok
<daincredibleholg> what is `lshw -C net` giving you?
<gunix> oh Das vKVM-Rescue-System erlaubt ihnen, das auf der Festplatte Ihres Servers installierte Betriebssystem in einer virtuellen Maschine zu starten und so z.B. Boot-Probleme oder Firewall-Einstellungen zu korrigieren, fÃ¼r die Sie Ã¼blicherweise eine KVM-Konsole benÃ¶tigen wÃ¼rden.
<NetSplat> lshw is not installed
<gunix> you can also do this with any linux that boots from USB and has KVM
<NetSplat> I can do lspci
<NetSplat> lspci output: https://puu.sh/yjALG/7bfd3b8f85.png
<daincredibleholg> @gunix, he is using a Hetzner Dedicated server, hard to attach a USB on that distance :P
<NetSplat> lol, I can request that they put a hardware KVM on it as well.
<NetSplat> But I've only had to do that once.
<daincredibleholg> @NetSplat: Hmm, I did some googling and all I find is either virtualisation related or related to an old bios / wrong EPROM version, which would need fixing from Hetzner staff.
<daincredibleholg> Yeah, Hetzner is pretty good, love the KVM feature, never used the vKVM tho :P
<daincredibleholg> this save my back more than once
<NetSplat> daincredibleholg, that's really all I could find as well.  I wanted to bounce it off the community before calling 911.  But I suppose I'll do that now.
<daincredibleholg> anyhow - as this is a persistent issue, I think it would be worth bothering Hetzner support with it
<NetSplat> Ok, thanks for your help.
<daincredibleholg> Tell them what you already did, provide them with the output you posted here and ask for help
<daincredibleholg> No worries. Sorry that I couldn't help more
<xpistos> Hey all. Is there a way, I can plug in a samsung phone into my ubuntu laptop and have it automount to specific folder in stead of the generic "mtp://[usb:003,008]/" type mount? I want to write a bash script that grabs my videos and pictures and moves them for me but I would need them to go to /mnt/samsung or etc?
<xpistos> I am assuming I need to do this in udev rules or something but not sure and could use some help finding where I need to go
#ubuntu-server 2017-11-12
<silencecm> xpistos: I experimented with this myself. I wrote a python script that listens for USB events and runs scripts based on it. You could use the android adb tool to push and pull files once you know the uuid of the device
<silencecm> xpistos: Here's a blog post I wrote regarding this https://rileymacdonald.ca/2017/09/16/ubuntu-linux-how-to-listen-to-usb-port-events/
<trekkie1701c> So, fun problem and solution I encountered today.  After a few oddities with my test server having or not having packages that were pre-installed on my EC2 instance, I decided to see about manually fixing that so that I didn't have surprises about things working in test but then not working on my live server.  So I installed the cloud metapackage and all that.
<trekkie1701c> This rendered the system unbootable, so I just uninstalled the metapackage and the packages it installed.  Or rather, the packages contained with it.  So it removed pretty much everything from the base system and it could no longer use a network interface or read from cdrom.
<trekkie1701c> Fortunately it turns out you can use the installation cd to copy it's own installation repos to the filesystem, then play around with some dpkg settings to lie about the version info of what you do have installed to force it to reinstall the base system so it can be fixed properly.
<cpaelzer> hallyn: hi, well I added it to the top of the decsription why it is disabled :-)
<cpaelzer> hallyn: TL;DR - no usage at all in the last 6 months so I considered the effort to get it going again not worth
<cpaelzer> hallyn: I was using some LP api to get usage stats and there seemed to be only 5 downloads (and I had 5 when I initially tested)
<cpaelzer> hallyn: did you really want to use it or did you cross this some other way?
<gunix> is there anyway with ceph knowledge active?
<HuiBuuh> hey hou, I tried to install mate on my server and then access it with VNC, I used TigerVNC for that but I only get a black screen. Does anyone know what could be my issue?
#ubuntu-server 2018-11-05
<lordievader> Good morning
<rbasak> kstenerud: if you're still looking for bugs, bug 1581864 might be an interesting one to tackle.
<ubottu> bug 1581864 in nginx (Ubuntu) "nginx.service: Failed to read PID from file /run/nginx.pid: Invalid argument" [Low,Confirmed] https://launchpad.net/bugs/1581864
<rbasak> Unless teward is already working on it?
<rbasak> ahasenack: see bug 1677755. Maybe worth updating the bug with Disco inclusion staus (I know it's still closed, but is a branch pending somewhere?)
<ubottu> bug 1677755 in backuppc (Ubuntu) "Missing dep8 tests" [Wishlist,New] https://launchpad.net/bugs/1677755
<rbasak> cpaelzer__, kstenerud: I think bug 1800040 can be low prio as it's armhf only. Shall I communicate that with the repoerter and then leave it ("patches welcome")?
<ubottu> bug 1800040 in bacula (Ubuntu) "bacula-fd segfault on status client from Bat" [Undecided,New] https://launchpad.net/bugs/1800040
<cpaelzer__> rbasak:  hiho
<cpaelzer__> rbasak: you can do so (downpedal the bug to low)
<cpaelzer__> rbasak: there were too much tests for me to get a good overview what exactly was affected eventually
<cpaelzer> I would have needed the time to really read into it
<cpaelzer> and that is what I asked karl to take a look
<cpaelzer> if it really is only armhf that is affected I agree it is not too important then
<rbasak> cpaelzer: done, thanks
<rbasak> (every failure report has armhf in it, AFAICT)
<rbasak> If I'm wrong, I'm sure he'll get back to us.
<ahasenack> kantlivelong: I got it working on plain ubuntu, btw
<cpaelzer> rbasak: thanks
<ahasenack> there is a search order for the host's keytab
<ahasenack> kantlivelong: did you check the rpc.gssd manpage? It lists the principals it looks for
<ahasenack> I had a host/<fqdn>@ key for the nfs client
<ahasenack> kantlivelong: check /etc/hosts and /etc/hostname on both machines, I think what is different is the output of "hostname -f" and those files could be setting that
<ahasenack> kantlivelong: I found #1616123 while experimenting, btw. triplicate-filed bug, since xenial (aka, introduction of systemd) :(
 * ahasenack wonders who owns nfs server packages
<cpaelzer> ahasenack: you know how that works, now it is you :-)
<ahasenack> hehe
<ahasenack> three bugs in nfsv4 server with kerberos, I'm a bit surprised, more people use that than I expected
<kstenerud> rbasak: I've posted a summary on the bug page for what's tested and what failed. It looks like the critical element is bacula-fd on armhf.
<TJ-> ahasenack: if you find out who owns nfs, please ask them to deal with Bug #1697339 too
<ubottu> bug 1697339 in nfs-utils (Ubuntu) "rpc.gssd performs reverse DNS by default (regardless of -D flag)" [Undecided,Confirmed] https://launchpad.net/bugs/1697339
<cpaelzer> ahasenack: your acpi MP could also contain the adding of comments for dirmngr
<cpaelzer> the updates on the task read as if it is resolved (would be auto-installed but we want to keep it explicit)
<cpaelzer> if that is correct we'd want to add that as a comment I think
<ahasenack> cpaelzer: I was planing on doing one MP per package
<ahasenack> TJ-: thanks, I'll take a look
<TJ-> ahasenack: had a few users report that on 16.04; I helped one such last week rebuild the packages locally with the patch because they had 10s of systems affected
<DenBeiren> is anyone around to help out with a transmission-daemon issue?
<lordievader> DenBeiren: What is the issue?
<ahasenack> cpaelzer: have you seen this before? https://pastebin.ubuntu.com/p/Hf34BhDnN4/
<ahasenack> cpaelzer: it's my first multipass launch
<ahasenack> but the files it complained about are in qemu
<ahasenack> might be another case of a classic snap not working in an ubuntu release different from where it was built
<cpaelzer> ahasenack: these are .so's that break out certain functions of qemu
<cpaelzer> ahasenack: you can that way reduce your attack surface from guests, or put only some of them in main
<cpaelzer> ahasenack: seems to be an incompatibility of your systems .so's with what is in the snap ?
<cpaelzer> I thought LD magic should avoid that
<DenBeiren> lordievader: i had a working system that borked,.. so i removed it, purged all packets, removed the dir and tried a reinstall.
<DenBeiren> now it seems if i stop, edit the settings, start and check, none of the settings are changed
<DenBeiren> altough the settingsfile is correct afaik
<DenBeiren> change of port for example,.
<lordievader> Are you editing the correct settings file? It might be that in an update the path changed.
<lordievader> I had at one time three possible paths...
<DenBeiren> /etc/transmission-daemon/settings.json
<ahasenack> cpaelzer: I pinged #multipass
<ahasenack> might open a bug
<ahasenack> kstenerud: where are multipass bugs opened again?
<lordievader> DenBeiren: What is the output of `systemctl cat transmission-daemon.service`?
<DenBeiren> https://pastebin.com/Fv9MS3x7
<kstenerud> ahasenack: On their github issues page
<ahasenack> thx, got it
<lordievader> DenBeiren: Does `/var/lib/transmission/config` exist?
<DenBeiren> https://pastebin.com/aya2CbJ8
<kantlivelong> ahasenack: hmm il have to check again. i had host/ and nfs/
<ahasenack> I have nfs/ for the server
<ahasenack> and the client has host/<fqdn>
<ahasenack> but check the output of hostname -f
<ahasenack> on both sytems
<ahasenack> normally just "hostname" should be a name without dots, and "hostname -f" should be the fqdn
<kantlivelong> right
<ahasenack> freeipa has a different opinion, fwiw
<kantlivelong> you used the variable mentioned in that ticket?
<kantlivelong> didnt see any opts that applied
<ahasenack> what variable?
<ahasenack> you mean bug #1616123 ?
<ubottu> bug 1616123 in nfs-utils (Ubuntu) "rpc-svcgssd.service uses incorrrect variable SVCGSSDARGS" [High,Confirmed] https://launchpad.net/bugs/1616123
<kantlivelong> yeah.sorry im mobile
<ahasenack> kantlivelong: that bug is embarassing, it's been out there since xenial
<ahasenack> kantlivelong: I will fix it
<kantlivelong> happens
<kantlivelong> im going to check everything again tonight when i get home
<kantlivelong> oh and duh thats for nfs-server. shouldnt be affecting me anyway
<ahasenack> it's for that svcgssd service in particular
<ahasenack> but yeah
<ahasenack> the client runs rpc.gssd
<ahasenack> both do
<ahasenack> anyway
<ahasenack> found some other bugs about nfsv4 in the nfs-utils package, while looking at that one
<kantlivelong> right. but it wouldnt use the options from nfs-kernel-server on a client would it?
<ahasenack> nope
<ahasenack> kantlivelong: have you tried storing the kerberos tickets in the kernel keyring? I found a bug about that, looks like rpc.gssd can't read it
<ahasenack> I flagged it for further investigation, see what's going on upstream, what alternatives there are, check fedora, etc
<kantlivelong> ahasenack: is that available in 16.04? i thought that was something new in later veraions
<ahasenack> oh, I didn't check that
<ahasenack> I mean, the bug is against 16.04, so kerberos itself can probably store it
<ahasenack> bug #1733571
<ubottu> bug 1733571 in nfs-utils (Ubuntu) "unable to access kerberized nfs4 shares with keyring ccache" [Undecided,Confirmed] https://launchpad.net/bugs/1733571
<kantlivelong> i did notice in my logs that it looks for machine ticket using the fqdn
<kantlivelong> or maybe you noticed that. cant remember haha
<ahasenack> just check what hostname -f returns, it's the most likely source for the <hostname> bit in the ticket. I didn't see anything in the manpage about it being the shortname once, and later versions wanting the fqdn
<kantlivelong> but from what i can tell there isnt a way for me to to generate an entry with that many characters
<ahasenack> (the keyring question I brought up is about something else entirely, sorry for crossing the streams)
<ahasenack> it was just one of those bugs I saw while looking at the state of the package
<kantlivelong> im just grateful that your taking a look. i was going insane
<lordievader> DenBeiren: Does that .config also exist when transmission is not runnign?
<DenBeiren> lordievader: i believe it is
<DenBeiren> https://pastebin.com/AW168bxj
<Gekko> How could I configure netplan / systemd-resolved to prefer any DHCP based DNS servers, but fallback to hardcoded DNS IPs if none are found working via DHCP? I've tried adding DNS=x.x.x.x into /etc/systemd/resolved.conf, but that seems to override any DHCP based DNS
<Gekko> I'm trying to make this system manage DNS configuration in any network it's plugged into, regardless of if the local LAN offers DNS or not
<Gekko> Ubuntu server 18.04
<Gekko> So far the cases I've had involved all public DNS IPs being blocked in the network, and configured LAN DNS not working
<Gekko> But never both
<kstenerud> Does anyone know how to build debian packages using git-buildpackage? I'm using https://wikitech.wikimedia.org/wiki/Git-buildpackage as a guide, but it errors out right at the start :/
<TJ-> Gekko: maybe you can use netplan's "optional" and "optional-addresses" ?
<Gekko> I'll read about them, thanks
<TJ-> Gekko: I suspect those only apply to the IP address allocation itself though
<kantlivelong> ahasenack: hostname -f returns the right fqdn, hostname shows fqdn, hostname -s shows shortname
<kantlivelong> looks right
<ahasenack> in both machines?
<kantlivelong> both clients or server and affected client?
<kantlivelong> its right on the server
<ahasenack> the client that can't mount
<kantlivelong> yeah its valid
<ahasenack> ok
<TJ-> Gekko: I think you're better off doing it directly in systemd-networkd config; using "UseDNS=True" (the default) DHCP addresses take precendence over manually set addresses
<ahasenack> kantlivelong: so the complaint on that client was that the principal it selected from /etc/krb5.keytab wasn't found on the server datbase
<kantlivelong> ahasenack: server meaning krb5 server?
<ahasenack> yes
<kantlivelong> its certainly there
<kantlivelong> matches the working client
<kantlivelong> (minus the shortname of course)
<kantlivelong> https://i.imgur.com/BiHL3Bf.png
<ahasenack> from your earlier pastebin,
<ahasenack> it's looking for these in /etc/krb5.keytab, in this order:
<ahasenack> 1) ADTESTUBUNT.XXX.YYY.ZZZ$@XXX.YYY.ZZZ
<ahasenack> 2) root/adtestubunt.xxx.yyy.com@XXX.YYY.ZZZ
<ahasenack> 3) nfs/adtestubunt.xxx.yyy.com@ <--
<ahasenack> it found the 3rd
<kantlivelong> #1 is where i have concern
<ahasenack> and then says
<ahasenack> WARNING: Client 'nfs/adtestubunt.xxx.yyy.com@XXX.YYY.ZZZ' not found in Kerberos database while getting initial ticket for principal 'nfs/adtestubunt.xxx.yyy.com@XXX.YYY.ZZZ' using keytab 'FILE:/etc/krb5.keytab'
<kantlivelong> shouldn't it be looking for ATESTUBUNT$@XXX.YYY.ZZZ?
<ahasenack> the manpage just says "<hostname>", without detailing if it's the fqdn or not
<kantlivelong> the shortname is certainly there
<kantlivelong> :/
<kantlivelong> have to head to work now tho
<ahasenack> on my ubuntu client, it does look for the short name as well
<ahasenack> I mena, ubuntu 18.04
<ahasenack> kantlivelong: https://pastebin.ubuntu.com/p/6pb4GCRWjm/ it stopped when it found the host/ key
<ahasenack> it's what I'm using
<ahasenack> gssd_get_single_krb5_cred: principal 'host/nsnx.lowtech@LOWTECH' ccache:'FILE:/tmp/krb5ccmachine_LOWTECH'
<ahasenack> and I actually have the key with the fqdn in the keytab
<kantlivelong> odd.
<ahasenack> so how come you have nfs/adtestubunt.xxx.yyy.com@XXX.YYY.ZZZ in the keytab, but no such principal exists in the kdc?
<kantlivelong> im not asking you to or anything but i wouldnt object if you had interest in hopping on the boxes
<kantlivelong> the nfs/fqdn is definitely there
<ahasenack> can you kinit that principal?
<ahasenack> like
<ahasenack> kinit -V -t /etc/krb5.keytab -k <principal>
<ahasenack> for example, here:
<kantlivelong> on the client or ad?
<ahasenack> kantlivelong: https://pastebin.ubuntu.com/p/ZhgVs5cw7B/
<ahasenack> client
<ahasenack> on that machine where rpc.gssd failed
<ahasenack> using nfs/adtestubunt.xxx.yyy.com@XXX.YYY.ZZZ as the principal
<ahasenack> because that's what rpc.gssd tried to do, after finding nfs/adtestubunt.xxx.yyy.com@XXX.YYY.ZZZ in the keytab
<kantlivelong> ill give it a shot
<Gekko> TJ-: thanks, I'll see if that does it. I had to remove some entries from /etc/systemd/resolved.conf as apparently there can be too many, says systemd
<Gekko> Right now I'm getting nameserver 8.8.8.8 followed by nameserver local_ip_here in /run/systemd/resolve/resolv.conf, so maybe it's good enough
<TJ-> ahasenack: this might be useful for you, a patch that landed for 1.2.9. The commit messsage is insightful: http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=bdc50fc12a621545feaf9925999723d45171c34d
<TJ-> ahasenack: bearing in mind the issue is on 16.04 with 1.2.8, and 18.04 has 1.3.4
<ahasenack> and upstream is past 2.x
<TJ-> ahasenack: 1.2.8 was 2013 :)
<TJ-> there is a 2nd commit immediately before ^^ that one with the same commit message:  http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=a6ab6f63de618180127daadc070d696f6268000f
<TJ-> ahasenack: I'm looking at the commits pre 1.2.9, listed at http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=shortlog;pg=5
<ahasenack> TJ-: the order in which it looks up the principals (line 126+ in https://paste.ubuntu.com/p/GZqqcGgsvk/) matches the rpc.gssd manpage
<TJ-> here's another one, talking specifically about the fqdn/hostname http://git.linux-nfs.org/?p=steved/nfs-utils.git;a=commit;h=05e6d39a988e76d5803f79018a9e40d435f6d2f7
<ahasenack> I don't know what the target= field is that he mentions
<ahasenack> kantlivelong: all that being said, let me try on xenial, I've been trying with bionic as the client
<ahasenack> kantlivelong: worked with a xenial client as well: https://pastebin.ubuntu.com/p/Htpvgq6fy4/
<TJ-> ahasenack: "target=" refers to the part to the right of the @, the realm, I thinik, from looking at the code (where service is to the right of the @)
<ahasenack> it's @REALM, yep
<ahasenack> it's something like <name/someoptionalqualifier@REALM>
<rbasak> ahasenack: https://code.launchpad.net/~racb/usd-importer/+git/usd-importer/+merge/358334 please, to put the git-ubuntu fire out.
<ahasenack> saw it
<ahasenack> rbasak: you are using the +build path from launchpad because this package is not in discoyet?
<rbasak> ahasenack: it is actually in Cosmic. But that will end up in oldreleases. Launchpad will last longer.
<ahasenack> rbasak: I think you can use http://archive.ubuntu.com/ubuntu/pool/main/u/ubuntu-keyring/ubuntu-keyring_2018.09.18.1_all.deb, is that better?
<ahasenack> or not, for the reason you just mentioned
<ahasenack> kstenerud: did you get your debian mysql build issue sorted out after standup?
<ahasenack> rbasak: my master (and I updated, I think?) doesn't have test_gpg_public_key_list() in gitubuntu/integration_test.py, do you know what's going on?
<ahasenack> https://git.launchpad.net/usd-importer/tree/gitubuntu/integration_test.py also doesn't
<ahasenack> oh, wait
<ahasenack> ok, n/m
<ahasenack> was confused by a commit message
<rbasak> BTW CI is still running.
<rbasak> But I've tested a full build/CI run locally, etc. I will wait for the official one before merging.
<rbasak> ahasenack: thanks!
<granjero> hi, ubuntu server 18.04 fstab looks quite empty. is still working for mounting windows shares at startup?
<cryptodan_mobile> granjero: https://www.hiroom2.com/2018/05/04/ubuntu-1804-cifs-utils-en/
<kantlivelong> ahasenack: hmm. cant kinit on either the working or non-working box. have to do it from ad
<kantlivelong> i might have found hte issue.. will check
#ubuntu-server 2018-11-06
<lordievader> Good morning
<ham5urg> Hi all, I'm trying to get a diskless ubuntu 16.04 client to mount its root via NFS. First the kernel and initrd are transferred via tftp which is working. But after the kernel should mount the NFS I get an error: "read: Connection refused"  and "NFS over TCP not available from 172.17.0.1". The NFS-server is up and running but the mount fails. I put all informations into one paste at https://paste.debian.net/1050556/
<ahasenack> good morning
<ahasenack> kantlivelong: good, I'm curious :)
<ham5urg> $ This works: "sudo mount 172.17.0.1:/srv/nfs/xenial share"
<ham5urg> This doesn't: "sudo mount localhost:/srv/nfs/xenial share"
<DenBeiren> lordievader: did you see my last message?
<rbasak> ahasenack: thank you for the quick review
<ahasenack> np
<lordievader> DenBeiren: Err, maybe. Was  quite busy yesterday afternoon. What was it?
<DenBeiren> <lordievader> DenBeiren: Does that .config also exist when transmission is not runnign?
<DenBeiren> <DenBeiren> lordievader: i believe it is
<DenBeiren> <DenBeiren> https://pastebin.com/AW168bxj
<lordievader> DenBeiren:  Did you pastebin your config before?
<ahasenack> kstenerud: what's left for https://code.launchpad.net/~kstenerud/ubuntu/+source/mysql-5.7/+git/mysql-5.7/+merge/358234 ? The salsa MP?
<kstenerud> For ubuntu side it should be ready. I'm trying to get a merge request in to debian side, but I can't get mysql to build as a package :/
<ahasenack> kstenerud: mysql is an ftbfs in debian right now?
<kstenerud> ftbfs?
<ahasenack> (fail to build from source)
<kstenerud> The builder tool just dies
<kstenerud> sec. Doing one last build attempt
<kstenerud> pristine buster image this time
<kstenerud> Oh, on buster it doesn't fail the signature check
<kstenerud> It does fail with unmet dependencies though: https://pastebin.ubuntu.com/p/nX7hwPk96f/
<ahasenack> why don't you install them/
<ahasenack> ?
<kstenerud> I'm trying to figure out how
<ahasenack> apt install <name>?
<ahasenack> or, for a helper, use apt-get build-dep ./ while inside the extracted package directory
<kstenerud> looks like mk-build-deps does everything
<kstenerud> Ugh I think I'm making a big mess of things. I'm trying out autopkgtest, but it doesn't seem to like running from a git repo of mysql
<kstenerud> Really, all I want to do is download mysql from debian git repo, build and test
<kstenerud> run tests
<ahasenack> your changes they are only in maintainer scripts, right?
<kstenerud> yes
<ahasenack> ok, then just submit the mp, it shouldn't affect building the package
<kstenerud> ok
<ahasenack> and running tests for debian, that's a big plus, considering the change was just in maintainer scripts
<ahasenack> you can worry about that later if you want the experience
<kstenerud> Yeah I mostly wanted to get my own documentation on the subject in order. There seem to be a LOT of different ways, and lots of advice, but no one-true-way document that says "do this"
<ahasenack> well, there are many ways to isntall a package
<ahasenack> the core of that error was "sorry, I can't build mysql because I'm missing this package, that package, and this other one"
<ahasenack> that's why they are called build dependencies
<kstenerud> I mostly want to get a procedure in place for forking from their repo, making changes, building and installing the new package, running package tests, and submitting a merge request
<ahasenack> that's an awesome goal
<ahasenack> there was really nothing different in this mysql git repo from debian than from any other package
<ahasenack> you install build dependencies, and then build as usual
<kstenerud> except that no build tool prior to the one in testing works with mysql, which I just discovered :/
<ahasenack> I'm building it in sid as we speak
<ahasenack> just did what I said
<rbasak> I use sbuild and autopkgtest with the lxd runner.
<kstenerud> Really? So gbp buildpackage doesn't error out with certificate errors?
<ahasenack> I just launched a sid container, like "lxc launch images:debian/sid debian-sid"
<rbasak> However there's a bug in Debian's systemd which stops mysqld from running in a container
<ahasenack> git cloned the repo
<ahasenack> installed build dependencies
<ahasenack> and ran dpkg-buildpackage
<ahasenack> brb, need to relocate
<rbasak> So I use an Ubuntu container to run autopkgtest against the Debian deb, which isn't ideal but I consider it good enough if it passes.
<rbasak> I use dpkg-buildpackage to get a source package and run sbuild against that.
<kstenerud> hmm don't know any of those tools
<rbasak> https://wiki.ubuntu.com/SimpleSbuild but I appreciate it's Yet Another Tool so don't feel like you have to use it :)
<a_ok> I have ubuntu 16.04LTS and need to boot a previous installed kernel. Grub 2 is installed selecting from menu at boot is not an option
<kstenerud> I was trying to follow https://wiki.debian.org/PackagingWithGit
<rbasak> And because sbuild is such a pain to set up, that's why we did "git ubuntu build" to try and make it easy. But it's still a little buggy I believe :-/
<kstenerud> also https://wikitech.wikimedia.org/wiki/Git-buildpackage
<kstenerud> but it looks like git-buildpackage is still a bit shaky
<rbasak> All of these tools are wrappers around what Debian policy states as the interface source packages must provide (debian/rules), FWIW.
<kstenerud> rbasak: So in your experience, which tools are the best ones to use in terms of stability?
<rbasak> IMHO sbuild is the most reliable and provides appropriate (but not perfect) isolation.
<DenBeiren> lordievader: the content of settings.json you mean?
<rbasak> You can also mess with it for debugging and development with schroot directly, the -p flag, etc.
<lordievader> DenBeiren: Yes
<rbasak> However sbuild is not so trivial to set up :-/
<DenBeiren> no i didn't
<DenBeiren> coming up :-)
<rbasak> OTOH sbuild does always work.
<kstenerud> Good. I'm sure I can scriptify things for simple use cases like SRUs
<DenBeiren> https://pastebin.com/31hizU4T lordievader
<DenBeiren> when i try port 8083 it won't work
<rbasak> kstenerud: here's a script I have lying around that configures sbuild as I like it on a fresh remote host: https://paste.ubuntu.com/p/xHr6wnd66R/
<DenBeiren> 9091 works, but limitations from rpc whitelist
<DenBeiren> thats why i conclude the configfile isn't read
<rbasak> kstenerud: I haven't used it in a while though so it might be a little out of date on a few bits
<kstenerud> rbasak: Thanks! It's a good starting point regardless
<lordievader> DenBeiren: Is this the full file? This isn't valid json.
<DenBeiren> yes, there is no more in it
<lordievader> DenBeiren: That is then probably why it is ignored. This is not valid json.
<lordievader> Missing at least the closing }
<a_ok> So its the whole grub submenu stuff that messed me up
<a_ok> what does this mean? Warning: Please don't use old title `Ubuntu, with Linux 4.4.0-137-generic' for GRUB_DEFAULT, use `Advanced options for Ubuntu>Ubuntu, with Linux 4.4.0-137-generic' (for versions before 2.00) or `gnulinux-advanced-6baa6b94-0498-4047-b41f-72a78923dbe4>gnulinux-4.4.0-137-generic-advanced-6baa6b94-0498-4047-b41f-72a78923dbe4' (for 2.00 or later)
<DenBeiren> the closing is in there
<DenBeiren> i missed it in copypaste :-)
<zzarr> Hello! I have a rented VM with a systemd-journald that's using a lot of CPU, what should I do?
<ahasenack> back
<lordievader> DenBeiren:  Ah, I see. What happens when you run the deamon in the foreground?
<ahasenack> zzarr: is "journalctl --follow" spitting out new messages at a very high rate?
<DenBeiren> lordievader: could you explain a bit more,.. i don't know exactly what you expect me to do
<lordievader> DenBeiren: What happens when you stop the transmission-daemon service and run `sudo transmission-daemon -f` in a shell.
<DenBeiren> it's running,.. waiting for more output
<DenBeiren> maybe i could try with a std settings file?
<lordievader> DenBeiren: It is not giving errors?
<DenBeiren> https://pastebin.com/uAmEaF43
<lordievader> DenBeiren: You could check which settings file it is loading with `sudo strace -e open transmission-daemon -f`
<lordievader> Oh, never mind: [2018-11-06 14:53:45.788] Using settings from "/home/denbeiren/.config/transmission-daemon" (daemon.c:528)
<DenBeiren> ok,.. found that file, and it doesn't have the settings i changed in the other file
<lordievader> No, it probably never read that file.
<DenBeiren> stopped TM, edited the port, saved and started TM again,.. no changes :(
<lordievader> Is it still saying it loads the config from the .config dir?
<ahasenack> iirc that json config file has to be changed while transmission is stopped
<ahasenack> but I could be misremembering
<lordievader> Correct, else it will be overwritten with the 'current' config.
<DenBeiren> ok we have progress,..
<DenBeiren> if i start transmission daemon in the foreground, it seems to work
<DenBeiren> when i start transmission-daemon with the command sudo service transmission-daemon start it doesn't take the correct settinge
<lordievader> It might have to do with environment variables.
<lordievader> My systemd service has an override wich adds `Environment=TRANSMISSION_HOME=/var/lib/transmission/config`. But this is on Gentoo.
<DenBeiren> question is,.. how do i start/stop/check correctly now
<DenBeiren> and how can i get the correct version to start at boot?
<zzarr> ahasenack, The server spits out lines like this over and over: Nov 06 16:18:15 production rc.local[833]: 7f01a4938000-7f01a4b37000 ---p 00007000 ca:01 1845822
<ahasenack> looks like it's panicing
<ahasenack> panic()ing
<ahasenack> check dmesg
<zzarr> ahasenack, will do
<zzarr> ahasenack, I found this [    7.800343] systemd[1]: Failed to start Load Kernel Modules.
<lordievader> DenBeiren: Change the `--log-error` to `--log-debug` in the `ExecStart` line of the service file.
<lordievader> DenBeiren: Then run `sudo systemctl daemon-reload && sudo systemctl restart transmission-daemon && sudo journalctl -u transmission-daemon`. That should give you enough output to see which configuration file it is reading.
<lordievader> (When you are done you should revert the change to the service file)
<DenBeiren> where can i find the service file?
<lordievader> `sudo systemctl cat transmission-daemon` should tell you (or `sudo systemctl status transmission-daemon`)
<DenBeiren> https://pastebin.com/DgSe24si
<DenBeiren> permissions issue?
<lordievader> DenBeiren: I get the feeling the directory doesn't exist. It tries to read the config from `/home/debian-transmission/.config/transmission-daemon`.
<DenBeiren> shouldn't it have created it with the install?
<lordievader> I suppose.
<ham5urg> Has anybody tried with Ubuntu 16.04 to implement a disklessclient with NFS and overlayfs?
<elfranne> Trying to find if "apt-mark hold <package>" is being respected when doing "apt-get dist-upgrade" ?
<sdeziel> elfranne: it should otherwise that would be a bug
<elfranne> trying to find any docs about that...
<mybalzitch> boy, this new ubuntu 18.04.01 installer sure is nice
<sdeziel> elfranne: that's easy to test because dist-upgrade will ask your for a confirmation that you can decline if the held package is about to be upgraded
<elfranne> I ll give it a try with a fresh install without internet on a VM
<elfranne> thanks
<sdeziel> elfranne: FYI, I use this technique routinely and it works great
<kstenerud> rbasak: I'm getting libreadline.so.6: cannot open shared object file no matter which channel I'm on (stable, beta, edge)
<rbasak> That sounds familiar
<SJr> I have been going through and wiping dozens of hark disks through an ejectable dock. I have been getting smartctl errors e-mailed to me complaining about failures of a disk I ejected a few days ago. When I look in /dev/ I still see the disk, but hdparm -I just gives garbage for it. Is there a way to fix this without rebooting?
<sdeziel> SJr: have you tried "eject /dev/sdX" ?
<SJr> unable to eject, last error: Invalid argument
<sdeziel> SJr: that needs to be done prior to the real physical ejection/removal
<SJr> Oh well
<sdeziel> SJr: echo 1 > /sys/block/sdX/device/delete
<sdeziel> might work after the fact
<SJr> yup it did
<SJr> Thank you
<sdeziel> you are welcome
<SJr> Oh hrm, well good news/ bad news. Now I just got an e-mail saying that smartd could not open /dev/sde
<SJr> Well I guess I'm just going to restart the service
<sdeziel> it's reassuring that smartd will let you know when a drives suddenly vanishes from existence ;)
<mybalzitch> is releases.ubuntu.com down for anyone else?
<Glorfindel> mybalzitch: it's up for me
<mybalzitch> and lol, the 18.04.01 installer errored out trying to probe my ZFS install, because it can't find the zpool command
<mybalzitch> https://i.imgur.com/4UztzIU.png
<ahasenack> https://bugs.launchpad.net/subiquity/+bug/1782744
<ubottu> Launchpad bug 1782744 in subiquity "Install failed on disk previously used for ZFS" [Medium,Confirmed]
<ahasenack> you will have to switch to another console (alt-f2) and erase that disk with something like sgdisk -Z
<ahasenack> iirc (the -Z part)
<mybalzitch> thanks ahasenack
<sdeziel> zfsutils-linux should be in the ISO IMHO
<sdeziel> would make recovery much easier
<Ussat> I dont think licensing makes that possible
<sdeziel> Ussat: the zfs.ko (and friends) module is shipped in the ISO
<sdeziel> so I'd think the userspace tooling would be OK
<Ussat> OK, I m not a lawyer, was just a guess. RHEL (which I use a lot also) has taken that stance
<mox-> I'm having some issues building an ISO that boots on the network to reach a Kickstart file to do an unattended installation. It is working great with RHEL/CentOS but with Ubuntu I keep getting "ipconfig: no devices to configure" when the ISO boots. I searched google I can see examples of PXE installations but no bootable ISO installation with a Kickstart. Anyone have an idea what's going on or a reference document for me? Thanks
<granjero> hi, ubuntu 18.04 server. how to mount window share? cifs mount giving me erro mount error(16): Device or resource busy
<granjero>  
<ahasenack> will need more info about that error
<ahasenack> how you are trying to mount it, if dmesg has any other error messages, if you have tried another pointpoint
<granjero> sudo mount -t cifs -o username=USER,password=MYPASS //SHAREIP/folder /home/myshare
<granjero> mount error(16): Device or resource busy
<granjero> Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
<ahasenack>  /home might be another mountpoint already, can you try mounting it elsewherE?
<ahasenack> and did you check dmesg?
<granjero> let me see
<granjero> was trying to remember how to do it. the dmesg part
<mox-> just type 'dmesg'
<granjero> was the SMB prtotocol version
<ahasenack> yeah, there is a new default
<granjero> sudo mount -t cifs -o vers=1.0,username=USER,password=MYPASS //SHAREIP/folder /home/myshare
<ahasenack> "device or resource busy" is not the error message I was expecting for that, though
<ahasenack> what windows server is that?
<ahasenack> xp?
<granjero> also got mount error(13): Permission denied
<granjero> 2013
<ahasenack> that is rejecting higher versions of smb?
<ahasenack> have you tried vers=3.0?
<granjero> does vers=3.0 exists?
<ahasenack> yes
<ahasenack> check the mount.cifs manpage, search for vers=
<ahasenack> it has a nice table of protocol versions and windows releases
<granjero> 3.0 - The SMBv3.0 protocol that was introduced in Microsoft Windows 8 and Windows Server 2012.
<granjero> vers=3.0 also worked
<granjero> now i will try to so it on mount with fstab
<granjero> wish me luck
<granjero> *do it
<mox-> Is there a specialised channel for network boot installation help? I have a very specific question that I can't find the answer
<jayjo> is there consensus on the leading FOSS for highly available shared sstorage? Ceph, glusterfs, just NFS, ... ? I have a cluster of ubuntu servers that run containers of a gitlab instance, when it was all local on a node this worked fine. But now I need to share the data across the cluster. If I were implementing this today (no support restrictions), what's the best solution?
<blackflow> the industry is betting on ceph
<chillage> Good time,
<chillage> Kazaaak, hello,
<chillage> we with kazaaak have issue, paste kazaaak it
<Kazaaak> sudo ufw status
<Kazaaak> WARN: uid is 0 but `/usr` is owned by 4011
<Kazaaak> WARN: /usr is group writable!
<chillage> what's here is wrong?
<sarnold> namei -l /usr
<teward> Kazaaak: chillage: what's the output of the command sarnold said?
<teward> because those errors indicate something went crazy on your system and changed permissions in a non-safe way
<chillage> we see teward, wait little bit, kazaaak will paste
<Kazaaak> root@vnc:/home/appbox# namei -l /usr
<Kazaaak> f: /usr
<Kazaaak> drwxr-xr-x root root /
<Kazaaak> drwxrwxr-x 4011 4011 usr
<Kazaaak> root@vnc:/home/appbox#
<sarnold> ouch.
<sarnold> something screwed up *badly*
<teward> owchies.
<teward> what sarnold said
<teward> ***THERE BE DEMONS IN THESE WATERS!***
<teward> *shot*
<chillage> sorry, my friend paste in channel not in pastebin? or whats wrong with system?
<teward> chillage: no, we're commenting about the permissions
<sarnold> chillage: something is wrong with your system. *something* running as root did something terribly stupid.
<teward> let me guess: this is the appbox werver you were asking questions on about a few days or so ago?
<sarnold> chillage: the usual problem is someone unpacking a tarball into / while root without knowing what the heck they're doing, but it could just be terrible software too.
<sarnold> chillage: the worst part of this problem is that there's no clear way to know just how bad things are. maybe it's literally this one directory in which case the fix is five seconds of work. or maybe a *huge* number of files and directories have had their permissions set incorrectly.. in which case it's easier to resintall
<chillage> yes, teward few days ago abuot appbox
<sarnold> chillage,Kazaaak, pastebin ls -l /usr output, lets see just how bad this thing is..
<sarnold> I *really* wish we had something like mtree to notice these problems ;(
<teward> sarnold: full system auditing :P
<teward> audit all the permission changes :P
<chillage> sarnold, and how i can fix it if problem is only /usr ?
<sarnold> teward: heh, also a good idea. then we'd know what to shoot ;)
<teward> sarnold: what... or *who*... to shoot :p
<Kazaaak> https://pastebin.com/n4N9tpa1
<sarnold> OUCH
<sarnold> I've got to run
<teward> ERROR666 Nuke It From Orbit
<sarnold> but this one's bad enough that you might want to consider a reinstall
<teward> Kazaaak: chillage: I'm in agreement with sarnold
<sarnold> lunch time here :) have fun
<teward> a reinstall would probably fix things, you're going down a rabbit hole of hell if you try and fix this manually
<chillage> understand, then thanks for help, guys:) we try reinstall it..
<Goop> Hey, I am interested in doing a couple of things, and I am too cheap (and cannot afford) to get G-suite (Google) or Microsoft products for my sort-of company. I have a Linux server I am currently running and wanted to know what you guys recommend for software for creating new users for a company?
<blackflow> useradd
<Goop> I mean, like one where I can type in a user into a system, which includes user first name, last name, title, password, phone number, address, etc. etc., which then creates a user account for everything else that the company needs the person to use.
<blackflow> Goop: that's a very very broad use case. Users are usually application specific. Like, user account "to what".
<Ussat> you can always script your own solution to do that , but useradd
<blackflow> otherwise sounds like LDAP, come to think of it
<cryptodan_mobile> Sounds like single sign on via pki cert
<rbasak> ahasenack: one for you perhaps: https://www.reddit.com/r/Ubuntu/comments/9usqau/livepatch_isnt_shown_as_enabled_in_motd/
<rbasak> Though it's offtopic there really.
<sarnold> Goop: take a look at /usr/local/sbin/adduser.local in adduser(8)
<Goop> sarnold, blackflow so what I haven't done too much with LDAP/OAuth/SingleSignOn, but I need something where I can have a graphical (web) interface where I can add new *people* to a company. When I submit adding a new *person* to said piece of software, I want it to setup their users across all the systems we use.
<cryptodan_mobile> Goop then you want pki but with that the users will need to request access
<blackflow> Need help understanding MOTD. on login I see it displayed on a server installed from server ISO. But none of the debootstrap'ed installations (with ubuntu-minimal as base) do that. Both, however, have the login pam module, and both have libpam-systemd.
<sarnold> how about pam_motd.so ? is that configured in your /etc/pam.d/ ?
<rbasak> blackflow: compare /etc/update-motd.d/ and use dpkg -S to find out which packages ship things in there.
<blackflow> I also see differences in what appears to be session  management. The server that does display motd, shows logging by logind starting a sessio and user slice being created. not so on the server without motd
<blackflow> rbasak: I have, but I don't see anything obvious. I think I need to find what creates /run/motd.dynamic
<rbasak> update-motd
<blackflow> its' not listed by apt file so it's not somethign installed by packages, and grepping for that in /etc/update-motd.d/ shows nothing
<sarnold> motd-news.timer
<blackflow> rbasak: no, update-motd is for manual invocation of /etc/update-motd.d/50-motd-news.   at any rate, the server that DOES show motd, does not have update-motd installed
<blackflow> motd-news.timer only starts the 50-motd-news script, I tried that...
<blackflow> I tellsya, MYSTERY.
<sarnold> hmm
<rbasak> Install ubuntu-server^ and I bet you'll get the same behaviour.
<blackflow> I did, I did not :)
<sarnold> I know every time I look into this it's a lot more complicated than I'd expect :) heh
<blackflow> I installed ubuntu-standard and ubuntu-server metapackages, it pulled in a megaton of stuff, but that didn't change anything.
<blackflow> sarnold: it'sa  black box of black magick, mystery, spiritualism and international politics, all combined into one.
<sarnold> lol
<blackflow> I know.... I'll chattr /run/motd.dnymic and see what complains about not being able to update it
<blackflow> ho-humm.... wait.... can I use tmpfiles to do that? I mean that's /run/ so.... tmpfs...
<rbasak> update-motd is for all of /etc/update-motd.d/
#ubuntu-server 2018-11-07
<blackflow> but it's not installed, even on the server that does create /run/motd.dynamic. that'st he key here, what creates that file
<rbasak> pam_motd creates it
<blackflow> 50-motd-news is apparently creating /var/cache/motd-news, but not /run/motd.dynamic. both are straight files, not a symlink or something
<rbasak> From /etc/pam.d/login and /etc/pam.d/sshd
<blackflow> no it doesn't _create_ it
<rbasak> See pam_motd(8)
<blackflow> it _displays_ existing file, doesnt' trigger its creation
<rbasak> No. Read the man page.
<rbasak> noupdate: Don't run the scripts in /etc/update-motd.d to refresh the motd file.
<rbasak> IOW, don't specify that, and it will update.
<blackflow> the server that has /run/motd.dynamic has that too
<blackflow> so it's not it
<blackflow> do I need anything special after changing a pam.d/ config? restart something?
<sarnold> I think those changes are picked up by services without restarts
<blackflow> welp that didn't change anything. I removed "noupdate" both from login and sshd  pam.d modules. Still no /run/motd.dynamic and no MOTD on login via ssh.
<sarnold> try fatrace or perf trace or something similar? strace might not be fantastic ..
<blackflow> trace what?
<sarnold> whichever service you're using for testing
<blackflow> I'm logging in via ssh
<cryptodan_mobile> Wouldnt motd go in /etc
<blackflow> on the server installed from server ISO I get motd. On the server I installed from debootstrap, I don't.
<rbasak> Are you using -Snone?
<blackflow> and I tried forcign a static motd even, not /run/motd.dynamic,  it doesn't show
<rbasak> Check "sudo login -f root"
<blackflow> that shows the motd yes
<blackflow> (twice, even)
<rbasak> What about -Snone?
<blackflow> what is -Snone ?
<rbasak> To ssh
<rbasak> To make sure you aren't sharing an existing connection
<sarnold> hahahahaha
<sarnold> oh man
<blackflow> there's no other connection and yeah I tried just with -Snone (on the client side), still no motd.
<rbasak> You messed with your PAM configuration, didn't you?
<rbasak> For ssh but not for login?
<blackflow> I also don't have that local ~/.hushwhatever   file
<blackflow> rbasak: just now to force a static /etc/motd since default configured /run/motd.dynamic   doesn't exist
<blackflow> I touched nothing else in pam config
 * rbasak shrugs
<rbasak> If it works for login but not ssh it's either in your PAM configuration or in sshd configuration most likely.
<rbasak> Or how you're using ssh.
<blackflow> Oh I see. Yes it's in sshd config
<blackflow> UsePAM no
<blackflow> yay, motd!
<blackflow> thanks. herp derps like this one are impossible to solve without external input. I went through entire config tempalte twice, didn't see it until now.
<sarnold> nice find with UsePAM no.. I certainlywouldn't have stumbled on that quickly :)
<sarnold> .. similarly to the -Snone, I probably wouldn't have thought of that, either.
<cryptodan_mobile> blackflow: https://www.tecmint.com/protect-ssh-logins-with-ssh-motd-banner-messages/
<rbasak> People trying ssh for unauthorised access use scripts and will never see a threatening motd. As if that would stop them anyway.
<blackflow> heh
<blackflow> k I got my static motd, now to solve the no dynamic motd.... reboot again, changing pam.d/* doesn't change anything (still uses static motd). restarted ssh.service even.
<rbasak> I suggest you start by removing all your customisations and then add them bit by bit.
<blackflow> rbasak: there aren't any for pam.d/* or /update-motd.d/*  . Now I can get a static /etc/motd displayed, but if I remove it and switch back pam.d/{login,sshd} to using /run/motd.dynamic (and drop the noupdate flag), I don't get any motd.
<blackflow> the part I don't understand is where does /run/motd.dynamic come from. /etc/update-motd.d/50-motd-news is writing to /var/cache/motd-news
<blackflow> hmm... /var/cache/motd.news is just _part_ of entire motd which shows disk usage, memory,  updates...... now I'm intrigued, what is creating that?
<blackflow> okay, update-motd(5) explains how /run/motd.dynamic is constructed, but it states it's done by update-motd!  that package is NOT installed, and the manapage is part of libpam-modules package. wth is this witchcraft! :)
<blackflow> installed update-motd package.  now I have /run/motd (as a straight file) but still no /run/motd.dynamic    LOL?
<blackflow> okay update-motd is red herring, it just sources all the scripts in /etc/update-motd.d/   and outputs to /run/motd   (but not /run/motd.dynamic)
<cryptodan_mobile> blackflow: did you read my link
<blackflow> I skimmed through it
<blackflow> there's a serious disconnect here between sanity, consistency, manpages and what's actually going on :)
<blackflow> I think something is wrong with systemd/session/sshd/pam integration in this server that was debootstrap'd. libpam-sytemd IS installed tho'. Thing is, unlike on the server that DOES show dynamic motd, this server does not seem to log same entries of User slice creation
<blackflow> I think that's it, pam_motd(8) manapge states it's a session module type.
<blackflow> hrm....... one forced reinstall of libpam-systemd and one reboot later it appears to be working now.
<blackflow> I'm sure dpkg showed libpam-systemd installed, and I'm sure I rebooted.... a ton of times since enabling PAM for sshd....
<blackflow> rbasak: sarnold: thanks for suggestions!
<sarnold> blackflow: are you all sorted? or just sick of it for the day? :) heh
<blackflow> sarnold: sorted, I got it working. Now I'll disable it because it's friggin annoying, but the point was to understand how it works. :)
<Goop> cryptodan_mobile, sarnold, blackflow I think I'm going to try Keycloaker. Only thing is that I have never really used docker before.
<sarnold> blackflow: hahahaha <3 that's awesome :)
<Goop> Keycloak, sorry.
<sarnold> Goop: ooh. it looks neat.
<blackflow> sarnold: it started with people complaining that it uses bit.ly links and I was like "Wait, I don't have that at all"... so naturally, me hating blackboxes, I had to get into that and figure out why I wasn't getting it. UsePAM no. Part of my sshd_config template for years.
<sarnold> blackflow: do you recall why you set usepam no in the first place?
<blackflow> (and there was some derp with this particular machine as reinstallation of libpam-systemd fixed it -- I managed to replicate and confirm by removing the package and reinstalling, UsePAM it is)
<blackflow> sarnold: not really, it was long time ago
<sarnold> I've got memories of setting it once upon a time too, back when it was first introduced..
<sarnold> probably under the "pam looks complicated and underdocumented" gripe :)
<blackflow> I think it's really jsut about it not being needed on my machines back then and for reasons of simplicitly and less moving parts, I disabled it.
<blackflow> Truth be told.... I still don't need it, lol. :) it's jsut that now I understand fully the relationship between ssh, pam and motd.
<blackflow> sarnold: yah that'd be the same gripe that got me disabling it :)
<sarnold> blackflow: quick, write it down, before you forget it all again, like me :)
<blackflow> did, added a comment in my standard sshd_config template :)
<sarnold> :D
<blackflow> and speaking of bit.ly complaints (like bug #1789850) .... I saw http://ubu.one/  shortened link in today's motd. why not use that?
<ubottu> bug 1789850 in update-motd (Ubuntu) "Advertising in the MOTD" [Undecided,Confirmed] https://launchpad.net/bugs/1789850
<sarnold> that's just another name for bitly iirc
<blackflow> what is?  ubu.one is owned by canonical, bit.ly is..... LYbian Telecom.
<mybalzitch> I'm never clicking on another bit.ly link
<sarnold> host ubu.one --> 67.199.248.12 ; whois 67.199.248.12 | grep Organization --> Bitly Inc (BITLY)
<blackflow> huh, the plot thickens!
<blackflow> there's still that lybian telecom in the play and that's why people dislike it. using just ubu.one would aleviate that.
<Glorfindel> blackflow: using ubu.one will not alleviate that until canonical stops relying on bitly for their link shortening service :P
<blackflow> Glorfindel: which is what I sad. use ubu.one instead of bit.ly
<blackflow> *said
<mybalzitch> still bitly infrastructure
<Glorfindel> blackflow: but using ubu.one is still using bitly, like I just said
<sarnold> how on earth libya's telecom came up with such a useful service I'll never understand :)
<blackflow> the telco is registrar only here, bitly is a US company
<blackflow> I personally don't have an issue with it because it doesn't matter. gubermnts hijacking traffic via faek BGP, TLS CA security based *solely* on those CAs sayin "we swear we won't abuse".    shrug.
<blackflow> but I get it why someone would dislike .ly in their MOTD feeds.
<cpaelzer> good morning
<kstenerud> I've gotten myself stuck with dput. I uploaded a ppa but not to the right place, and I got a rejection email as a result. Now when I try to upload to the right place:
<kstenerud> $ dput ppa:kstenerud/xenial-tomcat-resource-names-1606331 tomcat8_8.0.32-1ubuntu1.9_source.changes
<kstenerud> Package has already been uploaded to ppa on ppa.launchpad.net
<kstenerud> Nothing more to do for tomcat8_8.0.32-1ubuntu1.9_source.changes
<DK2> im wanting to apt-get upgrade my mailserver: https://paste.ee/p/6h6P4
<DK2> im a bit afraid because it says: following new packages will be installed: dovecot-core {..} etc.
<DK2> however they will also be upgraded
<DK2> is smth broken here?
<ahasenack> good morning
<ahasenack> rbasak: cpaelzer what shall I do when there have been other seed changes besides the one I did for server? They are surfacing when I re-generate the ubuntu-meta pacakges: https://pastebin.ubuntu.com/p/7VKt2zzWsh/
<ahasenack> (d/changelog automatically updated by the update script)
<xnox> ahasenack, that debdiff looks incomplete. first upload to new series must also include updates to update.cfg to switch to the new series.
<xnox> ahasenack, cause you want this for disco, right?!
<ahasenack> yes, I did update and commit update.cfg in the git branch, I just didn't update d/changelog with it. It's my first run ever of that script and I didn't know all that it would do
<xnox> ahasenack, e.g. see the end of http://launchpadlibrarian.net/370085872/ubuntu-meta_1.417_1.418.diff.gz
<xnox> ahasenack, well, you should paste complete debdiff then =) and you should mention that you are switching to new series.
<ahasenack> sure
<xnox> (in debian/changelog that is)
<ahasenack> I was specifically asking about the results of the update script, which showed to be there are other seed changes
<ahasenack> i.e., others made seed changes and didn't update the ubuntu-meta package (yet?)
<ahasenack> I should probably wait for disco to be opened
<cpaelzer> ahasenack: it is usually fine and correct to pick those changes up
<cpaelzer> ahasenack: the question is more why they ahve not yet been picked up, but for disco the reason is clear if changes are recent
<ahasenack> yeah, I didn't check how recent
<ahasenack> but since the archive is still closed
<ahasenack> it's moot anyway
<ahasenack> I'll leave that card in the doing lane together with all the others (or TODO)
<rbasak> I think people generally leave ubuntu-meta updates to be batched.
<rbasak> (unless they want to see the results immediately)
<ahasenack> but there is no way to upload it with just your changes, right
<ahasenack> ignoring the other seed changes
<ahasenack> it's not how it's supposed to be done, I mena
<ahasenack> mean
<rbasak> Right
<shubjero> # timedatectl
<shubjero> Failed to create bus connection: No such file or directory
<shubjero> anyone see this before? just trying to use timedatectl on a vanilla ubuntu 16.04 server. no docker containers or anything going on...
<setuid> connect(3, {sa_family=AF_UNIX, sun_path="/run/dbus/system_bus_socket"}, 29) = 0
<openfire> shubjero: apt install dbus
<setuid> ^^ shubjero
<shubjero> it appears to be installed already
<shubjero> dbus:
<shubjero>   Installed: 1.10.6-1ubuntu3.3
<shubjero>   Candidate: 1.10.6-1ubuntu3.3
<openfire> Is it running?
<setuid> strace timedatectl
<setuid> See what it's failing on
<TJ-> shubjero: check /var/log/syslog - look for the dbus service starting, and any apparmor messages (especially DENYs)
<shubjero> https://paste.ubuntu.com/p/BvVBCX38tt/
<shubjero> yeah the service wont start and i dont see any apparmor about denying it
<TJ-> shubjero: you'd expect something like this https://paste.ubuntu.com/p/G3fCmQc2ns/
<openfire> "failed to create bus connection" generally implies that dbus either isn't installed or failed to start.
<TJ-> shubjero: does "/var/run/dbus/system_bus_socket" exist?
<openfire> You could just check dbus' service status via systemctl.
<shubjero> hmm yeah dbus isnt started and wont let me start it
<openfire> journalctl -u dbus |& curl -F c=@- https://ptpb.pw
<shubjero> https://paste.ubuntu.com/p/QCcK2t3tpX/
<openfire> Or that.
<openfire> Any error messages in 'journalctl -u dbus'?
<shubjero> no entries
<shubjero> i have a fleet of compute nodes and two of them are behaving this way.. so its nice to be able to compare working / not working
<shubjero> just not sure why these two are misbehaving :)
<TJ-> shubjero: maybe there's a dbus system-local.conf ?
<shubjero> TJ-: /var/run/dbus/system_bus_socket exists on systems where i dont have an issue, but not on the two systems that dont appear to be working properly
<shubjero> infact on the broken systems i dont even have /var/run/dbus
<TJ-> shubjero: right; that socket is created by the service to listen on. You need to deep-dive into the dbus service/config
<shubjero> yeah, fun
<shubjero> lol
<TJ-> shubjero: are the hosts supposed to be identical clones?
<shubjero> pretty much
<TJ-> which means "no" :D
<shubjero> haha well you know how things go
<shubjero> we try to manage configs with ansible so things should be changed and configured in the same way
<TJ-> shubjero: right, so can you do a diff of a good and bad system's /etc/dbus-1/ directories? maybe start with a simple 'md5sum' complare
<TJ-> shubjero: also /usr/share/dbus-1/
<TJ-> shubjero: as in "find /usr/share/dbus-1 /etc/dbus-1 -type f -exec md5sum {} \; "
<shubjero> apt-install --reinstall dbus
<shubjero> fixed :)
<shubjero> TJ-: thank you for your help & support :), cheers
<shubjero> and others :)
<smoser> rbasak: how do the 'Approved' branches get landed?
<rbasak> smoser: I merge and push manually. Then from master I grab the snap from the Jenkins nightly job and upload it.
<rbasak> smoser: I was planning to build a snap from the MPs I approved and do a bit of testing first.
<rbasak> (so using "Approved" as a holding place really)
<ahasenack> has anybody else seen this pattern in a cosmic server: https://pastebin.ubuntu.com/p/yHMdN8Dgxc/
<ahasenack> the stuck "mount" call
<ahasenack> it's in this line of code:
<ahasenack>     ext_partitions=$(mount | awk '$5 ~ /^ext(2|3|4)$/ { print $1 }')
<ahasenack> from, rather
<ahasenack> which I can call interactively just fine:
<ahasenack> root@duo:~# mount | awk '$5 ~ /^ext(2|3|4)$/ { print $1 }'
<ahasenack>  /dev/sdb2
<sarnold> ahasenack: try mounting an nfs server and then take away the nfs server
<ahasenack> but it's in R state
<ahasenack> not D
<sarnold> oh. good point.
<sarnold> how'd it get stuck there? :)
<ahasenack> fd 0 is /dev/null, 1 is pipe, 2 is /dev/null
<sarnold> do you have one *currently* stuck?
<ahasenack> yes
<sarnold> YES
<ahasenack> it's that pastebin
<ahasenack> using 100% cpu
<sarnold> strace it?
<sarnold> what syscalls is this stupid thing doing? :)
<ahasenack> shows nothing
<ahasenack> root@duo:~# strace -f -p 6395
<ahasenack> strace: Process 6395 attached
<ahasenack> (stuck)
<sarnold> neat. not at all what I expected.
<sarnold> ltrace?
<ahasenack> and ctrl-c doesn't kill strace
<ahasenack> I have to ctrl-z and do some kill %1
<sarnold> hah. that sure smells like hung NFS..
<sarnold> but again, R. you've got a crazy problem there :)
<ahasenack> ltrace is also silent
<sarnold> I bet that strace is still there?
<ahasenack> I killed it with -9
<ahasenack> and it died
<sarnold> okay, that feels like a good sign
<ahasenack> I can probably kill that mount in the same way
<sarnold> don't :)
<sarnold> perf top?
<ahasenack> I've seen it a few times already, I don't think it will be hard to reproduce
<ahasenack> what's perf top?
<ahasenack> from linux-tools-common?
<sarnold> ahasenack: yes
<sarnold> ahasenack: here's my favourite perf guide http://www.brendangregg.com/perf.html#OneLiners
<sarnold> perf top is just the easiest thing to recall off the top of my head :)
<ahasenack> sarnold: what it is showing: https://pastebin.ubuntu.com/p/HBsbSDHRCy/
<sarnold> ahasenack: hrm. I expected it to be spining in userspace.. since strace didn't show an *entry* into a syscall, I assumed it wasn't *in* the kernel. but that perf top output sure looks like something in the kernel is spinning madly
<ahasenack> https://pastebin.ubuntu.com/p/tbH4t2P2rF/ that's the mount process
<ahasenack> wonder what branches is
<sarnold> ifeq, ifneq, etc
<ahasenack> machine load is 1
#ubuntu-server 2018-11-08
<arooni> so this is my gparted... i want to move the unallocated space under /dev/sda2 => /dev/sda1 (which is the boot and / partition)... but b/c they're on separate partitions i'm stuck.  (they are on the same physical drive though) https://imgur.com/a/Wo5bJ6b
<arooni> asked in #ubuntu didnt really get any help
<vlt> arooni: What did you ask there?
<lordievader> Good morning
<lordievader> arooni: You  can... but it will be a long and complex process.
<lordievader> First you move sda5 and sda6 to the beginning of sda2.
<lordievader> Then you shrink sda2 to the space of sda5 and sda6.
<lordievader> Then you move sda2 to the end of the drive (moving the unallocated space between sda1 and sda2).
<lordievader> Then you extend sda1.
<lordievader> IMO, it ain't worth it. I'd make a backup and reinstall with LVM. With LVM you don't have  these problems.
<maswan> hm. the official guide seems to suggest that ubuntu can run on 256MiB VMs, but I have automatic updates failing here on a 512MiB host due to dpkg OOM:ing after eating >200MiB ram. Is this expected (and documentation should be updated), or dpkg/foo-issue?
<vlt> maswan: 256 MB plus swap could work.
<maswan> ah, if I click through I get 512/1G recommended
<maswan> hm. I do have 512M of swap too, but it doesn't seem to use it
<maswan> ah
<maswan> vm.swappiness = 0
<maswan> (so, mostly ignore, I'll work on figuring out why it had a different vm.swappiness setting (from boot?) compared to what I get when I run sysctl -p --system...)
<mrtAkdeniz> Hey there
<mrtAkdeniz> I'm trying to install xserver org and Nvidia drivers to ubuntu server
<mrtAkdeniz> But seems like I'm having trouble
<mrtAkdeniz> https://gist.github.com/iquad/f937d8ead854ce206a447dc4896da23d here is the issue
<blackflow> apt install patience
<smoser> o/
<rbasak> o/
<Ussat> blackflow, I need to install that on my Director :)
<rbasak> smoser so the bits I care more about right now are more unit-type tests for git ubuntu build's changelogify and quiltify type functionality (that's horribly broken right now)
<smoser> i hadnt looked at/seen the source_builder
<rbasak> I'm keen not to block actual progress.
<smoser> but i'm fien to try to add tests that way. i agree we need more coverage there.
<rbasak> It'll probably need some refactoring to make things more testable.
<smoser> we are still in the scenario where we have to very carefully gate entry to trunk/edge ?
<rbasak> And I'm happy for that to happen provided that it's being done directly for testability
<rbasak> For "build"? I think so.
<smoser> rather than just being reasonably careful with trunk/edge and allowing testing there before stable
<smoser> ie,m why do we have 4 channels if they have all the same promises
<rbasak> Perhaps I should be more revert-happy
<rbasak> Especially for build
<FastZ> I built a small file server for home use some time back using Ubuntu Server and at the time, only put in a single HDD. I will be cannibalizing another of my computers and want to move the HDD from that one to the Ubuntu server (hdd is same make/model/size) and set up a RAID array to add some redundancy there.
<FastZ> Is this possible to do without having to reinstall Ubuntu on the server or must I configure RAID on the two disks during a reinstallation?
<FastZ> the server is running on an old Dell Optiplex 380 fwiw, so no RAID controller to work with.
<sdeziel> FastZ: that's probably doable but would be an interesting challenge
<sdeziel> FastZ: in other words, I'd try only if you: 1) have the time, 2) have the interest to learn it and most importantly 3) have known good/tested backups
<FastZ> yeah, i wonder if it would be worth the trouble honestly.
<FastZ> to try and set it up without reinstalling the OS that is.
<jlacroix> Hello everyone. I've Googled for this and can't seem to find a solution. (Maybe my search skills suck.) I have an older Poweredge server with an iDrac card. The web console of the iDrac card works great. The console requires Java, and I can't seem to get that to work. Is there something I'm missing? I think most browsers don't seem to support Java anymore.
<FastZ> there's a setting on the main page of the idra web interface that you should be able to use to configure the console to use HTML5.
<FastZ> On the idrac page, to the right of the console thumbnail, the settings link I believe it is
<jlacroix> Thanks FastZ, I will try that. It's a Powerdge T410 if that matters, from 2009 or so, I believe
<FastZ> oh, i can only vouche that this option is present for idrac6 or 7 and above. I think the oldest idracs we have at work at 6, but can't recall if they have the HTML5 option there or not. I know 7 and up do though.
<jlacroix> Thats good to know, I will check that when I'm back home
<blackflow> Ussat: heh :)
<hateball> jlacroix: If you use Chrome there is https://chrome.google.com/webstore/detail/cheerpj-applet-runner/bbmolahhldcbngedljfadjlognfaaein
<hateball> jlacroix: I've used it with... varying results
<jlacroix> Thanks hateball
<teward> rbasak: if you're around, do you have the ability to set a bug series approval on a bug for me?
<teward> ran into a partclone bug that is pretty nasty in Xenial environments when working with large disk imagews.
<teward> and the bug needs a series approval for Xenial
<rbasak> Yep
<rbasak> teward: did you have a bug number for me? :)
<teward> rbasak: disregard, hggdh is helping in -bugs
<hggdh> done
<teward> hggdh: thanks
<rkantos> How should I be able to omit the default route when using dhcp-client? I'm having the same issues as here https://unix.stackexchange.com/questions/397368/prevent-eth0-from-adding-default-route
<blackflow> rkantos: via /etc/dhcp/dhclient.conf I reckon
<blackflow> ah yes, as the first answer in that SO post suggested.
<teward> cyphermox: is there a way with netplan to get a DHCP IP address but override other bits like DNS server so that DHCP doesn't set them?
<teward> is it as simple as setting those bits while leaving dhcp4 enabled to true?
<rkantos> teward: I asked about this @ #netplan, and also tried it.. no success
<rkantos> I think the dhcp4: yes still makes the dhclient work based on it's config, and thus just do the default stuff
<openfire> There's a reason why I just use systemd.
<openfire> With networkd, it's trivial.
<blackflow> indeedy.
<rkantos> openfire: What do you mean? I should make my own network startup script? :S
<openfire> What? All netplan does is create config files for systemd-networkd.
<openfire> rkantos: You could easily copy the runtime files from /run/systemd/network to /etc/systemd/network, remove /etc/netplan/*, and customize the .network file corresponding to the interface you want to edit.
<openfire> networkd is quite simple to configure, I'll gladly help.
<rkantos> I think the issue is not with networkd though, but isc-dhclient
<rkantos> isc-dhcp-client rather / dhclient *
<cyphermox> teward: not yet, but there's code in master to do that
<openfire> rkantos: I'm saying that you're going about this the hard way, if your goal is to ignore a DHCP gateway.
<rkantos> openfire: oh you mean I should just delete the route after dhclient runs??
<teward> cyphermox: ack.  thought that might be the case.  i have individual overrides in my DHCP for servers that don't need to inherit the rest of the DHCP scope configs, but thought I'd ask anyways.
<openfire> rkantos: ... No.
<cyphermox> rkantos: what does your dhcp is networkd.
<openfire> rkantos: You're using netplan, right?
<teward> cyphermox: thanks for the info :)
<rkantos> openfire: yes
<teward> rkantos: (cyphermox is netplan god by the way... it's why I pinged them directly with my question heh)
<openfire> rkantos: That means you're using networkd. netplan CANNOT generate the correct configuration to ignore a route, it does not have this capability.
<cyphermox> ^ that
<openfire> Along with IPv6 tokens, privacy extensions, etc.
<cyphermox> at least not yet, as I pointed out, that's in master, but not released yet
<openfire> The EASIEST solution is to skip the netplan middleman, directly configure systemd.
<openfire> systemd-networkd, specifically.
<openfire> It's absolutely trivial to do this if you're using networkd directly.
<openfire> Two lines.
<rkantos> openfire: yeah, no I joined #netplan too..
<openfire> Okay?
<rkantos> But I wasn't using netplan to configure the dhcp server, since the only thing I want to achieve is sending the hostname to the dhcp-server..
<rkantos> So netplan wasn't causing "my issue"
<openfire> 11:39 <rkantos> How should I be able to omit the default route when using dhcp-client? I'm having the same issues as here https://unix.stackexchange.com/questions/397368/prevent-eth0-from-adding-default-route
<openfire> That was your original question.
<cyphermox> rkantos: the point openfire is trying to make is that you can do this by configuring the client in networkd directly
<openfire> Your hostname question is also trivial under networkd.
<rkantos> openfire: I thought that it would lead me to a solution since it wasn't using netplan either, though
<openfire> What?
<rkantos> and in the comment you can see he had the same issue with dhclient, where changes in config didn't change the behaviour
<rkantos> (changes in dhclient.conf)
<openfire> Because networkd is controlling the interface, yes.
<openfire> So... The fix must be made using networkd.
<rkantos> But, sure, I am open to networkd suggestions
<openfire> I don't really know what I keep having to argue this point...
<openfire> s/what/why/
<openfire> You're using networkd. Use networkd to resolve your issues. Mucking with random config files is NOT the best option.
<rkantos> I believe you.
<openfire> Anyway!
<openfire> How many interfaces do you have on the system in question?
<blackflow> Ideally use networkd directly as it's all configurable in the one .network file for your connection. UseRoutes directive, see systemd.networ
<openfire> Exactly.
<blackflow> ... damn enter.  systemd.network manpage
<openfire> I don't use netplan.
<rkantos> openfire: one or two, but of course mainly looking for the solution to the two if version
<openfire> rkantos: So, I think the answer I'm after is 'two.'
<openfire> rkantos: I'm assuming both are DHCP configured, but ONE should ignore the gateway.
<rkantos> openfire: no, the LAN is static
<blackflow> (or both but you set routes manually)
<openfire> rkantos: Okay, give me a brief synopsis of how both interfaces should be configured.
<rkantos> Bottom line is I want my router to just know the hostname of a static client without having to configure it to it on it, but instead just use dhcp to send the hostname to it. I don't want dhcp setting the routes again.
<openfire> This, my friends, is called an XY problem. So your issue is that you have a DHCP server on a router, you want it to send the hostname to the client.
<openfire> But only the hostname, not a default gateway, for some reason.
<openfire> Why not a default gateway?
<rkantos> openfire: no, I want the hostname from client to router
<openfire> rkantos: For DNS purposes?
<rkantos> yes
<openfire> Then none of what you're using is right.
<rkantos> :D
<blackflow> wait... if the lan is static.... why not.... just put that hostname+ip config in the DNS resolver for your LAN.... STATICally....
<openfire> DNS and DHCP are separate processes. You'll have to work up some mechanism to have the DHCP service tell the DNS service.
<openfire> blackflow: XY problem at its finest.
<blackflow> indeed.
<blackflow> the ugly cousin of Yak Shave.
<rkantos> I want to keep it "simple" and not change stuff on my router when I create a new vm on my proxmox, basically
<openfire> And what OS is your router?
<rkantos> Tomato
<openfire> Then the issue is still solvable on the client.
<openfire> Now, why DON'T you want DHCP to give out a default route, exactly?
<rkantos> because I don't necessarily want the client to use internet through the lan
<openfire> Sooo... Firewall rules?
<blackflow> sounds like you need a whole router+dns setup straight under your control, with that existing router being just an upstram node on the WAN/LAN boundary
<openfire> Because, in general, one does not control client access ON the client.
<openfire> ip route add BYEEEEE
<rkantos> blackflow: yeah, sure I thought about that, but really don't see why I'd really like/need it at this point
<rkantos> So I want hostnames to work in my lan(s) under the Tomato router without setting up a whole DNS, and not having to config the static ips on the router every time
<rkantos> I thought I would just be able to send the hostname with dhclient; Apparrently not that simple ( I understand if it is not a desired result, thus why it is difficult)
<blackflow> then just use dhcp for everything.
<blackflow> sending DHCP client hostnames up to DHCP servers is part of DHCP and afaik every client implementation can do that.
<rkantos> It doesn't achieve not having to configure the router everytime :D
<blackflow> with networkd you can do it with SendHostname directive, see systemd.network(5) manpage.   dhclient has send-hostname option but I think we established that dhclient is just a XY redherring here
<theGoat> so i want to use dd to clone a drive, is there a flag i can throw at it to only do used space on the drive
<blackflow> so allow dhcp to dish out IPs, sethostnames, let it be the LAN's resolver. on specific clients that shouldn't use the default route, you simply configure the default route manually, with everything else the same, dhcp based.
<blackflow> s/allow dhcp/allow the router/
<blackflow> theGoat: no. block base has no concept of "used space", that's filesystem, one level above.
<openfire> theGoat: dd has no concept of filesystems, so it has no concept of used vs empty. You could consider rsync.
<rkantos> blackflow: But doesn't that mean I need to configure every vms static ip on the router everytime?
<blackflow> rkantos: no. routers/dhcp-servers have the ability to integrate with DNS resolvers
<blackflow> so your clients send out the desired hostname and the dhcp assigns the IP for it and tells to the DNS resolver the combination of hostname + ip
<blackflow> router applianes are probably working like that by default.
<blackflow> *appliances
<rkantos> Hmm, ok.. I guess this is a question to Proxmox.. But since Proxmox manages the networkd configuration (in addition to additional Netplan config); Where can I put the SendHostname config other than proxmox's generated config?
<blackflow> I don't know what and how Proxmos does anything, sorry. SendHostname is for systemd-networkd, namely the confg option of a .network unit for a connection.
<blackflow> *Proxmox
<rkantos> yeah, eth0.network reads: Description = Interface eth0 autoconfigured by PVE
<rkantos> It is nuked at every reboot, obviously
<blackflow> rkantos: does proxmox even allow dhcp for VMs? I found some older forum posts that say Nope.
<blackflow> see, thing with virtualization (again, I don't know how/what Proxmox does specifically, but in general and say with qemu-kvm) is this. on the host side you have a bridge and every VM gets a virtual NIC on it. That's just virtualized hardware. then the VM's own operating system must have a dhcp client that deals with its own networking.
<rkantos> The options are there in 5.x at least, and they work
<blackflow> so then the SendHostname question is for VM guest OS and its config.
<rkantos> yeah, i know.. But it won't work with the default eth0.network config, as it gets wiped out by Proxmox at every reboot (for the lxc containers at least, have not tested with kvm, yet)
<blackflow> what won't work exactly? VMs have no clue what eth0.network is, on the host side. the only way host does is a bridge.
<blackflow> is Proxmox setting up jsut that? a bridge based on eth0?
<rkantos> I think with KVMs, it doesn't change the vms networkd config at all, as it does with LXC
<rkantos> blackflow: eth0 here is the name of the interface on the vm itself
<blackflow> wait wait wait. Is this virtualization or containerization? some people use "virtualization" for _both_ and it is completely wrong.
<rkantos> blackflow: LXC, so I guess containerization
<blackflow> the difference being that in a VM, you only, ONLY, get virtualized hardware and your "guest" VM OS needs a kernel to deal with it.
<rkantos> yeah
<blackflow> containers are namespaces and thus share the host's kernel, IPC, networking, etc..... yuge difference.
<plm> Hi all
<blackflow> unfortunately I have very little experience with containers and network namespaces, so I'm not sure I can help with that specific issue there. afaik individual containers _can_ have their own dhcp clients becasue the network is namespaced -- if set up that way of course, so it could still be the same solution -- individual dhcp clients in containers.
<rkantos> blackflow: yeah, I think it works close enough it has no difference, it has it's own MAC etc, vlans work without issues etc.. The problem is just that the networkd configuration is also managed by Proxmox, so I cannot change the default .network -config.. That was the main reason why I was trying to make dhclient "stupid" (send only the hostname)
<blackflow> rkantos: at this point I belive this is very proxmox specific issue.
<rkantos> blackflow: well yes of course, since apparretly dhclient / netplan won't work the way I thought or wanted. Already making noise on their irc-channel :P
<blackflow> my personal dislike for netplan aside, I believe you should disable it in that setup, unless proxmox is using it directly. but note, netplan is JUST config abstractor. the actual management is done by a backend, networkd probably (because the only ohter supported atm is NM)
<blackflow> because too many layers can only mean huge mess and you know.... too many cooks spoil the broth.
<rkantos> Hmm.. Now that I think about it.. How can I configure additional network configuration a bit like netplan? The Netplan configuration works (and thus coexists) as it creates a route to a 2nd lan I have..
<blackflow> netplan is just abstractor. take a look at .network unit it creates, copy it and modify.
<rkantos> can I just create a 1-eth0.network config with additional config? netplan seems to have a /run/systemd/network/10-netplan-eth0.network file on the vm
<rkantos> Proxmox generated config is at /etc/systemd/network/eth0.network
<blackflow> you can name it as you want, but place it under /etc/systemd/nework. netplan does it under /run/.... because it's using systemd generators for run-time creation of networkd unit from the yaml based config.
<blackflow> sounds likea  conflict to me, if they're BOTH configuring for the same interface.
<blackflow> (cooks, broth...)
<rkantos> maybe this is the reason I need to be here.. As that seems like a solution
<rkantos> As I said, the netplan config seems to work though, as it creates the one route that I want.. Maybe I can add just the SendHostname in there somewhere too?
<rkantos> If I have just [DHCP] and SendHostname=true .. Will that do other default stuff or will I need to set false to all of them too?
<blackflow> not sure what you're asking. netplan doesn't have SendHostname directive, that's networkd. If it has another yaml config option for the same effect, I don't know.
<rkantos> blackflow: asking about networkd manual configuration... How should I name a file that networkd would read after eth0.network?
<blackflow> rkantos: "read after"? systemd units don't work like that based on filenames. you express before and after relationships in the units themselves
<blackflow> but yeah they are processed from disk, in lexical order
<rkantos> ok, I misunderstood the "lexical order" bit
<blackflow> I mean, if two files deal with the same interface, being processed in that order makes a difference. if that's what you were asking.    also same filenames replace each other ,  eg /etc/.../eth0.network replaces stuff under /run/.../eth0.network
<blackflow> wait, I _think_ etc has higher priority... lemme check
<blackflow> ah yes. /etc over /run over /lib.
<rkantos> yeah that's what I meant / thought
<rkantos> If I create config similar to netplan at /etc/systemd/network/1-eth0.network , it doesn't work like netplan did at /run/systemd/network/10-netplan-eth0.network
<rkantos> e.g. the routes that netplan had added to /run are not being applie from the file i created @ /etc
<openfire> Because the one in /etc overrides the one in /run.
<openfire> They're not additive.
<rkantos> Huh? Didn't I just say that the one in /run (the Netplan generated one) worked? :S
<openfire> No. And I'm tired of you not being clear about things, so I'm going to go do other things.
<ahasenack> rbasak: still around?
<rkantos> Ok, I appreciate the help
<ahasenack> rbasak: n/m, sorry for the ping :)
<rkantos> Is there a way to only send the hostname if I have this as the networkd config that unchangeable? https://pastebin.com/VeLPbBda
<blackflow> rkantos: no. DHCP = none means no dhcp. no dhcp = no hostname sent  via........ dhcp :)
<blackflow> rkantos: take the netplan generated .network from /run and stick that under /etc/...  and modify as you want. then disable netplan (remove any configs from /etc/netplan/)
<blackflow> rkantos: but _again_  if proxmox is managing the NIC, you shouldn't do additional configs like that. either leave it to proxmox or do it all manually and disable even proxmox from doing that.
<rkantos> Ok, though doing anything with Netplan doesn't change the issues with sending the hostname.. Again, this was why I thought I could just use dhclient.conf & dhclient to send only the host name. Oh well I guess I'll see if there is Proxmox stuff where I could disable the DHCP = none default
<blackflow> at which point why don't you leave the IP assignment to DHCP?
<bane500> hey guys, is it possible to have two bonds each using round robin
<bane500> using ifenslave
<rkantos> blackflow: I think the main reason is I don't want to run the Tomato router WebUi or SSH so that it can be accessed from the LAN.. I could instead add one physical port to it for management only. That would mean I would have to physically connect to the router everytime I want to add static IPs for the DHCP server.
<sdeziel> ahasenack: I've open some merge requests on Debian's salsa and haven't yet receive any ack. Do you know if I should open Debian bugs and link them to those MR?
<sdeziel> bane500: as in 4 NICs bundled in 2 bonds?
<ahasenack> sdeziel: maybe, yeah. I heard that by default salsa doesn't email the maintainers about new MRs, unless the maintainer explicitly chose to opt-in
<sdeziel> ahasenack: ah bummer, thanks!
<ahasenack> I had such a case once with krb5
<bane500> sdeziel: yeah
<sdeziel> bane500: each bond is independent so yes
<bane500> sdeziel: ah okay. I'm getting an error right now when i attempt to restart networking services. Only 1 bond is coming up, the other bond is erroring out stating 'waiting for a slave to join bond0'
<blackflow> rkantos: OR.... use DHCP normally, have the router dish out IPs and see if it works by adding names received via DHCP, to its DNS resolution pool.
<bane500> sdeziel: oh and also 'bond0: option mode: unable to set because the bond device has slavs'
<bane500> slaves*
<sdeziel> bane500: it's possible that you need to select the mode prior to having slaves joining
<sdeziel> bane500: my only setups using bonding are running 16.04 but it shouldn't matter much (except for no ifupdown on 18.04). Anyway, with those I have no problem using different xmit-hash-policy on separated bonds
<bane500> sdeziel: is it possible that I can only have 1 primary interface
<sdeziel> bane500: that would be active-passive mode, no?
<bane500> sdeziel: not sure.
<sdeziel> bane500: maybe this /etc/network/interfaces extract will help you: https://paste.ubuntu.com/p/vJCFN9Q2cK/
<sdeziel> bane500: I now realize I'm using the same mode on both, sorry for the misdirection
<bane500> hmmm
<bane500> sdeziel: here is the error i'm receiving: https://pastebin.com/PqAa1VFE
<rkantos> blackflow: yes, naturally that will work until I want a vm to use a second interface with a public ip using dhcp(e.g. dynamic public ip), unless I can use networkd to then remove the default route from the lan interface.
<blackflow> rkantos: you _can_ do that. it's only a question of _default_ confiugration vs individual configuration for a particular VM
<sdeziel> bane500: I just tested and I can flip my bond1 to "balance-rr 0" while keeping the bond0 as "802.3ad 4" so my claim is still valid, phew ;)
<bane500> hahaha
<sdeziel> bane500: how's your /e/n/interfaces file like?
<bane500> sdeziel: just pm'd it do you
<rkantos> blackflow: How would I achieve that then when taking the Proxmox forced config in to account (https://pastebin.com/VeLPbBda) ?
<blackflow> rkantos: I don't know how to work with Proxmox. that's why I mentioned earlier that this is a proxmox issue, not an ubuntu one.
<blackflow> but you _can_ have VMs default to regular DHCP networking and have individual VMs override route or whateve you wanna overide.... then again, are those VMs or containers.... :)
<rkantos> blackflow: Yes. I'm just thinking that since Netplan configuration can have an effect (and "coexist") to some level with the forced Proxmox config.. I could still do something with networkd - too.
<rkantos> blackflow: I'm using LXCs all the time. As I said previously, I think the KVMs wouldn't have this issue, because their addresses cannot be set from the Proxmox WebUI
<blackflow> again....... netplan is just configuration abstractor. it creates a .network unit file. if it manages the same NIC as proxmox that ALSO creates a .network unit file, you have conflict on several levels there.
<blackflow> if those are not virtual machines but containers, don't use the name "VM" for them please, you'll just confuse anyone trying to understand your problem.
<blackflow> container != VM. LXC != virtualization.
<rkantos> blackflow: ok
<rkantos> hmm... Maybe this could work! If I have the Netplan generated config modified by adding the "SendHostname under [DHCP]" and Proxmox / lxc forced configuration set to DHCP, no default route is set!
<blackflow> rkantos: why tho'. if proxmox is handling it, why have netplan in the game.
<blackflow> you need to adjust what proxmox does, or force a manual configuration (when then can be manual .network or netplan if you prefer it)
<rkantos> _Without_ the additional eth0 config (either manual or Netplan generated..) and dhcp enabled on the lxc, the default routes are set. I thought networkd would also set the routes when specifying some [DHCP] options. If it really works this way, then I can use Netplan to configure additional routes and just add a /etc/systemd/networkd/1-eth0.network with the [DHCP] SendHostname ! I think this is all
<rkantos> that I needed.
<blackflow> I have this feeling you've ignored everything said so far and keep pusing your initial conflicting configuration. well, good luck. ;)
<rkantos> blackflow: if it works with it, I'm satisfied. Netplan comes by default on the lxc templates that you can use with Proxmox, so I guess it cannot be all bad..
<rkantos> It seems now that if I set a "static ip" IP in Netplan / networkd, then just enable the Sendhostname and leave DHCP otherwise enabled (from Proxmox for the lxc); DHCP requests the IP configured and doesn't set default route! This is what I wanted. Too bad it is not possible to set an IP with DHCP from the Proxmox GUI.
<blackflow> you have two different networking managers competing to configure one NIC. even if it (coincidentally) works, the fact remains that you have two managers trying to configure one NIC independently.
<Ussat> ^^ THAT
<Ussat> you need to choose one
<blackflow> (and managers is wrong word, netplan doesn' tmanage anything, it creates a .network unit form yaml and then pings systemd-networkd to apply it)
<rkantos> I don't see it as a major issue if it works and the config that I would do would be exactly the same anyway. (well apart from Netplan not being able to configure the [DHCP]SendHostname)
<blackflow> reboot and you'll see :)
<blackflow> (after you've changed proxmox or netplan generated .network files, manually)
<rkantos> that's what I am doing when I'm testing it, constantly, along with flushing the routing table (ip route flush table main && reboot)
<blackflow> then you made the changes persisten through another .network unit?
<rkantos> blackflow: Ussat ok you're right :)
<rkantos> I'll just add a 2nd .network @ /etc with the "static ip" and [DHCP] and it works.. It seems to work.
#ubuntu-server 2018-11-09
<coreycb> jamespage: fyi we can drop the --no-py36 change I made to openstack-pkg-tools on the next sync
<coreycb> jamespage: it's not used now that python3.6 is not supported in disco
<DK2> is apt-get -f install safe to do?
<DK2> i have a broken package with now unmet depencdies and it recommends me to do -f install, however the package is rather critical
<rbasak> DK2: use --dry-run
<rbasak> DK2: and then you can decide for yourself based on what it proposes to do.
<RoyK> it's usually quite safe
<RoyK> it'll prompt you before doing anything bad
<rbasak> I think it'll attempt to rerun postinsts ("configure" unconfigured packages) without warning though.
<rbasak> That is usually safe, but perhaps there's a reason the system is broken in the first place which makes it unsafe in this particular case?
<Mr_Pan> hello i would like run a Backup Server on ubuntu 18.04 server... i have 5 PCs in network ..  suggest?
<vlt> Mr_Pan: What should this server do?
<Mr_Pan> vlt, backup server for network's machine (ubuntu)
<Mr_Pan> i would like something with web gui
<sdeziel> Mr_Pan: backuppc works quite well but the web ui is ... let's say dated ;)
<sdeziel> Mr_Pan: backuppc is in main which is always nice
<Mr_Pan> ok
<DK2> rbasak: well the package is dovecot-core so it should be to ok to even reconfigure it afterwards
<ahasenack> stgraber: hi, is "lxc stop -f" the equivalent of pulling the power cord? Or more like kill -TERM?
<jlacroix> Yesterday I asked about accessing idrac module in Ubuntu, it was suggested to use HTML5. It looks like my idrac6 is too old for HTML5 support unless I'm mistaken. Is there another way to access this console?
<stgraber> ahasenack: it's SIGKILL to all processes, which is a bit better than pulling the cord because the kernel is still doing its job of flushing/syncing data to disk
<ahasenack> stgraber: ok, thx
<jayjo> I can't `scp` from a server of mine because I'm getting a permission denied error (not due to the public key). I've attached the `namei` output here: https://bpaste.net/show/b2add2acef5c do I need to own all of the directories to scp?
<sdeziel> jayjo: I have to run, but you need "x" on all the dirs of the hierarchy so you are missing "x" on backups/
<jayjo> ok, thank you for your help, I'll adjust it now
#ubuntu-server 2018-11-10
<jayjo> is there anything wrong with a process that just sleeps instead of cron handling it? It is being managed by supervisord so it should handle failures, but is there any reason why this shouldn't be done?
<sarnold> it's perfectly fine
<JanC> jayjo: it should be fine as long as it doesn't leak memory, I guess...
<JanC> or suffers from significant memory fragmentation
<unshackled> anyone know how to stop ubuntu server from sleeping when a laptop lid gets closed?
<vlt> unshackled: Is X running?
<chillage> part #ubuntu-server
<teward> ugh FINALLY I can get back to work on nginx >.>
<teward> (upgraded my laptop from 16.04 -> 18.04 in place, which exploded, thankfully I had a full disk image of 16.04 so I could blast away the failed upgrade with clean 18.04 and restore data...)
<teward> (three days later and I finally have things working again >.<)
<panne> hi, i'm running ubuntu-server 14.04.5 on an UEFI system, with LVM on (dm-)RAID1. Now I want to install 18.04.1 besides the working installation (i.e. on another, dedicated LV), and switch to the new ubuntu server installation when everything's working fine. Now, my questions are a) is GRUB able to boot from a logical volume stacked on top of a dm-raid, without an extra boot partition? (Currently, my root is outside the LVM, just on RAID)
<panne> b) is it possible to put the EFI partition into a RAID too, without disturbing the UEFI?
<panne> and c) (or maybe it's belonging to b, too) can the UEFI firmware probably handle multiple EFI partitions on different hard disks?
<tomreyn> panne: dm-raid (proprietary hardware / fakeraid) or mdraid (software raid / intel fakeraid)?
<tomreyn> does the system currenlty boot in uefi mode? or CSM/legacy bios?
<tomreyn> ESP must remain a partition on a partitoned disk, intermediary layer such as software raid and lvm wont work since the firmware doesn't understnd those.
<panne> tomreyn: oh, uh... how do i tell? i think it's software raid (it's administrated via mdadm!), so probably mdraid? But the devices are named dm-##, for that i thought it would be dm-raid...
<tomreyn> you can have multiple ESPs on different disks, but the firmware will only use the first one it comes across 8but at least this allows for a manual failover scenario).
<panne> booting in uefi mode - don't think, the box has CSM at all (it's IBM System X server)
<tomreyn> what you manage with mdadm is md raid, not dm-raid
<panne> ah, ok
<tomreyn> you can have /boot on md raid-1, / on lvm2 on top of md raid-1.
<tomreyn> i *think* you can also have /boot on  lvm2 on top of md raid-1 but it can get finnicky.
<panne> dm is device mapper, i think? does md use dm? (because, the raid and lv devices have all symlinks in /dev/mapper/ ...)
<panne> i'm a little confused... ^^
<panne> tomreyn: do you have any hints where i could read more about grub, boot/root, lvm and mdraid interaction?
<panne> I'm reading through the grub mailing lists since almost 2 days, to find similar setups/problems, but ... not really helpful
<panne> (almost more confusing the more i read .)
<tomreyn> lvm uses device mapper and dmcrypt-luks does, but i think md does not.
<tomreyn> panne: arch wiki is often a good resource for reading up on pitfalls of custom configurations, ubuntu's wiki covers the scenarios the installers support, and sometimes more than those.
<panne> tomreyn: well, you're right - just looked again: the root fs is named md0, not dm-0; aand it's not in /dev/mapper/... Arch wiki, yes! I will have a look, thank you very much!
<tomreyn> you're welcome, good luck.
<tomreyn> panne: if you're unsure what layers you have right now, lsblk can usually point you in thw right direction.
<sevynos> Hi there. Anybody available to help me repair a server booting problem?
<sevynos> Anybody here at all?
<panne> sevynos: yes, with half an eye... ;)
<sevynos> lol, so I hope you don't need glasses on that half eye ;)
<panne> sevynos: what's your problem?
<sevynos> Are you good at boot and kernel issues?
<panne> well... ATM i've some questions about booting things myself, but tell your problem - if i'm not able to help, maybe someone other is
<panne> (and my problems are somewhat special, i do think .)
<tomreyn> i.e. don't ask to ask on irc.
<sevynos> I had a boot partition full issue. I tried to do a autoremove but it always failed because it had no room to work (so I guess).  So I manually removed unused kernels. After system was unable to boot. I used Boot repair with a live cd and it all messed up the system.
<panne> sevynos: with "manually removed", do you mean "rm" or "apt remove/purge"?
<sevynos> with dpkg
<tomreyn> 'boot repair' (not a supported utility here AFAIK) tends to do fail occasionally. chances are you now got an unbootable system and need to chroot from a live system to revive it.
<sevynos> That's what I want to do but i'm no expert at linux so I tried to find the procedure to follow without sucess
<tomreyn> before you do this you should probably try all kernel versions listed on grub's "advanced" submenu though, may still work and save you time.
<sevynos> boot repair messed up my grub. Now I only have two entries about EFI systems and none of them work
<tomreyn> https://askubuntu.com/questions/28099/how-to-restore-a-system-after-accidentally-removing-all-kernels
<sevynos> tomreyn: Thanks, I will look at that.
#ubuntu-server 2018-11-11
<sevynos> btw, is this procedure good for a lvm partition?
<tomreyn> sevynos: you'll need to enable any and all such intermediary layers from the live cd, too, as you would during the normal boot.
<tomreyn> i.e. assemble raid, 'open' full disk encryption, detect and activate existing LVM2 PVs, VGs, LVs
<sevynos> ok, I'll look at that. thanks
<tomreyn> basically thats pvscan + lvchange -ay YourVolumeGroupNameGoesHere
<Mr_Pan> loadmod sasl
<SSMAdmin> Hi all.  I try to motivate my fb-network to migrate to Mastodon. To make the transition as easy as possible for them, I offer a Mastodon installation where I want to integrate a LIVE SUPPORT CHAT APPLET. However, there is some Content Security Policy running in Mastodon that prevents me to run this javascript live support chat applet.  How do I change this so this applet can be allowed to run?
<zzarr_> Hello!
<zzarr_> I have installed ubuntu-server un a HP laptop (Probook 4330s)
<zzarr_> but it will not boot
<blackflow> zzarr_: can you elaborate? is there an error displayed?
<zzarr_> no, the computer says there's no bootable device
<zzarr_> it's a non-efi bios
<blackflow> zzarr_: did you choose wrong driver for GRUB installation?
<blackflow> I am assuming the USB stick booted fine, installer worked, but after reboot, it fails like this?
<zzarr_> no, there's only one, I used the entire disk
<blackflow> wrong *drive
<zzarr_> yes, the usb drive boots fine
<blackflow> zzarr_: and grub was installed to _disk_ not to a partition?
<zzarr_> yes
<zzarr_> it's server 18.04.1 I installed
<blackflow> zzarr_: can you boot into a rescue environment and pastebin partitioning summary on the drive? eg. the output of   parted /dev/sda unit mib print
<blackflow> from what you said I'm guessing maybe that computer has trouble with legacy (bios) boot or the installer was run under EFI and it installed EFI and you're trying legacy/BIOS boot
<zzarr_> yes
<zzarr_> there's no efi (no /boot/efi)
<blackflow> pastebin the output of that command, please
<zzarr_> I will
<zzarr_> https://pastebin.com/hKjbwjcB
<zzarr_> sorry that it took time, the network was not correctly setup
<blackflow> zzarr_: looks okay, so it doesn't make any sense, unless grub is not really installed on that drive.
<zzarr_> it should be, there was no error message while installing
<blackflow> zzarr_: from the rescue environment, you can mount and chroot into root (don't forget to bind-mount /proc, /sys and /dev into the chroot), and retry grub-install
<blackflow> assuming of course you checked the most obvious, like boot device in bios. Is it trying that SSD at all.
<zzarr_> yes
<zzarr_> I have had Ubuntu installed on the machine on that very drive earlier and it was booting just fine :)
<zzarr_> (Ubuntu Desktop)
<zzarr_> it installed just fine
<zzarr_> if it does not work, could I use another bootloader?
<blackflow> you shouldn't. grub is not an issue here, except maybe it not being installed properly.
<zzarr_> it says that it's installed correctly
<blackflow> there's no difference between ubuntu desktop and service in that part (and in general only difference is packages and configurations installed atop of ubuntu-minimal, grub and the kernel)
<blackflow> zzarr_: you tried it in a chroot?
<zzarr_> I know, but I installed Ubuntu desktop a while back
<zzarr_> you mean grub-install?
<blackflow> yes
<zzarr_> in that case yes
<blackflow> and rebooted, and it still doens't find the boot device?
<zzarr_> I bind-mounted /proc, /dev and /sys
<zzarr_> yes
<blackflow> try plugging that SSD into another machine and see if it boots there.
<blackflow> oh, wait, one more thing.... how old is that machine?
<zzarr_> 2011
<zzarr_> (I think)
<blackflow> is it possible that the bios can't read GPT?
<blackflow> previous Ubuntu (Desktop) versions by default installed with MBR scheme
<zzarr_> I guess so
<blackflow> frankly, I don't know if MBR is still used or not, I haven't run the default installer in Ubuntu for long time, I use debootstrap or manual partitioning (because FDE with external USB /boot)
<zzarr_> if I reinstall it' can I select MBR instead it GPT?
<blackflow> I don't know if there's an option. If ther isn't, you'll have to partition manually and then have the installer use existing partitions for the filesystem
<zzarr_> well, that would be an option
<zzarr_> I have to go soon, but, I'll try the installer and see if' there's a MBR option
<zzarr_> other whys I will debootstrap and make a manual install
<SSMAdmin> Hi all.  I try to motivate my fb-network to migrate to Mastodon. To make the transition as easy as possible for them, I offer a Mastodon installation where I want to integrate a LIVE SUPPORT CHAT APPLET. However, there is some Content Security Policy running in Mastodon that prevents me to run this javascript live support chat applet.  How do I change this so this applet can be allowed to run?
<cryptodan_mobile> Install with efi and it will format the drive as gpt
<tomreyn> SSMAdmin: change mastodon's CSP to allow the javascript, or use a chat which doesn't require injecting javascript, or run the chat in a separate browser window / tab. and no, this is hardly an #ubuntu-server question, maybe one for the chat applications' or mastodon's support chat.
<SSMAdmin> @tomreyn thank you for answering, and please accept my apology.  I am deeply sorry to have posted in the wrong channel, I thought I was posting in #mastodon.
<tomreyn> SSMAdmin: hehe, no problem, glad i could point this out then.
<SSMAdmin> @tomreyn thank you :-)
<zzarr_> I'm back
<zzarr_> I managed to install the system and grub "yay"
<zzarr_> just forgot about a small thing... the kernel
<tomreyn> minor issues ;)
<zzarr_> I fixed that, now I just need to understand how to bring an network device up so I the machine get's an ip
<tomreyn> depends much on the ubuntu version
<zzarr_> 18.04.1
<zzarr_> no ifconfig
<tomreyn> server, right?
<zzarr_> yes
<tomreyn> you wont use it as a desktop?
<zzarr_> no
<tomreyn> then it's systemd-networkd, optionally managed by netplan
<zzarr_> okey, is there a simple way to just activate a device like this command in the old days "ifconfig eth0 up"
<ahasenack> well, you can always just run "dhclient <nicname>"
<zzarr_> right, I'll do that
<tomreyn> zzarr_: https://help.ubuntu.com/lts/serverguide/network-configuration.html.en#ip-addressing
<zzarr_> thanks :)
<tomreyn> note the 'temporary' approach there, too, in case dhcp wont work
<zzarr_> I see, no matter what I do, the fs is read-only and I can't get the network to work
<zzarr_> I think I have to install some drivers
<blackflow> zzarr_: the fs is readonly because you probably forgot fstab, so the "ro" mount is inherited from initramfs
<blackflow> as for the network, you really need this simple .network file (if it is dhcp) and enable+start the systemd-networkd.service  https://wiki.archlinux.org/index.php/systemd-networkd#Basic_DHCP_network
<zzarr_> blackflow, you are correct, I realized that the fs is not remounted on start
<zzarr_> I'll have a look at your link
